kashire/lainchan
4
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Allow admins to read other user PMs

Browse Source
This commit is contained in:
Savetheinternet 2011-04-11 05:15:15 +10:00
parent c9e33953f3
commit 8c750c3cc3
2 changed files with 31 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
inc/config.php
View File

@ -366,6 +366,8 @@
$config['mod']['modlog'] = ADMIN; $config['mod']['modlog'] = ADMIN;
// Create a PM (viewing mod usernames) // Create a PM (viewing mod usernames)
$config['mod']['create_pm'] = JANITOR; $config['mod']['create_pm'] = JANITOR;
// Read any PM, sent to or from anybody
$config['mod']['master_pm'] = ADMIN;
// Rebuild everything // Rebuild everything
$config['mod']['rebuild'] = ADMIN; $config['mod']['rebuild'] = ADMIN;
// Search through posts // Search through posts

36
mod.php
View File

@ -314,9 +314,14 @@
} elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) { } elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) {
$id = $match[1]; $id = $match[1];
$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod"); if($mod['type'] >= $config['mod']['master_pm']) {
$query->bindValue(':id', $id, PDO::PARAM_INT); $query = prepare("SELECT `pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id");
} else {
$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod");
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
}
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));
if(!$pm = $query->fetch()) { if(!$pm = $query->fetch()) {
@ -337,15 +342,32 @@
$query->bindValue(':id', $id, PDO::PARAM_INT); $query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));
if($pm['to'] != $mod['id']) {
$query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $pm['to'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($_mod = $query->fetch()) {
$__to = $_mod['username'];
} else {
$__to = '<em>??</em>';
}
}
modLog('Read a PM'); modLog('Read a PM');
$body = '<form action="" method="post"><table><th>From</th><td>' . $body = '<form action="" method="post"><table>' .
($mod['type'] >= $config['mod']['editusers'] ?
'<a href="?/users/' . $pm['sender'] . '">' . htmlentities($pm['username']) . '</a>' : '<th>From</th><td>' .
htmlentities($pm['username']) '<a href="?/new_PM/' . $pm['sender'] . '">' . htmlentities($pm['username']) . '</a>' .
) .
'</td></tr>' . '</td></tr>' .
(isset($__to) ?
'<th>To</th><td>' .
'<a href="?/new_PM/' . $pm['to'] . '">' . htmlentities($__to) . '</a>' .
'</td></tr>'
: '') .
'<tr><th>Date</th><td> ' . date($config['post_date'], $pm['time']) . '</td></tr>' . '<tr><th>Date</th><td> ' . date($config['post_date'], $pm['time']) . '</td></tr>' .
'<tr><th>Message</th><td> ' . $pm['message'] . '</td></tr>' . '<tr><th>Message</th><td> ' . $pm['message'] . '</td></tr>' .