Allow admins to read other user PMs
This commit is contained in:
parent
c9e33953f3
commit
8c750c3cc3
@ -366,6 +366,8 @@
|
|||||||
$config['mod']['modlog'] = ADMIN;
|
$config['mod']['modlog'] = ADMIN;
|
||||||
// Create a PM (viewing mod usernames)
|
// Create a PM (viewing mod usernames)
|
||||||
$config['mod']['create_pm'] = JANITOR;
|
$config['mod']['create_pm'] = JANITOR;
|
||||||
|
// Read any PM, sent to or from anybody
|
||||||
|
$config['mod']['master_pm'] = ADMIN;
|
||||||
// Rebuild everything
|
// Rebuild everything
|
||||||
$config['mod']['rebuild'] = ADMIN;
|
$config['mod']['rebuild'] = ADMIN;
|
||||||
// Search through posts
|
// Search through posts
|
||||||
|
36
mod.php
36
mod.php
@ -314,9 +314,14 @@
|
|||||||
} elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) {
|
} elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
|
|
||||||
$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod");
|
if($mod['type'] >= $config['mod']['master_pm']) {
|
||||||
|
$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id");
|
||||||
|
} else {
|
||||||
|
$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod");
|
||||||
|
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
|
||||||
|
}
|
||||||
|
|
||||||
$query->bindValue(':id', $id, PDO::PARAM_INT);
|
$query->bindValue(':id', $id, PDO::PARAM_INT);
|
||||||
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
|
|
||||||
$query->execute() or error(db_error($query));
|
$query->execute() or error(db_error($query));
|
||||||
|
|
||||||
if(!$pm = $query->fetch()) {
|
if(!$pm = $query->fetch()) {
|
||||||
@ -337,15 +342,32 @@
|
|||||||
$query->bindValue(':id', $id, PDO::PARAM_INT);
|
$query->bindValue(':id', $id, PDO::PARAM_INT);
|
||||||
$query->execute() or error(db_error($query));
|
$query->execute() or error(db_error($query));
|
||||||
|
|
||||||
|
if($pm['to'] != $mod['id']) {
|
||||||
|
$query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
|
||||||
|
$query->bindValue(':id', $pm['to'], PDO::PARAM_INT);
|
||||||
|
$query->execute() or error(db_error($query));
|
||||||
|
|
||||||
|
if($_mod = $query->fetch()) {
|
||||||
|
$__to = $_mod['username'];
|
||||||
|
} else {
|
||||||
|
$__to = '<em>??</em>';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
modLog('Read a PM');
|
modLog('Read a PM');
|
||||||
|
|
||||||
$body = '<form action="" method="post"><table><th>From</th><td>' .
|
$body = '<form action="" method="post"><table>' .
|
||||||
($mod['type'] >= $config['mod']['editusers'] ?
|
|
||||||
'<a href="?/users/' . $pm['sender'] . '">' . htmlentities($pm['username']) . '</a>' :
|
'<th>From</th><td>' .
|
||||||
htmlentities($pm['username'])
|
'<a href="?/new_PM/' . $pm['sender'] . '">' . htmlentities($pm['username']) . '</a>' .
|
||||||
) .
|
|
||||||
'</td></tr>' .
|
'</td></tr>' .
|
||||||
|
|
||||||
|
(isset($__to) ?
|
||||||
|
'<th>To</th><td>' .
|
||||||
|
'<a href="?/new_PM/' . $pm['to'] . '">' . htmlentities($__to) . '</a>' .
|
||||||
|
'</td></tr>'
|
||||||
|
: '') .
|
||||||
|
|
||||||
'<tr><th>Date</th><td> ' . date($config['post_date'], $pm['time']) . '</td></tr>' .
|
'<tr><th>Date</th><td> ' . date($config['post_date'], $pm['time']) . '</td></tr>' .
|
||||||
|
|
||||||
'<tr><th>Message</th><td> ' . $pm['message'] . '</td></tr>' .
|
'<tr><th>Message</th><td> ' . $pm['message'] . '</td></tr>' .
|
||||||
|
Loading…
Reference in New Issue
Block a user