kashire/lainchan
4
0
Fork 0
Code Issues 9 Pull Requests Releases Wiki Activity

a few permissions-related bugs

Browse Source
This commit is contained in:
Michael Save 2012-05-07 14:08:40 +10:00
parent 8ea20109fe
commit e132e4c2b3
2 changed files with 21 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
inc/mod/pages.php
View File

@ -969,6 +969,11 @@ function mod_user($uid) {
} }
function mod_user_new() { function mod_user_new() {
global $pdo;
if (!hasPermission($config['mod']['createusers']))
error($config['error']['noaccess']);
if (isset($_POST['username'], $_POST['password'], $_POST['type'])) { if (isset($_POST['username'], $_POST['password'], $_POST['type'])) {
if ($_POST['username'] == '') if ($_POST['username'] == '')
error(sprintf($config['error']['required'], 'username')); error(sprintf($config['error']['required'], 'username'));
@ -1001,6 +1006,10 @@ function mod_user_new() {
$query->bindValue(':boards', implode(',', $boards)); $query->bindValue(':boards', implode(',', $boards));
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));
$uid = $pdo->lastInsertId();
modLog('Created a new user: ' . utf8tohtml($_POST['username']) . ' <small>(#' . $userID . ')</small>');
header('Location: ?/users', true, $config['redirect_http']); header('Location: ?/users', true, $config['redirect_http']);
return; return;
} }
@ -1040,6 +1049,9 @@ function mod_user_promote($uid, $action) {
function mod_pm($id, $reply = false) { function mod_pm($id, $reply = false) {
global $mod, $config; global $mod, $config;
if ($reply && !hasPermission($config['mod']['create_pm']))
error($config['error']['noaccess']);
$query = prepare("SELECT `mods`.`username`, `mods_to`.`username` AS `to_username`, `pms`.* FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` LEFT JOIN `mods` AS `mods_to` ON `mods_to`.`id` = `to` WHERE `pms`.`id` = :id"); $query = prepare("SELECT `mods`.`username`, `mods_to`.`username` AS `to_username`, `pms`.* FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` LEFT JOIN `mods` AS `mods_to` ON `mods_to`.`id` = `to` WHERE `pms`.`id` = :id");
$query->bindValue(':id', $id); $query->bindValue(':id', $id);
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));

5
templates/mod/pm.html
View File

@ -20,7 +20,8 @@
{% endif %} {% endif %}
<tr> <tr>
<th>{% trans 'Date' %}</th> <th>{% trans 'Date' %}</th>
<td>{{ time|date(config.post_date) }}</td> <td>{{ time|date(config.post_date) }} <small>({{ time|ago }} ago)</small></td>
</tr> </tr>
<tr> <tr>
<th>{% trans 'Message' %}</th> <th>{% trans 'Message' %}</th>
@ -32,10 +33,12 @@
<li style="padding:5px 0"> <li style="padding:5px 0">
<input type="submit" name="delete" value="{% trans 'Delete forever' %}"> <input type="submit" name="delete" value="{% trans 'Delete forever' %}">
</li> </li>
{% if mod|hasPermission(config.mod.create_pm) %}
<li style="padding:5px 0"> <li style="padding:5px 0">
<a href="?/PM/{{ id }}/reply"> <a href="?/PM/{{ id }}/reply">
{% trans 'Reply with quote' %} {% trans 'Reply with quote' %}
</a> </a>
</li> </li>
{% endif %}
</ul> </ul>
</form> </form>