From 793b2e6deb4d48bc99ac8222a2917b3166e2926c Mon Sep 17 00:00:00 2001 From: Michael Save Date: Mon, 7 May 2012 14:08:40 +1000 Subject: [PATCH] a few permissions-related bugs --- inc/mod/pages.php | 12 ++++++++++++ templates/mod/pm.html | 15 +++++++++------ 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/inc/mod/pages.php b/inc/mod/pages.php index c56570a5..11e89b9a 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -969,6 +969,11 @@ function mod_user($uid) { } function mod_user_new() { + global $pdo; + + if (!hasPermission($config['mod']['createusers'])) + error($config['error']['noaccess']); + if (isset($_POST['username'], $_POST['password'], $_POST['type'])) { if ($_POST['username'] == '') error(sprintf($config['error']['required'], 'username')); @@ -1001,6 +1006,10 @@ function mod_user_new() { $query->bindValue(':boards', implode(',', $boards)); $query->execute() or error(db_error($query)); + $uid = $pdo->lastInsertId(); + + modLog('Created a new user: ' . utf8tohtml($_POST['username']) . ' (#' . $userID . ')'); + header('Location: ?/users', true, $config['redirect_http']); return; } @@ -1040,6 +1049,9 @@ function mod_user_promote($uid, $action) { function mod_pm($id, $reply = false) { global $mod, $config; + if ($reply && !hasPermission($config['mod']['create_pm'])) + error($config['error']['noaccess']); + $query = prepare("SELECT `mods`.`username`, `mods_to`.`username` AS `to_username`, `pms`.* FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` LEFT JOIN `mods` AS `mods_to` ON `mods_to`.`id` = `to` WHERE `pms`.`id` = :id"); $query->bindValue(':id', $id); $query->execute() or error(db_error($query)); diff --git a/templates/mod/pm.html b/templates/mod/pm.html index c66dc883..c62cae58 100644 --- a/templates/mod/pm.html +++ b/templates/mod/pm.html @@ -20,7 +20,8 @@ {% endif %} {% trans 'Date' %} - {{ time|date(config.post_date) }} + {{ time|date(config.post_date) }} ({{ time|ago }} ago) + {% trans 'Message' %} @@ -32,10 +33,12 @@
  • -
  • - - {% trans 'Reply with quote' %} - -
  • + {% if mod|hasPermission(config.mod.create_pm) %} +
  • + + {% trans 'Reply with quote' %} + +
  • + {% endif %}