1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-25 07:50:23 +01:00

a few permissions-related bugs

This commit is contained in:
Michael Save 2012-05-07 14:08:40 +10:00
parent 438aaa4643
commit 793b2e6deb
2 changed files with 21 additions and 6 deletions

View File

@ -969,6 +969,11 @@ function mod_user($uid) {
}
function mod_user_new() {
global $pdo;
if (!hasPermission($config['mod']['createusers']))
error($config['error']['noaccess']);
if (isset($_POST['username'], $_POST['password'], $_POST['type'])) {
if ($_POST['username'] == '')
error(sprintf($config['error']['required'], 'username'));
@ -1001,6 +1006,10 @@ function mod_user_new() {
$query->bindValue(':boards', implode(',', $boards));
$query->execute() or error(db_error($query));
$uid = $pdo->lastInsertId();
modLog('Created a new user: ' . utf8tohtml($_POST['username']) . ' <small>(#' . $userID . ')</small>');
header('Location: ?/users', true, $config['redirect_http']);
return;
}
@ -1040,6 +1049,9 @@ function mod_user_promote($uid, $action) {
function mod_pm($id, $reply = false) {
global $mod, $config;
if ($reply && !hasPermission($config['mod']['create_pm']))
error($config['error']['noaccess']);
$query = prepare("SELECT `mods`.`username`, `mods_to`.`username` AS `to_username`, `pms`.* FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` LEFT JOIN `mods` AS `mods_to` ON `mods_to`.`id` = `to` WHERE `pms`.`id` = :id");
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));

View File

@ -20,7 +20,8 @@
{% endif %}
<tr>
<th>{% trans 'Date' %}</th>
<td>{{ time|date(config.post_date) }}</td>
<td>{{ time|date(config.post_date) }} <small>({{ time|ago }} ago)</small></td>
</tr>
<tr>
<th>{% trans 'Message' %}</th>
@ -32,10 +33,12 @@
<li style="padding:5px 0">
<input type="submit" name="delete" value="{% trans 'Delete forever' %}">
</li>
{% if mod|hasPermission(config.mod.create_pm) %}
<li style="padding:5px 0">
<a href="?/PM/{{ id }}/reply">
{% trans 'Reply with quote' %}
</a>
</li>
{% endif %}
</ul>
</form>