1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-27 17:00:52 +01:00

Allow admins to read other user PMs

This commit is contained in:
Savetheinternet 2011-04-11 05:15:15 +10:00
parent c9e33953f3
commit 8c750c3cc3
2 changed files with 31 additions and 7 deletions

View File

@ -366,6 +366,8 @@
$config['mod']['modlog'] = ADMIN;
// Create a PM (viewing mod usernames)
$config['mod']['create_pm'] = JANITOR;
// Read any PM, sent to or from anybody
$config['mod']['master_pm'] = ADMIN;
// Rebuild everything
$config['mod']['rebuild'] = ADMIN;
// Search through posts

36
mod.php
View File

@ -314,9 +314,14 @@
} elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) {
$id = $match[1];
$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod");
if($mod['type'] >= $config['mod']['master_pm']) {
$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id");
} else {
$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod");
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
}
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if(!$pm = $query->fetch()) {
@ -337,15 +342,32 @@
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($pm['to'] != $mod['id']) {
$query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $pm['to'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($_mod = $query->fetch()) {
$__to = $_mod['username'];
} else {
$__to = '<em>??</em>';
}
}
modLog('Read a PM');
$body = '<form action="" method="post"><table><th>From</th><td>' .
($mod['type'] >= $config['mod']['editusers'] ?
'<a href="?/users/' . $pm['sender'] . '">' . htmlentities($pm['username']) . '</a>' :
htmlentities($pm['username'])
) .
$body = '<form action="" method="post"><table>' .
'<th>From</th><td>' .
'<a href="?/new_PM/' . $pm['sender'] . '">' . htmlentities($pm['username']) . '</a>' .
'</td></tr>' .
(isset($__to) ?
'<th>To</th><td>' .
'<a href="?/new_PM/' . $pm['to'] . '">' . htmlentities($__to) . '</a>' .
'</td></tr>'
: '') .
'<tr><th>Date</th><td> ' . date($config['post_date'], $pm['time']) . '</td></tr>' .
'<tr><th>Message</th><td> ' . $pm['message'] . '</td></tr>' .