diff --git a/admin/index.php b/admin/index.php index 876f77a..063a679 100644 --- a/admin/index.php +++ b/admin/index.php @@ -9,8 +9,6 @@ if(isset($_COOKIE['user'])&&!isset($_SESSION['user'])) User::restore_session(); } -//TODO: CHeck if user deactivated - if (!isset($_SESSION['user'])) { if (isset($_GET['do']) && $_GET['do']=="lost-password") diff --git a/admin/lost-password.php b/admin/lost-password.php index 84872d5..1af7580 100644 --- a/admin/lost-password.php +++ b/admin/lost-password.php @@ -13,7 +13,7 @@ Template::render_header(_("Lost password")); $user->change_password($_POST['token']); if (isset($message)){?>

- + diff --git a/admin/new-user.php b/admin/new-user.php index 66dc36e..9e04c2b 100644 --- a/admin/new-user.php +++ b/admin/new-user.php @@ -9,7 +9,7 @@ Template::render_header(_("New user"), true); ?>

Add new user

-
+

diff --git a/admin/settings.php b/admin/settings.php index cebe8d7..767e5c5 100644 --- a/admin/settings.php +++ b/admin/settings.php @@ -22,7 +22,7 @@ if (isset($message)){

get_rank() <= 1){?> - +
@@ -52,7 +52,7 @@ while($result = $query->fetch_assoc()) echo "".$result['name'].""; if ($user->get_rank()<=1) { - echo ''; + echo ''; } echo ""; }?> @@ -74,7 +74,7 @@ while($result = $query->fetch_assoc()) { echo ""; echo "".$result['id'].""; - echo "".$result['username'].""; + echo "".$result['username'].""; echo "".$result['name'].""; echo "".$result['surname'].""; echo "".$result['email'].""; diff --git a/classes/constellation.php b/classes/constellation.php index ff3ebf0..bfe5c7e 100644 --- a/classes/constellation.php +++ b/classes/constellation.php @@ -39,7 +39,7 @@ class Constellation { if ($offset) { - echo ''; + echo ''; } echo "

"._("Past incidents")."

"; } @@ -59,7 +59,7 @@ class Constellation } if ($show) { - echo '
'._("Load more").'
'; + echo '
'._("Load more").'
'; } } } diff --git a/classes/incident.php b/classes/incident.php index aed363a..e00a0e5 100644 --- a/classes/incident.php +++ b/classes/incident.php @@ -37,8 +37,20 @@ class Incident * @param int ID */ public static function delete($id){ - //TODO: This should check whether it's admin or their own post... - global $mysqli, $message; + global $mysqli, $message, $user; + + if ($user->get_rank() > 1) + { + $stmt = $mysqli->prepare("SELECT count(*) as count FROM status WHERE id= ? AND user_id = ?"); + $stmt->bind_param("ii", $id, $_SESSION['user']); + $stmt->execute(); + $query = $stmt->get_result(); + if (!$query->fetch_assoc()['count']) + { + $message = _("You don't have permission to do that!"); + return; + } + } $stmt = $mysqli->prepare("DELETE FROM services_status WHERE status_id = ?"); $stmt->bind_param("i", $id); @@ -164,7 +176,7 @@ class Incident
: username; if (isset($this->end_date)){?> - end_date)>time()?_("Ending"):_("Ended");?>:  + end_date)>time()?_("Ending"):_("Ended");?>:
diff --git a/classes/user.php b/classes/user.php index 53c68c5..9033df5 100644 --- a/classes/user.php +++ b/classes/user.php @@ -97,7 +97,7 @@ class User $stmt->bind_param("i", $this->id); $stmt->execute(); $stmt->close(); - header("Location: ".WEB_URL."/admin/?do=user&id=".$id); + header("Location: ".WEB_URL."/admin/?do=user&id=".$id); }else{ $message = _("You don't have the permission to do that!"); } @@ -138,6 +138,12 @@ class User $username = $_POST['username']; $email = $_POST['email']; $pass = $_POST['password']; + + if (!filter_var($email, FILTER_VALIDATE_EMAIL)) + { + $message = "Invalid email!"; + return; + } $variables = array(); if (strlen($name)>50){ @@ -153,6 +159,7 @@ class User $variables[] = 'email: 60'; } + if (!empty($variables)) { $message = _("Please mind the following character limits: "); @@ -308,16 +315,16 @@ class User
-
username." "; if ($this->id!=$_SESSION['user'] && $user->get_rank()<=1 && ($user->get_rank()<$this->rank)) +
username." "; if ($this->id!=$_SESSION['user'] && $user->get_rank()<=1 && ($user->get_rank()<$this->rank)) { - echo ""; + echo ""; echo ""; }else{ echo ""; }?>
- +
get_rank() == 0 && $this->id != $_SESSION['user']){?>