diff options
author | Jesse Morgan <jesse@jesterpm.net> | 2011-07-20 14:48:17 -0700 |
---|---|---|
committer | Jesse Morgan <jesse@jesterpm.net ; true> | 2011-07-20 14:48:17 -0700 |
commit | 0927d9e681d4e0120b15dadd3893cba60ef678e7 (patch) | |
tree | 76107e4d848632dfd478770acfb65199b162ad0b | |
parent | fc919902e535646dd82fbf43caef5ac7be6aa0bb (diff) |
Moderators can now delete live posts. Accessing the moderate post page redirects to login if needed.
-rw-r--r-- | htdocs/moderate/login.php | 3 | ||||
-rw-r--r-- | htdocs/moderate/moderate.php | 4 | ||||
-rw-r--r-- | htdocs/postings.php | 21 |
3 files changed, 16 insertions, 12 deletions
diff --git a/htdocs/moderate/login.php b/htdocs/moderate/login.php index 92cddc1..038ce44 100644 --- a/htdocs/moderate/login.php +++ b/htdocs/moderate/login.php @@ -13,7 +13,8 @@ if (isset($_POST['login_email']) and isset($_POST['login_password'])) { if ($user and $user->authenticate($_POST['login_password'])) { $_SESSION['currentUser'] = $user; - header('Location: index.php'); + + header("Location: index.php"); } else { $error = "<div class=\"error\">Invalid Username/Password</div>"; diff --git a/htdocs/moderate/moderate.php b/htdocs/moderate/moderate.php index 29294ec..d24c5c6 100644 --- a/htdocs/moderate/moderate.php +++ b/htdocs/moderate/moderate.php @@ -34,9 +34,7 @@ if (isset($_GET['id']) and is_numeric($_GET['id'])) { break; case 'delete': - if ($_SESSION['currentUser']->isAdmin()) { - $post->delete(); - } + $post->delete(); break; } diff --git a/htdocs/postings.php b/htdocs/postings.php index 8dc42cc..ec98ddc 100644 --- a/htdocs/postings.php +++ b/htdocs/postings.php @@ -10,6 +10,12 @@ require_once "src/base.inc.php"; +// Check if we need to login first... +if (isset($_GET['moderate']) and !isset($_SESSION['currentUser'])) { + header('Location: ' . $CONFIG['urlroot'].'/moderate/login.php'); + exit(); +} + require_once "src/header.inc.php"; @@ -28,6 +34,7 @@ if (!is_numeric($id)) { // Get the post. $post = Post::getById($id); + if (!$post or (!isset($_SESSION['currentUser']) and $post->getStage() != 'approved')) { errorNotFound(); } @@ -46,14 +53,12 @@ if (isset($_SESSION['currentUser'])) { } else { // Post already approved - if ($_SESSION['currentUser']->isAdmin()) { - echo "<div class=\"moderationbox\">Administrative options:<br />"; - - printf("<a href=\"../moderate/moderate.php?id=%s&action=delete\">delete post</a><br />" - . "<a href=\"../moderate/moderate.php?id=%s&action=reject\">reject post</a>", - $post->getid(), $post->getid()); - echo "</div>"; - } + echo "<div class=\"moderationbox\">Administrative options:<br />"; + + printf("<a href=\"../moderate/moderate.php?id=%s&action=delete\">delete post</a><br />" + . "<a href=\"../moderate/moderate.php?id=%s&action=reject\">reject post</a>", + $post->getid(), $post->getid()); + echo "</div>"; } } |