summaryrefslogtreecommitdiff
path: root/htdocs
diff options
context:
space:
mode:
authorJesse Morgan <jesse@jesterpm.net>2011-07-20 14:48:17 -0700
committerJesse Morgan <jesse@jesterpm.net ; true>2011-07-20 14:48:17 -0700
commit0927d9e681d4e0120b15dadd3893cba60ef678e7 (patch)
tree76107e4d848632dfd478770acfb65199b162ad0b /htdocs
parentfc919902e535646dd82fbf43caef5ac7be6aa0bb (diff)
Moderators can now delete live posts. Accessing the moderate post page redirects to login if needed.
Diffstat (limited to 'htdocs')
-rw-r--r--htdocs/moderate/login.php3
-rw-r--r--htdocs/moderate/moderate.php4
-rw-r--r--htdocs/postings.php21
3 files changed, 16 insertions, 12 deletions
diff --git a/htdocs/moderate/login.php b/htdocs/moderate/login.php
index 92cddc1..038ce44 100644
--- a/htdocs/moderate/login.php
+++ b/htdocs/moderate/login.php
@@ -13,7 +13,8 @@ if (isset($_POST['login_email']) and isset($_POST['login_password'])) {
if ($user and $user->authenticate($_POST['login_password'])) {
$_SESSION['currentUser'] = $user;
- header('Location: index.php');
+
+ header("Location: index.php");
} else {
$error = "<div class=\"error\">Invalid Username/Password</div>";
diff --git a/htdocs/moderate/moderate.php b/htdocs/moderate/moderate.php
index 29294ec..d24c5c6 100644
--- a/htdocs/moderate/moderate.php
+++ b/htdocs/moderate/moderate.php
@@ -34,9 +34,7 @@ if (isset($_GET['id']) and is_numeric($_GET['id'])) {
break;
case 'delete':
- if ($_SESSION['currentUser']->isAdmin()) {
- $post->delete();
- }
+ $post->delete();
break;
}
diff --git a/htdocs/postings.php b/htdocs/postings.php
index 8dc42cc..ec98ddc 100644
--- a/htdocs/postings.php
+++ b/htdocs/postings.php
@@ -10,6 +10,12 @@
require_once "src/base.inc.php";
+// Check if we need to login first...
+if (isset($_GET['moderate']) and !isset($_SESSION['currentUser'])) {
+ header('Location: ' . $CONFIG['urlroot'].'/moderate/login.php');
+ exit();
+}
+
require_once "src/header.inc.php";
@@ -28,6 +34,7 @@ if (!is_numeric($id)) {
// Get the post.
$post = Post::getById($id);
+
if (!$post or (!isset($_SESSION['currentUser']) and $post->getStage() != 'approved')) {
errorNotFound();
}
@@ -46,14 +53,12 @@ if (isset($_SESSION['currentUser'])) {
} else {
// Post already approved
- if ($_SESSION['currentUser']->isAdmin()) {
- echo "<div class=\"moderationbox\">Administrative options:<br />";
-
- printf("<a href=\"../moderate/moderate.php?id=%s&action=delete\">delete post</a><br />"
- . "<a href=\"../moderate/moderate.php?id=%s&action=reject\">reject post</a>",
- $post->getid(), $post->getid());
- echo "</div>";
- }
+ echo "<div class=\"moderationbox\">Administrative options:<br />";
+
+ printf("<a href=\"../moderate/moderate.php?id=%s&action=delete\">delete post</a><br />"
+ . "<a href=\"../moderate/moderate.php?id=%s&action=reject\">reject post</a>",
+ $post->getid(), $post->getid());
+ echo "</div>";
}
}