Require admin rights to access users page

author: Jesse Morgan <jesse@jesterpm.net> 2011-06-02 16:20:09 -0700
committer: Jesse Morgan <jesse@jesterpm.net ; true> 2011-06-02 16:20:09 -0700
commit: 1800a1e9022a9f4316e0d57a650faed9da0e8df4 (patch)
tree: 99b52ea36c148243064762bf0aa02260501aa5cd /htdocs
parent: f08eb1640388e1f067102a22ec40c30f263d92c6 (diff)
3 files changed, 18 insertions, 0 deletions
diff --git a/htdocs/moderate/users/delete.php b/htdocs/moderate/users/delete.php
index f721f30..875c0c7 100644
--- a/htdocs/moderate/users/delete.php
+++ b/htdocs/moderate/users/delete.php
@@ -10,6 +10,12 @@
 
 require_once('../../src/base.inc.php');
 
+// Verify User is admin
+if (!$_SESSION['currentUser']->isAdmin()) {
+    header('Location: ' . buildUrl('moderate/'));
+    exit;
+}
+
 $error = '';
 
 $user = false;
diff --git a/htdocs/moderate/users/editor.php b/htdocs/moderate/users/editor.php
index 21be99e..c44928f 100644
--- a/htdocs/moderate/users/editor.php
+++ b/htdocs/moderate/users/editor.php
@@ -10,6 +10,12 @@
 
 require_once('../../src/base.inc.php');
 
+// Verify User is admin
+if (!$_SESSION['currentUser']->isAdmin()) {
+    header('Location: ' . buildUrl('moderate/'));
+    exit;
+}
+
 $error = '';
 
 // Get the current user object.
diff --git a/htdocs/moderate/users/index.php b/htdocs/moderate/users/index.php
index cda6232..c4aee54 100644
--- a/htdocs/moderate/users/index.php
+++ b/htdocs/moderate/users/index.php
@@ -10,6 +10,12 @@
 
 require_once('../../src/base.inc.php');
 
+// Verify User is admin
+if (!$_SESSION['currentUser']->isAdmin()) {
+    header('Location: ' . buildUrl('moderate/'));
+    exit;
+}
+
 $error = '';
 
 require_once('../src/header.inc.php');
author	Jesse Morgan <jesse@jesterpm.net>	2011-06-02 16:20:09 -0700
committer	Jesse Morgan <jesse@jesterpm.net ; true>	2011-06-02 16:20:09 -0700
commit	1800a1e9022a9f4316e0d57a650faed9da0e8df4 (patch)
tree	99b52ea36c148243064762bf0aa02260501aa5cd /htdocs
parent	f08eb1640388e1f067102a22ec40c30f263d92c6 (diff)