summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--htdocs/moderate/login.php3
-rw-r--r--htdocs/moderate/moderate.php4
-rw-r--r--htdocs/postings.php21
3 files changed, 16 insertions, 12 deletions
diff --git a/htdocs/moderate/login.php b/htdocs/moderate/login.php
index 92cddc1..038ce44 100644
--- a/htdocs/moderate/login.php
+++ b/htdocs/moderate/login.php
@@ -13,7 +13,8 @@ if (isset($_POST['login_email']) and isset($_POST['login_password'])) {
if ($user and $user->authenticate($_POST['login_password'])) {
$_SESSION['currentUser'] = $user;
- header('Location: index.php');
+
+ header("Location: index.php");
} else {
$error = "<div class=\"error\">Invalid Username/Password</div>";
diff --git a/htdocs/moderate/moderate.php b/htdocs/moderate/moderate.php
index 29294ec..d24c5c6 100644
--- a/htdocs/moderate/moderate.php
+++ b/htdocs/moderate/moderate.php
@@ -34,9 +34,7 @@ if (isset($_GET['id']) and is_numeric($_GET['id'])) {
break;
case 'delete':
- if ($_SESSION['currentUser']->isAdmin()) {
- $post->delete();
- }
+ $post->delete();
break;
}
diff --git a/htdocs/postings.php b/htdocs/postings.php
index 8dc42cc..ec98ddc 100644
--- a/htdocs/postings.php
+++ b/htdocs/postings.php
@@ -10,6 +10,12 @@
require_once "src/base.inc.php";
+// Check if we need to login first...
+if (isset($_GET['moderate']) and !isset($_SESSION['currentUser'])) {
+ header('Location: ' . $CONFIG['urlroot'].'/moderate/login.php');
+ exit();
+}
+
require_once "src/header.inc.php";
@@ -28,6 +34,7 @@ if (!is_numeric($id)) {
// Get the post.
$post = Post::getById($id);
+
if (!$post or (!isset($_SESSION['currentUser']) and $post->getStage() != 'approved')) {
errorNotFound();
}
@@ -46,14 +53,12 @@ if (isset($_SESSION['currentUser'])) {
} else {
// Post already approved
- if ($_SESSION['currentUser']->isAdmin()) {
- echo "<div class=\"moderationbox\">Administrative options:<br />";
-
- printf("<a href=\"../moderate/moderate.php?id=%s&action=delete\">delete post</a><br />"
- . "<a href=\"../moderate/moderate.php?id=%s&action=reject\">reject post</a>",
- $post->getid(), $post->getid());
- echo "</div>";
- }
+ echo "<div class=\"moderationbox\">Administrative options:<br />";
+
+ printf("<a href=\"../moderate/moderate.php?id=%s&action=delete\">delete post</a><br />"
+ . "<a href=\"../moderate/moderate.php?id=%s&action=reject\">reject post</a>",
+ $post->getid(), $post->getid());
+ echo "</div>";
}
}