From 0927d9e681d4e0120b15dadd3893cba60ef678e7 Mon Sep 17 00:00:00 2001
From: Jesse Morgan <jesse@jesterpm.net>
Date: Wed, 20 Jul 2011 14:48:17 -0700
Subject: Moderators can now delete live posts. Accessing the moderate post
 page redirects to login if needed.

---
 htdocs/moderate/login.php    |  3 ++-
 htdocs/moderate/moderate.php |  4 +---
 htdocs/postings.php          | 21 +++++++++++++--------
 3 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/htdocs/moderate/login.php b/htdocs/moderate/login.php
index 92cddc1..038ce44 100644
--- a/htdocs/moderate/login.php
+++ b/htdocs/moderate/login.php
@@ -13,7 +13,8 @@ if (isset($_POST['login_email']) and isset($_POST['login_password'])) {
 
     if ($user and $user->authenticate($_POST['login_password'])) {
         $_SESSION['currentUser'] = $user;
-        header('Location: index.php');
+
+        header("Location: index.php");
 
     } else {
         $error = "<div class=\"error\">Invalid Username/Password</div>";
diff --git a/htdocs/moderate/moderate.php b/htdocs/moderate/moderate.php
index 29294ec..d24c5c6 100644
--- a/htdocs/moderate/moderate.php
+++ b/htdocs/moderate/moderate.php
@@ -34,9 +34,7 @@ if (isset($_GET['id']) and is_numeric($_GET['id'])) {
                     break;
 
                 case 'delete':
-                    if ($_SESSION['currentUser']->isAdmin()) {
-                        $post->delete();
-                    }
+                    $post->delete();
                     break;
             }
 
diff --git a/htdocs/postings.php b/htdocs/postings.php
index 8dc42cc..ec98ddc 100644
--- a/htdocs/postings.php
+++ b/htdocs/postings.php
@@ -10,6 +10,12 @@
 
 require_once "src/base.inc.php";
 
+// Check if we need to login first...
+if (isset($_GET['moderate']) and !isset($_SESSION['currentUser'])) {
+    header('Location: ' . $CONFIG['urlroot'].'/moderate/login.php');
+    exit();
+}
+
 require_once "src/header.inc.php";
 
 
@@ -28,6 +34,7 @@ if (!is_numeric($id)) {
 // Get the post.
 $post = Post::getById($id);
 
+
 if (!$post or (!isset($_SESSION['currentUser']) and $post->getStage() != 'approved')) {
     errorNotFound();
 }
@@ -46,14 +53,12 @@ if (isset($_SESSION['currentUser'])) {
 
     } else {
         // Post already approved
-        if ($_SESSION['currentUser']->isAdmin()) {
-            echo "<div class=\"moderationbox\">Administrative options:<br />";
-            
-            printf("<a href=\"../moderate/moderate.php?id=%s&action=delete\">delete post</a><br />"
-                . "<a href=\"../moderate/moderate.php?id=%s&action=reject\">reject post</a>",
-                $post->getid(), $post->getid());
-            echo "</div>";
-        }
+        echo "<div class=\"moderationbox\">Administrative options:<br />";
+        
+        printf("<a href=\"../moderate/moderate.php?id=%s&action=delete\">delete post</a><br />"
+            . "<a href=\"../moderate/moderate.php?id=%s&action=reject\">reject post</a>",
+            $post->getid(), $post->getid());
+        echo "</div>";
     }
 
 }
-- 
cgit v1.2.3