From 1800a1e9022a9f4316e0d57a650faed9da0e8df4 Mon Sep 17 00:00:00 2001
From: Jesse Morgan <jesse@jesterpm.net>
Date: Thu, 2 Jun 2011 16:20:09 -0700
Subject: Require admin rights to access users page

---
 htdocs/moderate/users/delete.php | 6 ++++++
 htdocs/moderate/users/editor.php | 6 ++++++
 htdocs/moderate/users/index.php  | 6 ++++++
 3 files changed, 18 insertions(+)

diff --git a/htdocs/moderate/users/delete.php b/htdocs/moderate/users/delete.php
index f721f30..875c0c7 100644
--- a/htdocs/moderate/users/delete.php
+++ b/htdocs/moderate/users/delete.php
@@ -10,6 +10,12 @@
 
 require_once('../../src/base.inc.php');
 
+// Verify User is admin
+if (!$_SESSION['currentUser']->isAdmin()) {
+    header('Location: ' . buildUrl('moderate/'));
+    exit;
+}
+
 $error = '';
 
 $user = false;
diff --git a/htdocs/moderate/users/editor.php b/htdocs/moderate/users/editor.php
index 21be99e..c44928f 100644
--- a/htdocs/moderate/users/editor.php
+++ b/htdocs/moderate/users/editor.php
@@ -10,6 +10,12 @@
 
 require_once('../../src/base.inc.php');
 
+// Verify User is admin
+if (!$_SESSION['currentUser']->isAdmin()) {
+    header('Location: ' . buildUrl('moderate/'));
+    exit;
+}
+
 $error = '';
 
 // Get the current user object.
diff --git a/htdocs/moderate/users/index.php b/htdocs/moderate/users/index.php
index cda6232..c4aee54 100644
--- a/htdocs/moderate/users/index.php
+++ b/htdocs/moderate/users/index.php
@@ -10,6 +10,12 @@
 
 require_once('../../src/base.inc.php');
 
+// Verify User is admin
+if (!$_SESSION['currentUser']->isAdmin()) {
+    header('Location: ' . buildUrl('moderate/'));
+    exit;
+}
+
 $error = '';
 
 require_once('../src/header.inc.php');
-- 
cgit v1.2.3