From 1800a1e9022a9f4316e0d57a650faed9da0e8df4 Mon Sep 17 00:00:00 2001 From: Jesse Morgan Date: Thu, 2 Jun 2011 16:20:09 -0700 Subject: Require admin rights to access users page --- htdocs/moderate/users/delete.php | 6 ++++++ htdocs/moderate/users/editor.php | 6 ++++++ htdocs/moderate/users/index.php | 6 ++++++ 3 files changed, 18 insertions(+) (limited to 'htdocs/moderate/users') diff --git a/htdocs/moderate/users/delete.php b/htdocs/moderate/users/delete.php index f721f30..875c0c7 100644 --- a/htdocs/moderate/users/delete.php +++ b/htdocs/moderate/users/delete.php @@ -10,6 +10,12 @@ require_once('../../src/base.inc.php'); +// Verify User is admin +if (!$_SESSION['currentUser']->isAdmin()) { + header('Location: ' . buildUrl('moderate/')); + exit; +} + $error = ''; $user = false; diff --git a/htdocs/moderate/users/editor.php b/htdocs/moderate/users/editor.php index 21be99e..c44928f 100644 --- a/htdocs/moderate/users/editor.php +++ b/htdocs/moderate/users/editor.php @@ -10,6 +10,12 @@ require_once('../../src/base.inc.php'); +// Verify User is admin +if (!$_SESSION['currentUser']->isAdmin()) { + header('Location: ' . buildUrl('moderate/')); + exit; +} + $error = ''; // Get the current user object. diff --git a/htdocs/moderate/users/index.php b/htdocs/moderate/users/index.php index cda6232..c4aee54 100644 --- a/htdocs/moderate/users/index.php +++ b/htdocs/moderate/users/index.php @@ -10,6 +10,12 @@ require_once('../../src/base.inc.php'); +// Verify User is admin +if (!$_SESSION['currentUser']->isAdmin()) { + header('Location: ' . buildUrl('moderate/')); + exit; +} + $error = ''; require_once('../src/header.inc.php'); -- cgit v1.2.3