ENGO150/FabrikaHradekTour
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

preventing user from setting admin to himself lol

Browse Source
This commit is contained in:
Václav Šmejkal 2024-05-22 21:01:02 +02:00
parent 67f704d19e
commit 4a46719b46
Signed by: ENGO150
GPG Key ID: 4A57E86482968843
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
res/forum/api/update_user.php
View File

@ -9,15 +9,20 @@ $out = $database -> query("SELECT username, admin, user_info FROM user WHERE BIN
if (!isset($_GET["old_username"])) return; if (!isset($_GET["old_username"])) return;
$user = false;
if ($out -> num_rows != 1 && $_GET["old_username"] != $_SESSION["username"]) if ($out -> num_rows != 1 && $_GET["old_username"] != $_SESSION["username"])
{ {
fail: fail:
echo "nope"; echo "nope";
header("Location: ../../../index.php"); header("Location: ../../../index.php");
return; return;
} else if ($out -> num_rows != 1)
{
$user = true;
} }
$user_info_id = (($database -> query("SELECT user_info FROM user WHERE username=\"" . $_GET["old_username"] . "\"")) -> fetch_assoc())["user_info"]; $user_info_id = (($database -> query("SELECT user_info FROM user WHERE username=\"" . $_GET["old_username"] . "\"")) -> fetch_assoc())["user_info"];
$database -> query("UPDATE user SET username=\"" . $_GET["username"] . "\", admin=" . $_GET["admin"] . " WHERE user_info=" . $user_info_id); if (!$user) $database -> query("UPDATE user SET username=\"" . $_GET["username"] . "\", admin=" . $_GET["admin"] . " WHERE user_info=" . $user_info_id);
$database -> query("UPDATE user_info SET sex=" . $_GET["sex"] . ", bio=\"" . $_GET["bio"] . "\", nickname=\"" . $_GET["nickname"] . "\" WHERE id=" . $user_info_id); $database -> query("UPDATE user_info SET sex=" . $_GET["sex"] . ", bio=\"" . $_GET["bio"] . "\", nickname=\"" . $_GET["nickname"] . "\" WHERE id=" . $user_info_id);