fixed api permission problems for non-admins
This commit is contained in:
parent
859b3d5f07
commit
da7f8510bb
GPG Key ID:
4A57E86482968843
@ -7,7 +7,9 @@ if (!isset($_SESSION["username"])) goto fail;
|
|||||||
|
|
||||||
$out = $database -> query("SELECT username, admin FROM user WHERE username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
|
$out = $database -> query("SELECT username, admin FROM user WHERE username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
|
||||||
|
|
||||||
if ($out -> num_rows != 1)
|
if (!isset($_GET["username"])) return;
|
||||||
|
|
||||||
|
if ($out -> num_rows != 1 && $_GET["username"] != $_SESSION["username"])
|
||||||
{
|
{
|
||||||
fail:
|
fail:
|
||||||
echo "nope";
|
echo "nope";
|
||||||
@ -15,8 +17,6 @@ if ($out -> num_rows != 1)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!isset($_GET["username"])) return;
|
|
||||||
|
|
||||||
$out = $database -> query("SELECT user.username, user.admin, user_info.bio, user_info.nickname, user_info.sex FROM user INNER JOIN user_info ON user.user_info=user_info.id AND username=\"" . $_GET["username"] . "\"");
|
$out = $database -> query("SELECT user.username, user.admin, user_info.bio, user_info.nickname, user_info.sex FROM user INNER JOIN user_info ON user.user_info=user_info.id AND username=\"" . $_GET["username"] . "\"");
|
||||||
|
|
||||||
$output = array();
|
$output = array();
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user