/admin/account-do.php |
---|
13,7 → 13,7 |
$name = $_POST['name']; |
$user = $page->getUserByID($userID); |
if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user) |
if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user && $page->isUserNormal($page->getLoggedInUser())) |
{ |
if (isset($accessID) && $page->isUserAdmin($page->getLoggedInUser())) |
{ |
/admin/account.php |
---|
11,7 → 11,7 |
$userID = $page->getGetID(); |
$user = $page->getUserByID($userID); |
if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user) |
if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user && $page->isUserNormal($page->getLoggedInUser())) |
{ |
?> |
/admin/index.php |
---|
9,7 → 9,14 |
$page->checkLoggedIn(); |
$user = $page->getLoggedInUser(); |
write('<h4><a href="account.php?id=' . $user->ID. '">Manage Account</a></h4>'); |
if ($page->isUserNormal($user)) |
{ |
write('<h4><a href="account.php?id=' . $user->ID. '">Manage Account</a></h4>'); |
} |
else |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
if ($page->isUserAdmin($user)) |
{ |