/forums/add-post-do.php |
---|
20,6 → 20,11 |
$title = $_POST['title']; |
$content = $_POST['content']; |
if (!$page->isUserNormal($page->getLoggedInUser())) |
{ |
$page->redirect('add-post.php?error=You do not have permission to access this page'); |
} |
if (empty($title)) |
{ |
$page->redirect('add-post.php?error=No Title Specified'); |
/forums/add-post.php |
---|
20,7 → 20,7 |
$categoryID = -1; |
} |
if ($page->isLoggedIn()) |
if ($page->isLoggedIn() && $page->isUserNormal($page->getLoggedInUser)) |
{ |
if (isset($_GET['error'])) |
/forums/delete-post-do.php |
---|
9,7 → 9,7 |
$id = $page->getGetID(); |
$post = $page->getForumPost($id); |
if (($page->isUserAdmin($page->getLoggedInUser()) || $post->author->ID == $page->getLoggedInUser()->ID) && $post) |
if (($page->isUserAdmin($page->getLoggedInUser()) || $post->author->ID == $page->getLoggedInUser()->ID) && $post && $page->isUserNormal($page->getLoggedInUser())) |
{ |
$page->query('DELETE FROM ForumPosts WHERE ID = ' . $id); |
$page->redirect('index.php'); |
/forums/index.php |
---|
24,7 → 24,7 |
{ |
write('<a href="index.php?parentID=-1">Back to root</a>'); |
} |
if ($page->isLoggedIn()) |
if ($page->isLoggedIn() && $page->isUserNormal($page->getLoggedInUser())) |
{ |
if ($parentID != -1) |
{ |