diff --git a/sections/staff/index.php b/sections/staff/index.php index 1aa15c14..54badc01 100644 --- a/sections/staff/index.php +++ b/sections/staff/index.php @@ -27,7 +27,8 @@ Send to: @@ -83,7 +84,7 @@ $CloseTable = true; echo '

'.$ClassName.'s

'; ?> - +

Forum Mods are users who have been promoted to help moderate the forums. They can only help with forum oriented questions

diff --git a/sections/userhistory/email_history.php b/sections/userhistory/email_history.php index 191644c4..d7fa9576 100644 --- a/sections/userhistory/email_history.php +++ b/sections/userhistory/email_history.php @@ -10,14 +10,18 @@ ************************************************************************/ -if(!check_perms('users_view_email')) { error(403); } $UserID = $_GET['userid']; if (!is_number($UserID)) { error(404); } -$UsersOnly = $_GET['usersonly']; -$DB->query("SELECT m.Username, i.JoinDate FROM users_main AS m JOIN users_info AS i ON m.ID=i.UserID WHERE ID = $UserID"); -list($Username,$Joined) = $DB->next_record(); +$DB->query("SELECT um.Username, ui.JoinDate, p.Level AS Class FROM users_main AS um JOIN users_info AS ui ON um.ID=ui.UserID JOIN permissions AS p ON p.ID=um.PermissionID WHERE um.ID = $UserID"); +list($Username, $Joined, $Class) = $DB->next_record(); + +if(!check_perms('users_view_email', $Class)) { + error(403); +} + +$UsersOnly = $_GET['usersonly']; show_header("Email history for $Username"); diff --git a/sections/userhistory/email_history2.php b/sections/userhistory/email_history2.php index 988c5663..f9dc3cb4 100644 --- a/sections/userhistory/email_history2.php +++ b/sections/userhistory/email_history2.php @@ -10,14 +10,17 @@ ************************************************************************/ -if(!check_perms('users_view_email')) { error(403); } - $UserID = $_GET['userid']; if (!is_number($UserID)) { error(404); } -$UsersOnly = $_GET['usersonly']; -$DB->query("SELECT m.Username, i.JoinDate FROM users_main AS m JOIN users_info AS i ON m.ID=i.UserID WHERE ID = $UserID"); -list($Username,$Joined) = $DB->next_record(); +$DB->query("SELECT um.Username, ui.JoinDate, p.Level AS Class FROM users_main AS um JOIN users_info AS ui ON um.ID=ui.UserID JOIN permissions AS p ON p.ID=um.PermissionID WHERE um.ID = $UserID"); +list($Username, $Joined, $Class) = $DB->next_record(); + +if(!check_perms('users_view_email', $Class)) { + error(403); +} + +$UsersOnly = $_GET['usersonly']; show_header("Email history for $Username"); diff --git a/sections/userhistory/ip_history.php b/sections/userhistory/ip_history.php index 46a071f8..8cfe8bfc 100644 --- a/sections/userhistory/ip_history.php +++ b/sections/userhistory/ip_history.php @@ -12,14 +12,17 @@ define('IPS_PER_PAGE', 25); -if(!check_perms('users_view_ips')) { error(403); } - $UserID = $_GET['userid']; if (!is_number($UserID)) { error(404); } -$UsersOnly = $_GET['usersonly']; -$DB->query("SELECT UserName FROM users_main WHERE ID = $UserID"); -list($Username) = $DB->next_record(); +$DB->query("SELECT um.Username, p.Level AS Class FROM users_main AS um LEFT JOIN permissions AS p ON p.ID=um.PermissionID WHERE um.ID = ".$UserID); +list($Username, $Class) = $DB->next_record(); + +if(!check_perms('users_view_ips', $Class)) { + error(403); +} + +$UsersOnly = $_GET['usersonly']; show_header("IP history for $Username"); ?> diff --git a/sections/userhistory/ip_tracker_history.php b/sections/userhistory/ip_tracker_history.php index 093960ba..27a835cb 100644 --- a/sections/userhistory/ip_tracker_history.php +++ b/sections/userhistory/ip_tracker_history.php @@ -12,14 +12,19 @@ define('IPS_PER_PAGE', 25); -if(!check_perms('users_view_ips') || !check_perms('users_mod')) { error(403); } +if(!check_perms('users_mod')) { error(403); } $UserID = $_GET['userid']; if (!is_number($UserID)) { error(404); } -$UsersOnly = $_GET['usersonly']; -$DB->query("SELECT UserName FROM users_main WHERE ID = $UserID"); -list($Username) = $DB->next_record(); +$DB->query("SELECT um.Username, p.Level AS Class FROM users_main AS um LEFT JOIN permissions AS p ON p.ID=um.PermissionID WHERE um.ID = ".$UserID); +list($Username, $Class) = $DB->next_record(); + +if(!check_perms('users_view_ips', $Class)) { + error(403); +} + +$UsersOnly = $_GET['usersonly']; show_header("Tracker IP history for $Username"); ?> diff --git a/sections/userhistory/passkey_history.php b/sections/userhistory/passkey_history.php index 86683cb9..5271aa47 100644 --- a/sections/userhistory/passkey_history.php +++ b/sections/userhistory/passkey_history.php @@ -10,13 +10,15 @@ ************************************************************************/ -if(!check_perms('users_view_keys')) { error(403); } - $UserID = $_GET['userid']; if (!is_number($UserID)) { error(404); } -$DB->query("SELECT UserName FROM users_main WHERE ID = $UserID"); -list($Username) = $DB->next_record(); +$DB->query("SELECT um.Username, p.Level AS Class FROM users_main AS um LEFT JOIN permissions AS p ON p.ID=um.PermissionID WHERE um.ID = ".$UserID); +list($Username, $Class) = $DB->next_record(); + +if(!check_perms('users_view_keys', $Class)) { + error(403); +} show_header("PassKey history for $Username"); diff --git a/sections/userhistory/password_history.php b/sections/userhistory/password_history.php index 2c5801e1..0ea70d10 100644 --- a/sections/userhistory/password_history.php +++ b/sections/userhistory/password_history.php @@ -10,13 +10,15 @@ ************************************************************************/ -if(!check_perms('users_view_keys')) { error(403); } - $UserID = $_GET['userid']; if (!is_number($UserID)) { error(404); } -$DB->query("SELECT UserName FROM users_main WHERE ID = $UserID"); -list($Username) = $DB->next_record(); +$DB->query("SELECT um.Username, p.Level AS Class FROM users_main AS um LEFT JOIN permissions AS p ON p.ID=um.PermissionID WHERE um.ID = ".$UserID); +list($Username, $Class) = $DB->next_record(); + +if(!check_perms('users_view_keys', $Class)) { + error(403); +} show_header("Password reset history for $Username");