OpencachingDeutschland/oc-server3
1
0
Fork 0
Code Issues Pull Requests Releases Activity

restrict access to owner loglists

Browse Source
This commit is contained in:
following
2013-07-24 16:17:36 +02:00
parent 0c3755db81
commit 8ca60665f0
2 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
htdocs/ownerlogs.php
View File

@ -11,8 +11,10 @@
$tpl->menuitem = MNU_MYPROFILE_OWNERLOGS; $tpl->menuitem = MNU_MYPROFILE_OWNERLOGS;
$login->verify(); $login->verify();
if (isset($_REQUEST['userid'])) if (isset($_REQUEST['userid']) && $login->hasAdminPriv(ADMIN_USER))
$ownerid = $_REQUEST['userid']+0; $ownerid = $_REQUEST['userid']+0;
else if ($login->userid == 0)
$tpl->redirect('login.php?target=ownerlogs.php');
else else
$ownerid = $login->userid; $ownerid = $login->userid;
@ -22,7 +24,10 @@
$tpl->assign('ownername', $ownername); $tpl->assign('ownername', $ownername);
$tpl->assign('ownerid', $ownerid); $tpl->assign('ownerid', $ownerid);
$show_own_logs = isset($_REQUEST['ownlogs']) && $_REQUEST['ownlogs']; if ($ownerid != $login->userid)
$show_own_logs = true;
else
$show_own_logs = isset($_REQUEST['ownlogs']) && $_REQUEST['ownlogs'];
$tpl->assign('show_own_logs', $show_own_logs); $tpl->assign('show_own_logs', $show_own_logs);
$tpl->assign('ownlogs', $ownerid == $login->userid); $tpl->assign('ownlogs', $ownerid == $login->userid);

2
htdocs/templates2/ocstyle/adminuser.tpl
View File

@ -95,7 +95,7 @@
</tr> </tr>
<tr> <tr>
<td>{t}Active geocaches:{/t}</td> <td>{t}Active geocaches:{/t}</td>
<td>{$user.hidden_active|escape}</td> <td>{$user.hidden_active|escape} &nbsp; &ndash; &nbsp; <a href="ownerlogs.php?userid={$user.user_id|escape}">{t}Show all logentries{/t}</a></td>
</tr> </tr>
<tr> <tr>
<td>{t}Cache reports{/t}:</td> <td>{t}Cache reports{/t}:</td>