From 36c79185317132e8aa22bb34349e478966ac622a Mon Sep 17 00:00:00 2001
From: Jan BELLON <jan@intra.e59.fr>
Date: Fri, 15 Mar 2024 12:12:01 +0000
Subject: [PATCH] Update file index.php

---
 html/news/index.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/html/news/index.php b/html/news/index.php
index c73cafca..c6769091 100644
--- a/html/news/index.php
+++ b/html/news/index.php
@@ -69,10 +69,11 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData
                         require_once '../../include/parsedown.php';
                         $parsedown = new Parsedown();
 
-                        $sqlRequest = "SELECT articles.ID, articles.title, articles.date, articles.miniature, articles.resume, articles.author, users.username, users.display_name, users.certification, users.profile_picture FROM articles JOIN users ON articles.author = users.ID WHERE articles.ID = :articleID AND articles.classification <= :userAccreditation";
+                        $sqlRequest = "SELECT articles.ID, articles.title, articles.date, articles.miniature, articles.resume, articles.author, users.username, users.display_name, users.certification, users.profile_picture FROM articles JOIN users ON articles.author = users.ID WHERE articles.ID = :articleID AND (articles.classification <= :userAccreditation OR articles.author = :userID)";
                         $request = $pdo->prepare($sqlRequest);
                         $request->bindParam(":articleID", $_GET['article']);
                         $request->bindParam(":userAccreditation", $_SESSION['userAccreditation']);
+                        $request->bindParam(":userID", $_SESSION['userID']);
                         $request->execute();
                         $result = $request->fetchAll(PDO::FETCH_ASSOC);
 
@@ -113,10 +114,11 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData
 
                     } else {
                         $search = isset($_GET['search']) ? "%" . htmlspecialchars($_GET['search']) . "%" : "%%";
-                        $sqlRequest = "SELECT articles.ID, articles.title, articles.date, articles.miniature, articles.resume, users.username, users.display_name FROM articles JOIN users ON articles.author = users.ID WHERE (articles.title LIKE :search OR articles.ID LIKE :search OR users.username LIKE :search) AND articles.classification <= :userAccreditation ORDER BY articles.date DESC";
+                        $sqlRequest = "SELECT articles.ID, articles.title, articles.date, articles.miniature, articles.resume, users.username, users.display_name FROM articles JOIN users ON articles.author = users.ID WHERE (articles.title LIKE :search OR articles.ID LIKE :search OR users.username LIKE :search) AND (articles.classification <= :userAccreditation OR articles.author = :userID) ORDER BY articles.date DESC";
                         $request = $pdo->prepare($sqlRequest);
                         $request->bindParam(":search", $search);
                         $request->bindParam(":userAccreditation", $_SESSION['userAccreditation']);
+                        $request->bindParam(":userID", $_SESSION['userID']);
                         $request->execute();
                         $result = $request->fetchAll(PDO::FETCH_ASSOC);