Update file index.php

2024-03-15 12:12:01 +00:00 · 2024-03-15 12:12:01 +00:00 · 36c7918531
commit 36c7918531
parent b129cf7c77
1 changed files with 4 additions and 2 deletions
--- a/html/news/index.php
+++ b/html/news/index.php
@ -69,10 +69,11 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData
                        require_once '../../include/parsedown.php';
                        $parsedown = new Parsedown();

-                        $sqlRequest = "SELECT articles.ID, articles.title, articles.date, articles.miniature, articles.resume, articles.author, users.username, users.display_name, users.certification, users.profile_picture FROM articles JOIN users ON articles.author = users.ID WHERE articles.ID = :articleID AND articles.classification <= :userAccreditation";
+                        $sqlRequest = "SELECT articles.ID, articles.title, articles.date, articles.miniature, articles.resume, articles.author, users.username, users.display_name, users.certification, users.profile_picture FROM articles JOIN users ON articles.author = users.ID WHERE articles.ID = :articleID AND (articles.classification <= :userAccreditation OR articles.author = :userID)";
                        $request = $pdo->prepare($sqlRequest);
                        $request->bindParam(":articleID", $_GET['article']);
                        $request->bindParam(":userAccreditation", $_SESSION['userAccreditation']);
+                        $request->bindParam(":userID", $_SESSION['userID']);
                        $request->execute();
                        $result = $request->fetchAll(PDO::FETCH_ASSOC);

@ -113,10 +114,11 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData

                    } else {
                        $search = isset($_GET['search']) ? "%" . htmlspecialchars($_GET['search']) . "%" : "%%";
-                        $sqlRequest = "SELECT articles.ID, articles.title, articles.date, articles.miniature, articles.resume, users.username, users.display_name FROM articles JOIN users ON articles.author = users.ID WHERE (articles.title LIKE :search OR articles.ID LIKE :search OR users.username LIKE :search) AND articles.classification <= :userAccreditation ORDER BY articles.date DESC";
+                        $sqlRequest = "SELECT articles.ID, articles.title, articles.date, articles.miniature, articles.resume, users.username, users.display_name FROM articles JOIN users ON articles.author = users.ID WHERE (articles.title LIKE :search OR articles.ID LIKE :search OR users.username LIKE :search) AND (articles.classification <= :userAccreditation OR articles.author = :userID) ORDER BY articles.date DESC";
                        $request = $pdo->prepare($sqlRequest);
                        $request->bindParam(":search", $search);
                        $request->bindParam(":userAccreditation", $_SESSION['userAccreditation']);
+                        $request->bindParam(":userID", $_SESSION['userID']);
                        $request->execute();
                        $result = $request->fetchAll(PDO::FETCH_ASSOC);