jan/e59-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Resolved confidential articles showing in users page

Browse Source
This commit is contained in:
cbo 2024-03-15 23:46:39 +00:00
parent 726bdad304
commit 6fee23659a
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/global.ini
View File

@ -12,7 +12,7 @@ databaseHost = "127.0.0.1"
pageTitle = "Club Réseaux - E59"
headerTitle = "E59"
headerSubtitle = "Club Réseaux"
footerText = "© Jan BELLON - E59 v1.2"
footerText = "© Jan BELLON - E59 v1.3"
[confidentialLevels]
0 = "E59i-P (Public)"

3
html/users/index.php
View File

@ -117,9 +117,10 @@ if(isset($_GET['u']) && empty($_GET['u']) == false) {
<div class="user-content">
<?php
$search = isset($_GET['search']) ? "%" . htmlspecialchars($_GET['search']) . "%" : "%%";
$request = $pdo->prepare("SELECT ID, title, date, miniature, resume FROM articles WHERE (title LIKE :search OR ID LIKE :search) AND author = :userID ORDER BY date DESC");
$request = $pdo->prepare("SELECT ID, title, date, miniature, resume FROM articles WHERE (title LIKE :search OR ID LIKE :search) AND author = :userID AND classification <= :userLevel ORDER BY date DESC");
$request->bindParam(":search", $search);
$request->bindParam(":userID", $userID);
$request->bindParam(":userLevel", $_SESSION['userLevel']);
$request->execute();
$result = $request->fetchAll(PDO::FETCH_ASSOC);
echo ('<h1>Articles de ' . $userDisplayName . '</h1>');