Resolved confidential articles showing in users page

config/global.ini

@@ -12,7 +12,7 @@ databaseHost = "127.0.0.1"
 pageTitle = "Club Réseaux - E59"
 headerTitle = "E59"
 headerSubtitle = "Club Réseaux"
-footerText = "© Jan BELLON - E59 v1.2"
+footerText = "© Jan BELLON - E59 v1.3"
 
 [confidentialLevels]
 0 = "E59i-P (Public)"

html/users/index.php

@@ -117,9 +117,10 @@ if(isset($_GET['u']) && empty($_GET['u']) == false) {
                             <div class="user-content">
                                 <?php
                                     $search = isset($_GET['search']) ? "%" . htmlspecialchars($_GET['search']) . "%" : "%%";
-                                    $request = $pdo->prepare("SELECT ID, title, date, miniature, resume FROM articles WHERE (title LIKE :search OR ID LIKE :search) AND author = :userID ORDER BY date DESC");
+                                    $request = $pdo->prepare("SELECT ID, title, date, miniature, resume FROM articles WHERE (title LIKE :search OR ID LIKE :search) AND author = :userID AND classification <= :userLevel ORDER BY date DESC");
                                     $request->bindParam(":search", $search);
                                     $request->bindParam(":userID", $userID);
+                                    $request->bindParam(":userLevel", $_SESSION['userLevel']);
                                     $request->execute();
                                     $result = $request->fetchAll(PDO::FETCH_ASSOC);
                                     echo ('<h1>Articles de ' . $userDisplayName . '</h1>');