flashii/misuzu
flashii/misuzu
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed another one of em oversights.

Browse source
This commit is contained in:
flash 2018-10-03 01:09:41 +02:00
parent 2dbe78f626
commit 22a7f46959
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
misuzu.php
View file

@ -299,18 +299,18 @@ MIG;
'); ');
$getUserDisplayInfo->bindValue('user_id', $mszUserId); $getUserDisplayInfo->bindValue('user_id', $mszUserId);
$userDisplayInfo = $getUserDisplayInfo->execute() ? $getUserDisplayInfo->fetch() : []; $userDisplayInfo = $getUserDisplayInfo->execute() ? $getUserDisplayInfo->fetch() : [];
tpl_var('current_user', $userDisplayInfo);
} }
csrf_init($app->getCsrfSecretKey(), empty($userDisplayInfo) ? ip_remote_address() : $_COOKIE['msz_sid']); csrf_init($app->getCsrfSecretKey(), empty($userDisplayInfo) ? ip_remote_address() : $_COOKIE['msz_sid']);
$privateInfo = $app->getPrivateInfo(); $privateInfo = $app->getPrivateInfo();
if (!$misuzuBypassLockdown && $privateInfo['enabled'] && !empty($userDisplayInfo)) { if (!$misuzuBypassLockdown && $privateInfo['enabled']) {
if (user_session_active()) { if (user_session_active()) {
$generalPerms = perms_get_user(MSZ_PERMS_GENERAL, $userDisplayInfo['user_id']); $generalPerms = perms_get_user(MSZ_PERMS_GENERAL, $userDisplayInfo['user_id']);
if (!perms_check($generalPerms, $privateInfo['permission'])) { if ($privateInfo['permission'] && !perms_check($generalPerms, $privateInfo['permission'])) {
unset($userDisplayInfo);
user_session_stop(); // au revoir user_session_stop(); // au revoir
} }
} else { } else {
@ -322,6 +322,10 @@ MIG;
} }
} }
if (!empty($userDisplayInfo)) {
tpl_var('current_user', $userDisplayInfo);
}
$inManageMode = starts_with($_SERVER['REQUEST_URI'], '/manage'); $inManageMode = starts_with($_SERVER['REQUEST_URI'], '/manage');
$hasManageAccess = perms_check(perms_get_user(MSZ_PERMS_GENERAL, $userDisplayInfo['user_id'] ?? 0), MSZ_PERM_GENERAL_CAN_MANAGE); $hasManageAccess = perms_check(perms_get_user(MSZ_PERMS_GENERAL, $userDisplayInfo['user_id'] ?? 0), MSZ_PERM_GENERAL_CAN_MANAGE);
tpl_var('has_manage_access', $hasManageAccess); tpl_var('has_manage_access', $hasManageAccess);