From 68e96441e2e3555abf7c7a855f7b8bb889dc1c80 Mon Sep 17 00:00:00 2001
From: xiaomlove <i353856593@163.com>
Date: Fri, 21 Oct 2022 00:26:39 +0800
Subject: [PATCH] user can not send invite can view invitee

---
 include/constants.php | 4 ++--
 public/invite.php     | 8 +++++---
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/include/constants.php b/include/constants.php
index 1825f479..3dc834db 100644
--- a/include/constants.php
+++ b/include/constants.php
@@ -1,6 +1,6 @@
 <?php
-defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.7.29');
-defined('RELEASE_DATE') || define('RELEASE_DATE', '2022-10-13');
+defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.7.30');
+defined('RELEASE_DATE') || define('RELEASE_DATE', '2022-10-21');
 defined('IN_TRACKER') || define('IN_TRACKER', false);
 defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP");
 defined('NEXUSPHPURL') || define("NEXUSPHPURL","https://nexusphp.org");
diff --git a/public/invite.php b/public/invite.php
index 3de3dd13..0fd81274 100644
--- a/public/invite.php
+++ b/public/invite.php
@@ -15,14 +15,14 @@ function inviteMenu ($selected = "invitee") {
     print ("<div id=\"invitenav\" style='position: relative'><ul id=\"invitemenu\" class=\"menu\">");
     print ("<li" . ($selected == "invitee" ? " class=selected" : "") . "><a href=\"?id=".$id."&menu=invitee\">".$lang_invite['text_invite_status']."</a></li>");
     print ("<li" . ($selected == "sent" ? " class=selected" : "") . "><a href=\"?id=".$id."&menu=sent\">".$lang_invite['text_sent_invites_status']."</a></li>");
-    print ("</ul><form style='position: absolute;top:0;right:0' method=post action=invite.php?id=".htmlspecialchars($id)."&type=new><input type=submit ".($CURUSER['invites'] <= 0 ? "disabled " : "")." value='".$lang_invite['sumbit_invite_someone']."'></form></div>");
+    if (user_can('sendinvite')) {
+        print ("</ul><form style='position: absolute;top:0;right:0' method=post action=invite.php?id=".htmlspecialchars($id)."&type=new><input type=submit ".($CURUSER['invites'] <= 0 ? "disabled " : "")." value='".$lang_invite['sumbit_invite_someone']."'></form></div>");
+    }
     end_main_frame();
 }
 
 if (($CURUSER['id'] != $id && !user_can('viewinvite')) || !is_valid_id($id))
 stderr($lang_invite['std_sorry'],$lang_invite['std_permission_denied']);
-if (!user_can('sendinvite'))
-stderr($lang_invite['std_sorry'],$lang_invite['std_only'].get_user_class_name($sendinvite_class,false,true,true).$lang_invite['std_or_above_can_invite'],false);
 $res = sql_query("SELECT username FROM users WHERE id = ".mysql_real_escape_string($id)) or sqlerr();
 $user =  mysql_fetch_assoc($res);
 stdhead($lang_invite['head_invites']);
@@ -46,6 +46,8 @@ if ($inv["invites"] != 1){
 }
 
 if ($type == 'new'){
+    if (!user_can('sendinvite'))
+    stderr($lang_invite['std_sorry'],$lang_invite['std_only'].get_user_class_name($sendinvite_class,false,true,true).$lang_invite['std_or_above_can_invite'],false, false);
     registration_check('invitesystem',true,false);
 	if ($CURUSER['invites'] <= 0) {
 		stdmsg($lang_invite['std_sorry'],$lang_invite['std_no_invites_left'].