lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-24 20:17:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

takeconfirm.php check permission

Browse Source
This commit is contained in:
xiaomlove
2024-04-29 01:41:55 +08:00
parent b0116eef21
commit 88281dc99a
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/takeconfirm.php
+2
View File
@@ -5,6 +5,8 @@ require_once(get_langfile_path());
loggedinorreturn(); loggedinorreturn();
$id = isset($_POST['id']) ? intval($_POST['id']) : (isset($_GET['id']) ? intval($_GET['id']) : die()); $id = isset($_POST['id']) ? intval($_POST['id']) : (isset($_GET['id']) ? intval($_GET['id']) : die());
int_check($id,true); int_check($id,true);
if (($CURUSER['id'] != $id && !user_can('viewinvite')) || !is_valid_id($id))
stderr($lang_functions['std_sorry'],$lang_functions['std_permission_denied'], true, false);
$email = unesc(htmlspecialchars(trim($_POST["email"]))); $email = unesc(htmlspecialchars(trim($_POST["email"])));
if(!empty($_POST['conusr'])) { if(!empty($_POST['conusr'])) {
// sql_query("UPDATE users SET status = 'confirmed', editsecret = '' WHERE id IN (" . implode(", ", $_POST['conusr']) . ") AND status='pending'"); // sql_query("UPDATE users SET status = 'confirmed', editsecret = '' WHERE id IN (" . implode(", ", $_POST['conusr']) . ") AND status='pending'");