Home Explore Help
Register Sign In
NSHkD
/
Gazelle
forked from Oppaitime/Gazelle
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Allow sysops to delete invites

spaghetti 7 years ago
parent
32d128f188
commit
4de72728fa
1 changed files with 10 additions and 7 deletions
Unified View Show Diff Stats
  1. 10
    7
      sections/user/delete_invite.php

+ 10
- 7
sections/user/delete_invite.php View File

5 
 $DB->query("
 5 
 $DB->query("
6 
   SELECT InviterID
 6 
   SELECT InviterID
7 
   FROM invites
 7 
   FROM invites
8 
-  WHERE InviteKey = '$InviteKey'");
8 
+  WHERE InviteKey = ?", $InviteKey);
9 
 list($UserID) = $DB->next_record();
 9 
 list($UserID) = $DB->next_record();
10 
-if (!$DB->has_results() || $UserID != $LoggedUser['ID']) {
10 
+if (!$DB->has_results()) {
11 
   error(404);
 11 
   error(404);
12 
 }
 12 
 }
13 
+if ($UserID != $LoggedUser['ID'] && $LoggedUser['PermissionID'] != SYSOP) {
14 
+  error(403);
15 
+}
13
16
14 
 $DB->query("
 17 
 $DB->query("
15 
   DELETE FROM invites
 18 
   DELETE FROM invites
16 
-  WHERE InviteKey = '$InviteKey'");
19 
+  WHERE InviteKey = ?", $InviteKey);
17
20
18 
 if (!check_perms('site_send_unlimited_invites')) {
 21 
 if (!check_perms('site_send_unlimited_invites')) {
19 
   $DB->query("
 22 
   $DB->query("
20 
     SELECT Invites
 23 
     SELECT Invites
21 
     FROM users_main
 24 
     FROM users_main
22 
-    WHERE ID = $UserID
23 
-    LIMIT 1");
25 
+    WHERE ID = ?
26 
+    LIMIT 1", $UserID);
24 
   list($Invites) = $DB->next_record();
 27 
   list($Invites) = $DB->next_record();
25 
   if ($Invites < 10) {
 28 
   if ($Invites < 10) {
26 
     $DB->query("
 29 
     $DB->query("
27 
       UPDATE users_main
 30 
       UPDATE users_main
28 
       SET Invites = Invites + 1
 31 
       SET Invites = Invites + 1
29 
-      WHERE ID = '$UserID'");
32 
+      WHERE ID = ?", $UserID);
30 
     $Cache->begin_transaction("user_info_heavy_$UserID");
 33 
     $Cache->begin_transaction("user_info_heavy_$UserID");
31 
-    $Cache->update_row(false, array('Invites' => '+1'));
34 
+    $Cache->update_row(false, ['Invites' => '+1']);
32 
     $Cache->commit_transaction(0);
 35 
     $Cache->commit_transaction(0);
33 
   }
 36 
   }
34 
 }
 37 
 }

Write Preview
Loading…
Cancel
Save