diff options
Diffstat (limited to 'controllers')
| -rw-r--r-- | controllers/user.php | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/controllers/user.php b/controllers/user.php index ac906a0..bc3da70 100644 --- a/controllers/user.php +++ b/controllers/user.php @@ -65,8 +65,9 @@ function on_delete() { global $user_status; $user_status = ""; + $user = null; try { - Database\Cookie::fromDB($TOKEN); + $user = Database\Cookie::fromDB($TOKEN); } catch (Exception $e) { $user_status = 'Invalid token!'; @@ -82,6 +83,11 @@ function on_delete() { return; } + if ($user->UID !== $to_delete->UID && $user->Role !== 'Admin') { + $list_status = 'You have no permission to delete this user!'; + return; + } + $to_delete->delete(); header('Location: /'); |