Fixed used-editing page for administrators - permissions editing works properly

Fixed redirects for links opening in iFrame instead of redirecting the window
2025-03-11 20:04:26 -04:00 · 2025-03-11 20:04:26 -04:00 · 4b7a4003b3
commit 4b7a4003b3
parent 53c95d9897
2 changed files with 23 additions and 10 deletions
--- a/admin/user_management/edit_user.php
+++ b/admin/user_management/edit_user.php
@ -84,18 +84,15 @@
    echo $discordLink;
    echo "<p></p>";

-
-    if ($_POST["administrator"] != $userInfo["privileges"]) {
+    if ($_POST["privileges"] == "administrator") {
      $privileges = 1;
-    } else {
-      $privileges = $userInfo["privileges"];
-    }
-    if ($_POST["moderator"] != $userInfo["privileges"]) {
+    } else if ($_POST["privileges"] == "moderator") {
      $privileges = 2;
    } else {
-      $privileges = $userInfo["privileges"];
+      $privileges = 0;
    }

+
   // Prepare the command
    $update = $conn->prepare("UPDATE " . $userTableName . " SET 
    privileges = :privileges,
@ -118,7 +115,7 @@

    $update->execute(); // Execute query

-    
+    if ($username == $_SESSION["username"]) {
    // Function from StackOverflow used to get the base URL, to which we append
    // the redirect (where the user came from)
    function url(){
@ -135,10 +132,25 @@
    // Redirect user back to their page
    echo "<script>window.top.location.href = \"" . $address . "\";</script>";

-    echo "<p>Account successfully updated</p>";
    echo "<p>You should have been redirected to your account. Here's a link:</p>";
-    echo "<p><a href=\"/user/" . $_SESSION["username"] . " \">My Account</a></p>";
+    echo "<p><a href=\"/user/" . $_SESSION["username"] . " \" onclick=\"redirect('this', '/user/" . $_SESSION["username"] . "')\">My Account</a></p>";
+    } else {
+      function url(){
+          return sprintf(
+            "%s://%s/user/%s",
+            isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ? 'https' : 'http',
+            $_SERVER['SERVER_NAME'],
+            $_SESSION["username"]
+          );
+        }
+  
+        $address = url();

+    echo "<p>Account successfully updated</p>";
+    echo "<p><a href=\"/user/" . $username . " \" onclick=\"redirect('this', '/user/" . $username . "')\">Back</a></p>";
+
+    }
+    

  } catch (PDOException $e) { // failed connection
    echo "Connection failed: " . $e->getMessage();
--- a/admin/user_management/user_edit_form.php
+++ b/admin/user_management/user_edit_form.php
@ -83,6 +83,7 @@ try {  // Try opening the SQL database connection
                </div>
                <p>&nbsp;</p>
                <input type="submit" value="EDIT" />
+                <input type="hidden" id="username" name="username" value="<?php echo $username; ?>" >
            </form>
            <script>setPrivilegeLevel(<?php echo $userData["privileges"]; ?>)</script>