<body><div id="container">';
private $footer = '</div><div id="footer"><p>Powered by <a href="https://qtadmin.datanom.net"
title="Goto QtAdmin homepage">QtAdmin</a>. © 2015 by Michael Rasmussen</p>
- </div></body></html>';
+ </div></body></html>';
private $heading = '<p id="time" class="time">Session timeout:
<span id="timer"></span></p><h1 class="h1">__TITLE__</h1>';
return $user;
}
+ public function authorized($recipient) {
+ $authorized = false;
+
+ if ($this->isAdmin() || $this->getUser() == $recipient) {
+ $authorized = true;
+ }
+
+ return $authorized;
+ }
+
public function getHeader() {
$this->log("getHeader", 4);
$util = new Utils;
$loggedIn = $util->isLoggedIn();
if ($loggedIn && isset($_GET['id'])) {
+ $id = $_GET['id'];
+ $mail = unserialize($_SESSION['mailInfo'][$id]);
+
+ if (false == $util->authorized($mail->recipient)) {
+ header('Location: index.php');
+ exit;
+ }
+
$util->setHeading('Spam Report');
echo $util->getHeader();
echo $util->getHeading();
- $id = $_GET['id'];
- $mail = unserialize($_SESSION['mailInfo'][$id]);
-
$row = $DB->getMail($id);
$string = $row->mail_text;
$sa_tests = null;