On my forum, I'm having an issue where non-staff members can view staff related posts that are otherwise hidden to normal users. Upon investigating I've discovered that staff related topics do not show up, whereas individual posts do.
In my controller/profile.php, for posts (live sample), it shows:
$user_posts = $this->db->query("SELECT topics.topic_id as tp_id,
forums.staff,
topics.topic_title,
tp_new.post_id as ps_id,
tp_new.topic_post_id as tps_id,
tp_new.topic_id,
tp_new.author_id,
tp_new.post_time,
topic_post_text.text as post_body
FROM (SELECT post_id FROM topic_posts WHERE topic_posts.author_id = ".$user_id." ORDER BY post_id DESC LIMIT ".$this->uri->segment(4, 0).", ".$config['per_page'].") tp_old
JOIN topic_posts tp_new ON tp_new.post_id = tp_old.post_id
JOIN `topic_post_text` ON `topic_post_text`.`post_id` = `tp_new`.`post_id`
JOIN `topics` ON `tp_new`.`topic_id` = `topics`.`topic_id`
JOIN `forums` ON `forums`.`forum_id` = `topics`.`forum_id`
ORDER BY tp_new.post_id DESC")->result_array();
And for topics (live sample), it shows:
$user_topics = $this->db->select('*')
->from('topics')
->where('topics.topic_author', $user_id)
->where('forums.staff', 0)
->join('forums', 'forums.forum_id = topics.forum_id')
->order_by('topics.topic_id', 'desc')
->limit($config['per_page'], $this->uri->segment(4, 0))
->get()
->result_array();
How do I change my posts display to not show staff posts?
