vb.org Archive
Page 10 of 28 « First 89 10 111220 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.0 Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=33)
-   -   Inline Moderation Tools (v1.2.1) (https://vborg.vbsupport.ru/showthread.php?t=68791)

Zoints 11-17-2004 07:51 PM
That fixed it rob_daemon, thank you! Great support.

rob_daemon 11-18-2004 05:08 AM
Glad that fixed it up :).

Zoints 11-22-2004 05:29 AM
Here's a troublesome bug. I found today when doing an IP search that some people were showing as having posted under other's IP's, including admin, supermods, and such. I thought there was an exploit until I investigated and found it was a bug with this hack. When merging posts, you use:

Code:
$DB_site->query("UPDATE " . TABLE_PREFIX . "post SET pagetext = '" . addslashes($_POST['finalpost']) . "', userid = " . intval($_POST['mergeuser']) . ", title = '" . addslashes(htmlspecialchars_uni($_POST['title'])) . "' WHERE postid = {$vars['newpost']['postid']}");
However, it just updates the userid, but not the username which wreaks all kinds of havok.

rob_daemon 11-22-2004 09:08 PM
Quote:
Originally Posted by thegunowner149
Here's a troublesome bug. I found today when doing an IP search that some people were showing as having posted under other's IP's, including admin, supermods, and such. I thought there was an exploit until I investigated and found it was a bug with this hack. When merging posts, you use:

Code:
$DB_site->query("UPDATE " . TABLE_PREFIX . "post SET pagetext = '" . addslashes($_POST['finalpost']) . "', userid = " . intval($_POST['mergeuser']) . ", title = '" . addslashes(htmlspecialchars_uni($_POST['title'])) . "' WHERE postid = {$vars['newpost']['postid']}");
However, it just updates the userid, but not the username which wreaks all kinds of havok.
Thanks. I've set it to now update all the user-based fields. The new update should be coming either today or tomorrow :).

theArchitect 11-27-2004 09:18 PM
Quote:
Originally Posted by rob_daemon
Thanks. I've set it to now update all the user-based fields. The new update should be coming either today or tomorrow :).
Sorry to bug you, I know that you are busy with School, but do you have an eta on the update?

sv1cec 12-03-2004 06:17 AM
I just installed this hack, and it is a God-send, thank you.

Just one suggestion, instead of using can_moderate(), why don't you use can_moderate($forumid, '', $bbuserinfo[userid])? In that way, the checkboxes etc. will appear only in the forums that the moderator can actually moderate. This works in forumdisplay, etc. In postbit and postbit_legacy, use can_moderate($forum[forumid], '', $bbuserinfo[userid]).

I also noticed a dangerous issue here. A moderator can delete a post, which is made by an administrator or a super moderator. I am sure you wouldn't like this happening. I am working on finding a way to prevent that.

Now, I am going to see what I can do about the search results thing.

Rgds
----------
John
SV1CEC

rob_daemon 12-03-2004 10:01 PM
For the first bit: yes, as I stated above the new version that I hope to release this weekend does take care of that by having a conditions that attend to that.

For the second bit: That's how the vB permission system works. If a moderator can delete posts, he or she is eligible to delete any posts, regardless of the users' rank.

sv1cec 12-04-2004 04:27 AM
Quote:
Originally Posted by rob_daemon
For the first bit: yes, as I stated above the new version that I hope to release this weekend does take care of that by having a conditions that attend to that.

For the second bit: That's how the vB permission system works. If a moderator can delete posts, he or she is eligible to delete any posts, regardless of the users' rank.
Rob,

You are right on the last issue, I did some checks yesterday. It's not difficult however, to add some functionality over vB's standard permissions. For example, in my Advanced Warning Hack, I use an hierarchical warning schema, where the admins can warn everyone, the Super mods can warn mods and simple users and the mods can warn only simple users.

Actually, I had modified your code yesterday, enough to have it working like this, a simple mod couldn't delete an admin's thread or post etc. Then I screwed up something and had to remove the code from the forumdisplay and threadbits, but it still works in the postbit part. If you want, I can work with you on that, later today, it requires a couple of modifications in the forumdisplay query that gets the threads and then some conditionals in the forumdisplay, threadbit and threadbit_deleted templates.

I plan to do them for my system today, since the twins will be at their grandmother (peace of mind), so if you want, they are all yours.

Rgds
-------------

John

rob_daemon 12-04-2004 08:51 AM
Thanks for the offer, but I like to keep the permissions system based on the true vB3 permissions set to prevent confusion (both on my end and the users'). You're more than welcome to post the changes in the thread, though.

sv1cec 12-04-2004 10:18 AM
Quote:
Originally Posted by rob_daemon
Thanks for the offer, but I like to keep the permissions system based on the true vB3 permissions set to prevent confusion (both on my end and the users'). You're more than welcome to post the changes in the thread, though.
I have one question. An admin of one forum cannot delete a thread from the forumdisplay, while he can from the thread tools within the thread. I checked your code in inlinemod.php and it appears that you are using the following conditional:

PHP Code:
if (!can_moderate($vars['forumid'], 'canremoveposts'))
{
    print_no_permission();

Wouldn't that check for permanent deletion? I suppose that you should use candeleteposts, instead of canremoveposts, but I am not sure. Can you please clarify?

Rgds and tnx


All times are GMT. The time now is 03:32 PM.
Page 10 of 28 « First 89 10 111220 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01328 seconds
  • Memory Usage 1,750KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (1)bbcode_php_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete