Thread: uCash & uShop old support and thank you thread
View Single Post
  #1731  
Old 08-27-2004, 10:31 AM
Zelda-King's Avatar
Zelda-King Zelda-King is offline
 
Join Date: Nov 2002
Location: London, England
Posts: 674
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Zelda-King
This could do with securing. Some user changed my custom title. In my opinion it shouldn't be possible to change staff titles... or steal from them, etc. Currently it's even possible to deny forum access to the administration!
Until someone addresses this I may as well share my humble fixes;

In uttstore/action.changeothertitle.php:
Find
PHP Code:
if ($userid == $bbuserinfo['userid']) {
                $message "You may not change your own custom title with this action!";
                uttstore_print_end_message($message);
        } 
Above it add
PHP Code:
if ($changed['userid'] == "1" OR $changed['userid'] == xx" OR $changed['userid'] == "xx" OR $changed['userid'] == "xx" OR $changed['userid'] == "xx" OR $changed['userid'] == "xx" OR $changed['userid'] == "xx" OR $changed['userid'] == "xx") {
                $message = "You may not change the usertitle of a Forum Leader!";
                uttstore_print_end_message($message);
        } 
changing the xx to the userids of your staff (and if userid 1 isn't applicable for some reason change the "1" too. The same applies to the following fixes. I have included places for 8 forum leaders in the above code so alter that to suit your needs).

In uttstore/action.thief.php:
Find
PHP Code:
if ($userid == $bbuserinfo['userid']) {
                $message "You may not steal from yourself!";
                uttstore_print_end_message($message);
        } 
Above it add
PHP Code:
if ($thefted['userid'] == "1" OR $thefted['userid'] == "xx" OR $thefted['userid'] == "xx" OR $thefted['userid'] == "xx" OR $thefted['userid'] == "xx" OR $thefted['userid'] == "xx" OR $thefted['userid'] == "xx" OR $thefted['userid'] == "xx") {
                $message "You may not steal from a Forum Leader!";
                uttstore_print_end_message($message);
        } 
Finally, in uttstore/action.denyforumaccess.php:
Find
PHP Code:
if (!isset($user['userid'])) {
                        $message "User does not exist!";
                        uttstore_print_end_message($message);
                } 
Above it add
PHP Code:
if (($user['userid']) == "1" OR ($user['userid']) == "xx" OR ($user['userid']) == "xx" OR ($user['userid']) == "xx" OR ($user['userid']) == "xx" OR ($user['userid']) == "xx" OR ($user['userid']) == "xx" OR ($user['userid']) == "xx") {
                        $message "You may not deny this user forum access because they are a Forum Leader.";
                        uttstore_print_end_message($message);
                } 
It's not acceptable as an official fix, but it does the job. Unfortunately it appears the $usergroupid won't work without additional hacking or this would be very easy to fix.

I'm looking for a better conditional. Something on the lines of if ['adminpermissions'] & ISMODERATOR) or something.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01632 seconds
  • Memory Usage 1,815KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (6)bbcode_php
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete