Thread: Event attendance
View Single Post
  #143  
Old 01-15-2005, 02:17 PM
Oblivion Knight's Avatar
Oblivion Knight Oblivion Knight is offline
 
Join Date: May 2002
Location: Sheffield, UK
Posts: 1,757
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Pseudomizer
I found out how they bypass our check for userid. They open 2 windows as a user who is not attending the event and sees the link "i want to attend to this event". Then he goes to the second window and logs out of the forum. The cookie is cleared. Then he goes back and clicks the link in the first window which is still there and oleeeeeeeee oleeeeeeeeee you have the user "unregistered user" attend the event. :-(
I also experienced this issue recently, I did the following..

In calendar.php, find:
Code:
	if ($_REQUEST['do'] == "attend")
	{
		$roll[$bbuserinfo['userid']] = $bbuserinfo['username'];	
	}
	else
	{
		unset($roll[$bbuserinfo['userid']]);	
	}
Replace it with:
Code:
	if ($_REQUEST['do'] == "attend")
	{
		if ($bbuserinfo[userid])
		{
			$roll[$bbuserinfo['userid']] = $bbuserinfo['username'];
		} else {
			print_no_permission();
		}	
	}
	else
	{
		if ($bbuserinfo[userid])
		{
			unset($roll[$bbuserinfo['userid']]);
		} else {
			print_no_permission();
		}	
	}
It seems to have worked, as I can no longer replicate the bug..


P.S This mod works flawlessly in 3.0.5.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01268 seconds
  • Memory Usage 1,766KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete