This could do with securing. Some user changed my custom title. In my opinion it shouldn't be possible to change staff titles... or steal from them, etc. Currently it's even possible to deny forum access to the administration!
Is there a way to add on more ways to get points? Say a user gets first place in a game in the arcade, can that be an award-able action? BTW, thanks for an awesome hack
Installs hacks and makes it easier to upgrade since all the file edits of hacks installed using it are accessible in the admincp.
ok ive just installed 3.0.3 and this store has pretty much stopped working. Since im trying to optimise the site i wanna totally uninstall it, how will i go about this?
This could do with securing. Some user changed my custom title. In my opinion it shouldn't be possible to change staff titles... or steal from them, etc. Currently it's even possible to deny forum access to the administration!
Until someone addresses this I may as well share my humble fixes;
In uttstore/action.changeothertitle.php:
Find
PHP Code:
if ($userid == $bbuserinfo['userid']) {
$message = "You may not change your own custom title with this action!";
uttstore_print_end_message($message);
}
Above it add
PHP Code:
if ($changed['userid'] == "1" OR $changed['userid'] == xx" OR $changed['userid'] == "xx" OR $changed['userid'] == "xx" OR $changed['userid'] == "xx" OR $changed['userid'] == "xx" OR $changed['userid'] == "xx" OR $changed['userid'] == "xx") {
$message = "You may not change the usertitle of a Forum Leader!";
uttstore_print_end_message($message);
}
changing the xx to the userids of your staff (and if userid 1 isn't applicable for some reason change the "1" too. The same applies to the following fixes. I have included places for 8 forum leaders in the above code so alter that to suit your needs).
In uttstore/action.thief.php:
Find
PHP Code:
if ($userid == $bbuserinfo['userid']) {
$message = "You may not steal from yourself!";
uttstore_print_end_message($message);
}
Above it add
PHP Code:
if ($thefted['userid'] == "1" OR $thefted['userid'] == "xx" OR $thefted['userid'] == "xx" OR $thefted['userid'] == "xx" OR $thefted['userid'] == "xx" OR $thefted['userid'] == "xx" OR $thefted['userid'] == "xx" OR $thefted['userid'] == "xx") {
$message = "You may not steal from a Forum Leader!";
uttstore_print_end_message($message);
}
Finally, in uttstore/action.denyforumaccess.php:
Find
PHP Code:
if (!isset($user['userid'])) {
$message = "User does not exist!";
uttstore_print_end_message($message);
}
Above it add
PHP Code:
if (($user['userid']) == "1" OR ($user['userid']) == "xx" OR ($user['userid']) == "xx" OR ($user['userid']) == "xx" OR ($user['userid']) == "xx" OR ($user['userid']) == "xx" OR ($user['userid']) == "xx" OR ($user['userid']) == "xx") {
$message = "You may not deny this user forum access because they are a Forum Leader.";
uttstore_print_end_message($message);
}
It's not acceptable as an official fix, but it does the job. Unfortunately it appears the $usergroupid won't work without additional hacking or this would be very easy to fix.
I'm looking for a better conditional. Something on the lines of if ['adminpermissions'] & ISMODERATOR) or something.
uCash & uShop old support and thank you thread Details »»
About Developer
Visit Web Site
No support by the author.
08-26-2004, 04:21 AM
