Moderator / Style hack, BETA TESTERS NEEDED!

Thats right!

Ive _almost_ finshed the hack, however, it needs to be tested a bit more than what ive done before i can release it.

Im looking for 2/3 beta testers, preferably regulars here, etc,etc

If you think ill want you, pls PM me, or reply here

PS. I would have to say tommorow for the hack, its really only needing some mod testing!

[Martz]

Sign me up I got my own version of the panel working now, but I am very keen to see your version and how you have gone about it differently. If possible, I'll beta test the style hack on a fresh forum on my Intranet and check everything is hunky-dorey

[merk]

Sure.

Youll need to email me, so i can send you the file.

Im curious, how did you go about it, and what features did you cut?

Basically, ive set it up, so that each mod has a different level of access, depending on what you set.

Some are allowed to edit the same that an admin can, or some cant edit templates, some cant edit the doctype / body tag, and some cant edit the widths.

Pretty simple a guess.

I cut the downloading features, and didnt bother setting up the template/replacment variable stuff.

[Martz]

Firstly - I don't know your e-mail address, I'm hoping I can find your address on your site.

Anyway, what I have done is to copy the styles.php into the /mod directory, and clamped it down by running querys to check which forums the user moderates and has [b]caneditstyles[b] set to 1. If this is the case, the user/moderator may edit the associated style of the forum.

I also put some checks in the modifystyles function, and changed all the "typos" of canmodifystyles to caneditstyles in the admin cp.

It works ok, however I am not confident in my rather dodgy php skills, so I want it to be secure and unhackable. Have you considered people may enter html or php (i dont think its parsed in templates?) which could allow mallicious activity?

Regards,

Martin

[DarkReaper]

The way you did it sounds like the only reasonable way to do it, check if they have the variable "canmodifystyles" set to 1. I'm assuming you did it this way also merk?

Quote:

Have you considered people may enter html or php (i dont think its parsed in templates?) which could allow mallicious activity?

Youn could not allow them to use phpinclude, which would thwart almost anything malicious they could do.

[Admin]

Contact me if you wish:
firefly@poolie.net

[merk]

1) The security, is a big issue. So heres what ive done:-

I changed the system for the database storing either 0 or 1 for caneditstyles, to store 0/1/2/3/4. 0= no access, 1= colours, fonts only, 2= table widths+1, 3= DOCTYPE and BODY tags+1+2, 4=templates plus all.


Basically thats how it works

Now, i just have to make my modification to the admincp to allow this, and ill distrobute to you fellas, give me about 30 mintues.

[Snake~eyes]

I'd be interested and willing to be a beta tester. I have been looking for somthing like this for awhile.

Thx

[SharkY-GA]

As would I... This would make my life a whole lot easier! Hosting team forums is a strain on ya...

[Snake~eyes]

i know what ya mean!

Merk! please help!