Admins can view user's PM's

After some requests and a debate in the requests forum I've finally finished the majority of this hack. It allows the admin to find a user via the current method in the control panel then click view user's pm's. They are then shown all the pm's in the users folders.

Includes admin logging and is designed to use the cp.css file which is already used by the control panel. I considered adding a search feature but it would be hard without indexing all of the pm's the way vBulletin already does. This means it would be a very limited search.
You can also now select which admins can view user pm's this is done the same way that restriction to the adminlogging is done, the variable is at the top of pm.php

This hack involves uploading pm.php to the admin directory then following the instructions which requires you adding the two links within /admin/user.php

Updated 25th November 2001 @ 22:39

Update was to fix broken smilies by disabling them and to show pm's in all folders not just the inbox. To update simply upload pm.php to your admin folder again.

Scott

[JTMON]

[QUOTE]Storing information on your server is passive. It is reasonable that a service provider will have the information stored on its server, and therefore it is reasonable to assume that someone with access could view that information.

However, once you take measures that actively violate the privacy of a user -- for example, install software that will allow you to read their personal communication - you are no longer within the bounds of "reasonable violation".

[bira]

JTMON, you KNOW your ISP has your e-mails on their server, right?

You KNOW that any admin with root access to the mail server can log on and read your mail with a simple text editor, right?

But,

1) You also know your ISP pledged not to do that; and
2) If you found out anyone in your ISP did do it without your permission, you'd sue them and win.

Here, you are not pledging not to do it, in fact you are taking active steps to indeed do it, while at the same time de facto misleading your users ('clients') to believe their right to privacy is kept.

[bira]

p.s.

No one can sue you for the fact that you could read his PMs, they'd have to prove you have in fact read them or had intent to do it.

By installing this hack you are exposing yourself to a lawsuit because the intent is there.

[JTMON]

What can I say. It's the actuall action that could possibly lead to trouble. If this hack wasn't here. Anyone could use the same argument for myPHPAdmin. That software is installed for the reason of accessing the info in the database, this info could be private and you'd fall into the same trap.

[bira]

well, if someone could prove in a court of law that you installed phpMyAdmin primarily or solely for the sake of viewing private communication without prior consent or alarm, you would be right.

However, proving that a hack called "Admins can view user's PMs" was installed solely or primarily for the sake of viewing private communication is much easier

[Scott MacVicar]

Hey its private property, there using your resources and your vBulletin you can do what you like.

I don't see hotmail with it in there privacy statement, but if someone abuses the hotmail account you forward the message to abuse@hotmail.com and they check the account to see if they have been abusing it... Whats the difference with this hack?

people send you emails about abuse, you check the pm account and if you find abusive emails, you deal with it.

Scott

[bira]

[QUOTE]Originally posted by PPN
Hey its private property, there using your resources and your vBulletin you can do what you like.

I don't see hotmail with it in there privacy statement, but if someone abuses the hotmail account you forward the message to abuse@hotmail.com and they check the account to see if they have been abusing it... Whats the difference with this hack?

people send you emails about abuse, you check the pm account and if you find abusive emails, you deal with it.

Scott

[Crinos]

Touch?

[Nam]

[QUOTE]MSN does not read any of your private online communications. Your MSN Chat conversations, MSN Messenger messages, Hotmail e-mails, and MSN Internet Access e-mails are completely confidential.

[bira]

Nam, I won't go into further discussion over what MSN does or doesn't do. The point is, they actually write very clearly what they will or will not do and under what circumstances.

Some of the people here (I'll refrain from point at specifics, you figure it out) who argue most vehemently in favour of doing whatever they bloody want on their server, don't even have a PRIVACY STATEMENT on their BB. That's how seriously clueless they are about users' most basic rights.

Anyway, end of my part in this discussion.

I was posting to assist those who are perhaps misinformed and could appreciate a legal advice on the matter. not those who want to do something knowingly and with malice.

(and again, this is NOT a statement against the hack, it's merely an advice what to do if you install it).