mirror of
https://github.com/WhatCD/Gazelle.git
synced 2025-01-18 12:11:36 +00:00
Loophole in ip histories cleared up
Loophole in all histories cleared up Fixing forum mod issues
This commit is contained in:
parent
fae1d64491
commit
fcdcc2631a
@ -27,7 +27,8 @@
|
||||
<strong>Send to: </strong>
|
||||
<select name="level">
|
||||
<option value="0" selected="selected">First Line Support</option>
|
||||
<option value="650">Staff</option>
|
||||
<option value="650">Forum Moderators</option>
|
||||
<option value="700">Staff</option>
|
||||
</select>
|
||||
|
||||
<input type="submit" value="Send message" />
|
||||
@ -83,7 +84,7 @@
|
||||
$CloseTable = true;
|
||||
echo '<br /><h3>'.$ClassName.'s</h3>';
|
||||
?>
|
||||
<? if($CurClass == 28) { ?>
|
||||
<? if($CurClass == 650) { ?>
|
||||
<p>Forum Mods are users who have been promoted to help moderate the forums. They can only help with forum oriented questions</p>
|
||||
<? } ?>
|
||||
<table class="staff" width="100%">
|
||||
|
@ -10,14 +10,18 @@
|
||||
|
||||
************************************************************************/
|
||||
|
||||
if(!check_perms('users_view_email')) { error(403); }
|
||||
|
||||
$UserID = $_GET['userid'];
|
||||
if (!is_number($UserID)) { error(404); }
|
||||
$UsersOnly = $_GET['usersonly'];
|
||||
|
||||
$DB->query("SELECT m.Username, i.JoinDate FROM users_main AS m JOIN users_info AS i ON m.ID=i.UserID WHERE ID = $UserID");
|
||||
list($Username,$Joined) = $DB->next_record();
|
||||
$DB->query("SELECT um.Username, ui.JoinDate, p.Level AS Class FROM users_main AS um JOIN users_info AS ui ON um.ID=ui.UserID JOIN permissions AS p ON p.ID=um.PermissionID WHERE um.ID = $UserID");
|
||||
list($Username, $Joined, $Class) = $DB->next_record();
|
||||
|
||||
if(!check_perms('users_view_email', $Class)) {
|
||||
error(403);
|
||||
}
|
||||
|
||||
$UsersOnly = $_GET['usersonly'];
|
||||
|
||||
show_header("Email history for $Username");
|
||||
|
||||
|
@ -10,14 +10,17 @@
|
||||
|
||||
************************************************************************/
|
||||
|
||||
if(!check_perms('users_view_email')) { error(403); }
|
||||
|
||||
$UserID = $_GET['userid'];
|
||||
if (!is_number($UserID)) { error(404); }
|
||||
$UsersOnly = $_GET['usersonly'];
|
||||
|
||||
$DB->query("SELECT m.Username, i.JoinDate FROM users_main AS m JOIN users_info AS i ON m.ID=i.UserID WHERE ID = $UserID");
|
||||
list($Username,$Joined) = $DB->next_record();
|
||||
$DB->query("SELECT um.Username, ui.JoinDate, p.Level AS Class FROM users_main AS um JOIN users_info AS ui ON um.ID=ui.UserID JOIN permissions AS p ON p.ID=um.PermissionID WHERE um.ID = $UserID");
|
||||
list($Username, $Joined, $Class) = $DB->next_record();
|
||||
|
||||
if(!check_perms('users_view_email', $Class)) {
|
||||
error(403);
|
||||
}
|
||||
|
||||
$UsersOnly = $_GET['usersonly'];
|
||||
|
||||
show_header("Email history for $Username");
|
||||
|
||||
|
@ -12,14 +12,17 @@
|
||||
|
||||
define('IPS_PER_PAGE', 25);
|
||||
|
||||
if(!check_perms('users_view_ips')) { error(403); }
|
||||
|
||||
$UserID = $_GET['userid'];
|
||||
if (!is_number($UserID)) { error(404); }
|
||||
$UsersOnly = $_GET['usersonly'];
|
||||
|
||||
$DB->query("SELECT UserName FROM users_main WHERE ID = $UserID");
|
||||
list($Username) = $DB->next_record();
|
||||
$DB->query("SELECT um.Username, p.Level AS Class FROM users_main AS um LEFT JOIN permissions AS p ON p.ID=um.PermissionID WHERE um.ID = ".$UserID);
|
||||
list($Username, $Class) = $DB->next_record();
|
||||
|
||||
if(!check_perms('users_view_ips', $Class)) {
|
||||
error(403);
|
||||
}
|
||||
|
||||
$UsersOnly = $_GET['usersonly'];
|
||||
|
||||
show_header("IP history for $Username");
|
||||
?>
|
||||
|
@ -12,14 +12,19 @@
|
||||
|
||||
define('IPS_PER_PAGE', 25);
|
||||
|
||||
if(!check_perms('users_view_ips') || !check_perms('users_mod')) { error(403); }
|
||||
if(!check_perms('users_mod')) { error(403); }
|
||||
|
||||
$UserID = $_GET['userid'];
|
||||
if (!is_number($UserID)) { error(404); }
|
||||
$UsersOnly = $_GET['usersonly'];
|
||||
|
||||
$DB->query("SELECT UserName FROM users_main WHERE ID = $UserID");
|
||||
list($Username) = $DB->next_record();
|
||||
$DB->query("SELECT um.Username, p.Level AS Class FROM users_main AS um LEFT JOIN permissions AS p ON p.ID=um.PermissionID WHERE um.ID = ".$UserID);
|
||||
list($Username, $Class) = $DB->next_record();
|
||||
|
||||
if(!check_perms('users_view_ips', $Class)) {
|
||||
error(403);
|
||||
}
|
||||
|
||||
$UsersOnly = $_GET['usersonly'];
|
||||
|
||||
show_header("Tracker IP history for $Username");
|
||||
?>
|
||||
|
@ -10,13 +10,15 @@
|
||||
|
||||
************************************************************************/
|
||||
|
||||
if(!check_perms('users_view_keys')) { error(403); }
|
||||
|
||||
$UserID = $_GET['userid'];
|
||||
if (!is_number($UserID)) { error(404); }
|
||||
|
||||
$DB->query("SELECT UserName FROM users_main WHERE ID = $UserID");
|
||||
list($Username) = $DB->next_record();
|
||||
$DB->query("SELECT um.Username, p.Level AS Class FROM users_main AS um LEFT JOIN permissions AS p ON p.ID=um.PermissionID WHERE um.ID = ".$UserID);
|
||||
list($Username, $Class) = $DB->next_record();
|
||||
|
||||
if(!check_perms('users_view_keys', $Class)) {
|
||||
error(403);
|
||||
}
|
||||
|
||||
show_header("PassKey history for $Username");
|
||||
|
||||
|
@ -10,13 +10,15 @@
|
||||
|
||||
************************************************************************/
|
||||
|
||||
if(!check_perms('users_view_keys')) { error(403); }
|
||||
|
||||
$UserID = $_GET['userid'];
|
||||
if (!is_number($UserID)) { error(404); }
|
||||
|
||||
$DB->query("SELECT UserName FROM users_main WHERE ID = $UserID");
|
||||
list($Username) = $DB->next_record();
|
||||
$DB->query("SELECT um.Username, p.Level AS Class FROM users_main AS um LEFT JOIN permissions AS p ON p.ID=um.PermissionID WHERE um.ID = ".$UserID);
|
||||
list($Username, $Class) = $DB->next_record();
|
||||
|
||||
if(!check_perms('users_view_keys', $Class)) {
|
||||
error(403);
|
||||
}
|
||||
|
||||
show_header("Password reset history for $Username");
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user