mirror of
https://github.com/WhatCD/Gazelle.git
synced 2025-01-18 20:21:37 +00:00
Loophole in ip histories cleared up
Loophole in all histories cleared up Fixing forum mod issues
This commit is contained in:
parent
fae1d64491
commit
fcdcc2631a
@ -27,7 +27,8 @@
|
|||||||
<strong>Send to: </strong>
|
<strong>Send to: </strong>
|
||||||
<select name="level">
|
<select name="level">
|
||||||
<option value="0" selected="selected">First Line Support</option>
|
<option value="0" selected="selected">First Line Support</option>
|
||||||
<option value="650">Staff</option>
|
<option value="650">Forum Moderators</option>
|
||||||
|
<option value="700">Staff</option>
|
||||||
</select>
|
</select>
|
||||||
|
|
||||||
<input type="submit" value="Send message" />
|
<input type="submit" value="Send message" />
|
||||||
@ -83,7 +84,7 @@
|
|||||||
$CloseTable = true;
|
$CloseTable = true;
|
||||||
echo '<br /><h3>'.$ClassName.'s</h3>';
|
echo '<br /><h3>'.$ClassName.'s</h3>';
|
||||||
?>
|
?>
|
||||||
<? if($CurClass == 28) { ?>
|
<? if($CurClass == 650) { ?>
|
||||||
<p>Forum Mods are users who have been promoted to help moderate the forums. They can only help with forum oriented questions</p>
|
<p>Forum Mods are users who have been promoted to help moderate the forums. They can only help with forum oriented questions</p>
|
||||||
<? } ?>
|
<? } ?>
|
||||||
<table class="staff" width="100%">
|
<table class="staff" width="100%">
|
||||||
|
@ -10,14 +10,18 @@
|
|||||||
|
|
||||||
************************************************************************/
|
************************************************************************/
|
||||||
|
|
||||||
if(!check_perms('users_view_email')) { error(403); }
|
|
||||||
|
|
||||||
$UserID = $_GET['userid'];
|
$UserID = $_GET['userid'];
|
||||||
if (!is_number($UserID)) { error(404); }
|
if (!is_number($UserID)) { error(404); }
|
||||||
$UsersOnly = $_GET['usersonly'];
|
|
||||||
|
|
||||||
$DB->query("SELECT m.Username, i.JoinDate FROM users_main AS m JOIN users_info AS i ON m.ID=i.UserID WHERE ID = $UserID");
|
$DB->query("SELECT um.Username, ui.JoinDate, p.Level AS Class FROM users_main AS um JOIN users_info AS ui ON um.ID=ui.UserID JOIN permissions AS p ON p.ID=um.PermissionID WHERE um.ID = $UserID");
|
||||||
list($Username,$Joined) = $DB->next_record();
|
list($Username, $Joined, $Class) = $DB->next_record();
|
||||||
|
|
||||||
|
if(!check_perms('users_view_email', $Class)) {
|
||||||
|
error(403);
|
||||||
|
}
|
||||||
|
|
||||||
|
$UsersOnly = $_GET['usersonly'];
|
||||||
|
|
||||||
show_header("Email history for $Username");
|
show_header("Email history for $Username");
|
||||||
|
|
||||||
|
@ -10,14 +10,17 @@
|
|||||||
|
|
||||||
************************************************************************/
|
************************************************************************/
|
||||||
|
|
||||||
if(!check_perms('users_view_email')) { error(403); }
|
|
||||||
|
|
||||||
$UserID = $_GET['userid'];
|
$UserID = $_GET['userid'];
|
||||||
if (!is_number($UserID)) { error(404); }
|
if (!is_number($UserID)) { error(404); }
|
||||||
$UsersOnly = $_GET['usersonly'];
|
|
||||||
|
|
||||||
$DB->query("SELECT m.Username, i.JoinDate FROM users_main AS m JOIN users_info AS i ON m.ID=i.UserID WHERE ID = $UserID");
|
$DB->query("SELECT um.Username, ui.JoinDate, p.Level AS Class FROM users_main AS um JOIN users_info AS ui ON um.ID=ui.UserID JOIN permissions AS p ON p.ID=um.PermissionID WHERE um.ID = $UserID");
|
||||||
list($Username,$Joined) = $DB->next_record();
|
list($Username, $Joined, $Class) = $DB->next_record();
|
||||||
|
|
||||||
|
if(!check_perms('users_view_email', $Class)) {
|
||||||
|
error(403);
|
||||||
|
}
|
||||||
|
|
||||||
|
$UsersOnly = $_GET['usersonly'];
|
||||||
|
|
||||||
show_header("Email history for $Username");
|
show_header("Email history for $Username");
|
||||||
|
|
||||||
|
@ -12,14 +12,17 @@
|
|||||||
|
|
||||||
define('IPS_PER_PAGE', 25);
|
define('IPS_PER_PAGE', 25);
|
||||||
|
|
||||||
if(!check_perms('users_view_ips')) { error(403); }
|
|
||||||
|
|
||||||
$UserID = $_GET['userid'];
|
$UserID = $_GET['userid'];
|
||||||
if (!is_number($UserID)) { error(404); }
|
if (!is_number($UserID)) { error(404); }
|
||||||
$UsersOnly = $_GET['usersonly'];
|
|
||||||
|
|
||||||
$DB->query("SELECT UserName FROM users_main WHERE ID = $UserID");
|
$DB->query("SELECT um.Username, p.Level AS Class FROM users_main AS um LEFT JOIN permissions AS p ON p.ID=um.PermissionID WHERE um.ID = ".$UserID);
|
||||||
list($Username) = $DB->next_record();
|
list($Username, $Class) = $DB->next_record();
|
||||||
|
|
||||||
|
if(!check_perms('users_view_ips', $Class)) {
|
||||||
|
error(403);
|
||||||
|
}
|
||||||
|
|
||||||
|
$UsersOnly = $_GET['usersonly'];
|
||||||
|
|
||||||
show_header("IP history for $Username");
|
show_header("IP history for $Username");
|
||||||
?>
|
?>
|
||||||
|
@ -12,14 +12,19 @@
|
|||||||
|
|
||||||
define('IPS_PER_PAGE', 25);
|
define('IPS_PER_PAGE', 25);
|
||||||
|
|
||||||
if(!check_perms('users_view_ips') || !check_perms('users_mod')) { error(403); }
|
if(!check_perms('users_mod')) { error(403); }
|
||||||
|
|
||||||
$UserID = $_GET['userid'];
|
$UserID = $_GET['userid'];
|
||||||
if (!is_number($UserID)) { error(404); }
|
if (!is_number($UserID)) { error(404); }
|
||||||
$UsersOnly = $_GET['usersonly'];
|
|
||||||
|
|
||||||
$DB->query("SELECT UserName FROM users_main WHERE ID = $UserID");
|
$DB->query("SELECT um.Username, p.Level AS Class FROM users_main AS um LEFT JOIN permissions AS p ON p.ID=um.PermissionID WHERE um.ID = ".$UserID);
|
||||||
list($Username) = $DB->next_record();
|
list($Username, $Class) = $DB->next_record();
|
||||||
|
|
||||||
|
if(!check_perms('users_view_ips', $Class)) {
|
||||||
|
error(403);
|
||||||
|
}
|
||||||
|
|
||||||
|
$UsersOnly = $_GET['usersonly'];
|
||||||
|
|
||||||
show_header("Tracker IP history for $Username");
|
show_header("Tracker IP history for $Username");
|
||||||
?>
|
?>
|
||||||
|
@ -10,13 +10,15 @@
|
|||||||
|
|
||||||
************************************************************************/
|
************************************************************************/
|
||||||
|
|
||||||
if(!check_perms('users_view_keys')) { error(403); }
|
|
||||||
|
|
||||||
$UserID = $_GET['userid'];
|
$UserID = $_GET['userid'];
|
||||||
if (!is_number($UserID)) { error(404); }
|
if (!is_number($UserID)) { error(404); }
|
||||||
|
|
||||||
$DB->query("SELECT UserName FROM users_main WHERE ID = $UserID");
|
$DB->query("SELECT um.Username, p.Level AS Class FROM users_main AS um LEFT JOIN permissions AS p ON p.ID=um.PermissionID WHERE um.ID = ".$UserID);
|
||||||
list($Username) = $DB->next_record();
|
list($Username, $Class) = $DB->next_record();
|
||||||
|
|
||||||
|
if(!check_perms('users_view_keys', $Class)) {
|
||||||
|
error(403);
|
||||||
|
}
|
||||||
|
|
||||||
show_header("PassKey history for $Username");
|
show_header("PassKey history for $Username");
|
||||||
|
|
||||||
|
@ -10,13 +10,15 @@
|
|||||||
|
|
||||||
************************************************************************/
|
************************************************************************/
|
||||||
|
|
||||||
if(!check_perms('users_view_keys')) { error(403); }
|
|
||||||
|
|
||||||
$UserID = $_GET['userid'];
|
$UserID = $_GET['userid'];
|
||||||
if (!is_number($UserID)) { error(404); }
|
if (!is_number($UserID)) { error(404); }
|
||||||
|
|
||||||
$DB->query("SELECT UserName FROM users_main WHERE ID = $UserID");
|
$DB->query("SELECT um.Username, p.Level AS Class FROM users_main AS um LEFT JOIN permissions AS p ON p.ID=um.PermissionID WHERE um.ID = ".$UserID);
|
||||||
list($Username) = $DB->next_record();
|
list($Username, $Class) = $DB->next_record();
|
||||||
|
|
||||||
|
if(!check_perms('users_view_keys', $Class)) {
|
||||||
|
error(403);
|
||||||
|
}
|
||||||
|
|
||||||
show_header("Password reset history for $Username");
|
show_header("Password reset history for $Username");
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user