Rather than just writing the hack.... I'll answer this as a How do I....
This same technique can be applied to a variety of scrips.
Near the top of each script, there is an authenticate function, which gets the user name, number, permissions etc.....
In sendprivate.php, look for this:
<br />// -----------------<br />// Get the user info<br /> $userob = new user;<br /> $user = $userob -> authenticate("U_TextCols,U_TextRows,U_Preview"); <br /> $Username = $user['U_Username'];<br />
First we need to get this users groups, so we can add the database field to the list, like this:
<br /> $user = $userob -> authenticate("U_TextCols,U_TextRows,U_Preview,U_Groups"); <br />
Then after that bit of code, we can give it a shorter variable name if you want, like this:
<br /> $UserGroups = $user['U_Groups'];<br />
Then, after that authenticate function, add a check to see if they are part of a usergroup that isn't allowed to use PMs. If they are, then we use the "not_right" function to send them a generic error message.
<br /> if (preg_match("/-5-/",$UserGroup)) { // adjust this group number if needed <br /> $html = new html;<br /> $html -> not_right('You are not allowed to do this.',$Cat);<br /> }<br />
Hope that helps a bit.