UBB.Developers Forums UBB.threads 6 V5.php Bug Fixes BUG : Moderator can Ban Administrato (fix includ.)

I found one bug where and Moderator can BAN the Adminstrator which is very important securtiy bug....

I think this bug in all w3t versions .. Please check your and update this fix I have implemented and Its OK.

NOTE : I protected only the First Administrator not to be banned but you can update it as you like for all admins.

--------- The FIX --------------

1- Open the File [:red] dobanuser.php in the folder [:red] admin :


2- see this line : ( line # 51 - 53 )

if ( ($Usercheck) || ($Hostcheck) ){
$html -> not_right("This $Selector has already been banned. The reason was: $Reasonquote",$Cat);
}


3- After the last [:red] } around line 54 add the following :

[:green] ####### --- Addon By Nasoor To Stop Moder's BANNING The Administrator ---- #####

$query = "
SELECT U_Number
FROM w3t_users
WHERE U_Username = '$Who_q'
";
$sth = $dbh -> do_query($query);
list($Number) = $dbh -> fetch_array($sth);
$dbh -> finish_sth($sth);

if ( $Number = 1 ){
$html -> not_right("For security reasons you can not BAN the Administrator ",$Cat);
}

[:green] ######## ------ Ends Here --------########


4 - Now save it and thats it .. you finished ..

hm..I'm not very good with php (saying it friendly for me *g*)


How can I save the other Admin-Accounts? And the other Moderator-Accounts too if possible?

Nice work. Here is an updated code bit to disallow the banning of all moderators and admins. Goes in the same spot:

$query = "
SELECT U_Status
FROM w3t_Users
WHERE U_Username = '$Who_q'
";
$sth = $dbh -> do_query($query);
list($Userstatus) = $dbh -> fetch_array($sth);
if ( ($Userstatus == "Administrator") || ($Userstatus == "Moderator") ) {
$html -> not_right("You cannot ban an admin or moderator!");
}