Previous Thread
Next Thread
Print Thread
Rate Thread
Joined: Aug 2000
Posts: 3
Power User
Power User
Offline
Joined: Aug 2000
Posts: 3

I found one bug where and Moderator can BAN the Adminstrator which is very important securtiy bug....

I think this bug in all w3t versions .. Please check your and update this fix I have implemented and Its OK.

NOTE : I protected only the First Administrator not to be banned but you can update it as you like for all admins.

--------- The FIX --------------

1- Open the File [:red] dobanuser.php in the folder [:red] admin :


2- see this line : ( line # 51 - 53 )

if ( ($Usercheck) || ($Hostcheck) ){
$html -> not_right("This $Selector has already been banned. The reason was: $Reasonquote",$Cat);
}


3- After the last [:red] } around line 54 add the following :

[:green] ####### --- Addon By Nasoor To Stop Moder's BANNING The Administrator ---- #####

$query = "
SELECT U_Number
FROM w3t_users
WHERE U_Username = '$Who_q'
";
$sth = $dbh -> do_query($query);
list($Number) = $dbh -> fetch_array($sth);
$dbh -> finish_sth($sth);

if ( $Number = 1 ){
$html -> not_right("For security reasons you can not BAN the Administrator ",$Cat);
}

[:green] ######## ------ Ends Here --------########


4 - Now save it and thats it .. you finished ..



Sponsored Links
Joined: Apr 2001
Posts: 49
Power User
Power User
Offline
Joined: Apr 2001
Posts: 49
hm..I'm not very good with php (saying it friendly for me *g*)


How can I save the other Admin-Accounts? And the other Moderator-Accounts too if possible?

Joined: May 1999
Posts: 3,039
Guru
Guru
Offline
Joined: May 1999
Posts: 3,039
Nice work. Here is an updated code bit to disallow the banning of all moderators and admins. Goes in the same spot:

$query = "
SELECT U_Status
FROM w3t_Users
WHERE U_Username = '$Who_q'
";
$sth = $dbh -> do_query($query);
list($Userstatus) = $dbh -> fetch_array($sth);
if ( ($Userstatus == "Administrator") || ($Userstatus == "Moderator") ) {
$html -> not_right("You cannot ban an admin or moderator!");
}


UBB.threads Developer

Link Copied to Clipboard
Donate Today!
Donate via PayPal

Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.

Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
Recommended Hosts
We have personally worked with and recommend the following Web Hosts:
Stable Host
bluehost
InterServer
Visit us on Facebook
Member Spotlight
isaac
isaac
California
Posts: 1,157
Joined: July 2001
Forum Statistics
Forums63
Topics37,573
Posts293,925
Members13,849
Most Online5,166
Sep 15th, 2019
Today's Statistics
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
Top Posters
AllenAyres 21,079
JoshPet 10,369
LK 7,394
Lord Dexter 6,708
Gizmo 5,833
Greg Hard 4,625
Top Posters(30 Days)
Top Likes Received
isaac 82
Gizmo 20
Brett 7
WebGuy 2
Top Likes Received (30 Days)
None yet
The UBB.Developers Network (UBB.Dev/Threads.Dev) is ©2000-2024 VNC Web Services

 
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20221218)