Staff Tools Advice
Hey guys,
I was talking to my staff and we were running some minor security checks with staff tools, I am no professional so I am here seeking some advice about changing the access points for the tools. say that the tool adduser is dedicated to Admin via the db but when I am a moderator and I type in the address bar http://domain.org/staffpanel.php?tool=adduser or whatever it maybe I can access it, is there any way to code it so I can dedicate that tool only to a certain class to stop that being reached by lower classes like Moderators ? I am using u232 v4. I am running Ubuntu14.04 |
if ($CURUSER['class'] < UC_ADMINISTRATOR)
stderr('Error', 'Access Denied'); inside the file at the top but knowing V4 you should already have some class check there just change in the files to work for your needs |
The easy way would be on staffpanel.php, the right hand side there's an edit icon(pencil), click on it and you can change the available for in the option / dropdown box for whatever tool you want to change
|
When I move that tool to Administrator class via db or the panel itself I then demote myself to Moderator that class check still allows me to use a tool that is designated for Administrator via using the address bar.
I appreciate the advice / help provided guys, thank you |
Quote:
|
To fix this in include/class/class_check.php replace the current function get_access with
PHP Code:
|
Quote:
Quote:
|
Thank Goodness
|
All times are GMT +2. The time now is 18:41. |
Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.