|
#1
|
|||
|
|||
Staff Tools Advice
Hey guys,
I was talking to my staff and we were running some minor security checks with staff tools, I am no professional so I am here seeking some advice about changing the access points for the tools. say that the tool adduser is dedicated to Admin via the db but when I am a moderator and I type in the address bar http://domain.org/staffpanel.php?tool=adduser or whatever it maybe I can access it, is there any way to code it so I can dedicate that tool only to a certain class to stop that being reached by lower classes like Moderators ? I am using u232 v4. I am running Ubuntu14.04 |
#2
|
|||
|
|||
if ($CURUSER['class'] < UC_ADMINISTRATOR)
stderr('Error', 'Access Denied'); inside the file at the top but knowing V4 you should already have some class check there just change in the files to work for your needs
__________________
Need HELP!? I can install:
|
#3
|
|||
|
|||
The easy way would be on staffpanel.php, the right hand side there's an edit icon(pencil), click on it and you can change the available for in the option / dropdown box for whatever tool you want to change
|
#4
|
|||
|
|||
When I move that tool to Administrator class via db or the panel itself I then demote myself to Moderator that class check still allows me to use a tool that is designated for Administrator via using the address bar.
I appreciate the advice / help provided guys, thank you |
#5
|
|||
|
|||
Quote:
|
#6
|
|||
|
|||
To fix this in include/class/class_check.php replace the current function get_access with
PHP Code:
|
#7
|
|||
|
|||
Quote:
Quote:
|
#8
|
|||
|
|||
Thank Goodness
|
Tags |
advice , staff , tools |
|
|