Restricted Admin panel to Admins

Previously, when phpBB3 was integrated, the user group 2 was mistaken as the Admin group when it was actually the Registered group, thus allowing anyone who could log in to access the admin panel.
author: Starla Insigna <hatkirby@fourisland.com> 2009-01-05 18:11:50 -0500
committer: Starla Insigna <hatkirby@fourisland.com> 2009-01-05 18:11:50 -0500
commit: 36879e223fa97ab0f354bd86af3e53c11b06b7b6 (patch)
tree: 3b469ba2f8655459a8136e710f37e906110a8224
parent: 3c430b5be7cd75f419fc45e32e8ace489d897bce (diff)
download: fourisland-36879e223fa97ab0f354bd86af3e53c11b06b7b6.tar.gz
fourisland-36879e223fa97ab0f354bd86af3e53c11b06b7b6.tar.bz2
fourisland-36879e223fa97ab0f354bd86af3e53c11b06b7b6.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/session.php b/includes/session.php
index a4a7604..19ad24e 100755
--- a/includes/session.php
+++ b/includes/session.php

@@ -81,7 +81,7 @@ function isAdmin()
 {
        if (isLoggedIn())
        {
-                $getgroup = "SELECT COUNT(*) FROM phpbb_user_group, phpbb_users WHERE phpbb_user_group.user_id = phpbb_users.user_id AND phpbb_users.username = \"" . getSessionUsername() . "\" AND phpbb_user_group.group_id = 2";
+                $getgroup = "SELECT COUNT(*) FROM phpbb_user_group, phpbb_users WHERE phpbb_user_group.user_id = phpbb_users.user_id AND phpbb_users.username = \"" . getSessionUsername() . "\" AND phpbb_user_group.group_id = 5";
                $getgroup2 = mysql_query($getgroup);
                $getgroup3 = mysql_fetch_array($getgroup2);
author	Starla Insigna <hatkirby@fourisland.com>	2009-01-05 18:11:50 -0500
committer	Starla Insigna <hatkirby@fourisland.com>	2009-01-05 18:11:50 -0500
commit	36879e223fa97ab0f354bd86af3e53c11b06b7b6 (patch)
tree	3b469ba2f8655459a8136e710f37e906110a8224
parent	3c430b5be7cd75f419fc45e32e8ace489d897bce (diff)
download	fourisland-36879e223fa97ab0f354bd86af3e53c11b06b7b6.tar.gz fourisland-36879e223fa97ab0f354bd86af3e53c11b06b7b6.tar.bz2 fourisland-36879e223fa97ab0f354bd86af3e53c11b06b7b6.zip

diff --git a/includes/session.php b/includes/session.php index a4a7604..19ad24e 100755 --- a/includes/session.php +++ b/includes/session.php
@@ -81,7 +81,7 @@ function isAdmin()
81	{	81	{
82	if (isLoggedIn())	82	if (isLoggedIn())
83	{	83	{
84	$getgroup = "SELECT COUNT(*) FROM phpbb_user_group, phpbb_users WHERE phpbb_user_group.user_id = phpbb_users.user_id AND phpbb_users.username = \"" . getSessionUsername() . "\" AND phpbb_user_group.group_id = 2";	84	$getgroup = "SELECT COUNT(*) FROM phpbb_user_group, phpbb_users WHERE phpbb_user_group.user_id = phpbb_users.user_id AND phpbb_users.username = \"" . getSessionUsername() . "\" AND phpbb_user_group.group_id = 5";
85	$getgroup2 = mysql_query($getgroup);	85	$getgroup2 = mysql_query($getgroup);
86	$getgroup3 = mysql_fetch_array($getgroup2);	86	$getgroup3 = mysql_fetch_array($getgroup2);
87		87