summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorStarla Insigna <hatkirby@fourisland.com>2009-01-05 18:11:50 -0500
committerStarla Insigna <hatkirby@fourisland.com>2009-01-05 18:11:50 -0500
commit36879e223fa97ab0f354bd86af3e53c11b06b7b6 (patch)
tree3b469ba2f8655459a8136e710f37e906110a8224
parent3c430b5be7cd75f419fc45e32e8ace489d897bce (diff)
downloadfourisland-36879e223fa97ab0f354bd86af3e53c11b06b7b6.tar.gz
fourisland-36879e223fa97ab0f354bd86af3e53c11b06b7b6.tar.bz2
fourisland-36879e223fa97ab0f354bd86af3e53c11b06b7b6.zip
Restricted Admin panel to Admins
Previously, when phpBB3 was integrated, the user group 2 was mistaken as the Admin group when it was actually the Registered group, thus allowing
anyone who could log in to access the admin panel.
-rwxr-xr-xincludes/session.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/session.php b/includes/session.php index a4a7604..19ad24e 100755 --- a/includes/session.php +++ b/includes/session.php
@@ -81,7 +81,7 @@ function isAdmin()
81{ 81{
82 if (isLoggedIn()) 82 if (isLoggedIn())
83 { 83 {
84 $getgroup = "SELECT COUNT(*) FROM phpbb_user_group, phpbb_users WHERE phpbb_user_group.user_id = phpbb_users.user_id AND phpbb_users.username = \"" . getSessionUsername() . "\" AND phpbb_user_group.group_id = 2"; 84 $getgroup = "SELECT COUNT(*) FROM phpbb_user_group, phpbb_users WHERE phpbb_user_group.user_id = phpbb_users.user_id AND phpbb_users.username = \"" . getSessionUsername() . "\" AND phpbb_user_group.group_id = 5";
85 $getgroup2 = mysql_query($getgroup); 85 $getgroup2 = mysql_query($getgroup);
86 $getgroup3 = mysql_fetch_array($getgroup2); 86 $getgroup3 = mysql_fetch_array($getgroup2);
87 87