diff options
author | Starla Insigna <hatkirby@fourisland.com> | 2009-01-05 18:11:50 -0500 |
---|---|---|
committer | Starla Insigna <hatkirby@fourisland.com> | 2009-01-05 18:11:50 -0500 |
commit | 36879e223fa97ab0f354bd86af3e53c11b06b7b6 (patch) | |
tree | 3b469ba2f8655459a8136e710f37e906110a8224 /includes | |
parent | 3c430b5be7cd75f419fc45e32e8ace489d897bce (diff) | |
download | fourisland-36879e223fa97ab0f354bd86af3e53c11b06b7b6.tar.gz fourisland-36879e223fa97ab0f354bd86af3e53c11b06b7b6.tar.bz2 fourisland-36879e223fa97ab0f354bd86af3e53c11b06b7b6.zip |
Restricted Admin panel to Admins
Previously, when phpBB3 was integrated, the user group 2 was mistaken as the Admin group when it was actually the Registered group, thus allowing anyone who could log in to access the admin panel.
Diffstat (limited to 'includes')
-rwxr-xr-x | includes/session.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/session.php b/includes/session.php index a4a7604..19ad24e 100755 --- a/includes/session.php +++ b/includes/session.php | |||
@@ -81,7 +81,7 @@ function isAdmin() | |||
81 | { | 81 | { |
82 | if (isLoggedIn()) | 82 | if (isLoggedIn()) |
83 | { | 83 | { |
84 | $getgroup = "SELECT COUNT(*) FROM phpbb_user_group, phpbb_users WHERE phpbb_user_group.user_id = phpbb_users.user_id AND phpbb_users.username = \"" . getSessionUsername() . "\" AND phpbb_user_group.group_id = 2"; | 84 | $getgroup = "SELECT COUNT(*) FROM phpbb_user_group, phpbb_users WHERE phpbb_user_group.user_id = phpbb_users.user_id AND phpbb_users.username = \"" . getSessionUsername() . "\" AND phpbb_user_group.group_id = 5"; |
85 | $getgroup2 = mysql_query($getgroup); | 85 | $getgroup2 = mysql_query($getgroup); |
86 | $getgroup3 = mysql_fetch_array($getgroup2); | 86 | $getgroup3 = mysql_fetch_array($getgroup2); |
87 | 87 | ||