From 36879e223fa97ab0f354bd86af3e53c11b06b7b6 Mon Sep 17 00:00:00 2001
From: Starla Insigna <hatkirby@fourisland.com>
Date: Mon, 5 Jan 2009 18:11:50 -0500
Subject: Restricted Admin panel to Admins

Previously, when phpBB3 was integrated, the user group 2 was mistaken as the Admin group when it was actually the Registered group, thus allowing
anyone who could log in to access the admin panel.
---
 includes/session.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'includes/session.php')

diff --git a/includes/session.php b/includes/session.php
index a4a7604..19ad24e 100755
--- a/includes/session.php
+++ b/includes/session.php
@@ -81,7 +81,7 @@ function isAdmin()
 {
 	if (isLoggedIn())
 	{
-		$getgroup = "SELECT COUNT(*) FROM phpbb_user_group, phpbb_users WHERE phpbb_user_group.user_id = phpbb_users.user_id AND phpbb_users.username = \"" . getSessionUsername() . "\" AND phpbb_user_group.group_id = 2";
+		$getgroup = "SELECT COUNT(*) FROM phpbb_user_group, phpbb_users WHERE phpbb_user_group.user_id = phpbb_users.user_id AND phpbb_users.username = \"" . getSessionUsername() . "\" AND phpbb_user_group.group_id = 5";
 		$getgroup2 = mysql_query($getgroup);
 		$getgroup3 = mysql_fetch_array($getgroup2);
 
-- 
cgit 1.4.1