Username editable Username editable
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Username editable

Started by StoneHalo, January 12, 2004, 05:09:07 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

StoneHalo

January 12, 2004, 05:09:07 PM
I have the integration with vBulletin. I noticed when editing a comment it allows them to change their username (the name of the person leaving the comment), this isn't good!

Could a future version only allow the content of the comment to be editable, not the username?

Thanks

Nibbler

#1
January 12, 2004, 07:06:32 PM
I had this issue before here. My solution was to make these changes:

Change:

Code Select

$update = db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_body='$msg_body', msg_author='$msg_author' WHERE msg_id='$msg_id' AND author_id ='" . USER_ID . "' LIMIT 1");


to:

Code Select

$update = db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_body='$msg_body', WHERE msg_id='$msg_id' AND author_id ='" . USER_ID . "' LIMIT 1");


and:

Code Select

$update = db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_body='$msg_body', msg_author='$msg_author' WHERE msg_id='$msg_id' AND author_md5_id ='{$USER['ID']}' AND author_id = '0' LIMIT 1");


to:

Code Select

$update = db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_body='$msg_body' WHERE msg_id='$msg_id' AND author_md5_id ='{$USER['ID']}' AND author_id = '0' LIMIT 1");



Now only admin can change the name of the poster. It would be nice to stop the name box being changeable too, but I couldnt find where to do that.

StoneHalo

#2
January 12, 2004, 07:47:52 PM
Ok, thanks, I'll try that. What file do I make these changes in?

Nibbler

#3
January 12, 2004, 08:00:04 PM
db_input.php

StoneHalo

#4
January 12, 2004, 09:47:42 PM
Thanks Nibbler.

If anyone knows a way to disable the usename being editable when editing a comment please let us know!

Joachim Müller

#5
January 13, 2004, 05:39:37 AM
just made a tracker out of this bugger: #875870

GauGau

StoneHalo

#6
January 13, 2004, 11:41:32 AM
Thanks GauGau  :D I'll keep an eye on it.

Joachim Müller

#7
January 29, 2004, 08:48:25 AM
just committed the changes Nibbler proposd to the devel branch of the cvs and updated the tracker. Waiting for a dev team member to confirm the fix.

GauGau

Flappo

#8
March 16, 2004, 05:05:07 PM
The solution above did not work at mine so i did the following:

i removed

Code Select
, msg_author='$msg_author'

from

Code Select
 $update = db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_body='$msg_body', msg_author='$msg_author' WHERE msg_id='$msg_id' AND author_id ='" . USER_ID . "' LIMIT 1");

maybe it is not the finest solution, but it works.... if a user changes his name while editing a comment the query does not change the name of the user.. only when you are admin you can change it.....
Print
Go Up Pages1
User actions