idea for a moderator quick fix idea for a moderator quick fix
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

idea for a moderator quick fix

Started by sporkit, August 07, 2004, 12:49:46 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

sporkit

hello.

although my php skills are limited i was thinking there might be an ugly little way to solve the moderator problem (at least untill its actually put in the next realease).  if im not mistaken (since i integrated my board with phpbb) a user needs to be an admin on my board to be an admin in cpg.  this is determined by the users group.
i was thinking why not just trick the board into giving the proper permissions then denying what you dont what your mods to see based on usernames.

basicly you could create a file called cpg_mods.php and include it from the template.htm

               

{MY_MODS}

          <table width="100%" border="0" cellspacing="0" cellpadding="0">
                       <tr>
                                <td><a href="index.php"><img src="themes/classic/images/site_logo.png" alt="" border="0" /><br /></a></td>
                                <td width="100%" align="center">
                                        <h1>{GAL_NAME}</h1>
                                        <h3>{GAL_DESCRIPTION}</h3><br />


then the board will get a list of names in cpg_mods.php and find if that user gets to be an admin.



if ( $[user_name] == "modGuyOne" )  // check if the current user is one of your moderators
{
     $[user_group] = 1;    // if so then make him an admin
}


if ( $[user_name] == "modGuyTwo" )  // check if the current user is one of your moderators
{
     $[user_group] = 1;    // if so then make him an admin
}



so now the board is giving modGuyOne and Two a list of admin privledges without making them an admin on my phpbb board.

then i was thinking if i didnt want my mods to have access to config.php i could just only let myself get there.  in mod.php


unless ( $[user_name] == "sporkit" ) { exit; }


similar code could aslo controll the display of the admin controlls.  if user_name is equal to sporkit then display the list of admin controlls otherwise dont.  now obviously im no expert at security and this definatly has its flaws.  most importantly making sure that somebody doesnt grant themselfs admin level by putting ?user_group=1 in their url or something.

before any of this actually works though i suppose i would need to know how to grab the username and status of the currently logged in user.  does anybody know how to do that?  plus for all i know this just might not work period.  its just me trying to think of a way to solve this problem till its put out officially with cpg.

Joachim Müller

there used to be a mod around for cpg1.2.1 that had a similar approach: it just hid the admin controls for "moderators". Any moderator who knows his way around could gain acces to nearly everything. Currently, Coppermine just checks admin permissions all over the place withif (!GALLERY_ADMIN_MODE) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);Although you could use this approach if you trusted your moderators and you only wanted to avoid they accidentally did something silly; you're not recommended to use this mod. I wouldn't go for individual user name checking, but I'd rather check if the logged-in user is part of a moderator group.

GauGau