Support Forums - All Posts - XOOPS Web Application System

Forum Index

Board index » All Posts (ajaxbr)

Bottom

« 1 ... 18 19 20 (21) 22 23 24 ... 26 »

201

Re: How do I stop guests from viewing registered user profiles?

2004/3/22 17:25
ajaxbr
Quite a regular
Posts: 276
Since: 2003/10/25

Thanks a lot, Dave... this is much more elegant, so nobody can say it's an ugly hack anymore

I just skimmed over /kernel/user.php and saw a "rank()", a "&getGroups()" and a "isAdmin()" in there... Could anyone who knows his/her PHP give us a hint about how to use this to check whether an user has ~~stalking~~ profile viewing rights? It'd be something like "get curious-user uid, check his rank, allow or deny access".

Perhaps something like


$uid = uid();

$xoopsrank = rank(uid)

if !($xoopsrank == "Webmaster" || $xoopsrank == "Moderator" || $xoopsrank == "Masterator") {

    redirect_header('index.php',3,_NOPERM);

    exit();

}

(sorry, no habla php)

Topic | Forum

202

Re: How do I stop guests from viewing registered user profiles?

2004/3/22 12:53
ajaxbr
Quite a regular
Posts: 276
Since: 2003/10/25

Thanks, Mith! I'll make it so in my running version.
It would be nice if anybody could make this work using group permissions, so it's now on my todo list. Feel free to hack it before my time limit, which ends when hell freezes over, give or take a couple days

Topic | Forum

203

Re: My site, pls tell me what u think

2004/3/19 4:30
ajaxbr
Quite a regular
Posts: 276
Since: 2003/10/25

I like it, but as someone just said about my own site, it looks a lot like XOOPS

One thing that bothered me was load time, specially images... I'd suggest that you both reduce the number of images displayed and optimize those that you'll display often.
Here's a particular example of what you can do to reduce image sizes.
Congrats on the nice site

Topic | Forum

204

Re: Using a link for avatars...

2004/3/19 3:49
ajaxbr
Quite a regular
Posts: 276
Since: 2003/10/25

If you have a test server and you are a daring user and you really really needs this to work, try opening /include/common.php and changing the line


define("XOOPS_UPLOAD_URL", XOOPS_URL."/uploads");


define("XOOPS_UPLOAD_URL", "otherserver.net/uploads");

Please report back, people might be amused by exciting new ways to break XOOPS

Topic | Forum

205

Re: How do I stop guests from viewing registered user profiles?

2004/3/19 3:15
ajaxbr
Quite a regular
Posts: 276
Since: 2003/10/25

I always put this on my todo queue and tonight, of all nights, I tried it.

Open userinfo.php and find


$xoopsOption['pagetype'] = 'user';

include 'mainfile.php';

include_once XOOPS_ROOT_PATH.'/class/module.textsanitizer.php';

Then add the following (from admin.php) just below it, so that it's between the above and "$uid = intval($HTTP_GET_VARS['uid']);"
Code to add:


include XOOPS_ROOT_PATH."/include/cp_functions.php";

if ( !$xoopsUser ) {

    redirect_header('index.php',3,_AD_NORIGHT);

    exit();

}

This hardcodes that only members can view profiles, no matter where people find the users profiles links (well, I might be wrong, I feel so wrong tonite) but I guess it's a little broken because it'll display "_AD_NORIGHT" instead of the language string in the redirect page. But I'm way too tired to try to figure out why.

Topic | Forum

206

Re: 2.0.6 Vulnerabilities?

2004/3/16 9:55
ajaxbr
Quite a regular
Posts: 276
Since: 2003/10/25

It might be that your hosting is flawed. Visithttp://www.gimpster.com/wiki/PhpShell, upload its files (change the default password) and try a simple command like "ls /" (linux version of "dir c:\"). If you get anything else than your account's root, it probably means that people are able to read and edit any of your .php files with server privileges (i.e., it would not be possible to delete you mainfile.php because it's 444, but it would be possible to read it's sourcee).

Topic | Forum

207

Re: need to mail out newsletter to 1000 people

2004/3/16 9:45
ajaxbr
Quite a regular
Posts: 276
Since: 2003/10/25

stratoz4,
There's a module called XMail that lets you specify how many emails are sent in a batch, so that you can send your 1000 messages in groups of 20 (or more, with luck). Do a site search for XMail and you might solve your problems

Topic | Forum

208

Re: Adding the group permission feature to your module

2004/3/14 23:13
ajaxbr
Quite a regular
Posts: 276
Since: 2003/10/25

And from files.inc.php, again under Bytehoard team copyright:


function upload_bh($uploadf, $destpath, $fsize) {



global $config, $tplvars, $dbconfig, $lang;

if (($fsize+userspaceused_bh($_SESSION['username']))>userlimit_bh($_SESSION['username'])) {

    return "You do not have enough free space";

}

# Get file's new path

$filepath = $config['ufileroot'].$destpath;

# Do move

$didmove = move_uploaded_file($uploadf, $filepath);

# Check for error

if ($didmove === FALSE) {die($lang['cant_save_uploaded'].":<p>".$filepath);}

# CHMOD it right

@chmod($filepath, 0600);

acl_add($destpath, $_SESSION['username']);

return 0;

}

Topic | Forum

209

Re: Adding the group permission feature to your module

2004/3/14 23:03
ajaxbr
Quite a regular
Posts: 276
Since: 2003/10/25

There...
Remember that everything shown in this post is under Bytehoard team copyrights.

First off, they have a function to find out how many bytes a given directory with all its files and subdirectories has:

From users.inc.php,


function dirsize($dir) {

$dh = opendir($dir);

   $size = 0;

   while (($file = readdir($dh)) !== FALSE)

       if ($file != "." and $file != "..") {

           $path = $dir."/".$file;

           if (is_dir($path))

               $size += dirsize($path);

          elseif (is_file($path))

               $size += filesize($path);

      }

   closedir($dh);

  return $size;

}

Then they have a simple "user space used" function. It's important to plan the module's directory structure to allow this kind of check.


function userspaceused_bh($username) {

global $dbconfig, $config;

$dir = $config['ufileroot'].$username;

return dirsize($dir);

}

ByteHoard is under the GPL and has many interesting features, I believe it could both contribute to and benefit from a nice relationship with XOOPS. Oh, and their source files are pretty neat in my non-programmer opinion

Topic | Forum

210

Re: Adding the group permission feature to your module

2004/3/14 22:39
ajaxbr
Quite a regular
Posts: 276
Since: 2003/10/25

I know that ByteHoard can do exactly that, you can set "disk quota" for users. So I'll check how it does that and report back soon.

Topic | Forum

Top

« 1 ... 18 19 20 (21) 22 23 24 ... 26 »

Stats
Goal:	$100.00
Due Date:	May 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

Re: How do I stop guests from viewing registered user profiles?

Re: How do I stop guests from viewing registered user profiles?

Re: My site, pls tell me what u think

Re: Using a link for avatars...

Re: How do I stop guests from viewing registered user profiles?

Re: 2.0.6 Vulnerabilities?

Re: need to mail out newsletter to 1000 people

Re: Adding the group permission feature to your module

Re: Adding the group permission feature to your module

Re: Adding the group permission feature to your module

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}