NineChime forum
Furry stuff, oekaki stuff, and other stuff.
You are not logged in.
Pages: 1
- Index
- » Wacintaki support
- » Edit/Delete Comment Link Being Shown to Non-LoggedIn Users
#1 07-29-2007 18:06:28
- Albel
- Member
Edit/Delete Comment Link Being Shown to Non-LoggedIn Users
For some reason, I was logged out of my website's Oekaki (I guess the cookie expired or something).
Anyways, the Edit and Delete links for comments are being shown to an unlogged-in user...shouldn't those be hidden from them?
I *did* do a lot of edits to the core code to make it fit my website's layout, so that might have caused this.
http://oekaki.symphonicheaven.com/ <- URL, btw.
Offline
#3 07-30-2007 08:47:25
- Albel
- Member
Re: Edit/Delete Comment Link Being Shown to Non-LoggedIn Users
It's the most recent version of the script. I took out the version link, just in case there was some sort of a severe bug in the script, and some script kiddies wanted to search on Google for that version and hack it.
I can send you any of the files from my server, if you needed to see them to see why it's doing that.
Offline
#4 07-31-2007 06:39:20
- Waccoon
- Administrator
Re: Edit/Delete Comment Link Being Shown to Non-LoggedIn Users
It would have to do with how the admin flag is being tested.
Code:
// Delete comment
if ($innerrow['usrname'] == $OekakiU || $flags['admin']) {This line controls both the "Edit" and "Delete" links simultaneously, by making sure the $innerrow username (SQL row for each comment) is the same as $OekakiU (the name of the person logged in to the board). There might be a misplaced bracket or something.
So long as the code in functions.php hasn't been modified, attempts to exploit the links will not work. Functions.php checks permissions to make sure people don't spoof the system.
If in doubt, the only file I'd need to see is "index.php". Send it to my e-mail address.
Offline
Pages: 1
- Index
- » Wacintaki support
- » Edit/Delete Comment Link Being Shown to Non-LoggedIn Users