this is a part of adminproc.php in wapdesire..
one admin can bann,trash,etc. another
admin?..
is it possible to block this and to leave
the admin bann to headadmin and owners?
why
if($trgtperm>$perm){
echo "<b><img src=\"../images/notok.gif\" alt=\"x\"/><br/>Error!!!<br/>Permission Denied...</b><br/>";
block the bann to owner and headadmins and not
to admin to another admin?
Code:
//////////////////////////ban user//////////////////////////
else if($action=="ban")
{
$who = $_POST["who"];
$pres = $_POST["pres"];
$pds = $_POST["pds"];
$phr = $_POST["phr"];
$pmn = $_POST["pmn"];
$psc = $_POST["psc"];
$user = getnick_uid($who);
echo "<head>";
echo "<title>Admin Tools</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
echo "</head>";
echo "<body>";
echo "<p align=\"center\">";
if(!isadmin(getuid_sid($sid)))
{
echo "Permission Denied!";
}else{
$uid = getuid_sid($sid);
$perm = mysql_fetch_array(mysql_query("SELECT perm FROM ibwf_users WHERE id='".$uid."'"));
$trgtperm = mysql_fetch_array(mysql_query("SELECT perm FROM ibwf_users WHERE name='".$user."'"));
if($trgtperm>$perm){
echo "<b><img src=\"../images/notok.gif\" alt=\"x\"/><br/>Error!!!<br/>Permission Denied...</b><br/>";
echo "<br/>U Cannot Ban $user<br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
echo "</p>";
exit;
}else{
echo "<br/>";
if(trim($pres)=="")
{
echo "<img src=\"../images/notok.gif\" alt=\"X\"/>You must Specify a reson for punishing the user";
}else{
$timeto = $pds*24*60*60;
$timeto += $phr*60*60;
$timeto += $pmn*60;
$timeto += $psc;
$ptime = $timeto + time();
$res = mysql_query("INSERT INTO ibwf_penalties SET uid='".$who."', penalty='1', exid='".getuid_sid($sid)."', timeto='".$ptime."', pnreas='".mysql_escape_string($pres)."', ipadd='', browserm=''");
if($res)
{
$pmsg[1]="Banned";
mysql_query("UPDATE ibwf_users SET lastpnreas='".$pmsg[1].": ".mysql_escape_string($pres)."' WHERE id='".$who."'");
mysql_query("INSERT INTO ibwf_mlog SET action='banned', details='<b>".getnick_uid(getuid_sid($sid))."</b> Banned The user <b>".$user."</b> For ".gettimemsg($timeto)."', actdt='".time()."'");
echo "<img src=\"../images/ok.gif\" alt=\"O\"/>$user banned successfully";
}else{
echo "<img src=\"../images/notok.gif\" alt=\"X\"/>Error banning $user";
}
}
}
echo "<br/><br/><b>8 </b><a accesskey=\"8\" href=\"index.php?action=viewuser&who=$who&sid=$sid\">$user's Profile</a><br/>";
echo "<b>9 </b><a accesskey=\"9\" href=\"admincp.php?action=admncp&sid=$sid\"><img src=\"../images/admn.gif\" alt=\"\"/>Admin Tools</a><br/>";
echo "<b>0 </b><a accesskey=\"0\" href=\"index.php?action=main&sid=$sid\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
echo "</p>";
}
echo "</body>";
}
//////////
admin?..
is it possible to block this and to leave
the admin bann to headadmin and owners?
why
if($trgtperm>$perm){
echo "<b><img src=\"../images/notok.gif\" alt=\"x\"/><br/>Error!!!<br/>Permission Denied...</b><br/>";
block the bann to owner and headadmins and not
to admin to another admin?
Comment