Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.00.00 - v2.02.00 Distro
Author Message
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Wed Feb 22, 2006 2:36 pm Reply with quote

I´m using comments in news. If someone click and checks userinfo in a comment he is able to see the group membership with expiration date of this user. That´s a problem because of data security. How do I change this ?
 
View user's profile Send private message
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Wed Feb 22, 2006 4:19 pm Reply with quote

I am not sure I understand the question Susann.
How does showing a users group membership expiry date affect the security of the comment(?) data ?
 
View user's profile Send private message Send e-mail
Susann
PostPosted: Wed Feb 22, 2006 5:12 pm Reply with quote

Guardian

No, that the security of the comment but the personal data of course I meant only the memberships. Hard to explain.

that´s the first time I´m using groups. All groups are set to private. I´m not sure if the comments are really working like the should but another webmaster I asked had also problems with the comments in news.However, I don´t like to show the VIP´s and generally the group memberships on the site to everyone through comments. So the simple solution is no activation of comments. But I´ ll think about this problem again.
 
Guardian2003
PostPosted: Wed Feb 22, 2006 5:44 pm Reply with quote

So, you are asying that you would prefer the site users to not know who is in each group and the comments allows you to see it.
I think I understand now.

So what is really needed is a permission check based on groups to the comments function so only the group who the poster belongs too can see it.

Nice idea.
 
Susann
PostPosted: Wed Feb 22, 2006 5:57 pm Reply with quote

That´s your interpretation indeed a nice idea. Smile
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Wed Feb 22, 2006 6:12 pm Reply with quote

Yeah, I see what you mean. That really doesn't make sense to show it to everyone. It was added as a part of the Your Account module index.php change for NSN Groups. We may need to modify that to check to make sure only YOU can see YOUR NSN Groups (which I think is what this was intended for to begin with).

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
montego
PostPosted: Wed Feb 22, 2006 6:18 pm Reply with quote

Guardian and Susann, I have opened a bug report on this one and tied it to "Module - Groups".
 
montego
PostPosted: Wed Feb 22, 2006 8:54 pm Reply with quote

Susann, until we can get a bug release out, I suggest you replace your RavenNuke76 2.02.00 version of modules/Your_Account/index.php script with that from Chatserv's 3.1 patchset. All you are losing is the display of these groups. Once we have a bug fix, you can simply replace it back with the fixed one.

Trust me.... Smile
 
Susann
PostPosted: Thu Feb 23, 2006 8:17 am Reply with quote

Don´t know why I only concentrate on the comments function. I replaced the index.php. Works fine. Smile
 
montego
PostPosted: Thu Feb 23, 2006 8:23 am Reply with quote

We'll get this fixed in the 2.02.02 patch release.
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Fri Feb 24, 2006 12:34 am Reply with quote

This is from the README for NSN Groups. Does this pertain to this matter?
Code:


If you want admin status to over-ride groups status open includes/nsngr_func.php and find:
    /*if (is_admin($admin)) {
        return 1;
    } else*/if (is_user($user)) {

this appears in two functions, in_group() and in_groups(), then change it to:
    if (is_admin($admin)) {
        return 1;
    } elseif (is_user($user)) {
 
View user's profile Send private message
montego
PostPosted: Fri Feb 24, 2006 5:54 am Reply with quote

I don't think so. If I remember correctly, that is to ensure that the Admin will always see the blocks, messages and modules that are tied to "Groups" even if he/she is not specifically tied to a group.
 
Susann
PostPosted: Fri Feb 24, 2006 8:12 pm Reply with quote

I couldn´t find out any difference in userinfo.
 
montego
PostPosted: Thu Mar 09, 2006 8:32 am Reply with quote

This has been fixed in CVS for 2.02.02.
 
Susann
PostPosted: Thu Mar 09, 2006 8:54 am Reply with quote

Great ! worship
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.00.00 - v2.02.00 Distro

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©