Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Bug Reports (Open)
 v3.3 BUG+FIXED: Post.asp - ChkForumModerator		  New Topic  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

GauravBhabu
Advanced Member

4288 Posts
Posted - 04 March 2002 :  11:30:00  Show Profile
File : Post_info.asp
Lines:1256-1259 and 1329-1333


case 3 '## Moderator
	if chkForumModerator(Forum_ID, STRdbntUserName) = "0" then
		Go_Result "Only an administrator can create a category", 0
	end if


IMO the statements in red are not required.



----------------------------------------------------------------
Also, though not a bug, The following or similar statement block appears about 8 times on the lines:

234-253;337-356;814-835;927-946;1035-1055;1165-1185;1245-1265;1313-1339


member = cint(ChkUser(STRdbntUserName, Request.Form("Password")))
select case Member 
	case 0 
		'## Invalid Pword
		Go_Result "Invalid Password or UserName", 0
		Response.End
	case 1 '## Author of Post
		'## Do Nothing
	case 2 '## Normal User - Not Authorised
		Go_Result "Only an administrator can change a category", 0
		Response.End
	case 3 '## Moderator
		'## Do Nothing
		if chkForumModerator(Forum_ID, STRdbntUserName) = "0" then
			Go_Result "Only an administrator can change a category", 0
		end if
	case 4 '## Admin
		'## Do Nothing
	case else 
		Go_Result cstr(Member), 0
		Response.End
end select



Suggestion:
May be put into a function or sub as below:

 
sub CheckAuthorization()
	dim strErrMsg,Member
	Select Case Request.form("Method_Type")
		Case "Edit","EditTopic"
			strErrMsg = "Only Admins, Forum Moderators and the Author can change this post"
		Case "URL"
			strErrMsg = "Only Admins, Moderators can Create a Web link"
		Case "EditURL"
			strErrMsg = "Only Admins, Moderators can Modify a Web link"
		Case "Forum"
			strErrMsg = "Only Admins, Moderators can Create a New Forum"
		Case "EditForum"	
			strErrMsg = "Only Admins, Moderators can Modify a Forum"
		Case "Category"
			strErrMsg = "Only an Administrator can Create a Category"
		Case "EditCategory"		
			strErrMsg = "Only an Administrator can Modify Category Information"
	end select
	Member = cint(ChkUser(STRdbntUserName, Request.Form("Password")))
	select case Member 
		case 0 
			Rem ----Invalid Pword
			Go_Result "Invalid Password or UserName", 0
		case 1 
			Rem ----Author of Post - Do Nothing
		case 2 
			Rem ----Normal User - Not Authorised
			Go_Result strErrMsg, 0
		case 3 
			Rem ----Moderator
			Select Case Request.form("Method_Type")
				Case "Edit","EditTopic","Forum","EditForum","URL","EditURL"
					if chkForumModerator(Request.Form("FORUM_ID"), STRdbntUserName) = "0" then
					 	Go_Result strErrMsg, 0
					end if			
				Case else
					Go_Result strErrMsg, 0
			end select
		case 4
			Rem ----Admin - Do Nothing
		case else 
			Go_Result cstr(Member), 0
	end select
end sub


1) Add the above sub to the end of post_info.asp
2) Replace the statement Blocks on Lines:

234-253;337-356;814-835;927-946;1035-1055;1165-1185;1245-1265;1313-1339

with the following statement

Call CheckAuthorization()


www.forumSquare.com - GauravBhabu - It is difficult to IMPROVE on Perfection, There is no harm in Keep Trying.

Edited by - Davio on 09 March 2002 01:46:26

RichardKinser
Snitz Forums Admin

USA
16655 Posts
Posted - 09 March 2002 :  01:19:27  Show Profile
This has been addressed in v3.4

chkForumModerator isn't necessary when creating a New Forum or New Web Link (URL) either, since only Admins can actually create them. Besides, the Forum_ID doesn't exist yet when you are creating a new Forum or Weblink(URL).
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.09 seconds. Powered By: Snitz Forums 2000 Version 3.4.07