Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Help Groups for Snitz Forums 2000 Users
 Help: MOD Implementation
 Why members can delete other member's Events ?
 New Topic  Topic Locked
 Printer Friendly
Next Page
Author Previous Topic Topic Next Topic
Page: of 2

Alex123
Junior Member

Greece
237 Posts

Posted - 13 September 2002 :  12:35:54  Show Profile
Hi,

On the "Events Calendar Mod", it seems that Any "normal user" can Edit/Delete any other member's Event ( including Admin's events).
Shouldn't this work the same way that normal Posts work, where every member can ONLY edit/delete their own posts.
Can anyone help on this please ?

Thank you in advance
Regards
Alex

GauravBhabu
Advanced Member

4288 Posts

Posted - 13 September 2002 :  13:09:41  Show Profile
Events calendar does lot of things which are not Normal. You need to modify the code to fix the behavior which is greater than or less than normal.

CSS and HTML4.01 Compilant Snitz Forum . ForumSquare . Rakesh Jain

It is difficult to IMPROVE on Perfection, There is no harm in Keep Trying.

Prayer Of Forgiveness
"I forgive all living beings. May all living beings forgive me!
I cherish the friendliness towards all and harbour enmity towards none." -- Aavashyaka Sutra(Translated)
Go to Top of Page

alex042
Average Member

USA
631 Posts

Posted - 13 September 2002 :  13:33:32  Show Profile  Send alex042 an AOL message  Send alex042 a Yahoo! Message
quote:
On the "Events Calendar Mod", it seems that Any "normal user" can Edit/Delete any other member's Event ( including Admin's events). Shouldn't this work the same way that normal Posts work, where every member can ONLY edit/delete their own posts.


There should be a number setting at the very top of the code to change who can add/edit/delete events. This MOD was basically a stand-alone MOD that was attached to the forum, but doesn't use the same method to regulate how the event postings are controlled.


Edited by - alex042 on 13 September 2002 13:34:41
Go to Top of Page

Alex123
Junior Member

Greece
237 Posts

Posted - 13 September 2002 :  13:34:33  Show Profile
Thanks GauravBhabu for your reply,

Could you help me with this please ? if it not too much trouble.
I wouldn't be able to change the code for this my self.

I just checked crash's site and I think they way he has it,is that only admin and Mods can Add Events and Members can only Add "private events" ( which they only see) and they can not edit/delete any event except their own.
That's still better than what I have now.

Thank you
Alex



Go to Top of Page

Alex123
Junior Member

Greece
237 Posts

Posted - 13 September 2002 :  13:36:05  Show Profile
Hi Alex,

Would that be at the events.asp ?

Thanks
Go to Top of Page

alex042
Average Member

USA
631 Posts

Posted - 13 September 2002 :  13:36:52  Show Profile  Send alex042 an AOL message  Send alex042 a Yahoo! Message
At the top of events.asp, you should find:

' sets who is allowed to add events
dim intAllowed
intAllowed = 1 'Any members
'intAllowed = 3 'Only Moderators and Admin
'intAllowed = 4 'Admins Only

Just uncomment the appropriate level. 'Any members' is defaulted as shown here. Any members at that level has total control over all events.


Edited by - alex042 on 13 September 2002 13:37:58
Go to Top of Page

Alex123
Junior Member

Greece
237 Posts

Posted - 13 September 2002 :  13:45:54  Show Profile
Alex, if I uncomment the 'Only Moderators and Admin, what happens is that a "normal member" can not add an event at all.
I would like if possible for the members, to be able to add events, but to not be able to edit/delete events that other member's have added.

Thank you again
Alex

Edited by - Alex123 on 13 September 2002 13:49:01
Go to Top of Page

DoraMoon
Average Member

Taiwan
661 Posts

Posted - 13 September 2002 :  13:48:46  Show Profile
hi~ Alex123,

i think usually we'll set events authority to Admin/Moderator Only...

and unless user checked the Private Event, or all events will be "public" by default. so if you allow general members also can add a event... yeah~ just as GB said, i think you'll need to change something to make it reasonable..

on my situation, i set general members only can post Private Event.. but i can't remember how i modified it before . anyway, it should be not too difficult.. .

at least, i think you can try this...
about line.828 in events_function.asp
<%'If (mlev >= intAllowed) and (lcase(lcase(rs(strDBNTSQLNAME))) = lcase(Request.Cookies(strUniqueID & "User")("Name"))) or mlev >=3 Then%>
<%If mlev >= intAllowed or lcase(strDBNTUSerName) = lcase(rs(strDBNTSQLNAME)) Then%>


change it to..
<%'If (mlev >= intAllowed) and (lcase(lcase(rs(strDBNTSQLNAME))) = lcase(Request.Cookies(strUniqueID & "User")("Name"))) or mlev >=3 Then%>
<%If mlev >= 3 or lcase(strDBNTUSerName) = lcase(rs(strDBNTSQLNAME)) Then%>


not sure it'll match your demand, but you can try it...

<edit>forgot to say that...
above modification, i think it should be can restrict the delete/edit authority to Admin/Moderator or "original author" ONLY...</edit>

Edited by - DoraMoon on 13 September 2002 13:58:03
Go to Top of Page

Alex123
Junior Member

Greece
237 Posts

Posted - 13 September 2002 :  13:57:35  Show Profile
Thank you DoraMoon

It worked perfectly. Thank you
Go to Top of Page

DoraMoon
Average Member

Taiwan
661 Posts

Posted - 13 September 2002 :  14:00:30  Show Profile
you're welcome, i'm also glad it work !

but maybe you should test more... the Events Mod is a little complex for me. maybe i still loss something..
Go to Top of Page

GauravBhabu
Advanced Member

4288 Posts

Posted - 13 September 2002 :  14:36:18  Show Profile
Any member can delete any event if he/she knows the eventid. To prevent that everyone must modify the code in events.asp

Lines 186-192
select case sMode
 case "delete" 
  if mlev >= intAllowed then
   sSQL = "DELETE FROM " & strTablePrefix & "EVENTS WHERE Event_ID=" & Request.QueryString("Event_ID")
   my_Conn.Execute ssql
   strCMessage = "The selected event was deleted"
  end if



Modify as below:


select case sMode
  case "delete" 
   if mlev >= intAllowed then
    sSQL = "SELECT ADDED_BY FROM " & strTablePrefix & "EVENTS WHERE EVENT_ID=" & Request.QueryString("Event_ID")
    Set rsDelete = Server.CreateObject("ADODB.RECORDSET")
    rsDelete.Open sSQL, my_Conn, adOpenForwardOnly, adLockReadOnly, adCmdTxt
    if not(rsDelete.EOF or rsDelete.BOF) then
     if (clng(rsDelete("ADDED_BY")) = MemberID) or (mlev = 4) then
      sSQL = "DELETE FROM " & strTablePrefix & "EVENTS WHERE Event_ID=" & Request.QueryString("Event_ID")
      my_Conn.Execute ssql
      strCMessage = "The selected event was deleted"
     else
      strCMessage = "No authorization to delete the event"
     end if
    else
     strCMessage = "The selected event was not found"
    end if
    rsDelete.Close
    Set rsDelete = Nothing
   end if



CSS and HTML4.01 Compilant Snitz Forum . ForumSquare . Rakesh Jain

It is difficult to IMPROVE on Perfection, There is no harm in Keep Trying.

Prayer Of Forgiveness
"I forgive all living beings. May all living beings forgive me!
I cherish the friendliness towards all and harbour enmity towards none." -- Aavashyaka Sutra(Translated)
Go to Top of Page

DoraMoon
Average Member

Taiwan
661 Posts

Posted - 13 September 2002 :  15:23:32  Show Profile
yes, thank GB for replenishing again...

Alex123 )))
my modify just remove the delete/edit link from nomal users,
just as GB said, if someone know the event_id, he also can delete the event!
so make sure you also add GB's code too.

and maybe in "edit" section... (events.asp below GB's code..)
the same doing as GB's suggestion, also can change it to..
	case "edit"
   if mlev >= intAllowed then
    sSQL = "SELECT ADDED_BY FROM " & strTablePrefix & "EVENTS WHERE EVENT_ID=" & Request.QueryString("Event_ID")
    Set rsEdit = Server.CreateObject("ADODB.RECORDSET")
    rsEdit.Open sSQL, my_Conn, adOpenForwardOnly, adLockReadOnly, adCmdTxt
    if not(rsEdit.EOF or rsEdit.BOF) then
     if (clng(rsEdit("ADDED_BY")) = MemberID) or (mlev = 4) then
      sMode = "edit"
      strCMessage = "Event Edit Successful"
     else
      strCMessage = "No authorization to edit the event"
     end if
    else
     strCMessage = "The selected event was not found"
    end if
    rsEdit.Close
    Set rsEdit = Nothing
   end if

~......~.~~
Go to Top of Page

GauravBhabu
Advanced Member

4288 Posts

Posted - 13 September 2002 :  17:06:44  Show Profile
DoraMoon that won't work for edit. Here is what is needed to be done to prevent unauthorized delete/edit


File: events.asp

Find the following code between lines 183-202
'set the mode
dim sMode, berror
sMode = Request.QueryString("mode")
select case sMode
 case "delete" 
 if mlev >= intAllowed then
  sSQL = "DELETE FROM " & strTablePrefix & "EVENTS WHERE Event_ID=" & Request.QueryString("Event_ID")
  my_Conn.Execute ssql
  strCMessage = "The selected event was deleted"
 end if
case "edit"
 if mlev >= intAllowed then
  sMode = "edit"
  strCMessage = "Event Edit Successful"
 end if
case "add"
 if mlev >= intAllowed then
  smode = "add"
 end if
end select


Replace the above statements as below

'**set the mode
dim sMode, bError, strCMessage
sMode = Request.QueryString("mode")
select case sMode
 case "delete" 
  if mlev >= intAllowed then
   if CheckAuthorization() then
    sSQL = "DELETE FROM " & strTablePrefix & "EVENTS WHERE Event_ID=" & Request.QueryString("Event_ID")
    my_Conn.Execute ssql
    strCMessage = "The selected event was deleted"
   end if
  end if
case "edit"
 sMode = ""
 if mlev >= intAllowed then
  if CheckAuthorization() then
   sMode = "edit"
   strCMessage = "Event Edit Successful"
  end if
 end if
case "add"
 if mlev < intAllowed then
  sMode = ""
 end if
end select



File events_functions.asp

Add the following function to this file. Make sure it is before the ASP closing tag (%>) at the bottom of file.

function CheckAuthorization()
    dim strSql, rsAuthorization
    if mLev = 4 then  CheckAuthorization = true : exit function
    CheckAuthorization = false
    strSql = "SELECT ADDED_BY FROM " & strTablePrefix & "EVENTS E WHERE E.EVENT_ID=" & Request.QueryString("Event_ID")
    Set rsAuthorization = Server.CreateObject("ADODB.RECORDSET")
    rsAuthorization.Open strSql, my_Conn, adOpenForwardOnly, adLockReadOnly, adCmdTxt
    if not (rsAuthorization.BOF or rsAuthorization.EOF) then 
     if (clng(rsAuthorization("ADDED_BY")) = MemberID) then 
      CheckAuthorization = true
     else
      strCMessage  = "No authorization to modify/delete the event"
     end if
    else
     strCMessage = "The selected event was not found"
    end if
    rsAuthorization.Close 
    Set rsAuthorization = nothing
end function


There are several other places in the file where code should be corrected. But anyway, above changes will prevent unauthorized edit/delete.

CSS and HTML4.01 Compilant Snitz Forum . ForumSquare . Rakesh Jain

It is difficult to IMPROVE on Perfection, There is no harm in Keep Trying.

Prayer Of Forgiveness
"I forgive all living beings. May all living beings forgive me!
I cherish the friendliness towards all and harbour enmity towards none." -- Aavashyaka Sutra(Translated)
Go to Top of Page

Alex123
Junior Member

Greece
237 Posts

Posted - 13 September 2002 :  20:09:35  Show Profile
Thank you guys both VERY much

I am going to dare to ask for one last thing and I am totally going to understand, in case you decide to ignore me
Could, the "Events Calendar", take it's "Time" from the: "Server Date/Time Configuration" through the forum. I have that one set, to add 7hours to the server Time.

Thanks again for all your help. It’s greatly appreciated
Alex



Go to Top of Page

GauravBhabu
Advanced Member

4288 Posts

Posted - 13 September 2002 :  20:16:21  Show Profile
You can use strForumTimeAdjust variable which stores the server date time.

CSS and HTML4.01 Compilant Snitz Forum . ForumSquare . Rakesh Jain

It is difficult to IMPROVE on Perfection, There is no harm in Keep Trying.

Prayer Of Forgiveness
"I forgive all living beings. May all living beings forgive me!
I cherish the friendliness towards all and harbour enmity towards none." -- Aavashyaka Sutra(Translated)
Go to Top of Page

Alex123
Junior Member

Greece
237 Posts

Posted - 13 September 2002 :  20:24:50  Show Profile
Thank you GauravBhabu,

Could you help me a bit more ? Where should I add this variable, on the Events mod ?

Thanks again
Alex
Go to Top of Page
Page: of 2 Previous Topic Topic Next Topic  
Next Page
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.34 seconds. Powered By: Snitz Forums 2000 Version 3.4.07