Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Help Groups for Snitz Forums 2000 Users
 Help: MOD Implementation
 Mod ban-Ip security problem		  New Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Maxime
Average Member

France
521 Posts
Posted - 21 June 2014 :  02:28:41  Show Profile  Visit Maxime's Homepage  Reply with Quote
Hello Carefree,

I fixed a security problem on the mod admin_ban_ips.asp Ban_ip. Anyone knowing the address of the page could write this page, I removed the code and added the security code for the session other administration pages and it works.

He too would like that page is not displayed UF8 as written but in all kind of charset set by config.asp page, can it?
Cordially,
Maxime

Taxation consists in so plucking the goose to get the most out of feathers with the least possible cries.(Jean-Baptiste Colbert)

Maxime
Average Member

France
521 Posts
Posted - 21 June 2014 :  04:41:30  Show Profile  Visit Maxime's Homepage
There also admin_banned.asp page that does not esty also included what was in protection session on other pages adminitrations forum. To not have anyone who uses good accounts of these functions. unbeknownst to me
Cordially,
Maxime

Taxation consists in so plucking the goose to get the most out of feathers with the least possible cries.(Jean-Baptiste Colbert)
Edited by - Maxime on 21 June 2014 04:42:00
Go to Top of Page

Carefree
Advanced Member

Philippines
4207 Posts
Posted - 21 June 2014 :  14:28:12  Show Profile
Actually, you're in error about the security features. The user would have to have mLev=4 to use the page, which is what I wanted (for all admins to be able to ban IPs, not just the forum admin). So your "fix" just gives the task back to the forum admin.

To change it from UTF8 is simple, delete the line that says 
Response.Charset="UTF-8"
Go to Top of Page

Maxime
Average Member

France
521 Posts
Posted - 22 June 2014 :  13:16:29  Show Profile  Visit Maxime's Homepage
After changing, I did the tests with me and then another of my single administrator account and it can not banish the problem ip and email.
Here is the added code because without beings connected to one account, I could make the changes I wanted.

if Session(strCookieURL & "Approval") <> "15916941253" then
scriptname = split(request.servervariables("SCRIPT_NAME"),"/")
Response.Redirect "admin_login.asp?target=" & scriptname(ubound(scriptname))
end if
Cordially,
Maxime

Taxation consists in so plucking the goose to get the most out of feathers with the least possible cries.(Jean-Baptiste Colbert)
Go to Top of Page

Carefree
Advanced Member

Philippines
4207 Posts
Posted - 22 June 2014 :  13:55:51  Show Profile
That added code forces you to be the forum admin account. That is precisely why I left it out, using just an mLev comparison.
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.31 seconds. Powered By: Snitz Forums 2000 Version 3.4.07