0chan
/
instant-0chan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

User validation (manual with db at this point)

This commit is contained in:
0chan 2023-02-09 19:16:40 +06:00
parent 9dc40eb62a
commit 19e270b111
3 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
UTIL/upgrade_to_staff_validation.sql Normal file
View File

@ -0,0 +1,2 @@
ALTER TABLE `staff`
ADD COLUMN `validated` INTEGER NOT NULL DEFAULT 0;

1
config.php
View File

@ -130,6 +130,7 @@ if (!$cache_loaded) {
}
$cf['I0_DISABLE_APNG'] = false; // Disable APNG upload if you don't want anyone to abuse CSAM
$cf['I0_DISABLE_THREAD_LIMIT'] = false; //Do not delete old posts, essentially an anti-wipe feature
$cf['I0_20_STAFF_VALIDATION'] = false; //Set true if you want to prevent unvalidated users from creating 2.0 boards (run upgrade_to_staff_validation.sql)
// --------------------------------------- CSS styles ---------------------------------------

28
inc/classes/manage.class.php
View File

@ -223,15 +223,41 @@ class Manage {
if ($this->CurrentUserIsAdministrator()) {
return true;
} else {
$results = $tc_db->GetAll("SELECT HIGH_PRIORITY `type` FROM `" . KU_DBPREFIX . "staff` WHERE `username` = '" . $_SESSION['manageusername'] . "' AND `password` = '" . $_SESSION['managepassword'] . "' LIMIT 1");
$results = $tc_db->GetAll("SELECT HIGH_PRIORITY `type`, `validated` FROM `" . KU_DBPREFIX . "staff` WHERE `username` = '" . $_SESSION['manageusername'] . "' AND `password` = '" . $_SESSION['managepassword'] . "' LIMIT 1");
foreach ($results as $line) {
if ($line['type'] != 3) {
exitWithErrorPage(_gettext('That page is for custom board owners only.'));
}
if (I0_20_STAFF_VALIDATION && $line['validated'] != 1) {
exitWithErrorPage(_gettext('Only validated users are allowed to create 2.0 boards. Please wait or go whine to /0/ board'));
}
}
}
}
function CurrentUserIsValidated()
{
global $tc_db, $tpl_page;
if ($_SESSION['manageusername'] == '' || $_SESSION['managepassword'] == '' || $_SESSION['token'] == '') {
$_SESSION['manageusername'] = '';
$_SESSION['managepassword'] = '';
$_SESSION['token'] = '';
return false;
}
$results = $tc_db->GetAll("SELECT HIGH_PRIORITY `validated` FROM `" . KU_DBPREFIX . "staff` WHERE `username` = '" . $_SESSION['manageusername'] . "' AND `password` = '" . $_SESSION['managepassword'] . "' LIMIT 1");
foreach ($results as $line) {
if ($line['type'] == 1) {
return true;
} else {
return false;
}
}
/* If the function reaches this point, something is fishy. Kill their session */
session_destroy();
exitWithErrorPage(_gettext('Invalid session, please log in again.'));
}
/* See if the user logged in is an admin */
function CurrentUserIsAdministrator() {
global $tc_db, $tpl_page;