Help with a mod..

[DemonicInfluence]

Okay. i'm making a mod that will make an admin a super admin

But now, I'm having trouble with some security checks..

Code Select Expand

file name="$sourcedir/Subs-Members.php">
<!-- A seach operation, with search rules and code to modify the file with. -->
<operation>
<search position="replace"><![CDATA[
function deleteMembers($users)
{
global $db_prefix, $sourcedir, $modSettings, $ID_MEMBER;
]]></search>
<add><![CDATA[
function deleteMembers($users)
{
global $db_prefix, $sourcedir, $modSettings, $ID_MEMBER;

        // Protect the person who started the forum
        if(!empty($modSettings['SuperAdmin_Activate']) && ($users == $modSettings['SuperAdmin_ID'] || (is_array($users) && in_array($modSettings['SuperAdmin_ID'], $users))))
                 {
                 fatal_error('You\'re not allowed to delete the super administrator.');
        }
]]></add>
</operation>
</file>
<file name="$sourcedir/ModSettings.php">
<!-- A seach operation, with search rules and code to modify the file with. -->
<operation>
                        <search position="replace"><![CDATA[
$subActions = array(
'basic' => 'ModifyBasicSettings',
]]></search>
<add><![CDATA[
$subActions = array(
'basic' => 'ModifyBasicSettings',
'SuperAdmin' => 'ModifySuperAdminSettings',
]]></add></operation>
<operation>
<search position="replace"><![CDATA[
'basic' => array(
'title' => $txt['mods_cat_features'],
'href' => $scripturl . '?action=featuresettings;sa=basic;sesc=' . $context['session_id'],
),
]]></search>
<add><![CDATA[
                        'basic' => array(
'title' => $txt['mods_cat_features'],
'href' => $scripturl . '?action=featuresettings;sa=basic;sesc=' . $context['session_id'],
),
'SuperAdmin' => array(
'title' => $txt['SuperAdmin'],
'href' => $scripturl . '?action=featuresettings;sa=SuperAdmin;sesc=' . $context['session_id'],
),
]]></add></operation>
<operation>
                        <search position="before"><![CDATA[
$context['post_url'] = $scripturl . '?action=featuresettings2;save;sa=basic';
$context['settings_title'] = $txt['mods_cat_features'];

prepareDBSettingContext($config_vars);
}
]]></search>
<add><![CDATA[
function ModifySuperAdminSettings()
   {
global $txt, $scripturl, $context, $settings, $sc;

$config_vars = array(
// SuperAdmin Active?
array('check', 'SuperAdmin_Activate'),
array('int', 'SuperAdmin_ID'),
'',
);

// Saving?
if (isset($_GET['save']))
{
saveDBSettings($config_vars);
redirectexit('action=featuresettings;sa=SuperAdmin');
}

$context['post_url'] = $scripturl . '?action=featuresettings2;save;sa=SuperAdmin';
$context['settings_title'] = $txt['SuperAdmin'];

prepareDBSettingContext($config_vars);
}
]]></add>
</operation>
</file>
<file name="$languagedir/ModSettings.english.php">
<!-- A seach operation, with search rules and code to modify the file with. -->
<operation>
<<search position="before"><![CDATA[
// Version: 1.1 RC2; ModSettings
]]></search>
<add><![CDATA[
$txt['SuperAdmin'] = 'SuperAdmin';
$txt['SuperAdmin_Activate'] = 'Activate Super Admin?';
$txt['SuperAdmin_ID'] = 'User ID of Super Admin:';
]]></add>
</operation>
</file>

That all works...

So, now in modsettings.php trying to make it so that once the SuperAdmin_Activate is set, only the super admin can access it..

This is what I changed it to:

Code Select Expand


function ModifySuperAdminSettings()
   {
global $txt, $scripturl, $context, $settings, $sc, $ID_MEMBER;

        //Let Super Admin Access Super Admin Menu
        if(empty($modSettings['SuperAdmin_Activate']) && ($ID_MEMBER == $modSettings['SuperAdmin_ID']))
        {

$config_vars = array(
// SuperAdmin Active?
array('check', 'SuperAdmin_Activate'),
array('int', 'SuperAdmin_ID'),
'',
);

// Saving?
if (isset($_GET['save']))
{
saveDBSettings($config_vars);
redirectexit('action=featuresettings;sa=SuperAdmin');
}

$context['post_url'] = $scripturl . '?action=featuresettings2;save;sa=SuperAdmin';
$context['settings_title'] = $txt['SuperAdmin'];

prepareDBSettingContext($config_vars);
        }
        // Protect the person who started the forum
        else
        {
        fatal_error('You\'re not allowed to mess with the super administrator.');
        }
}

However, that always gives me You're not allowed to mess with the super admin..

This is where it gets really dumb:

When I change this:

Code Select Expand

if(empty($modSettings['SuperAdmin_Activate']) && ($ID_MEMBER == $modSettings['SuperAdmin_ID']))
to this:

Code Select Expand

if(empty($modSettings['SuperAdmin_Activate']) && ($ID_MEMBER == 3))
It works.. My super admin ID is set to 3... So, what did I do wrong

EdiT: Also, want to have a check in modsettings.php so that if superadmin isn't activated, no restriction to going to the super admin panel..

THANKS

[DemonicInfluence]

Poke???

ITs on 2nd page. Must POKE!

[DemonicInfluence]

2nd poke! Anyone help??

[Sheepy]

Try checking

isset($modSettings['SuperAdmin_Activate']) && $modSettings['SuperAdmin_Activate'] != '0'

instead of using empty.  It should be the same, but somehow my read topic mod failed because I used empty to do something similiar.

If it still doesn't work, try to add a var_dump to see what are the values, and/or perhaps echo a check or two.

[DemonicInfluence]

THAt didn't work. How do you use var_dump???

[Sheepy]

Code Select Expand

echo "<pre>";
var_dump($modSettings);  // This will do a dump of everything in $modSettings to output
echo "</pre>";

Make sure you do it on test machine or first make sure no user will visit the page.

Hmm... have you checked spelling mistakes?

[DemonicInfluence]

Okay. I'll try that. It is on a test machine already

Nope. I'll check that too.

[DemonicInfluence]

Okay. Nothing has spelling problems at least as far as I can see..

i got these for the superadmin mod:

["SuperAdmin_Activate"]=>
  string(1) "1"
  ["SuperAdmin_ID"]=>
  string(1) "4"

which looks right... So, what did I do wrong now??

[Sheepy]

Uh... if I read correctly in first post, your ID is 3 instead of 4? o_o

I also took a closer look at the condition check... don't you think a check for *not* empty of SuperAdmin_Activate is in order? ^^'

[DemonicInfluence]

I changed it to 4..

The *not* empty will make it go fatal error...