Prevent Adminposts
TriTop Offline
Member
***
Posts: 53
Joined: Apr 2008
Post: #1
Prevent Adminposts
Hey Comm!
Try to write a plugin that stop edit adminposts by moderators. At this hook:

PHP Code:
$plugins->add_hook('editpost_delete', 'adminposteditlock');

everything works fine. Unresolved problems with the inline moderation tool.
The variable $mybb->input['pid'] is not working. Test with:

PHP Code:
$tid = intval($mybb->input['tid']);
$query = $db->simple_select("posts", "*", "tid='$tid'");
$post = $db->fetch_array($query, "pid");

backfired.

Here is the complete codeblock:

PHP Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
$plugins->add_hook('moderation_start', 'adminposteditlock_moderation');

function adminposteditlock_moderation()
{
global $db, $mybb;

$pid = intval($mybb->input['pid']);
$query = $db->simple_select("posts", "*", "pid='$pid'");
$post = $db->fetch_array($query);
$uid = $post['uid'];
$user = get_user($uid);
$group = usergroup_permissions($user['usergroup']);
if($mybb->usergroup['cancp'] != 1 && $group['cancp'] == 1)
{
error("This post was made by an Admin. Editing or deletion is not allowed.", "ERROR!");
}
}


oh well.....still learning. Any suggestions are welcome.

12-15-2010 04:47 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #2
RE: Prevent Adminposts
Firstly, you might want to check the actions ($mybb->input['action']) before putting your code in.
Otherwise it might be better to hook elsewhere, eg moderation_do_deletethread.

Yeah, inline mod won't work because it's not sent through input that way.
Take a look at getids in moderation.php

Here's some example code from moderation.php:

PHP Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
    // Delete Threads - Inline moderation
    case "multideletethreads":
        add_breadcrumb($lang->nav_multi_deletethreads);
        
        if(!empty($mybb->input['searchid']))
        {
            // From search page
            $threads = getids($mybb->input['searchid'], 'search');
            if(!is_moderator_by_tids($threads, 'candeleteposts'))
            {
                error_no_permission();
            }
        }
        else
        {
            $threads = getids($fid, 'forum');
            if(!is_moderator($fid, 'candeleteposts'))
            {
                error_no_permission();
            }
        }

PHP Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
// Some little handy functions for our inline moderation
function getids($id, $type)
{
    global $mybb;
    
    $newids = array();    
    $cookie = "inlinemod_".$type.$id;
    $cookie_ids = explode("|", $mybb->cookies[$cookie]);
    
    foreach($cookie_ids as $cookie_id)
    {
        if(empty($cookie_id))
        {
            continue;
        }
        
        if($cookie_id == 'ALL')
        {
            $newids += getallids($id, $type);
        }
        else
        {
            $newids[] = intval($cookie_id);
        }
    }
    
    return $newids;
}


My Blog
12-15-2010 08:16 AM
Find all posts by this user Quote this message in a reply
TriTop Offline
Member
***
Posts: 53
Joined: Apr 2008
Post: #3
RE: Prevent Adminposts
Thanks for fast reply ZiNgA BuRgA! Your impulse ensuing I searched in moderate.php for input actions. Found:

PHP Code:
1
2
3
4
5
6
7
8
9
10
11
	// Actually delete the posts in inline moderation
	case "do_multideleteposts":

		// Verify incoming POST request
		verify_post_check($mybb->input['my_post_key']);
		
		$postlist = explode("|", $mybb->input['posts']);
		if(!is_moderator_by_pids($postlist, "candeleteposts"))
		{
			error_no_permission();
		}



By the way, $mybb->input['posts'] read pid. Yes

This code I use now:

PHP Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
$plugins->add_hook('moderation_start', 'adminposteditlock_moderation');


function adminposteditlock_moderation()
{
global $db, $mybb;

if($mybb->input['action'] == "do_multideleteposts") {

		$pid = intval($mybb->input['posts']);
        $query = $db->simple_select("posts", "*", "pid='$pid'");
        $post = $db->fetch_array($query);
        $uid = $post['uid'];
        $user = get_user($uid);
        if($pid = $user['uid'] == 1)
        {
        error("This post was made by an Admin. Editing or deletion is not allowed.", "ERROR!");
        }
}
}


It works! However plugin not yet functional. It will take much more time to make it ready. Anyway, this point Job done! Yipi

12-16-2010 01:59 AM
Find all posts by this user Quote this message in a reply

« Next Oldest | Next Newest »

 Standard Tools
Forum Jump: