First off - I love this script - Well Done!
As always with any script it will never be perfect and this script is no exception. The biggest flaw I saw was allowing any user to get to the password page. To me this is just asking for somebody to try a thousand times and gain accesses, and screw things up. Like we all need that? So I came up with a quick fix for this problem, and I am posting it here. I offer no support, guarantee, or warranty of any kind.
To the Creator of GBook:
If you like this fix feel free to add it to the next version of the script.
NOTE: THIS FIX ONLY WORKS IF YOU HAVE A STATIC IP!
This mod compares your Static IP with the one in the settings.php if they match - nothing happens and you have accesses to view private posts, delete posts, reply to a post or view a IP.
If your IP does not match you are taken to the error page and told "Only Admins Can View this page" or in the case of a private message - "Shame on you! Trying to reading the Admins Private Message."
I know this does not solve the problem for some of you, and I'm sorry about that. The only way to truly solve the problem is to build a admin section, and I just don't have that much time.
Enjoy
The Wizard (Bill)
settings.php
Code: Select all
Find:
// Debug mode? 1 = ON, 0 = OFF
$settings['debug'] = 0;
Add After:
// Allowed IP - keeps users from the del, reply & ip's (Only works if with Static IP's)
// Replace 222.22.222.222 with YOUR Static IP
$allowedip = '222.22.222.222';
Code: Select all
Find:
// Added 25th November 2009
$lang['t88']='Submit My Comment';
Add After:
$lang['t99'] = 'Only Admins Can View this page';
$lang['t100'] = 'Shame on you! Trying to reading the Admins Private Message.';Code: Select all
Find:
function confirmViewIP($error='')
{
Add After:
//allowed IP. Change it to your static IP
global $allowedip;
$ip = $_SERVER['REMOTE_ADDR'];
if ($ip == $allowedip) {
Find:
printTopHTML();
require($settings['tpl_path'].'admin_tasks.php');
printDownHTML();
Add After:
}else{
global $settings, $lang;
$myproblem = $lang['t99'];
printTopHTML();
require($settings['tpl_path'].'error.php');
printDownHTML();
}
Find:
function writeReply($error='', $comments='')
{
Add After:
//allowed IP. Change it to your static IP
global $allowedip;
$ip = $_SERVER['REMOTE_ADDR'];
if ($ip == $allowedip) {
Find:
printTopHTML();
require($settings['tpl_path'].'admin_reply.php');
printDownHTML();
Add After:
}else{
global $settings, $lang;
$myproblem = $lang['t99'];
printTopHTML();
require($settings['tpl_path'].'error.php');
printDownHTML();
}
Find:
function confirmViewPrivate($error='')
{
Add After:
//allowed IP. Change it to your static IP
global $allowedip;
$ip = $_SERVER['REMOTE_ADDR'];
if ($ip == $allowedip) {
Find:
printTopHTML();
require($settings['tpl_path'].'admin_tasks.php');
printDownHTML();
Add After:
}else{
global $settings, $lang;
$myproblem = $lang['t100'];
printTopHTML();
require($settings['tpl_path'].'error.php');
printDownHTML();
}
Find:
function confirmDelete($error='')
{
Add After:
//allowed IP. Change it to your static IP
global $allowedip;
$ip = $_SERVER['REMOTE_ADDR'];
if ($ip == $allowedip) {
Find:
printTopHTML();
require($settings['tpl_path'].'admin_tasks.php');
printDownHTML();
Add After:
}else{
global $settings, $lang;
$myproblem = $lang['t99'];
printTopHTML();
require($settings['tpl_path'].'error.php');
printDownHTML();
}
).
