Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

private custom user fields visible to all users?!
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> v2.3 RN Issues
Author Message
sak
Worker
Worker



Joined: Jul 06, 2005
Posts: 172
PostPosted: Sat Sep 19, 2009 3:56 pm Reply with quote
I just noticed that custom fields set as private in RNYA are visible to all users. Is this intended? I just upgrade to 2.4 and they are still visible.

If this is intended, that's cool. I need to like IMMEDIATELY fix this though. I have to protect my users' information right away. Can someone tell me how to do this?

_________________
www.ICarry.org
www.GunOwnersFellowship.com 
View user's profile Send private message Visit poster's website
Palbin
Site Admin



Joined: Mar 30, 2006
Posts: 2583
Location: Pittsburgh, Pennsylvania
PostPosted: Sat Sep 19, 2009 4:50 pm Reply with quote
I just made a custom field called color and I only see it as a user(me) or admin. I do not see it as anonymous. Are you sure it is not just you that is seeing becuase you are still logged into admin? Sorry have to ask.

_________________
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." — Brian W. Kernighan. 
View user's profile Send private message
Palbin
PostPosted: Sat Sep 19, 2009 4:53 pm Reply with quote
I see the problem now. I thought this problem was taken care of already Mad

Give me a few minutes.
 
Palbin
PostPosted: Sat Sep 19, 2009 5:14 pm Reply with quote
Ok I thought I saw the problem, but I can't reproduce it. I know that this was a problem in 2.3, but are you sure they are showing in 2.4?

Per above are you logged into admin?
 
Palbin
PostPosted: Sat Sep 19, 2009 5:44 pm Reply with quote
OK, Sorry! I finally got it. I don't want to mention publicly why it was so difficult to find, but here is the solution.

Find line 105 of /modules/Your_Account/public/userinfo.php
Code:



if (is_admin($admin) OR (is_user($user) AND $usrinfo['username'] == $username)) {

Change to:
Code:



if (is_admin($admin) OR (is_user($user) AND $usrinfo['username'] == $userinfo['username'])) {
 
sak
PostPosted: Sat Sep 19, 2009 5:45 pm Reply with quote
I'm just logged-in as a regular user right now. Using a different browser to make sure that cookies/etc aren't coming into play. I even tried accessing admin.php to make sure I wasn't somehow accessing admin features since it's from the same IP. admin.php brings up the login, so I must not have any access to admin.

Looks like a standard user can still see my custom "private" fields. By standard user I mean logged-in as a registered user. Anonymous can NOT see the private fields but a user can at this point.

For the upgrade, I just upgraded my files and ran the db updater - no issues came up with the upgrade - very smooth and easy Smile

edit: posted while you were posting. I will try the above fix right now.
 
sak
PostPosted: Sat Sep 19, 2009 5:49 pm Reply with quote
Worked like a charm - thank you so much!
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> v2.3 RN Issues


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©