Well, let's see. In "includes/constants.php" we have the following:
- // Auth settings - Levels
- define('AUTH_NONE', -1);
- define('AUTH_LIST_ALL', 0);
- define('AUTH_ALL', 0);
- define('AUTH_REG', 1);
- define('AUTH_ACL', 2);
- define('AUTH_MOD', 3);
- define('AUTH_JADMIN', 4);
- define('AUTH_ADMIN', 5);
- // Self AUTH - BEGIN
- define('AUTH_SELF', 9);
- // Self AUTH - END
Then in "includes/mod_settings/mod_img_posting.php" we have the following:
- 'auth_view_pic_upload' => array(
- 'lang_key' => 'IP_auth_view_pic_upload',
- 'type' => 'LIST_RADIO_BR',
- 'default' => 'CFG_REG',
- 'values' => array(
- 'CFG_ALL' => 0,
- 'CFG_REG' => 1,
- 'CFG_MOD' => 2,
- 'CFG_ADMIN' => 3,
- ),
- ),
According to that definition, if I select ALL or REG all is fine, but when I select MOD I'm saying ACL indeed, and when I select ADMIN I'm saying MOD.
It can be fixed by few changes:
- #
- #-----[ OPEN ]------------------------------------------
- #
- includes/mods_settings/mod_img_posting.php
- #
- #-----[ FIND ]------------------------------------------
- #
- 'CFG_ALL' => 0,
- 'CFG_REG' => 1,
- 'CFG_MOD' => 2,
- 'CFG_ADMIN' => 3,
- #
- #-----[ REPLACE WITH ]------------------------------------------
- #
- 'CFG_ALL' => AUTH_ALL,
- 'CFG_REG' => AUTH_REG,
- 'CFG_MOD' => AUTH_MOD,
- 'CFG_ADMIN' => AUTH_ADMIN,
That's all. What I don't know is if there is more places on the code where this kind of direct assignment with incorrect values is being used. I hope no, because it would allow to moderators make things that only admins should.