Icy Phoenix

     
 

Home » Forum » Icy Phoenix Support » Older Versions Archive » Old Support Topics

The time now is Sat 18 May, 2013 23:24 • All times are UTC + 1 Hour [DST enabled]
View previous topic Recent Topics Disable KB mode Download Topic Printable Version Email to a Friend View next topic

Private Messages

Private Messages

Article
Reply with quote    Download Post  
Post Private Messages 
 
hi, im new here but have my forum on icy pheonix.

i have come across a serious (imo) security issue while using the user options in ACP

basically it allows admin to view members PRIVATE MESSAGES.
this is something i dont want as private messages should be just that  PRIVATE.


is there a simple way of deleting this option from ACP?

when i enter ACP and click USERS  7 from top is PRIVATE MESSAGES it is this i want removing from my site.


any help/pointer glady recieved.

many thanks in advance    



 
playmisty - View user's profile Send private message  
playmisty [ Sun 14 Dec, 2008 18:38 ]
Sponsors
Icy Phoenix is an open source project, you can show your appreciation and support future development by donating to the project.

Support us


Private Messages

Comments
Reply with quote    Download Post  
Post Re: Private Messages 
 
You can simply delete or rename with a non .php extension the file your_root/adm/admin_priv_msgs.php



Edit: I don't think is a security issue. Can turn out to be useful in some cases of harrassments via PM, then you can check and prove it.

It should just be kind from the administrator to warn the users that pms can be read from admins



 
Last edited by Vortex on Sun 14 Dec, 2008 18:49; edited 1 time in total 
Vortex - View user's profile Send private message  
Vortex [ Sun 14 Dec, 2008 18:45 ]
Reply with quote    Download Post  
Post Re: Private Messages 
 
Vortex wrote: [View Post]
You can simply delete or rename with a non .php extension the file your_root/adm/admin_priv_msgs.php



have you simpleton instructions on how to do this?

im no technical genius    



 
playmisty - View user's profile Send private message  
playmisty [ Sun 14 Dec, 2008 18:48 ]
Reply with quote    Download Post  
Post Re: Private Messages 
 
playmisty wrote: [View Post]
Vortex wrote: [View Post]
You can simply delete or rename with a non .php extension the file your_root/adm/admin_priv_msgs.php



have you simpleton instructions on how to do this?

im no technical genius    



If you installed Icy, I suppose you can use the FTP client


Just connect and go to root(folder where you have Icy)/adm/ and delete the file admin_priv_msgs.php


(Personally I just rename it to admin_priv_msgs_php so that it no longer appears it ACP )



 
Vortex - View user's profile Send private message  
Vortex [ Sun 14 Dec, 2008 18:51 ]
Reply with quote    Download Post  
Post Re: Private Messages 
 
though it is still easy to read private messages as everything is stored in the database... so for security it is not really an issue...



 
DWho - View user's profile Send private message  
DWho [ Sun 14 Dec, 2008 21:21 ]
Reply with quote    Download Post  
Post Re: Private Messages 
 
I've do this :
OPEN
Code: [Download] [Hide]
  1. your_root/adm/admin_priv_msgs.php 

FIND
Code: [Download] [Hide]
  1. <?php 

AFTER, ADD
Code: [Download] [Hide]
  1. if($userdata['user_id'] == 2) { 

FIND
Code: [Download] [Hide]
  1. ?> 

BEFORE, ADD
Code: [Download] [Hide]
  1. else { redirect(INDEX_MG.PHP_EXT); } 




 
Informpro - View user's profile Send private message  
Informpro [ Mon 15 Dec, 2008 19:24 ]
Display posts from previous:    

HideWas this topic useful?

Post new topic  Reply to topic  Page 1 of 1
 
 

Home » Forum » Icy Phoenix Support » Older Versions Archive » Old Support Topics

The time now is Sat 18 May, 2013 23:24 • All times are UTC + 1 Hour [DST enabled]
View previous topic Recent Topics Disable KB mode Download Topic Printable Version Email to a Friend View next topic




 

 
 Powered by Icy Phoenix based on phpBB
Lo-Fi Version
Generation Time: 0.1623s (PHP: 31% SQL: 69%)
SQL queries: 16 - Debug On - GZIP Enabled
Design by Mighty Gorgon