Icy Phoenix

hi, im new here but have my forum on icy pheonix.

i have come across a serious (imo) security issue while using the user options in ACP

basically it allows admin to view members PRIVATE MESSAGES.
this is something i dont want as private messages should be just that PRIVATE.


is there a simple way of deleting this option from ACP?

when i enter ACP and click USERS 7 from top is PRIVATE MESSAGES it is this i want removing from my site.


any help/pointer glady recieved.

many thanks in advance :oops: :wink:

You can simply delete or rename with a non .php extension the file your_root/adm/admin_priv_msgs.php ;)



Edit: I don't think is a security issue. Can turn out to be useful in some cases of harrassments via PM, then you can check and prove it.

It should just be kind from the administrator to warn the users that pms can be read from admins ;)

Vortex wrote: [View Post]

You can simply delete or rename with a non .php extension the file your_root/adm/admin_priv_msgs.php ;)

have you simpleton instructions on how to do this?

im no technical genius :oops: :oops:

playmisty wrote: [View Post]

Vortex wrote: [View Post]

You can simply delete or rename with a non .php extension the file your_root/adm/admin_priv_msgs.php ;)

have you simpleton instructions on how to do this?

im no technical genius :oops: :oops:

If you installed Icy, I suppose you can use the FTP client ;)


Just connect and go to root(folder where you have Icy)/adm/ and delete the file admin_priv_msgs.php


(Personally I just rename it to admin_priv_msgs_php so that it no longer appears it ACP ;) )

though it is still easy to read private messages as everything is stored in the database... so for security it is not really an issue...

I've do this :
OPEN
FIND
AFTER, ADD
FIND
BEFORE, ADD