MyBB Community Forums

MyBB Community Forums > 1.8 Support > General Support > block php from view except for admins
Full Version: block php from view except for admins
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

metulburr

2016-11-21, 02:37 PM
Im trying to make a php page to view all mybb variables for customizing. But after looking at these variables and showing the values, i am assuming you want to hide this from public view. So i tried to add no permissions to everyone except admins (which in my forum is usergroup 4) 

but when im logged in as admin, i get a no permissions page now when viewing this page

<?php

define("IN_MYBB", 1);
include "global.php";

if ($mybb->user['usergroup'] == 4){
    error_no_permission();
}


echo '<pre>';
print_r($mybb);
echo '</pre>';

?>
EDIT:
nevermind. Somtimes i really wish i could delete posts when i feel so dumb
Quote:if ($mybb->user['usergroup'] != 4){


Does print_r($mybb); show each admin logged in info. Like i see me password hash and all.

dragonexpert

2016-11-21, 03:04 PM
You are able to view what the hashed password and salt looks like, but the code you posted won't do it. You can't view the true password that generated that.

$query = $db->simple_select("users", "*", "uid=x");
$user = $db->fetch_array($query);
print_r($user);

Replace x with the uid of the person you want to view. Btw, you may wish to define the constant NO_ONLINE and have its value be 1 before you load global.php. This way you won't show up in the online list as viewing that page.

metulburr

2016-11-21, 04:31 PM
Nice. Thanks.

btw, i dont think i did this right.
<?php

define("IN_MYBB", 1);
define("NO_ONLINE",1);
include "global.php";

if ($mybb->user['usergroup'] != 4){
    error_no_permission();
}


echo '<pre>';
print_r($mybb);
echo '</pre>';

?>
as i am still showing up

dragonexpert

2016-11-22, 01:44 PM
Maybe the code changed. I know at one point it used to work.

Wildcard

2016-11-22, 10:03 PM
Unless I am missing something, metulburr is asking why he still shows up on WOL if he is on the hidden page.

If so, that is normal behavior. It just doesn't show your actual location. iirc

metulburr

2016-11-22, 11:22 PM
Quote:If so, that is normal behavior. It just doesn't show your actual location
if another user clicks that it takes them to that php file, but just shows error_no_permission(). Is that normal?

Wildcard

2016-11-22, 11:55 PM
I believe so.

metulburr

2016-11-23, 01:52 AM
Isnt that just the no permission error? It doesnt look like NO_ONLINE is doing anything as that is what it did before. I was thinking that it was going to not show the link to that file or not show the user in the list (at least when on that page)

Wildcard

2016-11-23, 09:58 PM
I haven't actually done any investigation. I'm just answering you from memory. I will create a test page later this evening and get you an answer.

Transarkglobal

2016-11-24, 07:23 AM
In the Blocks Admin page, you can use PHP to display/not display the block, so you could put something like this in there:
<?php

global $user;

if (in_array('ROLETHATSHOULDNOTSEETHISBLOCK',array_values($user->roles))) {
  return FALSE;
} else {
  return TRUE;
}

?>

Jobs in Mumbai
Pages: 1 2
MyBB Community Forums > 1.8 Support > General Support > block php from view except for admins