MyBB Community Forums
block php from view except for admins - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: 1.8 Support (https://community.mybb.com/forum-175.html)
+--- Forum: General Support (https://community.mybb.com/forum-176.html)
+--- Thread: block php from view except for admins (/thread-206026.html)

Pages: 1 2


block php from view except for admins - metulburr - 2016-11-21

Im trying to make a php page to view all mybb variables for customizing. But after looking at these variables and showing the values, i am assuming you want to hide this from public view. So i tried to add no permissions to everyone except admins (which in my forum is usergroup 4) 

but when im logged in as admin, i get a no permissions page now when viewing this page

<?php

define("IN_MYBB", 1);
include "global.php";

if ($mybb->user['usergroup'] == 4){
    error_no_permission();
}


echo '<pre>';
print_r($mybb);
echo '</pre>';

?>
EDIT:
nevermind. Somtimes i really wish i could delete posts when i feel so dumb
Quote:if ($mybb->user['usergroup'] != 4){


Does print_r($mybb); show each admin logged in info. Like i see me password hash and all.


RE: block php from view except for admins - dragonexpert - 2016-11-21

You are able to view what the hashed password and salt looks like, but the code you posted won't do it. You can't view the true password that generated that.

$query = $db->simple_select("users", "*", "uid=x");
$user = $db->fetch_array($query);
print_r($user);

Replace x with the uid of the person you want to view. Btw, you may wish to define the constant NO_ONLINE and have its value be 1 before you load global.php. This way you won't show up in the online list as viewing that page.


RE: block php from view except for admins - metulburr - 2016-11-21

Nice. Thanks.

btw, i dont think i did this right.
<?php

define("IN_MYBB", 1);
define("NO_ONLINE",1);
include "global.php";

if ($mybb->user['usergroup'] != 4){
    error_no_permission();
}


echo '<pre>';
print_r($mybb);
echo '</pre>';

?>
as i am still showing up


RE: block php from view except for admins - dragonexpert - 2016-11-22

Maybe the code changed. I know at one point it used to work.


RE: block php from view except for admins - Wildcard - 2016-11-22

Unless I am missing something, metulburr is asking why he still shows up on WOL if he is on the hidden page.

If so, that is normal behavior. It just doesn't show your actual location. iirc


RE: block php from view except for admins - metulburr - 2016-11-22

Quote:If so, that is normal behavior. It just doesn't show your actual location
if another user clicks that it takes them to that php file, but just shows error_no_permission(). Is that normal?


RE: block php from view except for admins - Wildcard - 2016-11-22

I believe so.


RE: block php from view except for admins - metulburr - 2016-11-23

Isnt that just the no permission error? It doesnt look like NO_ONLINE is doing anything as that is what it did before. I was thinking that it was going to not show the link to that file or not show the user in the list (at least when on that page)


RE: block php from view except for admins - Wildcard - 2016-11-23

I haven't actually done any investigation. I'm just answering you from memory. I will create a test page later this evening and get you an answer.


RE: block php from view except for admins - Transarkglobal - 2016-11-24

In the Blocks Admin page, you can use PHP to display/not display the block, so you could put something like this in there:
<?php

global $user;

if (in_array('ROLETHATSHOULDNOTSEETHISBLOCK',array_values($user->roles))) {
  return FALSE;
} else {
  return TRUE;
}

?>

Jobs in Mumbai