General ⇒ DVCS Info (Mercurial/CVS) :: Archives ⇒ CVS commit August 22 :: Archived ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexDVCS Info (Mercurial/CVS)

Archived ⇒ CVS commit August 22


A big change in the admin system of CPG-Nuke.
This means the *_authors table replaced for *_admins table.

For better security and ease of use the system is changed a bit and offers more and complete features in the end result.

Example:
a module his cpg_inst.php can have a setting $radmin when set to TRUE a field is added to the *_admins table named 'radminMODULENAME'
Say you install the module 'Web_Links' then the system adds 'radminweb_links'
Then thru your module admin (Admin -> Web Links) you use 'can_admin('web_links')'
The system checks if you're superuser or allowed to setup the web links.

Why these changes ?
Say you want a module duplicate or a other name then it's easy to add additional Admin privileges easily cos the system adds the allowence.

Why a new table instead of using *_authors ?
*_authors was 'officialy' only ment for news articles and tell who posted the News stories (Thatware)
The system didn't had a autoincrement field using a integer number for easy reference but only the 'aid' field which is tricky for our UTF-8 system.
So a autoincrement field was added (admin_id) but it is tricky to insert that into a existing table.
So i decided to rename the table, get everything properly in it and that way malicious PHP nuke modules choke and people can get the fix in the forums.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial


Are you saying that you eliminated "aid" or did you simply add an autoincrement field to the table?

You are right in that most hackers are going after the Authors table as being the "Weakest link" in the overall scheme of things, but there are a huge number of references to aid in the various piles of code not only for the base, but for add-ins as well.

Just curious before I committ changes.

Thanks

Steph
64bit.us
The IT Portal for IT People!

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
2.6.9-11.ELsmp/Apache-1.3.33(Unix)/MySQL-4.0.25/PHP-4.4.0 (CGI-Mode)/Nuke7.6Patched31, Platinum7612-patched31,7.8patched31, Dragonfly (all)


aid still exists but the login system uses the admin_id field.

There's no way to create a new "God" account anymore.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial

All times are UTC