From 38d780d1cebc701e1d475b5efe9b093e106b0cd7 Mon Sep 17 00:00:00 2001
From: James Atkinson <thefinn@users.sourceforge.net>
Date: Thu, 11 Oct 2001 08:03:03 +0000
Subject: Changed sendpassword so it dosan't deactivate the account Fixed a
 security hole in group cp (thanks Ashe)

git-svn-id: file:///svn/phpbb/trunk@1164 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/groupcp.php               | 29 ++++++++++++++++++++++++++++-
 phpBB/language/lang_english.php |  1 +
 phpBB/profile.php               |  4 ++--
 3 files changed, 31 insertions(+), 3 deletions(-)

(limited to 'phpBB')

diff --git a/phpBB/groupcp.php b/phpBB/groupcp.php
index fd8a0d4491..acc96b3b98 100644
--- a/phpBB/groupcp.php
+++ b/phpBB/groupcp.php
@@ -40,6 +40,7 @@ if(!isset($HTTP_GET_VARS['start']))
 }
 
 $page_title = $lang['Group_Control_Panel'];
+$is_moderator = FALSE;
 
 //
 // First, joining a group
@@ -157,18 +158,44 @@ else if( isset($HTTP_POST_VARS['unsub']) || isset($HTTP_POST_VARS['unsubpending'
 //
 else if( isset($HTTP_GET_VARS[POST_GROUPS_URL]) || isset($HTTP_POST_VARS[POST_GROUPS_URL]) )
 {
+
 	//
 	// Include page header here because we might need to send a header redirect from the unsub section
 	//
 	include($phpbb_root_path . 'includes/page_header.'.$phpEx);
 	$group_id = ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) ? $HTTP_POST_VARS[POST_GROUPS_URL] : $HTTP_GET_VARS[POST_GROUPS_URL];
 
+	//
+	// For security, get the ID of the group moderator.
+	//
+	$sql = "SELECT group_moderator FROM " . GROUPS_TABLE . " WHERE group_id = $group_id";
+	
+	if(!$result = $db->sql_query($sql))
+	{
+		message_die(GENERAL_ERROR, "Could not get moderator information", $lang['Error'], __LINE__, __FILE__, $sql);
+	}
+	
+	$row = $db->sql_fetchrow($result);
+	$group_moderator = $row['group_moderator'];
+	
+	if($group_moderator == $userdata['user_id'] || $userdata['user_level'] == ADMIN)
+	{
+		$is_moderator = TRUE;
+	}
+	
+		
 	//
 	// Handle Additions, removals, approvals and denials
 	//
 	if(isset($HTTP_POST_VARS['approve']) || isset($HTTP_POST_VARS['deny']) || $HTTP_POST_VARS['add'] || $HTTP_POST_VARS['remove'])
 	{
 
+		if(!$is_moderator)
+		{
+			message_die(GENERAL_ERROR, $lang['Not_group_moderator'], $lang['Error']);
+		}
+		
+
 		$members = $HTTP_POST_VARS['member'];
 
 		if(isset($HTTP_POST_VARS['add']))
@@ -307,7 +334,7 @@ else if( isset($HTTP_GET_VARS[POST_GROUPS_URL]) || isset($HTTP_POST_VARS[POST_GR
 	//
 	// END approve or deny
 	//
-
+	
 
 	$start = ( isset($HTTP_GET_VARS['start']) ) ? $HTTP_GET_VARS['start'] : 0;
 
diff --git a/phpBB/language/lang_english.php b/phpBB/language/lang_english.php
index 5abec9f15a..95791eb9e8 100755
--- a/phpBB/language/lang_english.php
+++ b/phpBB/language/lang_english.php
@@ -558,6 +558,7 @@ $lang['Deny_selected'] = "Deny Selected";
 $lang['Not_logged_in'] = "You must be logged in to join a group.";
 $lang['Remove_selected'] = "Remove Selected";
 $lang['Add_member'] = "Add Member";
+$lang['Not_group_moderator'] = "You are not this groups moderator therefor you cannot preform that action.";
 
 $lang['This_open_group'] = "This is an open group, click to request membership";
 $lang['This_closed_group'] = "This is a closed group, no more users accepted";
diff --git a/phpBB/profile.php b/phpBB/profile.php
index 194a2c99b0..6c3e65a94a 100644
--- a/phpBB/profile.php
+++ b/phpBB/profile.php
@@ -1429,9 +1429,9 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 				$username = $row['username'];
 				$user_actkey = generate_activation_key();
 				$user_password = generate_password();
-
+				
 				$sql = "UPDATE " . USERS_TABLE . " 
-					SET user_active = 0, user_newpasswd = '" .md5($user_password) . "', user_actkey = '$user_actkey' 
+					SET user_newpasswd = '" .md5($user_password) . "', user_actkey = '$user_actkey' 
 					WHERE user_id = " . $row['user_id'];
 				if( !$result = $db->sql_query($sql) )
 				{
-- 
cgit v1.2.1