security concern, some moderation pages not restricted

2021-10-30 05:17:43 -04:00 · 2021-10-30 05:17:43 -04:00 · 3ac34f1c90
parent 4dd6d90908
commit 3ac34f1c90
6 changed files with 25 additions and 4 deletions
--- a/html/MCP/chat-logs/index.php
+++ b/html/MCP/chat-logs/index.php
@ -1,5 +1,10 @@
 <?php

+if(!$user->isStaff())
+{
+    redirect("/");
+}
+
 $body = <<<EOT
 <h5 class="text-center">Chat Logs</h5>
 <h5 class="text-center">You can sort by Censored, by username and search for words</h5>
--- a/html/MCP/chat-logs/loggedChats.php
+++ b/html/MCP/chat-logs/loggedChats.php
@ -9,6 +9,11 @@ header("Access-Control-Allow-Origin: https://www.alphaland.cc");
 header("access-control-allow-credentials: true");
 header('Content-Type: application/json');

+if(!$user->isStaff())
+{
+    redirect("/");
+}
+
 //get params
 $username = $_GET['username'];
 $userid = getID($username);
--- a/html/MCP/invite-logs/index.php
+++ b/html/MCP/invite-logs/index.php
@ -1,8 +1,8 @@
 <?php

-if(!($user->isStaff()))
+if(!$user->isStaff())
 {
-	die();
+    redirect("/");
 }

 $alert = '';
--- a/html/MCP/invite-logs/inviteLogs.php
+++ b/html/MCP/invite-logs/inviteLogs.php
@ -1,7 +1,8 @@
 <?php

-if(!($user->isStaff())) {
-	die();
+if(!$user->isStaff())
+{
+    redirect("/");
 }

 //headers
--- a/html/MCP/reports/data/index.php
+++ b/html/MCP/reports/data/index.php
@ -4,6 +4,11 @@ header("Access-Control-Allow-Origin: https://www.alphaland.cc");
 header("access-control-allow-credentials: true");
 header('Content-Type: application/json');

+if(!$user->isStaff())
+{
+    redirect("/");
+}
+
 $xml = file_get_contents('compress.zlib://PlayerReport.txt');

 $validXML = true;
--- a/html/MCP/reports/view.php
+++ b/html/MCP/reports/view.php
@ -1,5 +1,10 @@
 <?php

+if(!$user->isStaff())
+{
+    redirect("/");
+}
+
 if (!$_GET['id'])
 {
    redirect("/MCP/reports/");