From 3ac34f1c9081c7c7cbf2166518517ab446565bb4 Mon Sep 17 00:00:00 2001
From: Austin <astrologiesroblox@gmail.com>
Date: Sat, 30 Oct 2021 05:17:43 -0400
Subject: [PATCH] security concern, some moderation pages not restricted

---
 html/MCP/chat-logs/index.php        | 5 +++++
 html/MCP/chat-logs/loggedChats.php  | 5 +++++
 html/MCP/invite-logs/index.php      | 4 ++--
 html/MCP/invite-logs/inviteLogs.php | 5 +++--
 html/MCP/reports/data/index.php     | 5 +++++
 html/MCP/reports/view.php           | 5 +++++
 6 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/html/MCP/chat-logs/index.php b/html/MCP/chat-logs/index.php
index e841a77..5cc4a20 100644
--- a/html/MCP/chat-logs/index.php
+++ b/html/MCP/chat-logs/index.php
@@ -1,5 +1,10 @@
 <?php
 
+if(!$user->isStaff())
+{
+    redirect("/");
+}
+
 $body = <<<EOT
 <h5 class="text-center">Chat Logs</h5>
 <h5 class="text-center">You can sort by Censored, by username and search for words</h5>
diff --git a/html/MCP/chat-logs/loggedChats.php b/html/MCP/chat-logs/loggedChats.php
index da9b82b..eecdd84 100644
--- a/html/MCP/chat-logs/loggedChats.php
+++ b/html/MCP/chat-logs/loggedChats.php
@@ -9,6 +9,11 @@ header("Access-Control-Allow-Origin: https://www.alphaland.cc");
 header("access-control-allow-credentials: true");
 header('Content-Type: application/json');
 
+if(!$user->isStaff())
+{
+    redirect("/");
+}
+
 //get params
 $username = $_GET['username'];
 $userid = getID($username);
diff --git a/html/MCP/invite-logs/index.php b/html/MCP/invite-logs/index.php
index 11f3b2d..6539dd7 100644
--- a/html/MCP/invite-logs/index.php
+++ b/html/MCP/invite-logs/index.php
@@ -1,8 +1,8 @@
 <?php
 
-if(!($user->isStaff()))
+if(!$user->isStaff())
 {
-	die();
+    redirect("/");
 }
 
 $alert = '';
diff --git a/html/MCP/invite-logs/inviteLogs.php b/html/MCP/invite-logs/inviteLogs.php
index bb346be..685cbfb 100644
--- a/html/MCP/invite-logs/inviteLogs.php
+++ b/html/MCP/invite-logs/inviteLogs.php
@@ -1,7 +1,8 @@
 <?php
 
-if(!($user->isStaff())) {
-	die();
+if(!$user->isStaff())
+{
+    redirect("/");
 }
 
 //headers
diff --git a/html/MCP/reports/data/index.php b/html/MCP/reports/data/index.php
index dc4c5dc..5c1cc4b 100644
--- a/html/MCP/reports/data/index.php
+++ b/html/MCP/reports/data/index.php
@@ -4,6 +4,11 @@ header("Access-Control-Allow-Origin: https://www.alphaland.cc");
 header("access-control-allow-credentials: true");
 header('Content-Type: application/json');
 
+if(!$user->isStaff())
+{
+    redirect("/");
+}
+
 $xml = file_get_contents('compress.zlib://PlayerReport.txt');
 
 $validXML = true;
diff --git a/html/MCP/reports/view.php b/html/MCP/reports/view.php
index 34d5bc3..d538f0f 100644
--- a/html/MCP/reports/view.php
+++ b/html/MCP/reports/view.php
@@ -1,5 +1,10 @@
 <?php
 
+if(!$user->isStaff())
+{
+    redirect("/");
+}
+
 if (!$_GET['id'])
 {
     redirect("/MCP/reports/");