Change other user's details

Solutions for other advanced phplisters

Change other user's details

Postby mariofau » 3:43pm, Wed 05 Dec, 2007

Hi.

If user A tries to change his address to the one of user B, he gets a link to user's B preferences.

That code is line 380 in admin/subscribelib2.php

<br>Click <a>here</a> to request your personal location");

Bye.
mariofau
PL Nut
 
Posts: 43
Joined: 6:19pm, Mon 08 Jan, 2007

Re: Change other user's details

Postby amk » 3:45pm, Fri 08 May, 2009

I do not like this possibility as well and consider it a security issue. Phplist handles it using passwords.
I did not like to enable it, but found an easy workaround just by commenting out some code after line 91 in index.php:

Code: Select all
# Do not want access to user data just when giving email
#} elseif ( isset($_GET["email"])) {
#  $req = Sql_Fetch_Row_Query(sprintf('select subscribepage,id,password,email from %s where email = "%s"',
#    $tables["user"],$_GET["email"]));
#  $id = $req[0];
#  $userid = $req[1];
#  $userpassword = $req[2];
#  $emailcheck = $req[3];
amk
phpList newbie
 
Posts: 4
Joined: 2:37pm, Fri 08 May, 2009

Re: Change other user's details

Postby jsp254 » 1:04am, Thu 28 May, 2009

so what does it do now if a user tries that after you made this change?
jsp254
phpLister
 
Posts: 10
Joined: 8:03am, Sun 29 Mar, 2009


Return to Advanced Answers, Howtos, Tips & Tricks

Who is online

Users browsing this forum: No registered users and 1 guest