One of my members just got a "greeting" notification from a visitor to my site. I know because I received an auto-responce from her email that included the message that was sent:
age that was sent:
Dear XX
We are glad to inform you that Visitor sent you a greeting!
A greeting means that the person visited your profile and liked it. Have a nice day and enjoy!
Thank you for using our services!
I checked my membership settings and visitors are not authorized to send greetings. Is this a security leak? How do I plug it. My members will get spammed to death if visitors can just click and send greeting notices.
Rob
|
Thats correct, I had in the past some greetings from guest to.
Kids first |
Same here, any way to stop them doing this? |
Not sure if you guys are talking about greet.php? If so try yoursite.com/greet.php if you have guests not allowed they shouldn't be able to see this link by direct access. If you punch that in and you can see something while not logged in to your dolphin than anyone can take advantage of this.
I will test this file again. It's been a while since I've messed with it but I used to add:
if ( !( $logged['admin'] = member_auth( 1, false ) ) )
{
if ( !( $logged['member'] = member_auth( 0, true ) ) )
{
if ( !( $logged['aff'] = member_auth( 2, false ) ) )
{
$logged['moderator'] = member_auth( 3, false );
}
}
}
to it to prevent guests from accessing it. There are some variations of the code. But for me it does prevent guests from accessing and using it. Again I will have to look at it more and test it but that used to work. Otherwise maybe even member auth 0 type of thing.
gameutopia
DialMe.com - Your One and Only Source For Boonex Dolphin Tutorials and Resources |
Yeah seems if you arent logged in then you go to greet.php and you get a text box with a "Greeting!" button next to it. |
there is a another way, into membershiplevels delete send greetings for non-members. I have test this, if I logout then you and use yoursite.xxx/greet.php you got a message that your not allowed to send greets.. :) Kids first |
Just checked and Non-Members don't have that option already. I added it and removed it incase it needed a refresh but seems they still have access to the greet.php page. |
I have testit again on a another site of me with the same result, " I have no permission to use greetings." So for me it's working.
Kids first |
Your Site is running in free mode, if you uncheck it you will not se greeting and contact in search,
and if you try to access greet.php page you will only see this.
Your current membership (Non-member) doesn't allow you to send greetings.
as killerhaai said.
Update, if you run your site in free mode
Open greet.php
Find: $logged['member'] = member_auth(0, false);
Edit to: $logged['member'] = member_auth(); or $logged['member'] = member_auth(0, true);
When a visitor click on Greeting visitor will now be sent to Member Login,
no email will be sent.
|
Your Site is running in free mode, if you uncheck it you will not se greeting and contact in search,
Ahhh it does seem to be based on if you run the site in free mode or not.
Thanks for the code suggestion, works a charm.
|
fixed it for me too - thanks Ottar. |
Even with the latest version of Dolphin - it is still not fixed - having the same problem. Thanks for the fix! |
nly problem is this gives the following error:
Parse error: syntax error, unexpected T_LOGICAL_OR in /home/vande11/public_html/dolphin/greet.php on line 31
when viewing online users, since it shows greeting underneath their name..
any fixed?
here is the link to see it: http://806social.com/search.php?online_only=1
|
I also get the same error. |
