Hello There, Guest! › Register

MySubscriptions 2.2 released.
Looking for a custom plugin for your site? Ask here for a quote.

Newpoints Edit Through Postbit v0.2
#1

This was requested HERE.

By default, Newpoints allows you to edit newpoints through AdminCP. This plugin allows selective usergroups to edit user's newpoints from postbit. You can chose whether you would allow users to edit "their own" newpoints.

CHANGE LOG:
v0.1: Initial release.
v0.2: Sanitized and fixed few issues mentioned in THIS post. Also added a language file for easy transnational purposes.

PREVIEWS:
   

   

   

GRAB:

.zip   Newpoints-Edit-0.2.zip (Size: 4.2 KB / Downloads: 222)

INSTALLATION:
Upload the .zip in your forum's ROOT and EXTRACT. Go to: AdminCP > Plugins Manager > and ACTIVATE the plugin. Adjust its settings according your needs.

LICENSE:
GPL Wink

Thank You!
Reply
#2

Here are a few suggestions.

Try to use language files - it takes more time and work but it's better if people want to translate your plugin.

You're only checking the primary usergroup here:
PHP Code:
        $groups explode(",",$mybb->settings['newpoints_edit_group']);
        if (!
in_array($mybb->user['usergroup'],$groups))
        {
            
error("Sorry, but you do not have permissions to edit Newpoints.");
        } 

You sanitize the input here:
PHP Code:
$uid intval($mybb->input['uid']); 

And a few lines below you don't use your sanitized variable:
PHP Code:
redirect("member.php?action=profile&uid={$mybb->input['uid']}""Newpoints have been successfully edited."); 

MyBB sanitizes that variable for you and a few others like iid, pid, aid, vid, rid, etc. However, if another plugin (or even MyBB) does this:
PHP Code:
$mybb->input['uid'] = $mybb->input['user']; 
Your plugin will be now open to an XSS vulnerability.

Also, this:
PHP Code:
$db->update_query('users'$updates'uid=\''.intval($mybb->input['uid']).'\''); 
Could be:
PHP Code:
$db->update_query('users'$updates'uid=\''.$uid.'\''); 


This one:
PHP Code:
verify_post_check($mybb->input['my_post_key']); 
Should be right after the bracket { for do_edit since nothing should be done at all if the check fails.


Here:
PHP Code:
$user_newpoints intval($user['newpoints']); 
You should make use of the NewPoints' function newpoints_addpoints() - see the development.html file that comes with NewPoints for info on usage.


I don't understand what this is supposed to do:
PHP Code:
if ($self_editing != "1" && $user['usergroup'] == $mybb->user['usergroup']) 
This checks the usergroup of the selected user and our usergroup.

If you want to check if we're trying to edit our own points you should use:
PHP Code:
if ($self_editing != "1" && $uid == $mybb->user['uid']) 


And last but not least, you should cache the templates you use - note that I am not sure if you can do this with NewPoints plugins but you should be able to, give it a try.

Nice work though.
To download our paid plugins and receive support you must be a paid subscriber. Click here for more information.
Reply
#3

First of all Thanks for giving this plugin a place in your site and most importantly giving above suggestions. I've updated the first post with new version, sanitized mentioned areas, corrected the usergroup permissions issue and with language file.

Thank You!
[Image: 2.gif]
Latest Plugins: AdSlot | FakeOnlineUsers | MyIdeas
Reply
#4

I'm glad you took my suggestions. There's still one issue though. The field 'additionalgroups' is a comma separated list of group IDs so what you need is to intersect an array (explode that field into an array) with the $groups array.
I recommend you to take a look at the function I coded which is available in many of my plugins. Take a look at My Advertisements for example. The function checks both, primary group and additional groups.

Oh and one thing I forgot to mention, this is not a NewPoints plugin but a MyBB plugin Tongue If you want to create NewPoints plugins (very similar) you need to follow mainly the same format but things are put in a different directory.
To download our paid plugins and receive support you must be a paid subscriber. Click here for more information.
Reply
#5

Good one, will check it out, hanks.
Support PM's will be ignored. Exclamation
Plugins: Announcement Bars - Custom Reputation - Mark PM As Unread
Reply
#6

Damn! Quite late reply, but thanks Sama34.
[Image: 2.gif]
Latest Plugins: AdSlot | FakeOnlineUsers | MyIdeas
Reply
#7

It says the file can not be accessed directly.
Reply
#8

(09-04-2012, 02:08 PM)Giorgios Wrote: It says the file can not be accessed directly.

Where you saw this error?

The possible causes to this issue might be you're accessing the plugin by typing its URL to the address bar. Go to: AdminCP > Plugins > and activate the plugin.
[Image: 2.gif]
Latest Plugins: AdSlot | FakeOnlineUsers | MyIdeas
Reply
#9

This addon allow us edit user points on current page, not like quick edit? Is this true?
Reply
#10

(09-07-2012, 02:19 PM)NNT_ Wrote: This addon allow us edit user points on current page, not like quick edit? Is this true?

Nope, upon clicking you'll be redirected to another page where you can edit newpoints. Just like the page while "donating" newpoints.
[Image: 2.gif]
Latest Plugins: AdSlot | FakeOnlineUsers | MyIdeas
Reply




Users browsing this thread: 1 Guest(s)