opengbu / gbuonline

GBU Online
5 stars 6 forks source link

Proper quotes and contributors page #27

Closed Varun-garg closed 9 years ago

Varun-garg commented 9 years ago

Sarthak, please make quotes dynamic, instead of committing new quote every time making me reupload the whole thing. Same is applicable to contributors page, instead of adding a new contributor each time in file, display the users with type = cw (content writer). Re uploading and doing this manually is not feasible and a bad thing.

Varun-garg commented 9 years ago

Also please finish this by 30th, after that it will be assigned to someone else

gargsarthak30 commented 9 years ago

Dynamic quotes part done. Contributors section would be updated in few hours.

gargsarthak30 commented 9 years ago

Contributors section updated by Bhawesh and Rajat .

Varun-garg commented 9 years ago

gbuonline/application/views/pages/contrdb.php

<?php

$user = $_POST['username'];
$flag = $_POST['flag'];

foreach (array_combine($user, $flag) as $key => $value) {

    echo "key" . $key;
    echo "value" . $value;
    $q = $this->db->query("update users Set flag='$key' where username='$value'");
    //echo $q;
}
?>

and in contributors page

$content = $this->db->query("SELECT * FROM users WHERE type='cw' AND flag='1'"); 

flag = 1 So basically if someone does not know your code or the url, he can not become a content writer even if he is a content writer? You are creating a backdoor access or ensuring that no one other than you (and whoever involved) can allow/disable a person to be displayed as content writer.(The and sign shows that the person must be approved by both content head and YOU) What the hell you are doing? So the day you stop working, no one can handle the site because of it. More importantly the code does not even check if the person calling the script is even signed in), forget about high level users such as you (currently). As Technical Head I am going to remove this flag nonsense before uploading this.

And in future if you have issues related to powers of someone please contact Amit Sir, instead of messing with the code of gbuonline.