[bug]Everyone can read the ticket

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • [bug]Everyone can read the ticket

      I am using the version 1.8 2moons. The problem appears for each user. Just change the ID


      page=ticket&mode=view&id=XXX

      Everyone can view technical support inquiries.

      Is there any solution to this script?

      Thanks!
    • Hello,

      This is easy to fix and you can view how on all of my package available on github.

      github.com/Thisishowwedoit-2Mo…tPage.class.php#L168-L171

      github.com/Thisishowwedoit-2Mo…tPage.class.php#L184-L187

      Simply put the code of the following lines at the same place in your file

      Sincerely,
    • Thnaks!

      I have problem:


      [03-Feb-2019 14:36:09] USER ERROR: "SQLSTATE[22007]: Invalid datetime format: 1366 Incorrect integer value: '' for column 'message_sender' at row 1


      Query-Code:INSERT INTO uni1_messages SET
      message_owner= 1,
      message_sender= ,
      message_time= 1549200969,
      message_type= 4,
      message_from= Hack System,
      message_subject = Hack System,
      message_text= Hello admin, the player gamer tryed to hack your ticket page,
      message_unread= 1,
      message_universe = 1;"
      File: public_html/includes/classes/Database.class.php | Line: 126
    • Sorry replace line

      PlayerUtil::sendMessage(1, '', 'Hack System', 4, 'Hack System', 'Hello admin, the player '.$USER['username'].' tryed to hack your ticket page', TIMESTAMP);

      with

      PlayerUtil::sendMessage(1, 0, 'Hack System', 4, 'Hack System', 'Hello admin, the player '.$USER['username'].' tryed to hack your ticket page', TIMESTAMP);
    • Thisishowwedoit wrote:

      Hello,

      This is easy to fix and you can view how on all of my package available on github.

      github.com/Thisishowwedoit-2Mo…tPage.class.php#L168-L171

      github.com/Thisishowwedoit-2Mo…tPage.class.php#L184-L187

      Simply put the code of the following lines at the same place in your file

      Sincerely,
      running but not according to 1.8 is giving error message
    • kolopik wrote:

      I am using the version 1.8 2moons. The problem appears for each user. Just change the ID


      page=ticket&mode=view&id=XXX

      Everyone can view technical support inquiries.

      Is there any solution to this script?

      Thanks!

      Thranduil wrote:

      This is nice fix Jeremy. This bug should be posted at 2moons git
      @Danter14
      Fixed on 2.0;
      github.com/HikeGame/2moons-2.0…9c37b1a50ced87bc4a3523110

      Fixed on 1.8;
      Find;
      github.com/jkroepke/2Moons/blo…TicketPage.class.php#L128

      PHP Source Code

      1. $sql = "SELECT a.*, t.categoryID, t.status FROM %%TICKETS_ANSWER%% a INNER JOIN %%TICKETS%% t USING(ticketID) WHERE a.ticketID = :ticketID ORDER BY a.answerID;";
      2. $answerResult = $db->select($sql, array(
      3. ':ticketID' => $ticketID
      4. ));
      Change;

      PHP Source Code

      1. $sql = "SELECT a.*, t.categoryID, t.status FROM %%TICKETS_ANSWER%% a INNER JOIN %%TICKETS%% t USING(ticketID) WHERE a.ticketID = :ticketID AND t.ownerID = :userID ORDER BY a.answerID;";
      2. $answerResult = $db->select($sql, array(
      3. ':ticketID' => $ticketID,
      4. ':userID' => $USER['id']
      5. ));

      The post was edited 2 times, last by byazrail ().