Jump to content

Clubs Enhancements


Recommended Posts

I have had a rather unfortunate exploit shown on me today...

With Change Club Owner, someone can make a club (Say "Official 'Cat Lovers' Club) and transfer it to someone else, say a Site Administrator and immediately - it will look like that the Site Administrator owns and created the club. The original owner will be a Co-Owner and can leave the club, and then take screenshots to prove that the Site Administrator is a 'Cat Lover'. Now... Replace 'Cat Lover' with 'Nazi' or 'Communist' or anything else nasty and you see why this is a problem...

Is there any way that this can be changed to be an invite-like system? So the person you're changing the owner to can approve or unapprove, and actually have some say in it? Because right now someone (and I already have been) can be framed for something they don't believe in, aren't apart of, and otherwise. At least I can confirm that the ban from Clubs feature works and it's a God Send at this point.

Thanks in advance.

Link to comment
10 minutes ago, Tripp_UK said:

 have had a rather unfortunate exploit shown on me today...

Which exploit? The feature CHANGES the club owner. So if someone changed the club owner, then the feature is working as it should. 

Now if the new owner changes everything to nazi or whatever, well, he can, he’s the owner after all. I can’t control people’s thoughts or actions, can I? Or is IPS the culprit of someone ceates a porn or “drug” board. 

I don’t think so.

10 minutes ago, Tripp_UK said:

Is there any way that this can be changed to be an invite-like system?

No.

Edited by Adriano Faria
Link to comment
4 minutes ago, Adriano Faria said:

Which exploit? The feature CHANGES the club owner. So if someone changed the club owner, then the feature is working as it should. 

Now if the new owner changes everything to nazi or whatever, well, he can, he’s the owner after all. I can’t control people’s thoughts or actions, can I?

Whoa dude! There is no need to go hostile on me. I never said nor did I even remotely imply that. Please re-read what I put.

Edited by Tripp_UK
Link to comment
1 hour ago, Adriano Faria said:

You said there’s an exploit. I said there isn’t.

This is a “behavior” thing. Simply I can’t control what your members will do after be the new owner. That’s all.

Other than the exploit thing... I never said that though! What the hell?! Dude... Actually read what I put. When I say "Now change it" I was talking about my example! I even quoted the words! I wasn't talking about changing the actual club!

Okay I see I was probably way misunderstood because you're flying off the deep end when there's no need to. I am just trying to tell you of a potential problem - IN NO WAY SHAPE OR FORM did I say YOU were responsible for it. Nor did I imply that! I am going to need to spell this out in steps:

  1. Member makes Club, calls it "Official Nazi Club"
  2. Member Changes the Owner to the Site Administrator.
  3. Site Admin is now added without a chance to reject such a stupid change, whilst he is offline.
  4. Member Leaves the Club.
  5. Member Takes Screenshots of the Site Administrator being the Owner of the club. 
  6. Member then splashes it around the site as "Proof" that Site Administrator is a Nazi.
Edited by Tripp_UK
Link to comment

 

7 minutes ago, Tripp_UK said:

 

  1. Member makes Club, calls it "Official Nazi Club"
  2. Member Changes the Owner to the Site Administrator.
  3. Site Admin is now added without a chance to reject such a stupid change, whilst he is offline.
  4. Member Leaves the Club.
  5. Member Takes Screenshots of the Site Administrator being the Owner of the club. 
  6. Member then splashes it around the site as "Proof" that Site Administrator is a Nazi.

 

What you're describing here can happen on:

  • Forums: a mod with ACP acces or even another admin can change to whatever, drug releated, nazi, etc.
  • Topics: a moderator can edit a topic title, delete posts and post whatever, drug releated, nazi., etc.
  • Blogs entries: a moderator can edit a entry title, delete entries and post whatever, drug releated, nazi., etc.
  • Gallery images: a moderator can change album title and post children pornography.
  • Downloads files: a moderator can change title, post non authorized content as files.

I don't see any action from IPS in that direction. This IS a user behaviour. This can be controlled by your moderators.

So what do you want me to do here? Remove the ability to change owner?

Edited by Adriano Faria
Link to comment

No it can't though. A normal user cannot do this, not on my site. They can only do it in the clubs. I am not talking about staff. I am talking about normal members. A normal user cannot change a topic's author. A normal user cannot change who wrote a blog. A normal user cannot change who uploaded a gallery image, and I don't know about the Download system - I don't have it. This is not normal IPS behaviour at all.

I don't think you understand what I put at all.

Edited by Tripp_UK
Link to comment
4 minutes ago, Adriano Faria said:

What a member can do in the clubs the you consider a exploit?

He is talking about the “Change owner” link. Guess the question/confusion/problem is, who has access to it. Just admins? Every club owner? If any club owner would have that option, it could cause problems. Exploit is certainly not the right word for that though. 

Link to comment
5 minutes ago, opentype said:

He is talking about the “Change owner” link. Guess the question/confusion/problem is, who has access to it. Just admins? Every club owner? If any club owner would have that option, it could cause problems. Exploit is certainly not the right word for that though. 

Yes, Admins and Club  Owners.

Ok, I'll a setting to admins allow Club Owners to use it, just like already happens with ADD MEMBERS:

1kpFSwl.png

Link to comment
18 minutes ago, Adriano Faria said:

Jesus Christ! Let start from the scratch! BE CLEAR!

What a member can do in the clubs the you consider a exploit?

I don't mean exploit as in a security exploit, I was talking from the perspective of someone using an intended feature - in an unintended way. Abusing it to do something malicious.

I'll stick to 'Cat Lover' for this example sinareo:

  1. Member makes Club, calls it "Cat Lover's Club". This member is the Club Owner of that club.
  2. The Club Owner (The Member previously mentioned) changes the club owner to the Site Administrator. Who wasn't even in the club to begin with. 
  3. The Site Administrator is asleep, they had no say in becoming the Club Owner, and didn't ask to be the Club Owner, but now he automatically is. Even though he wasn't even in the club to begin with, he's added into the club automatically and set to the "Owner" despite the fact he never wanted to be in said club.
  4. The OLD Club Owner (The Member) leaves the club.
  5. The Member takes screenshots of the Site Administrator being the owner of the club (Falsely accuse the Site Administrator of creating it as these things like change of ownership and such don't appear in the activity feed).
  6. Aftermath: Member now parades screenshot as 'Proof' that the Site Administrator (Who is still asleep but the new club owner, and never asked for it) is a cat lover.

I do not know if I can get clearer than that, dude. I was painting the scenario out, and asking if there could be some kind of accept/reject. So that when the club owner changes the owner of the club to someone else, that very same someone else gets a notification asking if they want to be the club owner or not, where they can actually say Yes/No, so that it doesn't do it for them without their permission. Or make it optional for the site owner to disable it...

Link to comment

I have a problem with Pages, if this plugin is active.
In my database -> category, I have active the following options:
- Post Topic: Post a topic to the specific forum each time a new record is added
- Use forum for comments: comments will be posted as replies.

If I create a new record and, rather than publishing it immediately, I set up a future publication date, the record won’t be published in the expected schedule.
Even if it apparently seems published.
See image attached.

If I disable the plugin, I have no problems.

 

problem.thumb.png.12d4f756a80db0e2a3fb196b780d9f16.png

Link to comment
2 minutes ago, zelgadis said:

I have a problem with Pages, if this plugin is active.
In my database -> category, I have active the following options:
- Post Topic: Post a topic to the specific forum each time a new record is added
- Use forum for comments: comments will be posted as replies.

If I create a new record and, rather than publishing it immediately, I set up a future publication date, the record won’t be published in the expected schedule.
Even if it apparently seems published.
See image attached.

If I disable the plugin, I have no problems.

 

problem.thumb.png.12d4f756a80db0e2a3fb196b780d9f16.png

Clubs Enhancements? Are you sure you posted in the right topic? This plugin has absolutely nothing to do with Pages. Pages doesn’t even is integrated to Clubs.

Link to comment
On 10/2/2017 at 2:12 PM, Adriano Faria said:

I won't update the marketplace version for now, so let me know if anyone else wants to use it now.

Yes, please.

I'm not sure that the Clubs feature as a whole makes sense for my community, but I definitely would love to have this in case I'll decide to enable it.

Link to comment

I've spotted a "Possible Bug"... If you don't understand what I've written please ask me to clarify it. If a member has a club (A normal member with no ACP access) with the forum feature, that has topics/posts in it, they can delete that feature. But: When they delete it, they get shown to a screen where they can move the content (or Delete it). The problem is on that screen (Bare in mind that the member doesn't have ACP access) it says:

Quote

Moving/deleting is handled in the background and does not happen immediately. Until this process is complete, you will still see this listed in the AdminCP. You will be able to see the progress on the AdminCP Dashboard.

This message is meaningless to them because they don't have ACP access. I reckon it's easily fixed through changing the languages, but I figured I'd let you know.

Link to comment
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...