This seems to have worked: The redirect shown below has been removed from common.asp and moved to default.asp. I don't know if will make any other pages fail yet as it is just being tested.
UPDATED: Changes in
RED
<% @ Language=VBScript %>
<% Option Explicit %>
<!--#include file="common.asp" -->
<%
' ############ New addition for Admins when the forum is closed ##########
If Request.QueryString("adminmode") = 1 then
blnForumClosed = False
End If
' ############ New addition for Admins when the forum is closed ##########
' ##################### Moved from common.asp ##############
'******************************************
'*** Redirect if forum is closed ****
'******************************************
'If the forums are closed redirect to the forums closed page
If blnForumClosed AND blnDisplayForumClosed = False AND blnAdmin = False Then
'Reset server objects
Call closeDatabase()
'Redirect to the forum closed page
Response.Redirect("forum_closed.asp" & strQsSID1)
End If
' ##################### Moved from common.asp ##############
%>
<!--#include file="functions/functions_date_time_format.asp" -->
|
and in includes/status_bar_header_inc.asp
'Don't display normal status bar if forum is locked as it will course a loop with the AJAX
If blnForumClosed Then
%>
<table cellspacing="1" cellpadding="3" align="center" class="tableBorder">
<tr class="tableStatusBar">
<td>
<div style="float:left;"><% = strBreadCrumbTrail %></div>
<div style="float:right;"><%
'If the user is admin display a link to the admin menu
If intGroupID = 1 Then Response.Write(" <img src=""" & strImagePath & "error.png"" style=""vertical-align: text-bottom"" />### FORUM IS CLOSED TO INTERNET USERS ###<img src=""" & strImagePath & "error.png""</a> ")
If intGroupID = 1 Then Response.Write(" <img src=""" & strImagePath & "admin_control_panel.png"" title=""" & strTxtAdminControlPanel & """ alt=""" & strTxtAdminControlPanel & """ style=""vertical-align: text-bottom"" /> <a href=""admin.asp" & strQsSID1 & """>" & strTxtAdmin & "</a>")
If intGroupID = 1 Then Response.Write (" <img src=""" & strImagePath & "logout.png"" alt=""" & strTxtLogOff & """ title=""" & strTxtLogOff & """ style=""vertical-align: text-bottom"" /> <a href=""log_off_user.asp" & strQsSID1 & """>" & strTxtLogOff & " [" & strLoggedInUsername & "]</a>")
If intGroupID <> 1 AND intGroupID <> 2 Then Response.Write (" <img src=""" & strImagePath & "logout.png"" alt=""" & strTxtLogOff & """ title=""" & strTxtLogOff & """ style=""vertical-align: text-bottom"" /> <a href=""log_off_user.asp" & strQsSID1 & """>" & strTxtLogOff & " [" & strLoggedInUsername & "]</a>")
%></div>
</td>
</tr>
</table><%
'Else display the normal status bar
|
So if the forum is closed typing http://www.whatever.com/forum/default.asp?adminmode=1 lets you in.
Normal users when they go to default.asp see the forum is closed message and don't get a chance to log on at all.
If someone could check that this is still secure please post feedback.
If you wish to use this then you do at your own risk.
EDIT 18/08/07: Removed a not required variable
Edited by jckruger - 17 August 2007 at 11:54pm
Topic Options
Post Options
Thanks(0)
