--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-mcbot (0.95-4) unstable; urgency=low
+mcbot (0.95-5) unstable; urgency=low
 
   * Initial Release
   * the location of mcbot.cgi is stored in the db
@@ -19,5 +19,6 @@
   * op, deop, kick, ban, unban, kickban implemented
   * database.c: key=alloc(dbf, key); free(key.dptr) :) fixed
   * only one memory hole is left: who can fix getpwnam in irc.c
+  * admin commands secured
 
- -- Markus Broeker <mbroeker@largo.homelinux.org>  Mon, 11 Aug 2008 23:59:01 +0200
+ -- Markus Broeker <mbroeker@largo.homelinux.org>  Tue, 12 Aug 2008 14:00:01 +0200

--- a/src/parse.c
+++ b/src/parse.c
@@ -152,13 +152,19 @@
 
             case JOIN:
                 if ((token = strtok (NULL, "\r\n")))
-                    snprintf (msg, 512, "JOIN %s\r\n", token);
+                    if (strstr (message->user, db_lookup (DATABASE_FILE, "mcbot.user"))) {
+                        if (strstr (message->email, db_lookup (DATABASE_FILE, "mcbot.email")))
+                            snprintf (msg, 512, "JOIN %s\r\n", token);
+                    }
                 return msg;
 
             case LEAVE:
                 if (*message->channel != '#')
                     return NULL;
-                snprintf (msg, 512, "PART %s :Leaving.\r\n", message->channel);
+                if (strstr (message->user, db_lookup (DATABASE_FILE, "mcbot.user"))) {
+                    if (strstr (message->email, db_lookup (DATABASE_FILE, "mcbot.email")))
+                        snprintf (msg, 512, "PART %s :Leaving.\r\n", message->channel);
+                }
                 return msg;
 
             case ADD:
@@ -288,44 +294,56 @@
 
             case OP:
                 if ((token = strtok (NULL, "\r\n")) != NULL) {
-                    if (strstr (message->email, db_lookup (DATABASE_FILE, "mcbot.email")))
-                        snprintf (msg, 512, "MODE %s +o %s\r\n", message->channel, token);
+                    if (strstr (message->user, db_lookup (DATABASE_FILE, "mcbot.user"))) {
+                        if (strstr (message->email, db_lookup (DATABASE_FILE, "mcbot.email")))
+                            snprintf (msg, 512, "MODE %s +o %s\r\n", message->channel, token);
+                    }
                 }
                 return msg;
 
             case DEOP:
                 if ((token = strtok (NULL, "\r\n")) != NULL) {
-                    if (strstr (message->email, db_lookup (DATABASE_FILE, "mcbot.email")))
-                        snprintf (msg, 512, "MODE %s -o %s\r\n", message->channel, token);
+                    if (strstr (message->user, db_lookup (DATABASE_FILE, "mcbot.user"))) {
+                        if (strstr (message->email, db_lookup (DATABASE_FILE, "mcbot.email")))
+                            snprintf (msg, 512, "MODE %s -o %s\r\n", message->channel, token);
+                    }
                 }
                 return msg;
 
             case KICK:
                 if ((token = strtok (NULL, "\r\n")) != NULL) {
-                    if (strstr (message->email, db_lookup (DATABASE_FILE, "mcbot.email")))
-                        snprintf (msg, 512, "KICK %s %s\r\n", message->channel, token);
+                    if (strstr (message->user, db_lookup (DATABASE_FILE, "mcbot.user"))) {
+                        if (strstr (message->email, db_lookup (DATABASE_FILE, "mcbot.email")))
+                            snprintf (msg, 512, "KICK %s %s\r\n", message->channel, token);
+                    }
                 }
                 return msg;
 
             case BAN:
                 if ((token = strtok (NULL, "\r\n")) != NULL) {
-                    if (strstr (message->email, db_lookup (DATABASE_FILE, "mcbot.email")))
-                        snprintf (msg, 512, "MODE %s +b %s\r\n", message->channel, token);
+                    if (strstr (message->user, db_lookup (DATABASE_FILE, "mcbot.user"))) {
+                        if (strstr (message->email, db_lookup (DATABASE_FILE, "mcbot.email")))
+                            snprintf (msg, 512, "MODE %s +b %s\r\n", message->channel, token);
+                    }
                 }
                 return msg;
 
             case UNBAN:
                 if ((token = strtok (NULL, "\r\n")) != NULL) {
-                    if (strstr (message->email, db_lookup (DATABASE_FILE, "mcbot.email")))
-                        snprintf (msg, 512, "MODE %s -b %s\r\n", message->channel, token);
+                    if (strstr (message->user, db_lookup (DATABASE_FILE, "mcbot.user"))) {
+                        if (strstr (message->email, db_lookup (DATABASE_FILE, "mcbot.email")))
+                            snprintf (msg, 512, "MODE %s -b %s\r\n", message->channel, token);
+                    }
                 }
                 return msg;
 
             case KICKBAN:
                 if ((token = strtok (NULL, "\r\n")) != NULL) {
-                    if (strstr (message->email, db_lookup (DATABASE_FILE, "mcbot.email")))
-                        snprintf (msg, 512, "MODE %s +b %s\r\nKICK %s %s\r\n", message->channel, token,
-                                  message->channel, token);
+                    if (strstr (message->user, db_lookup (DATABASE_FILE, "mcbot.user"))) {
+                        if (strstr (message->email, db_lookup (DATABASE_FILE, "mcbot.email")))
+                            snprintf (msg, 512, "MODE %s +b %s\r\nKICK %s %s\r\n", message->channel, token,
+                                      message->channel, token);
+                    }
                 }
                 return msg;
             }