Basically, it was referring to the table it needed data from as Tag instead of Tags, and using the wrong name led to a comparison between two values always being true.
I am now thinking this was even allowing non-members to change the tag details, because the only check that you were a member was to check whether you had contributed at least half the tags, and with that disabled, it was also letting in non-members, which explains all the hacking style tag details I removed or fixed today.
Actually, there was supposed to be a check that someone had to be signed in to post, but all it did was check that $_SESSION was not empty. I have now modified this to also check certain values in the session that are normally non-empty when someone is signed in. [Edit: I have now modified it to use the login() function with a userid but no password. Without a password, this will check that the IP address and user agent are still the same as when you signed in as a precaution against session hijacking.]
To help us better spot changes to the short descriptions, these are now visible when comments on a tag show up.
I am now thinking this was even allowing non-members to change the tag details, because the only check that you were a member was to check whether you had contributed at least half the tags, and with that disabled, it was also letting in non-members, which explains all the hacking style tag details I removed or fixed today.
Actually, there was supposed to be a check that someone had to be signed in to post, but all it did was check that $_SESSION was not empty.
I have now modified this to also check certain values in the session that are normally non-empty when someone is signed in.[Edit: I have now modified it to use the login() function with a userid but no password. Without a password, this will check that the IP address and user agent are still the same as when you signed in as a precaution against session hijacking.]To help us better spot changes to the short descriptions, these are now visible when comments on a tag show up.