PDA

View Full Version : Why am I not authorised?

gajinoz
09-30-2014, 10:44 PM
In the AdminCP there is an item under Maintenance to execute an SQL query. However, if I try to do that I'm told I'm not authorised.

Why is this?
kh99
09-30-2014, 10:53 PM
In your config.php file, there's a $config['SpecialUsers']['canrunqueries'] setting. You have to add your userid to that to be able to run queries.
ozzy47
09-30-2014, 10:54 PM
You need to set your userid in the includes/config.php file.

// ****** USERS WITH QUERY RUNNING PERMISSIONS ******
// The users specified here will be allowed to run queries from the control panel.
// See the above entries for more information on the format.
// Please note that the ability to run queries is quite powerful. You may wish
// to remove all user IDs from this list for security reasons.
$config['SpecialUsers']['canrunqueries'] = '1';

Change 1 to your userid
gajinoz
09-30-2014, 10:56 PM
Ahh.. now I understand, thank you.
ozzy47
09-30-2014, 11:06 PM
Not a problem. :)
Max Taxable
10-01-2014, 12:03 AM
When you're done with your query, de-permission yourself from making queries. I suggest that because it is a security feature - if some cracker gets in your account you don't want him/her having query powers.
tbworld
10-01-2014, 12:41 AM
When you're done with your query, de-permission yourself from making queries. I suggest that because it is a security feature - if some cracker gets in your account you don't want him/her having query powers.

@Max Taxable, I could not like your post, so I am doing that now. :)

It isn't difficult to get around, but it will keep the kiddies at bay. As an option, if you are on a fixed IP then you can use a PHP conditional/construct in the config.php file to check for your IP.
Max Taxable
10-01-2014, 12:47 AM
@Max Taxable, I could not like your post, so I am doing that now. :)

It isn't difficult to get around, but it will keep the kiddies at bay. As an option, if you are on a fixed IP then you can use a PHP conditional/construct in the config.php file to check for your IP.Yeah I mean, yes it might be a pain in the butt to change it every time. But it is there to inhibit the little cracker or script kiddie who might get into your admin account.

If it's a more skilled attacker, he doesn't need to crack passwords and your config settings won't matter a whole heckuva lot.