Requested here: https://vborg.vbsupport.ru/showthread.php?t=62395

This hack allows whoever is in the $undeletableusers variable (users who cannot be edited/deleted) to be able to edit/delete themselves, meaning that only the protected user can modify themselves but no one else can modify/delete them.

Instructions

Open admincp/moderater.php and find if (!in_array($userinfo['userid'], $noalter))
Replace with if (!in_array($userinfo['userid'], $noalter) or $bbuserinfo['userid'] != $userinfo['userid'])
Open admincp/user.php and find if (in_array($userid, $nodelete))
Replace with if (in_array($userid, $nodelete) and $bbuserinfo['userid'] != $userid)
Find if (!empty($noalter[0]) AND in_array($userid, $noalter))
Replace with if (!empty($noalter[0]) AND in_array($userid, $noalter) and $bbuserinfo[userid] != $userid)
Open admincp/usertools.php and find if (!empty($noalter[0]) AND (in_array($sourceinfo['userid'], $noalter) OR in_array($destinfo['userid'], $noalter)))
Replace with if (!empty($noalter[0]) AND (in_array($sourceinfo['userid'], $noalter) OR in_array($destinfo['userid'], $noalter)) and $bbuserinfo[userid] != $sourceinfo[userid] and $bbuserinfo[userid] != $destinfo[userid])
Open modcp/user.php and find ALL SIX (6) instances of the following code if (!empty($noalter[0]) AND in_array($userid, $noalter))
Replace ALL 6 INSTANCES WITH if (!empty($noalter[0]) AND in_array($userid, $noalter) and $bbuserinfo[userid] != $userid)


There, all done! :D

i wanted this so bad! im like i know no one else can edit me but y can't i edit my self? thanks alot for releasing this;)

thank you *install

i wanted this so bad! im like i know no one else can edit me but y can't i edit my self? thanks alot for releasing this;)
Please click 'Install' then :)

Put it in a .txt file and it'll be better. *hint hint* ;)

Put it in a .txt file and it'll be better. *hint hint* ;)
Okay done.

this should be input'd to the release of vb gold

this should be input'd to the release of vb gold

It's too dangerous to include this in vB Gold.

It's too dangerous to include this in vB Gold.
dangerous how ?

dangerous how ?

If someone hacks your account or one of your "trusted" co-admins has your account info and decides to go berserk, they can edit your password and other stats in your account, locking you out and doing who else knows what damage before you can recover. That is why the nodelete was added to vB3. There were plenty of instances of this happeneing with vB2.

delete is a good fucntion ...

If they know your admins password they can still screw up everthing just the same. Only thing they cant do it delete the account. They can still change the password and email and everything else from the user cp.

You're wrong, Tim. Here's what it says in the config.php:

UNDELETABLE / UNALTERABLE USERS

They can not edit nor delete. This hack bypasses that. That's why it is dangerous.

EDIT: You mean the usercp on the board. Sure they can change it there but that is only for the board, not the Admin CP where they could really mess things up.

You're wrong, Tim. Here's what it says in the config.php:

UNDELETABLE / UNALTERABLE USERS

They can not edit nor delete. This hack bypasses that. That's why it is dangerous.

EDIT: You mean the usercp on the board. Sure they can change it there but that is only for the board, not the Admin CP where they could really mess things up.
They will be also able to use all administrator functions as well, just not be able to modify/delete the protected account(s).

Exactly. That's the way it should be with the main Admin account. Tthen you can at least get to the Admin CP and do what's necessary to fix things. If you can't get into your account, then you are SOL.

Someone requested this feature, so I release it for them. If people want to also install this, then I say 'go ahead :)'. Personally for me, I wouldn't mind installing this because I sometimes get annoyed when I have to remove myself from the variable to modify my 'hidden' settings as well, and I have never been hacked once; I am quite sure that the majority of vBulletin admins have never been hacked once, if you want you can even start a poll. Maybe I'm wrong, or maybe I'm right. But why do you want to make this hack into such a big controversy, when there are other hacks out there that defy people's morals and private space, such as the 'admins can view member's PMs' for example.

No see even without this hack you would basicly be screwed. Without this hack if I had your password I could totaly destroy your forums and lock you out of your account. Wow with this hack the only extra thing I can do it delete your account. I still cant touch the other undeleteable accounts. So either way your screwed over just about the same.

Exactly. That's the way it should be with the main Admin account. Tthen you can at least get to the Admin CP and do what's necessary to fix things. If you can't get into your account, then you are SOL.
I must agree with eXtremeTim. Also, for this quote, if the admin can't access his or her account then you can easily just create a script, maybe ask someone to do it for you, to make yourself administrator again. Not a problem at all.

Sure, if you know how to program one or who to ask for it. What about the newbie? What is he supposed to do when this backfires on him?

Maybe you should put a warning on the hack so you don't get the backlash something like this could cause.

'Nuff said. I'll leave it alone now.

Thank you. :)

But if you can't edit the admin account and someone else breaks into it, how do you ever change the password once it's been comprimised to re-establish security?

taking everything into account i've never given my password out
and if they have access to everything else they can still do just as much damage to the forums
ie delete all posts

This is so close to what I've been looking for Gary. I need something similar to this that will allow regular members to delete their own accounts from the usercp.

When i use find to try and find the code in the admincp/moderator.php, it cant find it, but because there's two ) on the end of it.

And, when i upload the admincp/moderator.php to my forum, it prvents me from using its other functions, such as Forum Manager>Show all moderators and Forum Manager>Add moderator.

Any thoughts on why? I know for a fact i edited it correctly (the hack itself worked)

Sure, if you know how to program one or who to ask for it. What about the newbie? What is he supposed to do when this backfires on him?

Maybe you should put a warning on the hack so you don't get the backlash something like this could cause.

'Nuff said. I'll leave it alone now.

Boofo, You drink too much coffee man!

That's why they're backups ... and thank goodness for phpMyAdmin! :ermm:

Boofo, You drink too much coffee man!

That's why they're backups ... and thank goodness for phpMyAdmin! :ermm:
But you should never be forced to use that approach. ;)

If you have the additional layer of security on your Admin CP such as .htaccess, then I really can't see the problem of uneditable/undeleteable users being able to edit or delete themselves personally..

What about if you had more than one user defined in that variable? Would they all be able to edit/delete each other or only themselves? This is my biggest concern..

Umm...anyone care to answer my above question?