vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 2.x Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=4)
-   -   Only original admin can modify users in administrator usergroup. (https://vborg.vbsupport.ru/showthread.php?t=34094)

pHaez 01-12-2002 10:00 PM
I find that if you have more that 1 admin, it is kinda a uncomfortable feeling to know that they have the power to modify your user information as well as other admins. They can change your status from administrator to just a registered user, as well as others, and take over the board. This can prevent it.

Security is a touchy area, and this is not proven to be 100% secure, so I will not take responsibility for any problems this hack may cause.

In /admin/user.php you need to do the following:

Step 1.
Look for:
PHP Code:
error_reporting(7); 
Below that add:
PHP Code:
unset($canmodifyadmins); 
Step 2.
look for:
PHP Code:
// ###################### Start edit #######################
if ($action=="edit") {
  $user=$DB_site->query_first("SELECT *,FROM_UNIXTIME(joindate) AS joindate,FROM_UNIXTIME(lastvisit) AS lastvisit,FROM_UNIXTIME(lastactivity) AS lastactivity,FROM_UNIXTIME(lastpost) AS lastpost,
                               avatar.avatarpath,NOT ISNULL(customavatar.avatardata) AS hascustomavatar
                               FROM user
                               LEFT JOIN avatar ON avatar.avatarid=user.avatarid
                               LEFT JOIN customavatar ON customavatar.userid=user.userid
                               WHERE user.userid=$userid"); 
Below that add the following:
PHP Code:
if ($user[usergroupid]!=or $bbuserinfo[userid]==$user[userid] or checklogperms($canmodifyadmins,1,"<p>Admins are not allowed to edit other admins.</p>")) { 


Step 3.
Look For:
PHP Code:
// ###################### Start do update ####################### 
Above that add the following:
PHP Code:
Save that file and open /admin/config.php

Look for:
PHP Code:
?> 
Above that add the following:
PHP Code:
$canmodifyadmins "192"
you can allow others as well by seperating their user id with a comma.
ex.
PHP Code:
$canmodifyadmins "192,23,22"
That should do it. Lemme know if you have any problems.

[SIZE=3]This is now updated, should be fully operational!

TELEK 01-13-2002 09:31 PM
hmm... looks good. I want to try it. But I don't want to be the first. if anybody else tries this, tell me if it works.

I already had one admin delete another admin because he was teasing him. That wasn't good.

nafae 01-13-2002 11:22 PM
Behind the forums: true stories of ADMIN WAREFARE!~

Mark Hensler 01-13-2002 11:31 PM
lol@nafae

Sounds like you need to screen your admins better, TELEK.

GeorgeofCS 01-13-2002 11:47 PM
I tried to install it and it doesn't appear to work. :(

Just gives me a blank page

pHaez 01-14-2002 12:02 AM
hrm, it should work fine, i would try again. If you still can't get it, we need to work out a way to contact each other. It works perfect here.

StarBuG 01-14-2002 03:39 PM
I installed it too on my webserver and have the same Problem!

I get a blank page if I try to edit any user!
I also set: $canmodifyadmins = "1"; cause?my user id is 1 ;)

Any suggestions??

Maybe you forgott to parse a peace of code here???

Greetings

StarBuG

pHaez 01-14-2002 03:51 PM
its a possibility, lemme look it over again. I know it works here on mine, so it must have something missing.

pHaez 01-14-2002 03:59 PM
The first step should look like:
PHP Code:
<?php
error_reporting(7);
// admin hack
unset($canmodifyadmins);
// end admin hack
require("./global.php");

adminlog(iif($userid!=0,"user id = $userid",""));
The Second step should look like:
PHP Code:
if ($action=="edit") {
  $user=$DB_site->query_first("SELECT *,FROM_UNIXTIME(joindate) AS joindate,FROM_UNIXTIME(lastvisit) AS lastvisit,FROM_UNIXTIME(lastactivity) AS lastactivity,FROM_UNIXTIME(lastpost) AS lastpost,
                               avatar.avatarpath,NOT ISNULL(customavatar.avatardata) AS hascustomavatar
                               FROM user
                               LEFT JOIN avatar ON avatar.avatarid=user.avatarid
                               LEFT JOIN customavatar ON customavatar.userid=user.userid
                               WHERE user.userid=$userid");
// admin hack
if ($user[usergroupid]==&& checklogperms($canmodifyadmins,0,"<p>You are not allowed to edit other admins.</p>")) {
// end admin hack
  if ($user[coppauser]==1) { 
Third Step should look like:
PHP Code:
  doformfooter("Save Changes");

  }
// admin hack
}
// end admin hack
// ###################### Start do update ####################### 

The config.php change should look like:
PHP Code:
// admin hack
$canmodifyadmins "192";
// end admin hack
?> 
Maybe that will help you better understand the changes?

StarBuG 01-14-2002 04:35 PM
I have made the changes and I?m not a newbie!

I think 3 steps are not heavy to implement!

But it doesn?t work!

I use 2.2.1g!

Maybe this is the Problem!?

AND: The error occours not only if I try to edit an admin also normal users are not displayed!
ONLY blank Page

So the error must be in:
PHP Code:
// admin hack
  if ($user[usergroupid]==&& checklogperms($canmodifyadmins,0,"<p>You are not allowed to edit other admins.</p>")) {
 // end admin hack 
Greetings

StarBuG

Psychdrone 01-14-2002 05:29 PM
wow this would be great, wait dose this just prevent them from chaning your user group? and password?

or dose it restrict them to the whole edit user profile?

I think you should do what I said above, cause many of us have admins, that change the titles and such of our users!

Or maybe you could make it so that they can change anyone, except for the first admin? user Id 1??

pHaez 01-14-2002 05:34 PM
it restricts access to everything. They cant even see the information on other admins. The minute they hit the edit link next to the name, it says access restricted. But they still have access to edit regular users. If you want that would be very easy to restrict access to.

pHaez 01-14-2002 05:37 PM
its a possibility, i am running an upgraded version of 2.2.1, and i don't know if it works with the german version. If you still have problems you can e-mail me with your AIM, ill add you to my list. my aim = pHaez

Jawelin 01-15-2002 04:31 PM
Well. I just installed it on 2.2.1 english... :)

When I try to edit ANY user, I get a blank page. The HTML code shows :
Code:
<html><head>
<meta content="text/html; charset=windows-1252" http-equiv="Content-Type">
<meta http-equiv="MSThemeCompatible" content="Yes">
<link rel="stylesheet" href="../cp.css">
</head>
<body leftmargin="10" topmargin="10" marginwidth="10" marginheight="10">
</BODY></HTML>
... I absolutely think the code
PHP Code:
if ($user[usergroupid]==&& checklogperms($canmodifyadmins,0,"<p>Admins are not allowed to edit other admins.</p>")) { 
doesn't do the job each of us could expect.

For instance, I think the unset code should went AFTER the global.php import, but it's not enough... as far

:confused:

Thanks a lot.
Bye

Jawelin 01-15-2002 04:45 PM
Eureka! ;)
Simply I think the condition should be REVERSED !!

As is, it only permits to edit other admins with the right variable !!! ;)

Well. Let's try with
PHP Code:
if ($user[usergroupid]!=or checklogperms($canmodifyadmins,1,"<p>Admins are not allowed to edit other admins.</p>")) { 
!!!!

NOW it works ! ;)

.... :p


P.S.: my name is DeMorgan.... DeMorgan's Theorema
Bye

StarBuG 01-15-2002 05:35 PM
Juhu

Now its working PERFEKT!!

THX to all!!

Greetings

StarBuG

pHaez 01-15-2002 07:18 PM
well iono, i helped someone from these boards with exactly what i posted, and it worked perfect.

Psychdrone 01-15-2002 08:20 PM
wow this sounds great man! hey could you update your begging attachment, to the fixes, as I got a little confused along the way.......Thanks and great hack!

Jawelin 01-16-2002 12:01 PM
Quote:
Originally posted by pHaez
well iono, i helped someone from these boards with exactly what i posted, and it worked perfect.
Sorry but think is impossible that worked with the wrong condition to execute something...
The only way should be a " } else { " right after your IF {
... :stupid:

Thanks.

pHaez 01-16-2002 02:52 PM
well it worked, but then i found some probs last night, when i tried editing users in a diff usergroup.

Psychdrone 01-16-2002 09:08 PM
could you fix it up, and then rerelease it

thanks!

pHaez 01-17-2002 09:41 AM
i updated the first post with the fix., it should be "fixed up" now.

Arathorn 01-17-2002 11:29 AM
Great hack! Installed it, no problems. But can it be set to allow admins to change their own profiles in the admin cp?

pHaez 01-17-2002 04:08 PM
yea i'll work on that. prolly get it posted sometime tonight or tommorow.

pHaez 01-17-2002 04:32 PM
Quote:
Originally posted by Arathorn
Great hack! Installed it, no problems. But can it be set to allow admins to change their own profiles in the admin cp?
ok for this, instead of
PHP Code:
if ($user[usergroupid]!=or checklogperms($canmodifyadmins,1,"<p>Admins are not allowed to edit other admins.</p>")) { 
you should add this:

PHP Code:
if ($user[usergroupid]!=or $bbuserinfo[userid]==$user[userid] or checklogperms($canmodifyadmins,1,"<p>Admins are not allowed to edit other admins.</p>")) { 

Arathorn 01-17-2002 05:12 PM
Thanks, really nice of you. :) It works great now.

Erwin 02-07-2002 05:50 AM
Cool!

Renegade 03-10-2002 11:12 AM
This works for co-admins trying to edit Admins, but what about making work on all users and groups (i.e., co-admins should not be able to modify any users/groups)

thx

ReN

pHaez 03-10-2002 11:39 AM
that is possible, ill write something up.

TECK 03-10-2002 11:45 AM
Quote:
Originally posted by Renegade
This works for co-admins trying to edit Admins, but what about making work on all users and groups (i.e., co-admins should not be able to modify any users/groups)

thx

ReN
if you dont want admins to edit other users, why do you give them access to admin panel? to access the templates and edit them? well if they want to make something bad, they can do it everywhere in admin panel, no need to restrict the access about modifying the users..

Tenpit 03-23-2002 11:54 AM
How would you extend this to prevent Admins from Deleting other Admins?

The 'remove' option in the Admin CP still works?

Thx
Ten

pHAZE_1 04-22-2002 06:16 PM
Quote:
The 'remove' option in the Admin CP still works?
great hack, but me (original admin) cant edit other admins. that sucks

Nupraptor 04-23-2002 01:29 AM
Is there any way to make it so that one of the "lesser" admins can only edit a certain set of templates / style sets? Basically, I want to give an admin complete control over a certain set of forums, but I don't want him accidentally destroying the templates for the rest of the board.

pHaez 04-23-2002 06:11 PM
Sorry, but I left the vbulletin community, so I cant really do much
modding of vbulletin now.

Chris M 04-23-2002 08:00 PM
Damn...

I was going to ask 2 things...

1.) Could the "Remove" link be removed?

2.) Could this be targeted to specific users, rather than just general admins...

I would like them to be able to see my profile (unless I blocked them with my hack), but not be able to change my user status, or remove me...

Any help at all?

Satan

bonnmac 05-08-2002 04:08 AM
I was going to ask the same questions. Also was going to ask Is it possible to make it so that Admin #1 can still edit lesser admins? Thanks for any help. :)

Quote:
Originally posted by hellsatan
Damn...

I was going to ask 2 things...

1.) Could the "Remove" link be removed?

2.) Could this be targeted to specific users, rather than just general admins...

I would like them to be able to see my profile (unless I blocked them with my hack), but not be able to change my user status, or remove me...

Any help at all?

Satan

Webmasta XT 06-24-2002 02:09 PM
hey can we get an all in one file? with all the bugs fixed and stuff? I dunno what to do, and I also think this is a great idea, but you should be able to it with the admin whos userid is 1, cuz hes the one who made the forums..

pHaez 06-24-2002 02:10 PM
Your message has been recieved! However, we receive a lot of messages, so we may not respond immediately.
Thanks,
E-Programmer.net Staff


All times are GMT. The time now is 04:43 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01372 seconds
  • Memory Usage 1,851KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (18)bbcode_php_printable
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (38)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete