vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 2.x Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=4)
-   -   Login as user (https://vborg.vbsupport.ru/showthread.php?t=39841)

Hotte 06-13-2002 10:00 PM
Login as user
 
Hi
this hack allows admins to login as any user they want. In the Adminpanel you´ll have a link in the "edit user"-screen which allows you to login as the user. Good for testing and finding errors that the user reports etc

Only 1 File to edit (admin/user.php)
Installationtime: < 5 minutes

Delmon 06-14-2002 02:26 PM
i dont understand

how can i install this hack?

Chris M 06-14-2002 02:29 PM
Nice Hack!

*installs*

Satan

Hotte 06-14-2002 02:35 PM
Quote:
Originally posted by Delmon
i dont understand

how can i install this hack?
You need vbhacker. But I?ve attached a textfile in this post.

Dark_Wizard 06-14-2002 02:52 PM
Do you have to know the user's password?

Chris M 06-14-2002 02:54 PM
<a href="https://vborg.vbsupport.ru/showthread.php?s=&threadid=36378&highlight=vBhacke r" target="_blank">Click here for FireFly's vBHacker</a>

Yes...I was wondering that...

Satan

Hotte 06-14-2002 02:55 PM
Quote:
Originally posted by Dark_Wizard
Do you have to know the user's password?
No

Chris M 06-14-2002 03:04 PM
So what exactly can you do then?

Log in as the user and do exactly what they can?

Can you login as other Admins or Mods?

Satan

malc 06-14-2002 03:08 PM
great hack ... but don't work :(

Code:
Warning: Cannot add header information - headers already sent by (output started at /www/localhost/www/admin/adminfunctions.php:19) in /www/localhost/www/admin/functions.php on line 1599

Warning: Cannot add header information - headers already sent by (output started at /www/localhost/www/admin/adminfunctions.php:19) in /www/localhost/www/admin/functions.php on line 1599

Warning: Cannot add header information - headers already sent by (output started at /www/localhost/www/admin/adminfunctions.php:19) in /www/localhost/www/admin/functions.php on line 1599

Warning: Cannot add header information - headers already sent by (output started at /www/localhost/www/admin/adminfunctions.php:19) in /www/localhost/www/admin/functions.php on line 1599

Warning: Cannot add header information - headers already sent by (output started at /www/localhost/www/admin/adminfunctions.php:19) in /www/localhost/www/admin/functions.php on line 1599

Warning: Cannot add header information - headers already sent by (output started at /www/localhost/www/admin/adminfunctions.php:19) in /www/localhost/www/admin/user.php on line 1728

firewars 06-14-2002 03:15 PM
I can't find the first thing to be found, not even similar parts of it.

firewars 06-14-2002 03:25 PM
Never mind, I found it using another part of the whole line.
This is what mine looks like:

PHP Code:
  <li>".makelinkcode("View the profile for $user[username]","../member.php?s=$session[sessionhash]&action=getinfo&userid=$userid",1)."</li

malc 06-14-2002 03:25 PM
remplace

PHP Code:
+-------------------------------------------------------------------------------------------------+
In admin/user.phpfind this code:                                                              |
+-------------------------------------------------------------------------------------------------+
<li>\".makelinkcode(\"View the profile for $user[username]\",\"../member.php?s=$session[sessionhash]&action=getinfo&userid=$userid\",1).\"</li>
+-------------------------------------------------------------------------------------------------+

+-------------------------------------------------------------------------------------------------+
| After this, add:                                                                                |
+-------------------------------------------------------------------------------------------------+
<li>\".makelinkcode(\"View the profile for $user[username]\",\"../member.php?s=$session[sessionhash]&action=getinfo&userid=$userid\",1).\"</li>
<li>\".makelinkcode(\"Login as User\",\"user.php?s=$session[sessionhash]&action=loginas&userid=$user[userid]\",1).\"</li>
+-------------------------------------------------------------------------------------------------+ 
by
PHP Code:
+-------------------------------------------------------------------------------------------------+
In admin/user.phpfind this code:                                                              |
+-------------------------------------------------------------------------------------------------+
<li>".makelinkcode("View the profile for $user[username]","../member.php?s=$session[sessionhash]&action=getinfo&userid=$userid",1)."</li>
+-------------------------------------------------------------------------------------------------+

+-------------------------------------------------------------------------------------------------+
replace with:                                                                                |
+-------------------------------------------------------------------------------------------------+
<li>".makelinkcode("View the profile for $user[username]","../member.php?s=$session[sessionhash]&action=getinfo&userid=$userid",1)."</li>
<li>".makelinkcode("Login as User","user.php?s=$session[sessionhash]&action=loginas&userid=$user[userid]",1)."</li>
+-------------------------------------------------------------------------------------------------+ 

Chris M 06-14-2002 03:28 PM
Is there any way to restrict this function to just Userid 1?

Or is it already?

Satan

Hotte 06-14-2002 04:27 PM
Quote:
Originally posted by hellsatan
So what exactly can you do then?

Log in as the user and do exactly what they can?

Can you login as other Admins or Mods?

Satan
You can login as any user you want.
Quote:
Originally posted by malc
great hack ... but don't work
Try adding the "if ($action=="loginas"){" - Code before "cpheader();" at the beginning of the file (near line 42)

Quote:
Originally posted by hellsatan
Is there any way to restrict this function to just Userid 1?

Or is it already?

Satan
All Admins can do that. But for a quick solution you can add the following code directly after "if ($action=="loginas"){" (not tested)
PHP Code:
if($bbuserinfo[userid]!=1)show_nopermission(); 

scsa20 06-14-2002 04:49 PM
actuly, to code to use for limiting it to just you is:

PHP Code:
if ($bbuserinfo['userid']!=1
{show_nopermission(); exit; } 
you seem to forgot the exit; command :rolleyes:

oh, forgot to add...it so'pose to go in before

PHP Code:
if ($action=="loginas"){ 

Dean C 06-14-2002 05:49 PM
please dont have a go at me here... but i think that this is the worst possible hack someone could have ever made... i would hate someone to be able to login in as me at a board i post at... it ruins the point of having users...

this is just my opinion tho ... i dont like this idea :(

sorry

- Mist

firewars 06-14-2002 06:36 PM
Well, I won't abuse the ability and only use it, if there are specific and someone's account-related problems that have to be solved.

-=dm=- 06-14-2002 07:31 PM
Nice one thanx :)

Lovaboye 06-14-2002 07:52 PM
i just get a blank screeen? doesnt work? what is wrong?

firewars 06-14-2002 08:03 PM
Please remove any backslashes as shown by malc on the first page.

Hotte 06-14-2002 08:30 PM
Quote:
Originally posted by scsa20
actuly, to code to use for limiting it to just you is:
if ($bbuserinfo['userid']!=1)
{show_nopermission(); exit; }
you seem to forgot the exit; command :rolleyes:
No. The exit command ist done in show_nopermission.

Velocd 06-14-2002 08:43 PM
Quote:
Originally posted by Mist
please dont have a go at me here... but i think that this is the worst possible hack someone could have ever made... i would hate someone to be able to login in as me at a board i post at... it ruins the point of having users...
Well, the only reason I could see to using this hack is to view the users personal messages, not being a peeping tom or anything, but to make sure the user hasn't been doing anything against the rules. Ofcourse, there is already a hack that allows you to view users PM's, so this hack isn't really needed. The only purpose of this hack is to do something corrupt to another user.

Lovaboye 06-14-2002 08:56 PM
Quote:
Originally posted by Hotte
[B]

Try adding the "if ($action=="loginas"){" - Code before "cpheader();" at the beginning of the file (near line 42)
Yea im having that same prob, but this seems not to help? it says error were ever i put this???? Is their another file ur supposted to edit? What is wrong?

I get this error

"Parse error: parse error in /home/qwertybo/ffclub-www/forum/admin/user.php on line 1735"

Lovaboye 06-14-2002 11:06 PM
Did anyone get this to work????????

Hotte 06-14-2002 11:23 PM
Quote:
Originally posted by Lovaboye
"Parse error: parse error in /home/qwertybo/ffclub-www/forum/admin/user.php on line 1735"
Do you have copied the complete "if ($action=="loginas"){"-Part before cpheader();?
Make sure that you move
PHP Code:
if ($action=="loginas"){
    $user=$DB_site->query_first("SELECT password FROM user WHERE userid='$userid'");
    vbsetcookie("bbuserid","",1);
      vbsetcookie("bbpassword","",1);
    vbsetcookie("sessionhash","",1);
    vbsetcookie("bbuserid",$userid);
    vbsetcookie("bbpassword",$user[password]);
    Header("Location: ../index.php");

before cpheader();
This error seems to occur, if a board doesn?t use gzip.

SWFans.net 06-15-2002 04:11 AM
Quote:
Originally posted by Velocd


Well, the only reason I could see to using this hack is to view the users personal messages, not being a peeping tom or anything, but to make sure the user hasn't been doing anything against the rules. Ofcourse, there is already a hack that allows you to view users PM's, so this hack isn't really needed. The only purpose of this hack is to do something corrupt to another user.
Agreed, any user account type problems someone may have can almost always be corrected through the ?find? and look at user options readily available in the Admin CP. And if access to their account is required than you talk to them and have them temporarily reset/change their PW so you can access their account and then have them change it again once you are through. Use of this hack is unethical IMO.

Logician 06-15-2002 08:27 AM
Quote:
Originally posted by Mist
please dont have a go at me here... but i think that this is the worst possible hack someone could have ever made... i would hate someone to be able to login in as me at a board i post at... it ruins the point of having users...this is just my opinion tho ... i dont like this idea :(
Mist this hack doesnt open Admin a new door which doesnt already exist to disguise as a user. You have the control of your db and Admin CP and if a Admin wants to login as a user he already can: Copy users password from MYSQL, change it to something you want and login with that password. After you are finished, revert his old password with SQL UPDATE command and he wouldnt even notice you logged in with his user name.

So as you see you already have the tools to do it.

IMO the hack can be very useful when a user have a problem he cant solve by himself or cant explain good or wants you to see the problem and with this hack you can easily login as him without playing with SQL commands.

In vbulletin I have 2 instances I asked Firefly to login as me to notice a problem and in my board I have been asked many times to login as someone since they insist they catched a bug/problem which only occurs to them. (Like they cant empty PM box etc.)

I think the hack is quite useful. My 2 cents..

Boofo 06-15-2002 10:15 AM
Nice Hack and as Logocian said, could be useful if your board ever encountered problems with certain users for whatever reason. I don't know if anyone has mentioned this yet, but you have 2 lines of code that are exactly the same after the install. Here's what your txt instructions said to do.

Code:
-------------------------------------------------------------------------------------------------+
| In admin/user.php, find this code:                                                              |
+-------------------------------------------------------------------------------------------------+
<li>".makelinkcode("View the profile for $user[username]","../member.php?s=$session[sessionhash]&action=getinfo&userid=$userid",1)."</li>
+-------------------------------------------------------------------------------------------------+

+-------------------------------------------------------------------------------------------------+
| After this, add:                                                                                |
+-------------------------------------------------------------------------------------------------+
<li>".makelinkcode("View the profile for $user[username]","../member.php?s=$session[sessionhash]&action=getinfo&userid=$userid",1)."</li>
<li>".makelinkcode("Login as User","user.php?s=$session[sessionhash]&action=loginas&userid=$user[userid]",1)."</li>
+-------------
Don't you mean REPLACE this code and not add it below it? :)

Quote:
Originally posted by Hotte
Hi
this hack allows admins to login as any user they want. In the Adminpanel you?ll have a link in the "edit user"-screen which allows you to login as the user. Good for testing and finding errors that the user reports etc

Only 1 File to edit (admin/user.php)
Installationtime: < 5 minutes

josh929 06-15-2002 10:21 AM
Code:
Warning: Cannot add header information - headers already sent by (output started at /home/somegood/public_html/forums/admin/adminfunctions.php:19) in /home/somegood/public_html/forums/admin/functions.php on line 1552

Warning: Cannot add header information - headers already sent by (output started at /home/somegood/public_html/forums/admin/adminfunctions.php:19) in /home/somegood/public_html/forums/admin/functions.php on line 1552

Warning: Cannot add header information - headers already sent by (output started at /home/somegood/public_html/forums/admin/adminfunctions.php:19) in /home/somegood/public_html/forums/admin/functions.php on line 1552

Warning: Cannot add header information - headers already sent by (output started at /home/somegood/public_html/forums/admin/adminfunctions.php:19) in /home/somegood/public_html/forums/admin/functions.php on line 1552

Warning: Cannot add header information - headers already sent by (output started at /home/somegood/public_html/forums/admin/adminfunctions.php:19) in /home/somegood/public_html/forums/admin/functions.php on line 1552

Warning: Cannot add header information - headers already sent by (output started at /home/somegood/public_html/forums/admin/adminfunctions.php:19) in /home/somegood/public_html/forums/admin/user.php on line 1725
any ideas?

Boofo 06-15-2002 10:23 AM
Exactly where and how would you put that code?

Quote:
Originally posted by scsa20
actuly, to code to use for limiting it to just you is:

PHP Code:
if ($bbuserinfo['userid']!=1
{show_nopermission(); exit; } 
you seem to forgot the exit; command :rolleyes:

oh, forgot to add...it so'pose to go in before

PHP Code:
if ($action=="loginas"){ 

Chris M 06-15-2002 10:32 AM
Before :

PHP Code:
if ($action=="loginas"){ 
IMO, This Hack is great for helping newer users - Some new users want to upload Custom Avatars etc, but dont have a clue as to how...

I know you can do it via the CP, but it is bland and boring that way:D

It can also be useful, because with one hack, you can read ALL the User's PMs, and delete their messages etc...

It isnt very reassuring to know that an Admin can login as you, so thats why I would only give access to this to Userid=1 (me)...Most likely I would never use it for practical reasons, but at least I have the chance to, and users dont have to worry about other admins doing it...

Satan

Hotte 06-15-2002 12:08 PM
When the users don´t trust the admin, why are they still registered at your board? This hack helps much, if you use the vbulletin-permission system with own 3rd party scripts but with standard errorreportings from users too. In my case i´ve over 190 forums in my vbulletin with many permission-settings. If I change something there, it is very usefull to check the perms if they are working as intended. And yes, my users know about that and they have nothing against it.
(hope the translationservice has done acceptable work with this post.... )

plattopus 06-15-2002 02:11 PM
It could be good to test hacks etc with other members' settings without having to demote yourself to Registered and changing your own settings.

Good job.

Lovaboye 06-15-2002 03:18 PM
Quote:
Originally posted by Hotte

This error seems to occur, if a board doesn?t use gzip.
YES i have to enable gzip! Thx it works perfectly!

malc 06-15-2002 07:41 PM
Quote:
Originally posted by Hotte

Do you have copied the complete "if ($action=="loginas"){"-Part before cpheader();?
Make sure that you move
PHP Code:
if ($action=="loginas"){
    $user=$DB_site->query_first("SELECT password FROM user WHERE userid='$userid'");
    vbsetcookie("bbuserid","",1);
      vbsetcookie("bbpassword","",1);
    vbsetcookie("sessionhash","",1);
    vbsetcookie("bbuserid",$userid);
    vbsetcookie("bbpassword",$user[password]);
    Header("Location: ../index.php");

before cpheader();
This error seems to occur, if a board doesn?t use gzip.
thanks works finely :)

Lovaboye 06-15-2002 08:55 PM
ok it seems that that probs fixed, but its time for the only allow a certain admin feat ure to be fixed. Did anyone test it with success? Cause i did, and bummer! No luck?????????

DRnetman86 06-16-2002 12:42 AM
does it work with 2.2.5?

Brad 06-16-2002 10:17 AM
Quote:
Originally posted by DRnetman86
does it work with 2.2.5?

yes as long as you enable GZIP (found in vbulletin options part of the CP)

sphinx 06-16-2002 12:11 PM
I nstalled and works fine,it I had a problem where my mods couldn't see the staff and used this hack to check everything nice hack m8

Lovaboye 06-16-2002 02:06 PM
ok it seems that that probs fixed, but its time for the only allow a certain admin feature to be fixed. Did anyone test it with success? Cause i did, and bummer! No luck?????????


All times are GMT. The time now is 04:43 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01625 seconds
  • Memory Usage 1,882KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_code_printable
  • (11)bbcode_php_printable
  • (16)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete