vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 2.x Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=4)
-   -   Selected Users Only Can Edit Admin Options (https://vborg.vbsupport.ru/showthread.php?t=40787)

TECK 07-06-2002 10:00 PM
Selected Users Only Can Edit Admin Options
 
This hack will let you NOT allow certain users to edit your administrator usernames properties and also other options you want to restrict access to, for example editing the templates.
I recommend you to enable only the ones you really trust, that means only yourself.

ESTIMATED INSTALL TIME: 2 minutes
REQUESTED BY: (nobody)
TESTED IN VERSION: 2.2.6

[high]UPDATE[/high]
The hack was updated. It was fixed the problem I had with editing yourself of all users.
NOTE: FireFly posted also another way of doing this, few posts below.

In my hack, I also explained how to stop other admins to edit other options, for example the templates.


You like this hack? Please click on the [high]Install[/high] button.
To download the latest version of this hack, click below:

g-force2k2 07-07-2002 04:26 PM
good job Nakkid i guess it was the global issue ;)

either way good work :)

g-force2k2

TECK 07-07-2002 04:29 PM
actually i unset in the wrong file the $caneditadmin variable... :)
firefly, as usual, helped me to understand what was wrong.

Xenon 07-07-2002 04:38 PM
Quote:
Originally posted by Nakkid
I recommend you to enable only the ones you really trust, that means only yourself.
Lool, but you're right ;)

Really a good idea, i won't use it, because im the only admin of my board, but ist very usefull, perhaps when i work on other boards where are more admins.


Also i know hellsatan loves this hack isn't it so? :)

Marshalus 07-07-2002 05:26 PM
What does this have that hellsatan's hack doesn't? Does his have more?

TECK 07-07-2002 05:34 PM
it wont let you edit nothing, not even the passwords if you are not listed in config.php file. it works the same way as pruning the admin log (i got the idea from there). simple and secure.
if i understood correctly, in his hack you still can edit the passwords? not sure. let me know please.

also dont look as doing more, but rather as hacking in a different way. :)
my hacks are learning tools for myself, while experiencing with different aspects of vB.

Marshalus 07-07-2002 05:42 PM
I was just wondering, I already installed yours :D

Also, can this same idea be applied to a hack I want to see, I'd like it so only adminid 1 can edit the templates, and create new styles, etc. Is that possible?

bonnmac 07-07-2002 05:49 PM
Fantastic Thanks! But I've got one question. I've already installed hellsaten's admin hack... should I uninstall that one or can the 2 work together?

Admin 07-07-2002 05:51 PM
Code:
+-----------------------------------------------+
| FILE: FORUM/admin/user.php (1 change)        |
+-----------------------------------------------+
|
+-----------------------------------------------+
| 1. Find this code:
+--------------------------------------------------------------------------+
if ($HTTP_POST_VARS['action']=="doupdate") {
+--------------------------------------------------------------------------+
|
+-----------------------------------------------+
| Replace it with:
+--------------------------------------------------------------------------+
if ($HTTP_POST_VARS['action']=="doupdate" && checklogperms($caneditadmin,1,"<p>You are not allowed to edit this user.</p>")) {
+--------------------------------------------------------------------------+
Call me crazy but according to this you will not be able to edit ANY user (regular included), if you are not listed in config.php.

TECK 07-07-2002 05:53 PM
yep. it is. for example, if you dont want your admins to modify the templates do this...

admin/template.php
find:
Code:
if ($action=="modify") {
replace it with:
Code:
if ($action=="modify" && checklogperms($caneditadmin,1,"<p>You are not allowed to modify the templates.</p>")) {
bingo. only the $caneditadmin listed users will be able to edit from now on the templates. replace anywhere you want to block access to other admins with a similary line.

TECK 07-07-2002 05:56 PM
Quote:
Originally posted by FireFly
Call me crazy but according to this you will not be able to edit ANY user (regular included), if you are not listed in config.php.
helpppppppppppp!!!! firefly is kicking my ass!!!!! :)
i will mod it rightaway chen. you are sooooooooo right. sorry.
testing it right now...

Marshalus 07-07-2002 05:56 PM
Call me crazy but I just tested it and he's right.

Marshalus 07-07-2002 06:27 PM
That template hack didn't work.

Admin 07-08-2002 06:06 AM
Working version attached...

g-force2k2 07-08-2002 06:14 AM
Quote:
Originally posted by g-force2k2


how would that cause a parse error ;) ?

Edit: Nakkid if that doesn't work try place the:

PHP Code:
unset($editadmin); 
above:

PHP Code:
require("./global.php"); 
g-force2k2
I guess it was correct after all ;) just shows it helps to learn from reading different vb files :)

g-force2k2

TECK 07-08-2002 04:02 PM
ok i updated the file. i looked at firefly's mod. i never thought of it this way. :)
thanks chen.

chen, can you also look at my way of doing it, with same results? let me know what you think.
also i added other code options related to templates for example, on how to disable the access. is all included in the first post.

TECK 07-08-2002 04:11 PM
Quote:
Originally posted by Marshalus
That template hack didn't work.
it works. check your code.

TECK 07-08-2002 04:16 PM
Quote:
Originally posted by g-force2k2
I guess it was correct after all ;) just shows it helps to learn from reading different vb files :)
actually, it must be unset in global.php and NOT in user.php, so we were wrong both. thanks to chen, who told me why is done this way, i understood finally the way it works to unset a variable.

Admin 07-08-2002 05:11 PM
Quote:
Originally posted by Nakkid
actually, it must be unset in global.php and NOT in user.php, so we were wrong both. thanks to chen, who told me why is done this way, i understood finally the way it works to unset a variable.
Actually, you can unset the variable in user.php, before requiring global.php.

Admin 07-08-2002 05:15 PM
Nakkid, your hack is still not correct.

Code:
+-----------------------------------------------+
| 1. Find this code:
+--------------------------------------------------------------------------+
if ($HTTP_POST_VARS['action']=="doupdate") {
+--------------------------------------------------------------------------+
|
+-----------------------------------------------+
| Replace it with:
+--------------------------------------------------------------------------+
if ($HTTP_POST_VARS['action']=="doupdate") {

  if (!in_array($bbuserinfo['userid'],array($caneditadmin)) and in_array($userid,array($caneditadmin))) {
    echo "<p>You are not allowed to edit this user</p>";
    exit;
  }
+--------------------------------------------------------------------------+
That means you (a) won't be able to edit ANY user, and (b) will not work if you have more than one user listed in $caneditadmin.

TECK 07-08-2002 05:51 PM
chen, i did this:
i created 2 admins, userid 1 and 2.
i created 1 registered user, userid 3.
now, userid 1 can edit all users and userid 2 can edit all users except the ones listed in $caneditadmin.
i tested all and it works perfectly, in my test board, with the code above. you try it and let me know please. thanks.

update:
i also tried
$caneditadmin = '1,2';

now all admins can perform changes.

Admin 07-08-2002 05:59 PM
Quote:
Originally posted by Nakkid
now, userid 1 can edit all users and userid 2 can edit all users except the ones listed in $caneditadmin
And that's not the point of this hack, is it?

TECK 07-08-2002 06:02 PM
i dont understand?
i used this code:
Code:
if ($HTTP_POST_VARS['action']=="doupdate") {

  if (!in_array($bbuserinfo['userid'],array($caneditadmin)) and in_array($userid,array($caneditadmin))) {
    echo "<p>You are not allowed to edit this user</p>";
    exit;
  }
let suppose you have 4admins in your board. if you use only userid 1 and 2 the others will not be able to edit ONLY the admins.

Admin 07-08-2002 06:07 PM
*sigh*

Let's say you have 4 admins, users A, B, C and D.
You add users A and B to $caneditadmin (Which will not work, but let's assume it does).
Users A and B will be able to edit any users.
Users C and D will be able to edit all users except users A and B.
But user C will still be able to edit user D, and vice versa.

TECK 07-08-2002 06:09 PM
correct. that's what it does the code listed above. try it in your test board and let me know. it works for me.

Admin 07-08-2002 06:43 PM
You don't get it, do you...

That's how it works, right. But that's not how it's supposed to work, because users C and D can still edit other admins (i.e D and C, respectively).

Quote:
Originally posted by Nakkid
This hack will let you allow ONLY certain users to edit your administrator usernames properties
This quote says the hack stops others from editing other admins... and that's not how it works.

If you have 10 admins and add one of them to $caneditadmin, the rest of the 9 won't be able to edit the first user, but will be able to edit one another.

TECK 07-08-2002 06:49 PM
i understand now chen. sorry, my 'romanian' english.
i dont care if thay can edit other admins. what i dont want is to be able to edit my options (userid 1 or others listed in $caneditadmin)...

DemiNeo0101 07-16-2002 08:10 PM
iv tried both firefly and your version and im still geting this error:

Warning: Unable to access ./admin/db_.php in /home/virtual/site4/fst/var/www/html/forums/global.php on line 128

TECK 07-16-2002 10:34 PM
you are missing the mysql part on the line..
it should read it:
admin/db_mysql.php and NOT admin/db_.php
when you hacked your forum with another hack, you made a mistake somewhere.

TheSaint-AeD 11-02-2002 11:27 AM
Thx, TECK, I love you for this Hack :love: Exactly what I was looking for.

ManagerJosh 11-21-2002 09:05 PM
Hey Chen, anyway that your hack could be written that an admin not listed in the $caneditadmin can edit only himself but not other admins?


All times are GMT. The time now is 07:00 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01797 seconds
  • Memory Usage 1,806KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_code_printable
  • (2)bbcode_php_printable
  • (8)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (31)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete