Restrict Modification of Main Options to Head Administrator 1.01
 

-------------------------------------------------------------------------
Only head admin can modify main options in the adminCP hack
by N9ne, on Feb 17 2003, Copyright 2003.
-------------------------------------------------------------------------

-------------------------------------------------------------------------
For: 2.2.x and 2.3.x
-------------------------------------------------------------------------

I believe the hack's name is quite descriptive and self explanatory.

Just a simple hack, requested by TheMayhem.

Just thought i'd post it here incase anyone else is worried what other admins might do while editing the options page (can do a lot of damage there!).

Open attached file in a text editor for instructions.

Hack updated [March 17th 2003]
- Now with cleaner coding. Should work for all.

works for me fine with the original hack on 2.2.8


thnx for it I needed it :) ... Install

Nice idea N9ne; you seem to be bringing a lot of new ideas out lately.
[high]* Davey installs.
[/high]
Keep up with the good ideas :).

Dave.

I've made this hack already - however, my version blocks all other Admins from accessing any of the vB Options EXCEPT Ban Email Domains and Ban IP.

I want other admins to be able to do that, but nothing else.

It's here:

https://vborg.vbsupport.ru/showthrea...threadid=43475

P.S. I hope you don't mind me posting this in your thread. :) Just wanted you to know that I've made it.

Oh, I didn't know it'd been made before, oh well, I guess they're slightly different anyway, you allow them access to a certain part :).

Whoo N9ne You're making lots of hacks great :)

Funny... When I add this hack, all admins are banned including me the head admin!

if (!$userinfo[userid]==1) {
echo "You cannot access this page.";
exit;
}

I am head admin user id #1

frankenberrie, try replacing it with this:

Oh,the two are can't use by me.
When I change like N9ne say,the VBB ban all admins,include the userid=1.
And I use Martin64 's changes,they havn't ban any of the admins.
Please help me:(

BTW: I am using VBB 2.3.0

And I find the problem:)

Change like this,then OK in the 2.3.0

if ($bbuserinfo['userid']!=1) {
echo "You cannot access this page.";
exit;
}

Yes, that works on vB 2.2.9 also. I'm reluctant to keep the hack activated because I want the other admins to be able to IP ban but if they go screwing with my settings, BAM!

Ok I've updated this hack with cleaner code now, I'm using !$bbuserinfo['userid']=="1" instead of !$userinfo[userid]==1

This should work in 2.x.x

n9ne this is not the best way of doing it. You should add a query to run which adds an option to the admin options where you can set who can edit the main options. Then after that it will create a global variable in which you can specify the userid instead of assuming that the userid of the main admin is always 1 :)

- miSt

Actually, while the hacker is hacking his board, he can just change the userid to his userid. It's easier that way Mist.

Since when am I assuming that the userid of the main admin is 1? It's there to be edited.

Adding an option is risky, as other admins may view that page, and change it, before the head admin has time to get to the page while hacking.

Also, admins who have phpMyAdmin access or access to the database can easily change this to reflect a different userid, so they gain access again, and they will then most likely use it maliciously.

The best way is to keep it in the file.

the restriction does not seem to work at all, all userids will still be able to access admin options. heres the edited one that works:

jusunlee, works fine for me...

on jusunlee
last post.. doesn't that code mean it stops the person with user id 1, accessing it?

Not a bad idea
Would it also be a good idea to add something to /admin/setting.php as well ?
Plenty of damage can be done there too.

I'm sure N9ne's phrasing works though Jun's is correct and is the way I've always phrased something to this effect.