vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.0 Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=33)
-   -   Allow undeleteable user to modify / edit / delete themself (https://vborg.vbsupport.ru/showthread.php?t=62404)

Gary King 03-10-2004 10:00 PM
Allow undeleteable user to modify / edit / delete themself
 
Requested here: https://vborg.vbsupport.ru/showthread.php?t=62395

This hack allows whoever is in the $undeletableusers variable (users who cannot be edited/deleted) to be able to edit/delete themselves, meaning that only the protected user can modify themselves but no one else can modify/delete them.

Instructions

Open admincp/moderater.php and find
PHP Code:
            if (!in_array($userinfo['userid'], $noalter)) 
Replace with
PHP Code:
            if (!in_array($userinfo['userid'], $noalter) or $bbuserinfo['userid'] != $userinfo['userid']) 
Open admincp/user.php and find
PHP Code:
    if (in_array($userid$nodelete)) 
Replace with
PHP Code:
    if (in_array($userid$nodelete) and $bbuserinfo['userid'] != $userid
Find
PHP Code:
    if (!empty($noalter[0]) AND in_array($userid$noalter)) 
Replace with
PHP Code:
    if (!empty($noalter[0]) AND in_array($userid$noalter) and $bbuserinfo[userid] != $userid
Open admincp/usertools.php and find
PHP Code:
    if (!empty($noalter[0]) AND (in_array($sourceinfo['userid'], $noalter) OR in_array($destinfo['userid'], $noalter))) 
Replace with
PHP Code:
    if (!empty($noalter[0]) AND (in_array($sourceinfo['userid'], $noalter) OR in_array($destinfo['userid'], $noalter)) and $bbuserinfo[userid] != $sourceinfo[userid] and $bbuserinfo[userid] != $destinfo[userid]) 
Open modcp/user.php and find ALL SIX (6) instances of the following code
PHP Code:
    if (!empty($noalter[0]) AND in_array($userid$noalter)) 
Replace ALL 6 INSTANCES WITH
PHP Code:
    if (!empty($noalter[0]) AND in_array($userid$noalter) and $bbuserinfo[userid] != $userid
There, all done! :D

AN-net 03-11-2004 10:00 PM
i wanted this so bad! im like i know no one else can edit me but y can't i edit my self? thanks alot for releasing this;)

TheAnt 03-11-2004 10:15 PM
thank you *install

Gary King 03-11-2004 10:37 PM
Quote:
Originally Posted by AN-net
i wanted this so bad! im like i know no one else can edit me but y can't i edit my self? thanks alot for releasing this;)
Please click 'Install' then :)

Scrub 03-11-2004 10:40 PM
Put it in a .txt file and it'll be better. *hint hint* ;)

Gary King 03-11-2004 10:48 PM
Quote:
Originally Posted by Scrub
Put it in a .txt file and it'll be better. *hint hint* ;)
Okay done.

GoTTi 03-12-2004 04:39 AM
this should be input'd to the release of vb gold

Boofo 03-12-2004 07:08 AM
Quote:
Originally Posted by Da_GoTTi
this should be input'd to the release of vb gold
It's too dangerous to include this in vB Gold.

msimplay 03-12-2004 08:34 AM
Quote:
Originally Posted by Boofo
It's too dangerous to include this in vB Gold.
dangerous how ?

Boofo 03-12-2004 08:46 AM
Quote:
Originally Posted by msimplay
dangerous how ?
If someone hacks your account or one of your "trusted" co-admins has your account info and decides to go berserk, they can edit your password and other stats in your account, locking you out and doing who else knows what damage before you can recover. That is why the nodelete was added to vB3. There were plenty of instances of this happeneing with vB2.

gmarik 03-12-2004 03:29 PM
delete is a good fucntion ...

eXtremeTim 03-12-2004 06:31 PM
If they know your admins password they can still screw up everthing just the same. Only thing they cant do it delete the account. They can still change the password and email and everything else from the user cp.

Boofo 03-12-2004 06:41 PM
You're wrong, Tim. Here's what it says in the config.php:

UNDELETABLE / UNALTERABLE USERS

They can not edit nor delete. This hack bypasses that. That's why it is dangerous.

EDIT: You mean the usercp on the board. Sure they can change it there but that is only for the board, not the Admin CP where they could really mess things up.

Gary King 03-12-2004 06:52 PM
Quote:
Originally Posted by Boofo
You're wrong, Tim. Here's what it says in the config.php:

UNDELETABLE / UNALTERABLE USERS

They can not edit nor delete. This hack bypasses that. That's why it is dangerous.

EDIT: You mean the usercp on the board. Sure they can change it there but that is only for the board, not the Admin CP where they could really mess things up.
They will be also able to use all administrator functions as well, just not be able to modify/delete the protected account(s).

Boofo 03-12-2004 06:56 PM
Exactly. That's the way it should be with the main Admin account. Tthen you can at least get to the Admin CP and do what's necessary to fix things. If you can't get into your account, then you are SOL.

Gary King 03-12-2004 07:11 PM
Someone requested this feature, so I release it for them. If people want to also install this, then I say 'go ahead :)'. Personally for me, I wouldn't mind installing this because I sometimes get annoyed when I have to remove myself from the variable to modify my 'hidden' settings as well, and I have never been hacked once; I am quite sure that the majority of vBulletin admins have never been hacked once, if you want you can even start a poll. Maybe I'm wrong, or maybe I'm right. But why do you want to make this hack into such a big controversy, when there are other hacks out there that defy people's morals and private space, such as the 'admins can view member's PMs' for example.

eXtremeTim 03-12-2004 07:12 PM
No see even without this hack you would basicly be screwed. Without this hack if I had your password I could totaly destroy your forums and lock you out of your account. Wow with this hack the only extra thing I can do it delete your account. I still cant touch the other undeleteable accounts. So either way your screwed over just about the same.

Gary King 03-12-2004 07:13 PM
Quote:
Originally Posted by Boofo
Exactly. That's the way it should be with the main Admin account. Tthen you can at least get to the Admin CP and do what's necessary to fix things. If you can't get into your account, then you are SOL.
I must agree with eXtremeTim. Also, for this quote, if the admin can't access his or her account then you can easily just create a script, maybe ask someone to do it for you, to make yourself administrator again. Not a problem at all.

Boofo 03-12-2004 07:16 PM
Sure, if you know how to program one or who to ask for it. What about the newbie? What is he supposed to do when this backfires on him?

Maybe you should put a warning on the hack so you don't get the backlash something like this could cause.

'Nuff said. I'll leave it alone now.

Ryan Ashbrook 03-12-2004 09:53 PM
Thank you. :)

JustAskJulie 03-14-2004 02:39 AM
But if you can't edit the admin account and someone else breaks into it, how do you ever change the password once it's been comprimised to re-establish security?

msimplay 04-30-2004 09:17 AM
taking everything into account i've never given my password out
and if they have access to everything else they can still do just as much damage to the forums
ie delete all posts

Bryan Ex 06-08-2004 07:16 AM
This is so close to what I've been looking for Gary. I need something similar to this that will allow regular members to delete their own accounts from the usercp.

Megareus Rex 07-21-2004 07:40 AM
When i use find to try and find the code in the admincp/moderator.php, it cant find it, but because there's two ) on the end of it.

And, when i upload the admincp/moderator.php to my forum, it prvents me from using its other functions, such as Forum Manager>Show all moderators and Forum Manager>Add moderator.

Any thoughts on why? I know for a fact i edited it correctly (the hack itself worked)

Bison 07-23-2004 02:57 AM
Quote:
Originally Posted by Boofo
Sure, if you know how to program one or who to ask for it. What about the newbie? What is he supposed to do when this backfires on him?

Maybe you should put a warning on the hack so you don't get the backlash something like this could cause.

'Nuff said. I'll leave it alone now.
Boofo, You drink too much coffee man!

That's why they're backups ... and thank goodness for phpMyAdmin! :ermm:

Boofo 07-23-2004 03:46 AM
Quote:
Originally Posted by Bison
Boofo, You drink too much coffee man!

That's why they're backups ... and thank goodness for phpMyAdmin! :ermm:
But you should never be forced to use that approach. ;)

Oblivion Knight 07-23-2004 07:44 AM
If you have the additional layer of security on your Admin CP such as .htaccess, then I really can't see the problem of uneditable/undeleteable users being able to edit or delete themselves personally..

What about if you had more than one user defined in that variable? Would they all be able to edit/delete each other or only themselves? This is my biggest concern..

Megareus Rex 08-07-2004 01:02 PM
Umm...anyone care to answer my above question?


All times are GMT. The time now is 01:20 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01308 seconds
  • Memory Usage 1,800KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (10)bbcode_php_printable
  • (9)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (28)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete