vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 2.x Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=4)
-   -   Only original admin can modify users in administrator usergroup. (https://vborg.vbsupport.ru/showthread.php?t=34094)

pHaez 01-12-2002 10:00 PM

I find that if you have more that 1 admin, it is kinda a uncomfortable feeling to know that they have the power to modify your user information as well as other admins. They can change your status from administrator to just a registered user, as well as others, and take over the board. This can prevent it.

Security is a touchy area, and this is not proven to be 100% secure, so I will not take responsibility for any problems this hack may cause.

In /admin/user.php you need to do the following:

Step 1.
Look for:
PHP Code:

error_reporting(7); 

Below that add:
PHP Code:

unset($canmodifyadmins); 

Step 2.
look for:
PHP Code:

// ###################### Start edit #######################
if ($action=="edit") {
  
$user=$DB_site->query_first("SELECT *,FROM_UNIXTIME(joindate) AS joindate,FROM_UNIXTIME(lastvisit) AS lastvisit,FROM_UNIXTIME(lastactivity) AS lastactivity,FROM_UNIXTIME(lastpost) AS lastpost,
                               avatar.avatarpath,NOT ISNULL(customavatar.avatardata) AS hascustomavatar
                               FROM user
                               LEFT JOIN avatar ON avatar.avatarid=user.avatarid
                               LEFT JOIN customavatar ON customavatar.userid=user.userid
                               WHERE user.userid=
$userid"); 

Below that add the following:
PHP Code:

if ($user[usergroupid]!=or $bbuserinfo[userid]==$user[userid] or checklogperms($canmodifyadmins,1,"<p>Admins are not allowed to edit other admins.</p>")) { 



Step 3.
Look For:
PHP Code:

// ###################### Start do update ####################### 

Above that add the following:
PHP Code:



Save that file and open /admin/config.php

Look for:
PHP Code:

?> 

Above that add the following:
PHP Code:

$canmodifyadmins "192"

you can allow others as well by seperating their user id with a comma.
ex.
PHP Code:

$canmodifyadmins "192,23,22"

That should do it. Lemme know if you have any problems.

[SIZE=3]This is now updated, should be fully operational!

TELEK 01-13-2002 09:31 PM

hmm... looks good. I want to try it. But I don't want to be the first. if anybody else tries this, tell me if it works.

I already had one admin delete another admin because he was teasing him. That wasn't good.

nafae 01-13-2002 11:22 PM

Behind the forums: true stories of ADMIN WAREFARE!~

Mark Hensler 01-13-2002 11:31 PM

lol@nafae

Sounds like you need to screen your admins better, TELEK.

GeorgeofCS 01-13-2002 11:47 PM

I tried to install it and it doesn't appear to work. :(

Just gives me a blank page

pHaez 01-14-2002 12:02 AM

hrm, it should work fine, i would try again. If you still can't get it, we need to work out a way to contact each other. It works perfect here.

StarBuG 01-14-2002 03:39 PM

I installed it too on my webserver and have the same Problem!

I get a blank page if I try to edit any user!
I also set: $canmodifyadmins = "1"; cause?my user id is 1 ;)

Any suggestions??

Maybe you forgott to parse a peace of code here???

Greetings

StarBuG

pHaez 01-14-2002 03:51 PM

its a possibility, lemme look it over again. I know it works here on mine, so it must have something missing.

pHaez 01-14-2002 03:59 PM

The first step should look like:
PHP Code:

<?php
error_reporting
(7);
// admin hack
unset($canmodifyadmins);
// end admin hack
require("./global.php");

adminlog(iif($userid!=0,"user id = $userid",""));

The Second step should look like:
PHP Code:

if ($action=="edit") {
  
$user=$DB_site->query_first("SELECT *,FROM_UNIXTIME(joindate) AS joindate,FROM_UNIXTIME(lastvisit) AS lastvisit,FROM_UNIXTIME(lastactivity) AS lastactivity,FROM_UNIXTIME(lastpost) AS lastpost,
                               avatar.avatarpath,NOT ISNULL(customavatar.avatardata) AS hascustomavatar
                               FROM user
                               LEFT JOIN avatar ON avatar.avatarid=user.avatarid
                               LEFT JOIN customavatar ON customavatar.userid=user.userid
                               WHERE user.userid=
$userid");
// admin hack
if ($user[usergroupid]==&& checklogperms($canmodifyadmins,0,"<p>You are not allowed to edit other admins.</p>")) {
// end admin hack
  
if ($user[coppauser]==1) { 

Third Step should look like:
PHP Code:

  doformfooter("Save Changes");

  }
// admin hack
}
// end admin hack
// ###################### Start do update ####################### 


The config.php change should look like:
PHP Code:

// admin hack
$canmodifyadmins "192";
// end admin hack
?> 

Maybe that will help you better understand the changes?

StarBuG 01-14-2002 04:35 PM

I have made the changes and I?m not a newbie!

I think 3 steps are not heavy to implement!

But it doesn?t work!

I use 2.2.1g!

Maybe this is the Problem!?

AND: The error occours not only if I try to edit an admin also normal users are not displayed!
ONLY blank Page

So the error must be in:
PHP Code:

// admin hack
  
if ($user[usergroupid]==&& checklogperms($canmodifyadmins,0,"<p>You are not allowed to edit other admins.</p>")) {
 
// end admin hack 

Greetings

StarBuG


All times are GMT. The time now is 11:05 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01071 seconds
  • Memory Usage 1,761KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (14)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete