vb.org Archive - user can edit admins?

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- Member Archives (https://vborg.vbsupport.ru/forumdisplay.php?f=202)

- - user can edit admins? (https://vborg.vbsupport.ru/showthread.php?t=40751)

TECK	07-06-2002 07:46 PM

user can edit admins?

i did this to allow only user 1 to edit other admins:
forum/admin/config.php
add at the bottom:

Code:

// user can edit admins

$editadmin='1';

you can add as many users you want there...

forum/admin/user.php
find:

Code:

adminlog(iif($userid!=0,"user id = $userid",""));

below this add:

Code:

unset($editadmin);

find:

Code:

if ($HTTP_POST_VARS['action']=="doupdate") {

replace it with:

Code:

if ($HTTP_POST_VARS['action']=="doupdate" && checklogperms($editadmin,1,"<p>You are not allowed to edit this user.</p>")) {

it will not work. what do i do wrong? thanks.

Admin

07-07-2002 02:01 PM

Remove

Code:

unset($editadmin);

Place it before requiring config.php.

TECK	07-07-2002 02:41 PM

thanks firefly. can you please explain to me why it must be done this way, unseting $editadmin before config.php file? if i use my logic, an unset should work anywhere before an related action.

Admin

07-07-2002 02:43 PM

You can also unset the variable before requiring global.php, it pretty much does the same thing.

However, if you unset it after you require global.php (and config.php), the variable won't be present anymore and the checklogperms() call will fail no matter what.

TECK	07-07-2002 02:46 PM

aha... i understand now. thanks alot chen.

Almax

07-07-2002 04:21 PM

find:
code:
if ($HTTP_POST_VARS['action']=="doupdate") {

erm .... this aint on my admin/config.php script m8
wot do i do now ??

TECK	07-07-2002 04:23 PM

<a href="https://vborg.vbsupport.ru/showthread.php?s=&threadid=40787" target="_blank">https://vborg.vbsupport.ru/showt...threadid=40787</a>

TECK	07-07-2002 11:42 PM

chen, i need your help. i cant figure a way to make it dentify with the username that edits another user. here it is what i tried as an alternative:

Code:

if ($HTTP_POST_VARS['action']=="doupdate") {

  if (!in_array($bbuserinfo['userid'],array($caneditadmin)) and $user['userid']!=$bbuserinfo['userid']) {

    echo "<p>You are not allowed to edit this user</p>";

    exit;

  }

everything works except i cant edit myself anymore...

TECK	07-08-2002 04:03 PM

i got it working. :D
thanks chen!!

All times are GMT. The time now is 09:02 PM.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01208 seconds Memory Usage 1,722KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (7)bbcode_code_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (9)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: