vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Modification Requests/Questions (Unpaid) (https://vborg.vbsupport.ru/forumdisplay.php?f=112)
-   -   Security request, config.php defines admins. (https://vborg.vbsupport.ru/showthread.php?t=76071)

nintendo 02-10-2005 06:34 AM
Security request, config.php defines admins.
 
In config.php just like it has for example

$canviewadminlog = '1';

is it possible to make a hack where members can only be an admin if there listed there? Like

$canbeadmin = '1,2,3';

for example? Then if some one get's in to the admin, they can not create other admin accounts.

I don't know how yet, but yesterday, twice some one got in my admincp and created a new administrator.

Andreas 02-10-2005 06:43 AM
This is pretty easy:

At the end of admincp/global.php (before the comment) place:

PHP Code:
if (!in_array($bbuserinfo['userid'], explode(','$canbeadmin))
{
       print_cp_no_permission();

Then nobody except these UserIDs can get into Admin CP.

neocorteqz 02-10-2005 06:54 AM
Quote:
Originally Posted by nintendo
In config.php just like it has for example

$canviewadminlog = '1';

is it possible to make a hack where members can only be an admin if there listed there? Like

$canbeadmin = '1,2,3';

for example? Then if some one get's in to the admin, they can not create other admin accounts.

I don't know how yet, but yesterday, twice some one got in my admincpand created a new administrator.
If i recall, if they are not asuperadmin, they can not make someone an admin. Also you can controlwhat CP access other admins have, including usergroup.

And if they are doing it through your account (Which I'm sure they're not) you need a harder password.

Quote:
Originally Posted by KirbyDE
This is pretty easy:

At the end of admincp/global.php (before the comment) place:

PHP Code:
if (!in_array($bbuserinfo['userid'], explode(','$canbeadmin))
{
       print_cp_no_permission();
Then nobody except these UserIDs can get into Admin CP.
cool. although doesn't the user permissions take care of that, if Not I think I might add that. :)


All times are GMT. The time now is 06:20 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01067 seconds
  • Memory Usage 1,724KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_php_printable
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (3)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete