Go Back   vb.org Archive > Community Discussions > Modification Requests/Questions (Unpaid)
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 02-10-2005, 06:34 AM
nintendo's Avatar
nintendo nintendo is offline
 
Join Date: Dec 2001
Posts: 117
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Security request, config.php defines admins.

In config.php just like it has for example

$canviewadminlog = '1';

is it possible to make a hack where members can only be an admin if there listed there? Like

$canbeadmin = '1,2,3';

for example? Then if some one get's in to the admin, they can not create other admin accounts.

I don't know how yet, but yesterday, twice some one got in my admincp and created a new administrator.
Reply With Quote
  #2  
Old 02-10-2005, 06:43 AM
Andreas's Avatar
Andreas Andreas is offline
 
Join Date: Jan 2004
Location: Germany
Posts: 6,863
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This is pretty easy:

At the end of admincp/global.php (before the comment) place:

PHP Code:
if (!in_array($bbuserinfo['userid'], explode(','$canbeadmin))
{
       
print_cp_no_permission();

Then nobody except these UserIDs can get into Admin CP.
Reply With Quote
  #3  
Old 02-10-2005, 06:54 AM
neocorteqz's Avatar
neocorteqz neocorteqz is offline
 
Join Date: May 2002
Location: Barefoot Bay Fl
Posts: 473
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by nintendo
In config.php just like it has for example

$canviewadminlog = '1';

is it possible to make a hack where members can only be an admin if there listed there? Like

$canbeadmin = '1,2,3';

for example? Then if some one get's in to the admin, they can not create other admin accounts.

I don't know how yet, but yesterday, twice some one got in my admincpand created a new administrator.
If i recall, if they are not asuperadmin, they can not make someone an admin. Also you can controlwhat CP access other admins have, including usergroup.

And if they are doing it through your account (Which I'm sure they're not) you need a harder password.

Quote:
Originally Posted by KirbyDE
This is pretty easy:

At the end of admincp/global.php (before the comment) place:

PHP Code:
if (!in_array($bbuserinfo['userid'], explode(','$canbeadmin))
{
       
print_cp_no_permission();

Then nobody except these UserIDs can get into Admin CP.
cool. although doesn't the user permissions take care of that, if Not I think I might add that.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:54 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.08809 seconds
  • Memory Usage 2,185KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (3)post_thanks_box
  • (3)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit_info
  • (3)postbit
  • (3)postbit_onlinestatus
  • (3)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete