Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.0 > vBulletin 3.0 Full Releases

Reply
 
Thread Tools
Allow undeleteable user to modify / edit / delete themself Details »»
Allow undeleteable user to modify / edit / delete themself
Version: 1.00, by Gary King Gary King is offline
Developer Last Online: Jun 2020 Show Printable Version Email this Page

Version: 3.0.0 Rating:
Released: 03-10-2004 Last Update: Never Installs: 19
 
No support by the author.

Requested here: https://vborg.vbsupport.ru/showthread.php?t=62395

This hack allows whoever is in the $undeletableusers variable (users who cannot be edited/deleted) to be able to edit/delete themselves, meaning that only the protected user can modify themselves but no one else can modify/delete them.

Instructions

Open admincp/moderater.php and find
PHP Code:
            if (!in_array($userinfo['userid'], $noalter)) 
Replace with
PHP Code:
            if (!in_array($userinfo['userid'], $noalter) or $bbuserinfo['userid'] != $userinfo['userid']) 
Open admincp/user.php and find
PHP Code:
    if (in_array($userid$nodelete)) 
Replace with
PHP Code:
    if (in_array($userid$nodelete) and $bbuserinfo['userid'] != $userid
Find
PHP Code:
    if (!empty($noalter[0]) AND in_array($userid$noalter)) 
Replace with
PHP Code:
    if (!empty($noalter[0]) AND in_array($userid$noalter) and $bbuserinfo[userid] != $userid
Open admincp/usertools.php and find
PHP Code:
    if (!empty($noalter[0]) AND (in_array($sourceinfo['userid'], $noalter) OR in_array($destinfo['userid'], $noalter))) 
Replace with
PHP Code:
    if (!empty($noalter[0]) AND (in_array($sourceinfo['userid'], $noalter) OR in_array($destinfo['userid'], $noalter)) and $bbuserinfo[userid] != $sourceinfo[userid] and $bbuserinfo[userid] != $destinfo[userid]) 
Open modcp/user.php and find ALL SIX (6) instances of the following code
PHP Code:
    if (!empty($noalter[0]) AND in_array($userid$noalter)) 
Replace ALL 6 INSTANCES WITH
PHP Code:
    if (!empty($noalter[0]) AND in_array($userid$noalter) and $bbuserinfo[userid] != $userid
There, all done!

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #12  
Old 03-12-2004, 03:29 PM
gmarik's Avatar
gmarik gmarik is offline
 
Join Date: May 2002
Location: Mocsow
Posts: 1,288
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

delete is a good fucntion ...
Reply With Quote
  #13  
Old 03-12-2004, 06:31 PM
eXtremeTim eXtremeTim is offline
 
Join Date: Jun 2002
Location: eXtremewebtech.com
Posts: 1,201
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If they know your admins password they can still screw up everthing just the same. Only thing they cant do it delete the account. They can still change the password and email and everything else from the user cp.
Reply With Quote
  #14  
Old 03-12-2004, 06:41 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You're wrong, Tim. Here's what it says in the config.php:

UNDELETABLE / UNALTERABLE USERS

They can not edit nor delete. This hack bypasses that. That's why it is dangerous.

EDIT: You mean the usercp on the board. Sure they can change it there but that is only for the board, not the Admin CP where they could really mess things up.
Reply With Quote
  #15  
Old 03-12-2004, 06:52 PM
Gary King's Avatar
Gary King Gary King is offline
 
Join Date: Jan 2002
Posts: 2,046
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Boofo
You're wrong, Tim. Here's what it says in the config.php:

UNDELETABLE / UNALTERABLE USERS

They can not edit nor delete. This hack bypasses that. That's why it is dangerous.

EDIT: You mean the usercp on the board. Sure they can change it there but that is only for the board, not the Admin CP where they could really mess things up.
They will be also able to use all administrator functions as well, just not be able to modify/delete the protected account(s).
Reply With Quote
  #16  
Old 03-12-2004, 06:56 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Exactly. That's the way it should be with the main Admin account. Tthen you can at least get to the Admin CP and do what's necessary to fix things. If you can't get into your account, then you are SOL.
Reply With Quote
  #17  
Old 03-12-2004, 07:11 PM
Gary King's Avatar
Gary King Gary King is offline
 
Join Date: Jan 2002
Posts: 2,046
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Someone requested this feature, so I release it for them. If people want to also install this, then I say 'go ahead '. Personally for me, I wouldn't mind installing this because I sometimes get annoyed when I have to remove myself from the variable to modify my 'hidden' settings as well, and I have never been hacked once; I am quite sure that the majority of vBulletin admins have never been hacked once, if you want you can even start a poll. Maybe I'm wrong, or maybe I'm right. But why do you want to make this hack into such a big controversy, when there are other hacks out there that defy people's morals and private space, such as the 'admins can view member's PMs' for example.
Reply With Quote
  #18  
Old 03-12-2004, 07:12 PM
eXtremeTim eXtremeTim is offline
 
Join Date: Jun 2002
Location: eXtremewebtech.com
Posts: 1,201
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

No see even without this hack you would basicly be screwed. Without this hack if I had your password I could totaly destroy your forums and lock you out of your account. Wow with this hack the only extra thing I can do it delete your account. I still cant touch the other undeleteable accounts. So either way your screwed over just about the same.
Reply With Quote
  #19  
Old 03-12-2004, 07:13 PM
Gary King's Avatar
Gary King Gary King is offline
 
Join Date: Jan 2002
Posts: 2,046
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Boofo
Exactly. That's the way it should be with the main Admin account. Tthen you can at least get to the Admin CP and do what's necessary to fix things. If you can't get into your account, then you are SOL.
I must agree with eXtremeTim. Also, for this quote, if the admin can't access his or her account then you can easily just create a script, maybe ask someone to do it for you, to make yourself administrator again. Not a problem at all.
Reply With Quote
  #20  
Old 03-12-2004, 07:16 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Sure, if you know how to program one or who to ask for it. What about the newbie? What is he supposed to do when this backfires on him?

Maybe you should put a warning on the hack so you don't get the backlash something like this could cause.

'Nuff said. I'll leave it alone now.
Reply With Quote
  #21  
Old 03-12-2004, 09:53 PM
Ryan Ashbrook's Avatar
Ryan Ashbrook Ryan Ashbrook is offline
 
Join Date: Dec 2002
Location: Cincinnati, Ohio
Posts: 422
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thank you.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:32 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05179 seconds
  • Memory Usage 2,323KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (10)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete