Miscellaneous Hacks - Cyb - Login To User Account

Info:
This will allow forum administrators to simply login to user accounts (to test forum functions, permissions etc...). SuperAdmin can choose admins who are able to use this function. SuperAdmin can set also who can login to other admin accounts. "Login As User" is shown in member profiles and Quick User Links (can be disabled). Option is automatically hidden in your own account and if target user is admin while you have no permissions to login to admin accounts.

See screenshots.


Installation:
1. Import XML file (as product): AdminCP > Plugin System > Manage Products > [Add/Import Product]


Variables:
-Link to login to user in memberinfo: $cyb_ltoua_link_mi
-Logged in as user alert: $cyb_ltoua_alert


To set options:
Go to: AdminCP > vBulletin Options > Cyb - Login To Other User Account


Versions:
v1.0 - May 20. 2006.
-First Release
v1.1 - May 21. 2006.
-Now SuperAdmin can log into other admins
v1.2 - Aug 04. 2006.
-Release of this hack for vB v3.6
v1.5 - Aug 29. 2006.
-Added option to easily go back to admin account
-Alert can be enabled/disabled
-Added "Product Version Checking"
-Only Admins allowed to use function can see "Login As" links
-Several code improvements
v1.6 - Sep 01. 2006.
-Fixed bug (error message at the top of "add new user" page)
-Fixed bug (uncached template)
v1.7 - Sep 05. 2006.
-Now only SuperAdmin can access settings where you choose which Admins can use the hack
-You can also set Admins who will be able to use other Admins accounts (only SuperAdmin can set this)
-Alert moved to navbar so it is now shown on any page to Admin who is logged in as someone else
v1.8 - Apr 23. 2007.
-"Last activity" not changed for target user when admin used account
-"Login As User" automatically hidden in your own account and if target user is admin and you have no permissions to login to admin accounts
-Admin not logged out from ACP when back to original account, except session expired regularly
-Added option to modify alert box CSS
-Many other code improvements and optimizations
-If you have older version of this hack installed please uninstall it before installing latest version or it will not work properly
v1.9.1 - Jul 23. 2007.
-Fixed bug (Security Exploit)
-Fixed bug ("login as user" doesn't work if you access user profile via last post info)
-"Go back" alert moved to header (for must of users there is no need to edit custom styles anymore)
-Now you can go back from banned user accounts without clearing cookies manually
v2.0 - Nov 08. 2007.
-New: Actions logged in Moderator Log
-Fixed bug where admins with primary usergroup different than 6 are not able to use hack
-Several minor bugs fixed
--You MUST uninstall older version before installing this one in order to get it working properly
v2.1 - May 03. 2008.
-Compatible with vBulletin 3.7
-Minor bugs fixed
v2.2 - Jun 23. 2008.
-Added option to disable logs
-Added option to switch to vB 3.6.x compatibility mode
-Fixed bug (session lost for target user when you go back to admin)
-Fixed bug (sessions lost for guests/bots when you login as another user)
-Made several compatibility improvements
v2.3 - Apr 11. 2009.
-Bug fix (non-Admins able to login to user accounts in some cases)
-Bug fix (Admin can not search product entries in ModLog by product ID)
-Bug fix (logging error if username contains special characters)
-Bug fix (Admin must be member of usergroup 6 to use product)
-Minor bugs fixed


Click INSTALL if you like this hack.

[shamda]

I installed the version of this hack for 3.6.7 when I was using 3.6.7. I decided to uninstall it. I have since upgraded to 3.7.1 and now to the patch 2 of 3.7.1. When I first installed 3.7.0 I created a new template which I use now. I have not installed this hack for 3.7.1.

Now for the problem. Someone is hacking my board. They are somehow taking control of other members accounts and posting threats all over my board. I am not sure how they are doing this. I have gone back and forth with my hosting company and we have sealed up all the security issues we can find. My guess is that the person is somehow using something from the hack to login as user that I had once installed. It seems to be acting just the same way. I have another hack that tells me if more than 1 member logs in from the same computer. Whenever an admin would login as a use with this hack it would trigger the duplicate login alert. When the hacker is taking over an account the same thing happens. I really think he is running something from my 3.6.7 version of the hack. Could this be possible? When I uninstalled it obviously there may be some files that remain on my server? Can anyone help with this?

[srkrocks]

Installed

[redraider]

this is weird, but whenever I use this mod, all my guests (including the spiders) get thrown off the forum ...anyone else faced the same thing?

[redraider]

Quote:

Originally Posted by shamda

I installed the version of this hack for 3.6.7 when I was using 3.6.7. I decided to uninstall it. I have since upgraded to 3.7.1 and now to the patch 2 of 3.7.1. When I first installed 3.7.0 I created a new template which I use now. I have not installed this hack for 3.7.1.

Now for the problem. Someone is hacking my board. They are somehow taking control of other members accounts and posting threats all over my board. I am not sure how they are doing this. I have gone back and forth with my hosting company and we have sealed up all the security issues we can find. My guess is that the person is somehow using something from the hack to login as user that I had once installed. It seems to be acting just the same way. I have another hack that tells me if more than 1 member logs in from the same computer. Whenever an admin would login as a use with this hack it would trigger the duplicate login alert. When the hacker is taking over an account the same thing happens. I really think he is running something from my 3.6.7 version of the hack. Could this be possible? When I uninstalled it obviously there may be some files that remain on my server? Can anyone help with this?

Have you changed the password for administrators? Also see if he has added himself as an administrator to your administrators group. Check the ip addresses of the administrator and try to block those ips.

[TrIn@dOr]

Full Spanish(AR) translation

[shamda]

I am the only one showing in the admin group. I had changed my password. Even if he did get in as an admin how would he use this hack if i uninstalled it? Is it possible?

Quote:

Originally Posted by redraider

Have you changed the password for administrators? Also see if he has added himself as an administrator to your administrators group. Check the ip addresses of the administrator and try to block those ips.

[Valter]

You are able to see in Moderator log who used this hack, on which users and when.

[redraider]

Quote:

Originally Posted by redraider

this is weird, but whenever I use this mod, all my guests (including the spiders) get thrown off the forum ...anyone else faced the same thing?

an update: after I disable this mod, the bots are back hungry and interested in the website. Is it just me or anyone else has seen similar effect? Please help

[Valter]

Quote:

Originally Posted by SonniE

Hi i love this mod used it on 3.6.8 only issue i ever had with it is if im logged into some1s acc for awhile it doesnt log me back into my admin acc instead it keeps me in that users account is this a bug? fixable?

Session expires because of inactivity.

redraider, it's bug. I will fix it today and release updated version.

[Valter]

v2.2 - Jun 23. 2008.
-Added option to disable logs
-Added option to switch to vB 3.6.x compatibility mode
-Fixed bug (session lost for target user when you go back to admin)
-Fixed bug (sessions lost for guests/bots when you login as another user)
-Made several compatibility improvements

To upgrade:
-Import XML as product, allow overwrite