The Arcive of Official vBulletin Modifications Site.

AwesomeShark305 · #1 09-08-2018, 11:26 PM

So I recently learned via my forums that anyone of my administrators can change another admins privileges... Thus allowing for them to ban one another. Regular admins also have the ability to strip a super Administrators permissions from them and ban them. I need to know how to stop this.

Max Taxable · #2 09-08-2018, 11:56 PM

Quote:

Originally Posted by AwesomeShark305

So I recently learned via my forums that anyone of my administrators can change another admins privileges... Thus allowing for them to ban one another. Regular admins also have the ability to strip a super Administrators permissions from them and ban them. I need to know how to stop this.

If the Super Administrator is also defined as unalterable in the config file, there is NO way anyone can make any changes to his account.

You should have only ONE Super Administrator. The rest of them should just be regular admins with permissions only you can set. If you're going to add another SA, make damn sure it is someone you trust implicitly.

Make sure to check the config file and set yourself as unalterable/undeletable.

In Omnibus · #3 09-09-2018, 12:48 AM

What Max said. You can also add any user ID to the config.php file as an undeletable / unalterable user. It doesn't have to be an administrator although that is the general use.

AwesomeShark305 · #4 09-09-2018, 02:18 PM

Myself & my other lead admin are super administrators, just like the head admin account. A regular admin that we can appoint, can change our primary user group and then ban our accounts. we have about 9 normal admins. A regular admin should not have the ability to change my user groups. also my server is written to where I am a Super admin, so in the event this actually happened, the site should always allow me access to the admin panel no matter what. why is this a thing?

In Omnibus · #5 09-09-2018, 03:10 PM

Quote:

Originally Posted by AwesomeShark305

Myself & my other lead admin are super administrators, just like the head admin account. A regular admin that we can appoint, can change our primary user group and then ban our accounts. we have about 9 normal admins. A regular admin should not have the ability to change my user groups. also my server is written to where I am a Super admin, so in the event this actually happened, the site should always allow me access to the admin panel no matter what. why is this a thing?

You have far too many administrators. The software is designed to have a limited number of administrators. Many sites have only one. The odds are that most of those people do not need administrator permissions. If they do they don't need all of the administrator permissions. That is why you have problems. My recommendation would be to remove all administrator permissions from anyone who does not need to have them. In Usergroups > Administrator Permissions remove permissions from anyone who does not need that specific permission. Then those people will not have the ability to alter other administrators.

AwesomeShark305 · #6 09-09-2018, 07:11 PM

Quote:

Originally Posted by In Omnibus

You have far too many administrators. The software is designed to have a limited number of administrators. Many sites have only one. The odds are that most of those people do not need administrator permissions. If they do they don't need all of the administrator permissions. That is why you have problems. My recommendation would be to remove all administrator permissions from anyone who does not need to have them. In Usergroups > Administrator Permissions remove permissions from anyone who does not need that specific permission. Then those people will not have the ability to alter other administrators.

My site is used in reference to a gaming community spread across Xbox, PlayStation, & PC gaming. my admins are not the problem. The problem is the common sense that was "Lacked" when creating this forum software in the vBulletin program. A regular Admin should not be able to edit a Super Administrators permissions! What is the word "Super" for if it means absolutely nothing? I need to know where to go and edit this coding. IF, the creators of Vbulletin can't comment on here and explain the issue of their own system. Maybe someone has came across this coding somewhere in their files.

MarkFL · #7 09-09-2018, 07:54 PM

You need to look in the file "includes/config.php" for a section like this:

PHP Code:


			
    //    ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
    //    The users specified here will be allowed to view the admin log in the control panel.
    //    Users must be specified by *ID number* here. To obtain a user's ID number,
    //    view their profile via the control panel. If this is a new installation, leave
    //    the first user created will have a user ID of 1. Seperate each userid with a comma.
$config['SpecialUsers']['canviewadminlog'] = '1';

    //    ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
    //    The users specified here will be allowed to remove ("prune") entries from the admin
    //    log. See the above entry for more information on the format.
$config['SpecialUsers']['canpruneadminlog'] = '1';

    //    ****** USERS WITH QUERY RUNNING PERMISSIONS ******
    //    The users specified here will be allowed to run queries from the control panel.
    //    See the above entries for more information on the format.
    //    Please note that the ability to run queries is quite powerful. You may wish
    //    to remove all user IDs from this list for security reasons.
$config['SpecialUsers']['canrunqueries'] = '1';

    //    ****** UNDELETABLE / UNALTERABLE USERS ******
    //    The users specified here will not be deletable or alterable from the control panel by any users.
    //    To specify more than one user, separate userids with commas.
$config['SpecialUsers']['undeletableusers'] = '';

    //    ****** SUPER ADMINISTRATORS ******
    //    The users specified below will have permission to access the administrator permissions
    //    page, which controls the permissions of other administrators
$config['SpecialUsers']['superadministrators'] = '1';

For each category, put the comma delimited list of users by userid you wish to have those permissions/attributes. Bear in mind any admin with access to the server can alter this file as well.

AwesomeShark305 · #8 09-09-2018, 08:35 PM

Quote:

Originally Posted by MarkFL

You need to look in the file "includes/config.php" for a section like this:

PHP Code:


			
    //    ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******

    //    The users specified here will be allowed to view the admin log in the control panel.

    //    Users must be specified by *ID number* here. To obtain a user's ID number,

    //    view their profile via the control panel. If this is a new installation, leave

    //    the first user created will have a user ID of 1. Seperate each userid with a comma.

$config['SpecialUsers']['canviewadminlog'] = '1';



    //    ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******

    //    The users specified here will be allowed to remove ("prune") entries from the admin

    //    log. See the above entry for more information on the format.

$config['SpecialUsers']['canpruneadminlog'] = '1';



    //    ****** USERS WITH QUERY RUNNING PERMISSIONS ******

    //    The users specified here will be allowed to run queries from the control panel.

    //    See the above entries for more information on the format.

    //    Please note that the ability to run queries is quite powerful. You may wish

    //    to remove all user IDs from this list for security reasons.

$config['SpecialUsers']['canrunqueries'] = '1';



    //    ****** UNDELETABLE / UNALTERABLE USERS ******

    //    The users specified here will not be deletable or alterable from the control panel by any users.

    //    To specify more than one user, separate userids with commas.

$config['SpecialUsers']['undeletableusers'] = '';



    //    ****** SUPER ADMINISTRATORS ******

    //    The users specified below will have permission to access the administrator permissions

    //    page, which controls the permissions of other administrators

$config['SpecialUsers']['superadministrators'] = '1';

For each category, put the comma delimited list of users by userid you wish to have those permissions/attributes. Bear in mind any admin with access to the server can alter this file as well.

I have edited these setting already, however the problem is that a basic admin can go change our primary usergroup from admin to moderator or something, and then ban the account.

MarkFL · #9 09-09-2018, 08:40 PM

No one can alter the account of someone set as undeletable/unalterable from within the AdminCP (administration of users). Of course anyone who knows MySQL can run a query, either in a plugin or manually (if they are permitted to run manual queries) to alter anyone's account, if they know what they're doing.

Max Taxable · #10 09-09-2018, 09:55 PM

Quote:

Originally Posted by AwesomeShark305

I have edited these setting already, however the problem is that a basic admin can go change our primary usergroup from admin to moderator or something, and then ban the account.

That is IMPOSSIBLE if you have the settings correct in the config file.

Period.

Quote:

Originally Posted by AwesomeShark305

Myself & my other lead admin are super administrators, just like the head admin account. A regular admin that we can appoint, can change our primary user group and then ban our accounts. we have about 9 normal admins. A regular admin should not have the ability to change my user groups. also my server is written to where I am a Super admin, so in the event this actually happened, the site should always allow me access to the admin panel no matter what. why is this a thing?

It's a thing because you do NOT have the config.php file modified correctly.

Quote:

Originally Posted by AwesomeShark305

The problem is the common sense that was "Lacked" when creating this forum software in the vBulletin program. A regular Admin should not be able to edit a Super Administrators permissions! What is the word "Super" for if it means absolutely nothing? I need to know where to go and edit this coding. IF, the creators of Vbulletin can't comment on here and explain the issue of their own system. Maybe someone has came across this coding somewhere in their files.

There is nothing lacking in the vBulletin system for this issue. What is lacking is your settings in the config file.

Please post what you have there, for the relevant settings. I almost bet you're using usernames instead of userid numbers.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.06377 seconds Memory Usage 2,298KB Queries Executed 13 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (2)bbcode_php (7)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (10)post_thanks_box (1)post_thanks_box_bit (10)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit (10)post_thanks_postbit_info (10)postbit (10)postbit_onlinestatus (10)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start fetch_musername post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start post_thanks_function_fetch_thanks_bit_start post_thanks_function_show_thanks_date_start post_thanks_function_show_thanks_date_end post_thanks_function_fetch_thanks_bit_end post_thanks_function_fetch_post_thanks_template_start post_thanks_function_fetch_post_thanks_template_end pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

Благодарность от:
In Omnibus

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!