Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 2.x > vBulletin 2.x Full Releases
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Details »»

Version: 1.00, by pHaez pHaez is offline
Developer Last Online: Sep 2003 Show Printable Version Email this Page

Version: 2.2.x Rating:
Released: 01-12-2002 Last Update: Never Installs: 33
 
No support by the author.

I find that if you have more that 1 admin, it is kinda a uncomfortable feeling to know that they have the power to modify your user information as well as other admins. They can change your status from administrator to just a registered user, as well as others, and take over the board. This can prevent it.

Security is a touchy area, and this is not proven to be 100% secure, so I will not take responsibility for any problems this hack may cause.

In /admin/user.php you need to do the following:

Step 1.
Look for:
PHP Code:
error_reporting(7); 
Below that add:
PHP Code:
unset($canmodifyadmins); 
Step 2.
look for:
PHP Code:
// ###################### Start edit #######################
if ($action=="edit") {
  
$user=$DB_site->query_first("SELECT *,FROM_UNIXTIME(joindate) AS joindate,FROM_UNIXTIME(lastvisit) AS lastvisit,FROM_UNIXTIME(lastactivity) AS lastactivity,FROM_UNIXTIME(lastpost) AS lastpost,
                               avatar.avatarpath,NOT ISNULL(customavatar.avatardata) AS hascustomavatar
                               FROM user
                               LEFT JOIN avatar ON avatar.avatarid=user.avatarid
                               LEFT JOIN customavatar ON customavatar.userid=user.userid
                               WHERE user.userid=
$userid"); 
Below that add the following:
PHP Code:
if ($user[usergroupid]!=or $bbuserinfo[userid]==$user[userid] or checklogperms($canmodifyadmins,1,"<p>Admins are not allowed to edit other admins.</p>")) { 


Step 3.
Look For:
PHP Code:
// ###################### Start do update ####################### 
Above that add the following:
PHP Code:

Save that file and open /admin/config.php

Look for:
PHP Code:
?> 
Above that add the following:
PHP Code:
$canmodifyadmins "192"
you can allow others as well by seperating their user id with a comma.
ex.
PHP Code:
$canmodifyadmins "192,23,22"
That should do it. Lemme know if you have any problems.

[SIZE=3]This is now updated, should be fully operational!

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #12  
Old 01-14-2002, 05:29 PM
Psychdrone Psychdrone is offline
 
Join Date: Nov 2001
Posts: 525
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

wow this would be great, wait dose this just prevent them from chaning your user group? and password?

or dose it restrict them to the whole edit user profile?

I think you should do what I said above, cause many of us have admins, that change the titles and such of our users!

Or maybe you could make it so that they can change anyone, except for the first admin? user Id 1??
Reply With Quote
  #13  
Old 01-14-2002, 05:34 PM
pHaez pHaez is offline
 
Join Date: Jan 2002
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

it restricts access to everything. They cant even see the information on other admins. The minute they hit the edit link next to the name, it says access restricted. But they still have access to edit regular users. If you want that would be very easy to restrict access to.
Reply With Quote
  #14  
Old 01-14-2002, 05:37 PM
pHaez pHaez is offline
 
Join Date: Jan 2002
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

its a possibility, i am running an upgraded version of 2.2.1, and i don't know if it works with the german version. If you still have problems you can e-mail me with your AIM, ill add you to my list. my aim = pHaez
Reply With Quote
  #15  
Old 01-15-2002, 04:31 PM
Jawelin Jawelin is offline
 
Join Date: Nov 2001
Posts: 557
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well. I just installed it on 2.2.1 english...

When I try to edit ANY user, I get a blank page. The HTML code shows :
Code:
<html><head>
<meta content="text/html; charset=windows-1252" http-equiv="Content-Type">
<meta http-equiv="MSThemeCompatible" content="Yes">
<link rel="stylesheet" href="../cp.css">
</head>
<body leftmargin="10" topmargin="10" marginwidth="10" marginheight="10">
</BODY></HTML>
... I absolutely think the code
PHP Code:
if ($user[usergroupid]==&& checklogperms($canmodifyadmins,0,"<p>Admins are not allowed to edit other admins.</p>")) { 
doesn't do the job each of us could expect.

For instance, I think the unset code should went AFTER the global.php import, but it's not enough... as far



Thanks a lot.
Bye
Reply With Quote
  #16  
Old 01-15-2002, 04:45 PM
Jawelin Jawelin is offline
 
Join Date: Nov 2001
Posts: 557
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Eureka!
Simply I think the condition should be REVERSED !!

As is, it only permits to edit other admins with the right variable !!!

Well. Let's try with
PHP Code:
if ($user[usergroupid]!=or checklogperms($canmodifyadmins,1,"<p>Admins are not allowed to edit other admins.</p>")) { 
!!!!

NOW it works !

....


P.S.: my name is DeMorgan.... DeMorgan's Theorema
Bye
Reply With Quote
  #17  
Old 01-15-2002, 05:35 PM
StarBuG's Avatar
StarBuG StarBuG is offline
 
Join Date: Dec 2001
Location: Germany
Posts: 1,033
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Juhu

Now its working PERFEKT!!

THX to all!!

Greetings

StarBuG
Reply With Quote
  #18  
Old 01-15-2002, 07:18 PM
pHaez pHaez is offline
 
Join Date: Jan 2002
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

well iono, i helped someone from these boards with exactly what i posted, and it worked perfect.
Reply With Quote
  #19  
Old 01-15-2002, 08:20 PM
Psychdrone Psychdrone is offline
 
Join Date: Nov 2001
Posts: 525
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

wow this sounds great man! hey could you update your begging attachment, to the fixes, as I got a little confused along the way.......Thanks and great hack!
Reply With Quote
  #20  
Old 01-16-2002, 12:01 PM
Jawelin Jawelin is offline
 
Join Date: Nov 2001
Posts: 557
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by pHaez
well iono, i helped someone from these boards with exactly what i posted, and it worked perfect.
Sorry but think is impossible that worked with the wrong condition to execute something...
The only way should be a " } else { " right after your IF {
... :stupid:

Thanks.
Reply With Quote
  #21  
Old 01-16-2002, 02:52 PM
pHaez pHaez is offline
 
Join Date: Jan 2002
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

well it worked, but then i found some probs last night, when i tried editing users in a diff usergroup.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:15 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04343 seconds
  • Memory Usage 2,324KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_code
  • (11)bbcode_php
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete