Version: 1.00, by pHaez
Developer Last Online: Sep 2003
Version: 2.2.x
Rating:
Released: 01-12-2002
Last Update: Never
Installs: 33
No support by the author.
I find that if you have more that 1 admin, it is kinda a uncomfortable feeling to know that they have the power to modify your user information as well as other admins. They can change your status from administrator to just a registered user, as well as others, and take over the board. This can prevent it.
Security is a touchy area, and this is not proven to be 100% secure, so I will not take responsibility for any problems this hack may cause.
In /admin/user.php you need to do the following:
Step 1.
Look for:
PHP Code:
error_reporting(7);
Below that add:
PHP Code:
unset($canmodifyadmins);
Step 2.
look for:
PHP Code:
// ###################### Start edit #######################
if ($action=="edit") {
$user=$DB_site->query_first("SELECT *,FROM_UNIXTIME(joindate) AS joindate,FROM_UNIXTIME(lastvisit) AS lastvisit,FROM_UNIXTIME(lastactivity) AS lastactivity,FROM_UNIXTIME(lastpost) AS lastpost,
avatar.avatarpath,NOT ISNULL(customavatar.avatardata) AS hascustomavatar
FROM user
LEFT JOIN avatar ON avatar.avatarid=user.avatarid
LEFT JOIN customavatar ON customavatar.userid=user.userid
WHERE user.userid=$userid");
Below that add the following:
PHP Code:
if ($user[usergroupid]!=6 or $bbuserinfo[userid]==$user[userid] or checklogperms($canmodifyadmins,1,"<p>Admins are not allowed to edit other admins.</p>")) {
Step 3.
Look For:
PHP Code:
// ###################### Start do update #######################
Above that add the following:
PHP Code:
}
Save that file and open /admin/config.php
Look for:
PHP Code:
?>
Above that add the following:
PHP Code:
$canmodifyadmins = "192";
you can allow others as well by seperating their user id with a comma.
ex.
PHP Code:
$canmodifyadmins = "192,23,22";
That should do it. Lemme know if you have any problems.
[SIZE=3]This is now updated, should be fully operational!
Show Your Support
This modification may not be copied, reproduced or published elsewhere without author's permission.
it restricts access to everything. They cant even see the information on other admins. The minute they hit the edit link next to the name, it says access restricted. But they still have access to edit regular users. If you want that would be very easy to restrict access to.
its a possibility, i am running an upgraded version of 2.2.1, and i don't know if it works with the german version. If you still have problems you can e-mail me with your AIM, ill add you to my list. my aim = pHaez
wow this sounds great man! hey could you update your begging attachment, to the fixes, as I got a little confused along the way.......Thanks and great hack!
Originally posted by pHaez well iono, i helped someone from these boards with exactly what i posted, and it worked perfect.
Sorry but think is impossible that worked with the wrong condition to execute something...
The only way should be a " } else { " right after your IF {
... :stupid: