This hack allows whoever is in the $undeletableusers variable (users who cannot be edited/deleted) to be able to edit/delete themselves, meaning that only the protected user can modify themselves but no one else can modify/delete them.
Instructions
Open admincp/moderater.php and find
PHP Code:
if (!in_array($userinfo['userid'], $noalter))
Replace with
PHP Code:
if (!in_array($userinfo['userid'], $noalter) or $bbuserinfo['userid'] != $userinfo['userid'])
Open admincp/user.php and find
PHP Code:
if (in_array($userid, $nodelete))
Replace with
PHP Code:
if (in_array($userid, $nodelete) and $bbuserinfo['userid'] != $userid)
Find
PHP Code:
if (!empty($noalter[0]) AND in_array($userid, $noalter))
Replace with
PHP Code:
if (!empty($noalter[0]) AND in_array($userid, $noalter) and $bbuserinfo[userid] != $userid)
Open admincp/usertools.php and find
PHP Code:
if (!empty($noalter[0]) AND (in_array($sourceinfo['userid'], $noalter) OR in_array($destinfo['userid'], $noalter)))
Replace with
PHP Code:
if (!empty($noalter[0]) AND (in_array($sourceinfo['userid'], $noalter) OR in_array($destinfo['userid'], $noalter)) and $bbuserinfo[userid] != $sourceinfo[userid] and $bbuserinfo[userid] != $destinfo[userid])
Open modcp/user.php and find ALL SIX (6) instances of the following code
PHP Code:
if (!empty($noalter[0]) AND in_array($userid, $noalter))
Replace ALL 6 INSTANCES WITH
PHP Code:
if (!empty($noalter[0]) AND in_array($userid, $noalter) and $bbuserinfo[userid] != $userid)
There, all done!
Show Your Support
This modification may not be copied, reproduced or published elsewhere without author's permission.
If they know your admins password they can still screw up everthing just the same. Only thing they cant do it delete the account. They can still change the password and email and everything else from the user cp.
You're wrong, Tim. Here's what it says in the config.php:
UNDELETABLE / UNALTERABLE USERS
They can not edit nor delete. This hack bypasses that. That's why it is dangerous.
EDIT: You mean the usercp on the board. Sure they can change it there but that is only for the board, not the Admin CP where they could really mess things up.
You're wrong, Tim. Here's what it says in the config.php:
UNDELETABLE / UNALTERABLE USERS
They can not edit nor delete. This hack bypasses that. That's why it is dangerous.
EDIT: You mean the usercp on the board. Sure they can change it there but that is only for the board, not the Admin CP where they could really mess things up.
They will be also able to use all administrator functions as well, just not be able to modify/delete the protected account(s).
Exactly. That's the way it should be with the main Admin account. Tthen you can at least get to the Admin CP and do what's necessary to fix things. If you can't get into your account, then you are SOL.
Someone requested this feature, so I release it for them. If people want to also install this, then I say 'go ahead '. Personally for me, I wouldn't mind installing this because I sometimes get annoyed when I have to remove myself from the variable to modify my 'hidden' settings as well, and I have never been hacked once; I am quite sure that the majority of vBulletin admins have never been hacked once, if you want you can even start a poll. Maybe I'm wrong, or maybe I'm right. But why do you want to make this hack into such a big controversy, when there are other hacks out there that defy people's morals and private space, such as the 'admins can view member's PMs' for example.
No see even without this hack you would basicly be screwed. Without this hack if I had your password I could totaly destroy your forums and lock you out of your account. Wow with this hack the only extra thing I can do it delete your account. I still cant touch the other undeleteable accounts. So either way your screwed over just about the same.
Exactly. That's the way it should be with the main Admin account. Tthen you can at least get to the Admin CP and do what's necessary to fix things. If you can't get into your account, then you are SOL.
I must agree with eXtremeTim. Also, for this quote, if the admin can't access his or her account then you can easily just create a script, maybe ask someone to do it for you, to make yourself administrator again. Not a problem at all.
Allow undeleteable user to modify / edit / delete themself Details »»
About Developer
No support by the author.
03-12-2004, 06:31 PM
'. Personally for me, I wouldn't mind installing this because I sometimes get annoyed when I have to remove myself from the variable to modify my 'hidden' settings as well, and I have never been hacked once; I am quite sure that the majority of vBulletin admins have never been hacked once, if you want you can even start a poll. Maybe I'm wrong, or maybe I'm right. But why do you want to make this hack into such a big controversy, when there are other hacks out there that defy people's morals and private space, such as the 'admins can view member's PMs' for example.
