Version: 1.00, by pHaez
Developer Last Online: Sep 2003
Version: 2.2.x
Rating:
Released: 01-12-2002
Last Update: Never
Installs: 33
No support by the author.
I find that if you have more that 1 admin, it is kinda a uncomfortable feeling to know that they have the power to modify your user information as well as other admins. They can change your status from administrator to just a registered user, as well as others, and take over the board. This can prevent it.
Security is a touchy area, and this is not proven to be 100% secure, so I will not take responsibility for any problems this hack may cause.
In /admin/user.php you need to do the following:
Step 1.
Look for:
PHP Code:
error_reporting(7);
Below that add:
PHP Code:
unset($canmodifyadmins);
Step 2.
look for:
PHP Code:
// ###################### Start edit #######################
if ($action=="edit") {
$user=$DB_site->query_first("SELECT *,FROM_UNIXTIME(joindate) AS joindate,FROM_UNIXTIME(lastvisit) AS lastvisit,FROM_UNIXTIME(lastactivity) AS lastactivity,FROM_UNIXTIME(lastpost) AS lastpost,
avatar.avatarpath,NOT ISNULL(customavatar.avatardata) AS hascustomavatar
FROM user
LEFT JOIN avatar ON avatar.avatarid=user.avatarid
LEFT JOIN customavatar ON customavatar.userid=user.userid
WHERE user.userid=$userid");
Below that add the following:
PHP Code:
if ($user[usergroupid]!=6 or $bbuserinfo[userid]==$user[userid] or checklogperms($canmodifyadmins,1,"<p>Admins are not allowed to edit other admins.</p>")) {
Step 3.
Look For:
PHP Code:
// ###################### Start do update #######################
Above that add the following:
PHP Code:
}
Save that file and open /admin/config.php
Look for:
PHP Code:
?>
Above that add the following:
PHP Code:
$canmodifyadmins = "192";
you can allow others as well by seperating their user id with a comma.
ex.
PHP Code:
$canmodifyadmins = "192,23,22";
That should do it. Lemme know if you have any problems.
[SIZE=3]This is now updated, should be fully operational!
Show Your Support
This modification may not be copied, reproduced or published elsewhere without author's permission.
Originally posted by Arathorn Great hack! Installed it, no problems. But can it be set to allow admins to change their own profiles in the admin cp?
ok for this, instead of
PHP Code:
if ($user[usergroupid]!=6 or checklogperms($canmodifyadmins,1,"<p>Admins are not allowed to edit other admins.</p>")) {
you should add this:
PHP Code:
if ($user[usergroupid]!=6 or $bbuserinfo[userid]==$user[userid] or checklogperms($canmodifyadmins,1,"<p>Admins are not allowed to edit other admins.</p>")) {
This works for co-admins trying to edit Admins, but what about making work on all users and groups (i.e., co-admins should not be able to modify any users/groups)
Originally posted by Renegade This works for co-admins trying to edit Admins, but what about making work on all users and groups (i.e., co-admins should not be able to modify any users/groups)
thx
ReN
if you dont want admins to edit other users, why do you give them access to admin panel? to access the templates and edit them? well if they want to make something bad, they can do it everywhere in admin panel, no need to restrict the access about modifying the users..
Details »»
About Developer
Visit Web Site
No support by the author.
01-16-2002, 09:08 PM
It works great now.
