Allow undeleteable user to modify / edit / delete themself

Requested here: https://vborg.vbsupport.ru/showthread.php?t=62395

This hack allows whoever is in the $undeletableusers variable (users who cannot be edited/deleted) to be able to edit/delete themselves, meaning that only the protected user can modify themselves but no one else can modify/delete them.

Instructions

Open admincp/moderater.php and find

PHP Code:

            if (!in_array($userinfo['userid'], $noalter)) 


Replace with

PHP Code:

            if (!in_array($userinfo['userid'], $noalter) or $bbuserinfo['userid'] != $userinfo['userid']) 


Open admincp/user.php and find

PHP Code:

    if (in_array($userid, $nodelete)) 


Replace with

PHP Code:

    if (in_array($userid, $nodelete) and $bbuserinfo['userid'] != $userid) 


Find

PHP Code:

    if (!empty($noalter[0]) AND in_array($userid, $noalter)) 


Replace with

PHP Code:

    if (!empty($noalter[0]) AND in_array($userid, $noalter) and $bbuserinfo[userid] != $userid) 


Open admincp/usertools.php and find

PHP Code:

    if (!empty($noalter[0]) AND (in_array($sourceinfo['userid'], $noalter) OR in_array($destinfo['userid'], $noalter))) 


Replace with

PHP Code:

    if (!empty($noalter[0]) AND (in_array($sourceinfo['userid'], $noalter) OR in_array($destinfo['userid'], $noalter)) and $bbuserinfo[userid] != $sourceinfo[userid] and $bbuserinfo[userid] != $destinfo[userid]) 


Open modcp/user.php and find ALL SIX (6) instances of the following code

PHP Code:

    if (!empty($noalter[0]) AND in_array($userid, $noalter)) 


Replace ALL 6 INSTANCES WITH

PHP Code:

    if (!empty($noalter[0]) AND in_array($userid, $noalter) and $bbuserinfo[userid] != $userid) 


There, all done!

[JustAskJulie]

But if you can't edit the admin account and someone else breaks into it, how do you ever change the password once it's been comprimised to re-establish security?

[msimplay]

taking everything into account i've never given my password out
and if they have access to everything else they can still do just as much damage to the forums
ie delete all posts

[Bryan Ex]

This is so close to what I've been looking for Gary. I need something similar to this that will allow regular members to delete their own accounts from the usercp.

[Megareus Rex]

When i use find to try and find the code in the admincp/moderator.php, it cant find it, but because there's two ) on the end of it.

And, when i upload the admincp/moderator.php to my forum, it prvents me from using its other functions, such as Forum Manager>Show all moderators and Forum Manager>Add moderator.

Any thoughts on why? I know for a fact i edited it correctly (the hack itself worked)

[Bison]

Quote:

Originally Posted by Boofo

Sure, if you know how to program one or who to ask for it. What about the newbie? What is he supposed to do when this backfires on him?

Maybe you should put a warning on the hack so you don't get the backlash something like this could cause.

'Nuff said. I'll leave it alone now.

Boofo, You drink too much coffee man!

That's why they're backups ... and thank goodness for phpMyAdmin! :ermm:

[Boofo]

Quote:

Originally Posted by Bison

Boofo, You drink too much coffee man!

That's why they're backups ... and thank goodness for phpMyAdmin! :ermm:

But you should never be forced to use that approach.

[Oblivion Knight]

If you have the additional layer of security on your Admin CP such as .htaccess, then I really can't see the problem of uneditable/undeleteable users being able to edit or delete themselves personally..

What about if you had more than one user defined in that variable? Would they all be able to edit/delete each other or only themselves? This is my biggest concern..

[Megareus Rex]

Umm...anyone care to answer my above question?