Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 2.x > vBulletin 2.x Full Releases
Reload this Page Only original admin can modify users in administrator usergroup.
FAQ Community Calendar Today's Posts Search

Reply
Page 1 of 4 1 23 Last »
 
Thread Tools
Details »»

Version: 1.00, by pHaez pHaez is offline
Developer Last Online: Sep 2003 Show Printable Version Email this Page
Version: 2.2.x Rating:
Released: 01-12-2002 Last Update: Never Installs: 33
 
No support by the author.

I find that if you have more that 1 admin, it is kinda a uncomfortable feeling to know that they have the power to modify your user information as well as other admins. They can change your status from administrator to just a registered user, as well as others, and take over the board. This can prevent it.

Security is a touchy area, and this is not proven to be 100% secure, so I will not take responsibility for any problems this hack may cause.

In /admin/user.php you need to do the following:

Step 1.
Look for:
PHP Code:
error_reporting(7); 
Below that add:
PHP Code:
unset($canmodifyadmins); 
Step 2.
look for:
PHP Code:
// ###################### Start edit #######################
if ($action=="edit") {
  $user=$DB_site->query_first("SELECT *,FROM_UNIXTIME(joindate) AS joindate,FROM_UNIXTIME(lastvisit) AS lastvisit,FROM_UNIXTIME(lastactivity) AS lastactivity,FROM_UNIXTIME(lastpost) AS lastpost,
                               avatar.avatarpath,NOT ISNULL(customavatar.avatardata) AS hascustomavatar
                               FROM user
                               LEFT JOIN avatar ON avatar.avatarid=user.avatarid
                               LEFT JOIN customavatar ON customavatar.userid=user.userid
                               WHERE user.userid=$userid"); 
Below that add the following:
PHP Code:
if ($user[usergroupid]!=or $bbuserinfo[userid]==$user[userid] or checklogperms($canmodifyadmins,1,"<p>Admins are not allowed to edit other admins.</p>")) { 


Step 3.
Look For:
PHP Code:
// ###################### Start do update ####################### 
Above that add the following:
PHP Code:
Save that file and open /admin/config.php

Look for:
PHP Code:
?> 
Above that add the following:
PHP Code:
$canmodifyadmins "192"
you can allow others as well by seperating their user id with a comma.
ex.
PHP Code:
$canmodifyadmins "192,23,22"
That should do it. Lemme know if you have any problems.

[SIZE=3]This is now updated, should be fully operational!

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #2  
Old 01-13-2002, 09:31 PM
TELEK's Avatar
TELEK TELEK is offline
 
Join Date: Jan 2002
Location: Lancaster, CA
Posts: 33
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
hmm... looks good. I want to try it. But I don't want to be the first. if anybody else tries this, tell me if it works.

I already had one admin delete another admin because he was teasing him. That wasn't good.
Reply With Quote
  #3  
Old 01-13-2002, 11:22 PM
nafae's Avatar
nafae nafae is offline
 
Join Date: Nov 2001
Posts: 240
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Behind the forums: true stories of ADMIN WAREFARE!~
Reply With Quote
  #4  
Old 01-13-2002, 11:31 PM
Mark Hensler's Avatar
Mark Hensler Mark Hensler is offline
 
Join Date: Oct 2001
Location: California
Posts: 205
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
lol@nafae

Sounds like you need to screen your admins better, TELEK.
Reply With Quote
  #5  
Old 01-13-2002, 11:47 PM
GeorgeofCS's Avatar
GeorgeofCS GeorgeofCS is offline
 
Join Date: Oct 2001
Posts: 100
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I tried to install it and it doesn't appear to work.

Just gives me a blank page
Reply With Quote
  #6  
Old 01-14-2002, 12:02 AM
pHaez pHaez is offline
 
Join Date: Jan 2002
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
hrm, it should work fine, i would try again. If you still can't get it, we need to work out a way to contact each other. It works perfect here.
Reply With Quote
  #7  
Old 01-14-2002, 03:39 PM
StarBuG's Avatar
StarBuG StarBuG is offline
 
Join Date: Dec 2001
Location: Germany
Posts: 1,033
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I installed it too on my webserver and have the same Problem!

I get a blank page if I try to edit any user!
I also set: $canmodifyadmins = "1"; cause?my user id is 1

Any suggestions??

Maybe you forgott to parse a peace of code here???

Greetings

StarBuG
Reply With Quote
  #8  
Old 01-14-2002, 03:51 PM
pHaez pHaez is offline
 
Join Date: Jan 2002
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
its a possibility, lemme look it over again. I know it works here on mine, so it must have something missing.
Reply With Quote
  #9  
Old 01-14-2002, 03:59 PM
pHaez pHaez is offline
 
Join Date: Jan 2002
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
The first step should look like:
PHP Code:
<?php
error_reporting(7);
// admin hack
unset($canmodifyadmins);
// end admin hack
require("./global.php");

adminlog(iif($userid!=0,"user id = $userid",""));
The Second step should look like:
PHP Code:
if ($action=="edit") {
  $user=$DB_site->query_first("SELECT *,FROM_UNIXTIME(joindate) AS joindate,FROM_UNIXTIME(lastvisit) AS lastvisit,FROM_UNIXTIME(lastactivity) AS lastactivity,FROM_UNIXTIME(lastpost) AS lastpost,
                               avatar.avatarpath,NOT ISNULL(customavatar.avatardata) AS hascustomavatar
                               FROM user
                               LEFT JOIN avatar ON avatar.avatarid=user.avatarid
                               LEFT JOIN customavatar ON customavatar.userid=user.userid
                               WHERE user.userid=$userid");
// admin hack
if ($user[usergroupid]==&& checklogperms($canmodifyadmins,0,"<p>You are not allowed to edit other admins.</p>")) {
// end admin hack
  if ($user[coppauser]==1) { 
Third Step should look like:
PHP Code:
  doformfooter("Save Changes");

  }
// admin hack
}
// end admin hack
// ###################### Start do update ####################### 

The config.php change should look like:
PHP Code:
// admin hack
$canmodifyadmins "192";
// end admin hack
?> 
Maybe that will help you better understand the changes?
Reply With Quote
  #10  
Old 01-14-2002, 04:35 PM
StarBuG's Avatar
StarBuG StarBuG is offline
 
Join Date: Dec 2001
Location: Germany
Posts: 1,033
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I have made the changes and I?m not a newbie!

I think 3 steps are not heavy to implement!

But it doesn?t work!

I use 2.2.1g!

Maybe this is the Problem!?

AND: The error occours not only if I try to edit an admin also normal users are not displayed!
ONLY blank Page

So the error must be in:
PHP Code:
// admin hack
  if ($user[usergroupid]==&& checklogperms($canmodifyadmins,0,"<p>You are not allowed to edit other admins.</p>")) {
 // end admin hack 
Greetings

StarBuG
Reply With Quote
Reply
Page 1 of 4 1 23 Last »

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 09:45 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07793 seconds
  • Memory Usage 2,320KB
  • Queries Executed 23 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (14)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (9)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete