I know I made a topic for this a while ago, but things have changed enough, that I decided to just start a new topic.
A long time ago, I decided to make a script for people who needed to administrate themselves, if they lost their main account, or for some reason it was un-administered..
I decided it was finally time to update it, so here it is.
Here are the features I worked in to this version.
- Works on all themes
- Follows forums width
- Validates session
- Pushes guests to a login form
- Error notifications
- Success notification
- Uses a "language" function, for easy translation
- Separates Source from Display
- Redirects Administrators
Note: This does not work on XAMPP if you don't have a password setup, sorry Ha
2. :P
Right now, it only will work with the SMF 2.0 series, and has validation to stop it from being run on SMF 1.1x series.
Although I wrote this version with the mindset of eventually backporting it to 1.1x.
Screenshots and zip attached.
To use, simply download "administrate.php" and upload it to the same directory as your forums SSI.php, then visit in your browser.
Enjoy,
Labradoodle-360
Just to double check, does this check to see if the account was at one time an admin? How would it prevent a would be hacker from gaining access? Or is it like install.php, intended to be removed after use?
It requires the database password, which it checks for.
Ah kk. Sounds like a pretty good deal. Lab you come up with some pretty good stuff. :) maybe i can get you to check my site out and me some thoughts, maybe we can put our heads together on something sometime.
Sure, feel free to shoot me a pm.
Moved to Tips and Tricks (http://www.simplemachines.org/community/index.php?board=72.0) :)
Useful for people who don't have an emergency admin account, I'd imagine. :)
Always the first thing I do, when I start a forum, that.
Make myself another admin account.
Hmmm... Thinking about it, I might just suggest that as a future feature. :)
I'd actually discourage having more admin accounts than necessary... no point in having two separate accounts that can be brute-forced, it's more points of failure.
There's no need to with this script :P All you have to do is know the database password.
Fairy nuff! :)
I've always wonder why SMF let administrators delete their own account, I mean, all permissions shouldn't always mean ALL permissions.
Quote from: DoctorMalboro on March 09, 2011, 05:24:18 PM
I've always wonder why SMF let administrators delete their own account, I mean, all permissions shouldn't always mean ALL permissions.
Lol, good point.
And nice script. Might use it when I am being stupid again and I remove my admin rights (again :P).
This might sound quite contradicting to the purpose of this script, but during development of 1.0, I made a script called "unadministrate.php" which actually does the opposite of this, except it was very crude, with no validation whatsoever. :P
I would call it "New admin account for morons", but it would be to harsh :P
Hi...
I forgot my Administrator password. I tried to upload administrate.php file as instructed above but I could not get to the "Administrate Yourself" page...
Can someone help me please...
Thanks,
ysNoi
Administrate Yourself does not recover an admin password.
It would allow you to create a new account, and then run this file, to make that account an administrator however.
Sound a good idea to use. In cause it something happen like this.
Nice job. I think it should be integrated with repair_settings.php. But standalone is also nice.
I personally prefer it standalone, although in my opinion repair_settings.php needs a re-write too. So you never know.
Maybe combine a bunch of scripts together into a new section and name it "tools.php" or something.
If I were to re-write this, I would allow you to also create a new account, I saw somewhere that was the case for some, that they couldn't even create a new account, it'd be simple to add too.
Indeed. Creating a new account is also important especially with your tricks. I can't imagine how they're going to use this trick when they don't have a user account and can't create a new one.
I really think that SMF should create a protection to all admin account where it either cannot be deleted at all or can be deleted only by superadmin (preferably only one superadmin user and prerably only user #1 to avoid conflict).
It somewhat does, you cannot delete the Administrator if it's the only admin account, so really, there has to be one base admin.
When this happen? I can just log into the cpanel and upload the file. whatever this topic said to do?
What do you mean? Not a very clear post.
Quote from: Shadow Queen on September 13, 2011, 02:11:28 PM
When this happen? I can just log into the cpanel and upload the file. whatever this topic said to do?
Quote from: Shadow Queen on September 13, 2011, 02:11:28 PM
When this happen? I can just log into the cpanel and upload the file. whatever this topic said to do?
Labradoodle-360 is always precise when explaining something.... ;D Read the first post again
I mean when this happen to the main account holder of the forum. You just upload the file to the same place as the SSI.php file?
Sorry, It's was my faulth about the unclear post I made :)
When anyone who has the database password needs their account administrated, they can use this file in the same directory as SSI.php.
Oh ok.
When that happen I just do what I needed to do.
And the main account holder become admin.
Neat tick
Good Job I learn it :D
Sorry to bump this old topic but I wanted to say thank you to Labradoodle-360 for this script. I learned a few things simply by reading the code.
No problem, and wow, I take that as a big compliment from you, thank you for the kind words! :)
Quote from: Labradoodle-360 on August 11, 2012, 01:09:33 PM
No problem, and wow, I take that as a big compliment from you, thank you for the kind words! :)
You are very welcome :)
REally sorry to bump this after so long, but I've read this and not being a super-whizz with the tech stuff, I wanted to ask a question:
Does this trick only work once administration rights have been removed/lost?
I have uploaded it to the correct directory (same as SSI.php) but nothing happened. So I wondered if I don't actually install it unless I already lost admin rights?
Sorry again for the idiot question and bump.
Not a problem. This is in case you lose your administration rights. It just modifies your id_group in the database automatically for you.
Ok many thanks for that. I will delete until it might be needed.
Really wish SMF would auto-protect #1 member, but hey-ho.
Protect it against what, exactly? SMF won't let you remove group 1 from any member unless the person doing it is also in group 1, and it won't let you remove group 1 from a user if that user is the only group 1 user. What's left to protect?
On the other hand, what happens if you leave the forum and sell it on? If user 1 is auto protected, that option becomes impossible.