News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

[Trick] Administrate Yourself

Started by Matthew K., March 09, 2011, 02:01:05 AM

Previous topic - Next topic

Matthew K.

I know I made a topic for this a while ago, but things have changed enough, that I decided to just start a new topic.

A long time ago, I decided to make a script for people who needed to administrate themselves, if they lost their main account, or for some reason it was un-administered..

I decided it was finally time to update it, so here it is.

Here are the features I worked in to this version.

  • Works on all themes
  • Follows forums width
  • Validates session
  • Pushes guests to a login form
  • Error notifications
  • Success notification
  • Uses a "language" function, for easy translation
  • Separates Source from Display
  • Redirects Administrators

Note: This does not work on XAMPP if you don't have a password setup, sorry Ha2. :P

Right now, it only will work with the SMF 2.0 series, and has validation to stop it from being run on SMF 1.1x series.

Although I wrote this version with the mindset of eventually backporting it to 1.1x.

Screenshots and zip attached.

To use, simply download "administrate.php" and upload it to the same directory as your forums SSI.php, then visit in your browser.

Enjoy,
Labradoodle-360

texasman1979

Just to double check, does this check to see if the account was at one time an admin? How would it prevent a would be hacker from gaining access? Or is it like install.php, intended to be removed after use?
SMF 2.0.4
SimplePortal 2.3.5

LOGIC is a FOUR letter word! :)


Arantor

It requires the database password, which it checks for.
Holder of controversial views, all of which my own.


texasman1979

Ah kk. Sounds like a pretty good deal. Lab you come up with some pretty good stuff. :) maybe i can get you to check my site out and me some thoughts, maybe we can put our heads together on something sometime.
SMF 2.0.4
SimplePortal 2.3.5

LOGIC is a FOUR letter word! :)


Matthew K.

#4
Sure, feel free to shoot me a pm.

Moved to Tips and Tricks :)

kat

Useful for people who don't have an emergency admin account, I'd imagine. :)

Always the first thing I do, when I start a forum, that.

Make myself another admin account.

Hmmm... Thinking about it, I might just suggest that as a future feature. :)

Arantor

I'd actually discourage having more admin accounts than necessary... no point in having two separate accounts that can be brute-forced, it's more points of failure.
Holder of controversial views, all of which my own.


Matthew K.

There's no need to with this script :P All you have to do is know the database password.


DoctorMalboro

I've always wonder why SMF let administrators delete their own account, I mean, all permissions shouldn't always mean ALL permissions.

NanoSector

Quote from: DoctorMalboro on March 09, 2011, 05:24:18 PM
I've always wonder why SMF let administrators delete their own account, I mean, all permissions shouldn't always mean ALL permissions.
Lol, good point.

And nice script. Might use it when I am being stupid again and I remove my admin rights (again :P).
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

Matthew K.

This might sound quite contradicting to the purpose of this script, but during development of 1.0, I made a script called "unadministrate.php" which actually does the opposite of this, except it was very crude, with no validation whatsoever. :P

DoctorMalboro

I would call it "New admin account for morons", but it would be to harsh :P

ysNoi

Hi...

I forgot my Administrator password. I tried to upload administrate.php file as instructed above but I could not get to the "Administrate Yourself" page...
Can someone help me please...

Thanks,
ysNoi
"Don't fix it if it ain't broken, don't break it if you can't fix it."

Matthew K.

Administrate Yourself does not recover an admin password.

It would allow you to create a new account, and then run this file, to make that account an administrator however.

Shadow Queen

Sound a good idea to use.  In cause it something happen like this.

Hj Ahmad Rasyid Hj Ismail

Nice job. I think it should be integrated with repair_settings.php. But standalone is also nice.

Matthew K.

I personally prefer it standalone, although in my opinion repair_settings.php needs a re-write too. So you never know.

Maybe combine a bunch of scripts together into a new section and name it "tools.php" or something.

If I were to re-write this, I would allow you to also create a new account, I saw somewhere that was the case for some, that they couldn't even create a new account, it'd be simple to add too.

Hj Ahmad Rasyid Hj Ismail

Indeed. Creating a new account is also important especially with your tricks. I can't imagine how they're going to use this trick when they don't have a user account and can't create a new one.

I really think that SMF should create a protection to all admin account where it either cannot be deleted at all or can be deleted only by superadmin (preferably only one superadmin user and prerably only user #1 to avoid conflict).

Matthew K.

It somewhat does, you cannot delete the Administrator if it's the only admin account, so really, there has to be one base admin.

Advertisement: