News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

[Trick] Administrate Yourself

Started by Matthew K., March 09, 2011, 02:01:05 AM

Previous topic - Next topic

Matthew K.

I know I made a topic for this a while ago, but things have changed enough, that I decided to just start a new topic.

A long time ago, I decided to make a script for people who needed to administrate themselves, if they lost their main account, or for some reason it was un-administered..

I decided it was finally time to update it, so here it is.

Here are the features I worked in to this version.

  • Works on all themes
  • Follows forums width
  • Validates session
  • Pushes guests to a login form
  • Error notifications
  • Success notification
  • Uses a "language" function, for easy translation
  • Separates Source from Display
  • Redirects Administrators

Note: This does not work on XAMPP if you don't have a password setup, sorry Ha2. :P

Right now, it only will work with the SMF 2.0 series, and has validation to stop it from being run on SMF 1.1x series.

Although I wrote this version with the mindset of eventually backporting it to 1.1x.

Screenshots and zip attached.

To use, simply download "administrate.php" and upload it to the same directory as your forums SSI.php, then visit in your browser.

Enjoy,
Labradoodle-360

texasman1979

Just to double check, does this check to see if the account was at one time an admin? How would it prevent a would be hacker from gaining access? Or is it like install.php, intended to be removed after use?
SMF 2.0.4
SimplePortal 2.3.5

LOGIC is a FOUR letter word! :)


Arantor

It requires the database password, which it checks for.

texasman1979

Ah kk. Sounds like a pretty good deal. Lab you come up with some pretty good stuff. :) maybe i can get you to check my site out and me some thoughts, maybe we can put our heads together on something sometime.
SMF 2.0.4
SimplePortal 2.3.5

LOGIC is a FOUR letter word! :)


Matthew K.

#4
Sure, feel free to shoot me a pm.

Moved to Tips and Tricks :)

kat

Useful for people who don't have an emergency admin account, I'd imagine. :)

Always the first thing I do, when I start a forum, that.

Make myself another admin account.

Hmmm... Thinking about it, I might just suggest that as a future feature. :)

Arantor

I'd actually discourage having more admin accounts than necessary... no point in having two separate accounts that can be brute-forced, it's more points of failure.

Matthew K.

There's no need to with this script :P All you have to do is know the database password.


DoctorMalboro

I've always wonder why SMF let administrators delete their own account, I mean, all permissions shouldn't always mean ALL permissions.

NanoSector

Quote from: DoctorMalboro on March 09, 2011, 05:24:18 PM
I've always wonder why SMF let administrators delete their own account, I mean, all permissions shouldn't always mean ALL permissions.
Lol, good point.

And nice script. Might use it when I am being stupid again and I remove my admin rights (again :P).
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

Matthew K.

This might sound quite contradicting to the purpose of this script, but during development of 1.0, I made a script called "unadministrate.php" which actually does the opposite of this, except it was very crude, with no validation whatsoever. :P

DoctorMalboro

I would call it "New admin account for morons", but it would be to harsh :P

ysNoi

Hi...

I forgot my Administrator password. I tried to upload administrate.php file as instructed above but I could not get to the "Administrate Yourself" page...
Can someone help me please...

Thanks,
ysNoi
"Don't fix it if it ain't broken, don't break it if you can't fix it."

Matthew K.

Administrate Yourself does not recover an admin password.

It would allow you to create a new account, and then run this file, to make that account an administrator however.

Shadow Queen

Sound a good idea to use.  In cause it something happen like this.

Hj Ahmad Rasyid Hj Ismail

Nice job. I think it should be integrated with repair_settings.php. But standalone is also nice.

Matthew K.

I personally prefer it standalone, although in my opinion repair_settings.php needs a re-write too. So you never know.

Maybe combine a bunch of scripts together into a new section and name it "tools.php" or something.

If I were to re-write this, I would allow you to also create a new account, I saw somewhere that was the case for some, that they couldn't even create a new account, it'd be simple to add too.

Hj Ahmad Rasyid Hj Ismail

Indeed. Creating a new account is also important especially with your tricks. I can't imagine how they're going to use this trick when they don't have a user account and can't create a new one.

I really think that SMF should create a protection to all admin account where it either cannot be deleted at all or can be deleted only by superadmin (preferably only one superadmin user and prerably only user #1 to avoid conflict).

Matthew K.

It somewhat does, you cannot delete the Administrator if it's the only admin account, so really, there has to be one base admin.

Shadow Queen

When this happen? I can just log into the cpanel and upload the file. whatever this topic said to do?

Matthew K.

What do you mean? Not a very clear post.
Quote from: Shadow Queen on September 13, 2011, 02:11:28 PM
When this happen? I can just log into the cpanel and upload the file. whatever this topic said to do?

Branko.

Quote from: Shadow Queen on September 13, 2011, 02:11:28 PM
When this happen? I can just log into the cpanel and upload the file. whatever this topic said to do?
Labradoodle-360 is always precise when explaining something....   ;D  Read the first post again
Strong people don't put others down, they lift them up.
A clever person solves a problem. A wise person avoids it.

Shadow Queen

I mean when this happen to the main account holder of the forum. You just upload the file to the same place as the SSI.php file?

Sorry, It's was my faulth about the unclear post I made :)

Matthew K.

When anyone who has the database password needs their account administrated, they can use this file in the same directory as SSI.php.

Shadow Queen

Oh ok.

When that happen I just do what I needed to do.

And the main account holder become admin.

Neat tick

~Dragon~

Please do not PM or email, Thank respond please post fast to SMF!

cicka

Sorry to bump this old topic but I wanted to say thank you to Labradoodle-360 for this script. I learned a few things simply by reading the code.

Matthew K.

No problem, and wow, I take that as a big compliment from you, thank you for the kind words! :)

cicka

Quote from: Labradoodle-360 on August 11, 2012, 01:09:33 PM
No problem, and wow, I take that as a big compliment from you, thank you for the kind words! :)

You are very welcome :)

DEANO3528

REally sorry to bump this after so long, but I've read this and not being a super-whizz with the tech stuff, I wanted to ask a question:
Does this trick only work once administration rights have been removed/lost?
I have uploaded it to the correct directory (same as SSI.php) but nothing happened. So I wondered if I don't actually install it unless I already lost admin rights?
Sorry again for the idiot question and bump.

Matthew K.

Not a problem. This is in case you lose your administration rights. It just modifies your id_group in the database automatically for you.

DEANO3528

Ok many thanks for that. I will delete until it might be needed.
Really wish SMF would auto-protect #1 member, but hey-ho.

Arantor

Protect it against what, exactly? SMF won't let you remove group 1 from any member unless the person doing it is also in group 1, and it won't let you remove group 1 from a user if that user is the only group 1 user. What's left to protect?

On the other hand, what happens if you leave the forum and sell it on? If user 1 is auto protected, that option becomes impossible.

Advertisement: