Jump to content

second group


Guest Majdi 2.1

Recommended Posts

Posted

please this is an important feature
add search member based on second group
because a hacker can hack admin account pass then change his own account second group to admin
so even if the admin change his pass the hacker will still have access to admin panel
unless admin check all members second group one by one :(

Posted

The follwing is in 2.1 at least.
When you goto manage usergroups you can see how many users are using the different groups, this takes into account any secondary group choices, however when you click the group name to see the users in those groups, secondary group choices don't show up in the list. So it would be nice to see a similar feature as mentioned above.

As for the admin password, unless you give out any information which may lead to a good guess for the password then the only way it can be hacked it by brute force methods. Eitherway, proper password choice will put up another barrier.

Posted

If a person sets the second group to "admin" there seems to be a glitch (or "feature") that doesnt give them root permissions. I dont know if this is just 2.0.0, or my old webserver. If not, then this wouldnt really be a problem then.

But searching based on 2nd member group would be helpful. :thumbsup:

Posted

You can just run this query...

SELECT name FROM ibf_members WHERE mgroup_others LIKE '%4%';



this finds all users with a secondary group of 4.


And group 14, 24, 34, 40, 41, 42, etc. :lol:

Would it be possible to do: WHERE mgroup_others LIKE '%,4,%' OR mgroup_others LIKE '4,%' OR mgroup_others LIKE '%,4' OR mgroup_others = '4'

Would that work?

If a person sets the second group to "admin" there seems to be a glitch (or "feature") that doesnt give them root permissions. I dont know if this is just 2.0.0, or my old webserver. If not, then this wouldnt really be a problem then.

If you're referring to v2.0.x then it wasn't fully implemented. If you're referring to v2.1, then are you meaning that you're making them a root admin via the 2nd group? If so, I would definitely consider that to be a glitch/bug because you can always make a single group to grant ACP access and place that in the secondary group.

However if it's like that, and on purpose, then that's cool, I'd just like to know the reason for it so I'll know.

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...