You are reading the Drake CMS Official Forums archive, available for historical purposes only.
Drake CMS has been rebranded into Lanius CMS, visit the new Lanius CMS Official Forums if you need support about Lanius CMS or Drake CMS -> Lanius CMS migration.
Help & Support Problem with Admin rights and bad-behaving user
Author
Message:
siedlerchr
Problem with Admin rights and bad-behaving user
15 October 2007 19:26
Anonymous
Hello,
I had the problem, that one user of my drake
page removed my admin rights. I gave him the rights, because
he should help me. So, now, today, without a reason I
couldn't login to the admin interface. We were at least 3
admins, nobody could acces the admin interface. My last
chance was to reinstall drake, the problem was: The last
backup was 3 days ago and in these 3 days I did a lot of
changes!
Are there different possibillities to solve
this problem in future? I don't know if this might happen
again.
So, my request is: To have the root
founder admin (the one who installed drake) and normal
admins. The best thing would be, if the normal admins could
not revoke the admin rights of the root founder admins, to avoid
a revolution...
BTW: My forum has birthday, 1 year!
Regards, Siedlerchr
legolas558
Re: Problem with Admin rights and bad-behaving user
15 October 2007 20:14
Anonymous
Quote:
Hello,
I had the problem, that one user of my drake page removed my
admin rights. I gave him the rights, because he should help
me. So, now, today, without a reason I couldn't login to the
admin interface. We were at least 3 admins, nobody could
acces the admin interface. My last chance was to reinstall
drake, the problem was: The last backup was 3 days ago and
in these 3 days I did a lot of changes!
Are there
different possibillities to solve this problem in future? I don't
know if this might happen again.
So, my request
is: To have the root founder admin (the one who installed
drake) and normal admins. The best thing would be, if
the normal admins could not revoke the admin rights of the root
founder admins, to avoid a revolution...
BTW:
My forum has birthday, 1 year!
Regards, Siedlerchr
before all, please moderate the language here on
the forums! I have changed the subject of the post
you should not have given admin accounts to untrusted
users, you might have given them Manager accounts for example
(and that's documented)
you did not need to
reinstall Drake CMS, you could just modify the database manually
and shift the users to simply registered users
As
you can see there is no new feature request here, because there
are already multiple group policies in Drake CMS (since v0.1!!)
trex1512
Re: Problem with Admin rights and bad-behaving user
15 October 2007 23:43
Anonymous
Bummer Siedlerchr
A lesson learnt...a policy I have
always followed with the old Limbo and Mambo sites, one and only
one Administrator Me...unless I am doing it for somonme else and
am paid for it.
I have found the Manager and Publisher
class of users to be very useful, the Manager in particular gives
an individual a lot of power, about the only thing they can't do
is get at users details or change details..
Good
Luck...
legolas558
Re: Problem with Admin rights and bad-behaving user
16 October 2007 09:26
Anonymous
Quote by trex1512:
about
the only thing they (managers) can't do is get at users details
or change details..
A small correction: I
think that in the current Drake CMS managers can modify users and
add/delete them, except that they cannot modify admin users.
Edit: the users admin component is not accessible to
managers by default, but if you enable it you will have the above
functionality
siedlerchr
Re: Problem with Admin rights and bad-behaving user
16 October 2007 15:55
Anonymous
I'm sorry for my bad language... but I was
argueing a lot about this user...
Where can I edit the
things in the db, I use Gladius DB ?
Are there
any docs about the right management? So, It would be
interesting to see, what a user can do with the rights for
example as a publisher.
Quote:
A small correction: I
think that in the current Drake CMS managers can modify users and
add/delete them, except that they cannot modify admin users.
That seems interesting... I will look.
legolas558
Re: Problem with Admin rights and bad-behaving user
16 October 2007 23:06
Anonymous
Quote:
Where can I edit
the things in the db, I use Gladius DB ?
The DBMS being used does not matter; you could create a custom
PHP script and make it run an SQL query to reduce the bad user to
a simple registered user. But you should also check that he has
not uploaded custom PHP scripts somewhere..otherwise he could do
the same thing!
Quote:
Are there any docs about the right
management? So, It would be interesting to see, what a user
can do with the rights for example as a publisher.
Yes, there are, they are in the documentation.
Best wishes
siedlerchr
Re: Problem with Admin rights and bad-behaving user
17 October 2007 19:36
Anonymous
Quote:
The DBMS being used
does not matter; you could create a custom PHP script and make it
run an SQL query to reduce the bad user to a simple registered
user. But you should also check that he has not uploaded custom
PHP scripts somewhere..otherwise he could do the same thing!
Ok, that seems a possibility, but I have no
idea about php So can you give an example of how to do this? Is it
possible to first check, if the user who uses the script is
registered at the drake page?
BTW: I wanted to
look in the docs, but I can't acces them (look at my bug report
@ sf.net)
Regards and thx for your help Siedlerchr
legolas558
Re: Problem with Admin rights and bad-behaving user
18 October 2007 14:19
Anonymous
Quote:
Quote:
The DBMS being used
does not matter; you could create a custom PHP script and make it
run an SQL query to reduce the bad user to a simple registered
user. But you should also check that he has not uploaded custom
PHP scripts somewhere..otherwise he could do the same thing!
Ok, that seems a possibility, but I have no
idea about php So can you give an example of how to do this? Is it
possible to first check, if the user who uses the script is
registered at the drake page?
I don't understand what
you mean by "drake page", you can use the below script
to reduce all the administrators to registered users and to
upgrade your account to the administrator role: Code:
<?php ##
theone.php ## @author legolas558 ## put this file in
the root Drake CMS directory ## to be called from the
browser typing for example: ## www.example.com/theone.php ## ## this script will reduce all managers and
administrators ## to simple registered users except the one
whose email is specified
// put here the email address
of the user which you want to be admin $admin_email =
'admin@example.com';
require 'core.php';
$conn->Update('#__users', 'gid=1', ' WHERE gid>3 AND
email<>\''.sql_encode($admin_email)."'" ); echo $conn->ErrorMsg().'<br />'; $conn->Update('#__users', 'gid=5', ' WHERE
email=\''.sql_encode($admin_email)."'" ); echo
$conn->ErrorMsg().'<br />';
?>
Quote:
BTW: I wanted to look in the docs, but I
can't acces them (look at my bug report @ sf.net)
Regards and thx for your help Siedlerchr
That's fixed now
siedlerchr
Re: Problem with Admin rights and bad-behaving user
19 October 2007 14:58
Anonymous
OK, thank you very much, that looks good.
trex1512
Re: Problem with Admin rights and bad-behaving user
20 October 2007 11:39
Anonymous
Hi
This would be worth while including in the Docs or
FAQ...what do you think?
Terry
siedlerchr
Re: Problem with Admin rights and bad-behaving user
20 October 2007 19:56
Anonymous
Quote:
Hi
This would be worth while including in the Docs or FAQ...what
do you think?
Terry
Hm, I don't
know... The only possibility is to permit the other drake-user
users the access to the file Manager in drake, so then you can be
sure that only the admin ( who has acces to the FTP Server) can
reset the rights.