MyBB Community Forums

Hi,

I thought about this for many days but no effect.
Well, here is my idea:

We already knew that MyBB use the database user which registered inside config.php for actions with our board.

But I thought it's not necessary while we use the user with full permissions for the board. The user with full permissions (create, alter, drop...) being used when we install/active plugin or do stuff inside mybb admin only, right?

So why we not use a normal user for the forums (has SELECT permission only) ? And use the full user for the admin cp ?

Is my idead possible to do? And if yes so is there any way to split two user (like 2-dimension array for database user) in MyBB ?

Comment is appreciated. Thanks for reading.


Ps: Sorry for my fool english I'm not English-speaker

With the code edits, you could probably achieve this. Will post more in the morning (1am where I am).

just edit your inc/config.php

after

$config['database']['username'] = 'user';
$config['database']['password'] = 'password';

insert

if(defined("IN_ADMINCP") || defined("IN_INSTALL") || defined("IN_TASK"))
{
    $config['database']['username'] = 'fulluser';
    $config['database']['password'] = 'fullpassword';
}

That way any code that runs in the Admin CP would use fulluser instead of user to access the database. I also added IN_INSTALL as the updater in /install/ may need alter permissions also, same with IN_TASK for tasks like checktables.

That's exactly what I was going to say. Thanks for saving me the typing, frostschutz!

Dear guys,

Could you tell me what statement the forums need ? Only the SELECT, or something else ? And with the AdminCP, too.

I'm quite new to MyBB.

Thanks for your replies.

See the advanced debug page - you'll see a range of queries being executed from INSERTs to UPDATEs, and even DELETEs.

You will notice when something is missing as it will cause ugly error messages.

The forum needs (at the very least) delete, insert, select, update.

Admin CP also needs create, drop, show_view, alter.

I hope that's everything - you will find out one way or another.

(2013-07-15, 09:32 AM)frostschutz Wrote: [ -> ]just edit your inc/config.php

after

$config['database']['username'] = 'user';
$config['database']['password'] = 'password';

insert

if(defined("IN_ADMINCP") || defined("IN_INSTALL") || defined("IN_TASK"))
{
    $config['database']['username'] = 'fulluser';
    $config['database']['password'] = 'fullpassword';
}

I thought the code should be:

if(defined("IN_ADMINCP") || defined("IN_INSTALL") || defined("IN_TASK"))
{
    $config['database']['username'] = 'fulluser';
    $config['database']['password'] = 'fullpassword';
} else {
$config['database']['username'] = 'user';
$config['database']['password'] = 'password';
}

Either one is fine.

More efficient the first way just overwriting without the else condition I'd say.