Hi,
I think everyone should have access to the login page when the board is offline, so it is easier for Admins to see the board when it is closed.
Thanks!
I agree. On the board offline page, there should be a login form that will only let those who can see the board offline login.
I was able to change the code so it would allow it to view login pages, but the devs say it opens up security vulnorabilities
Hello,
What kind of security risks?
I dont know. They didnt specify
Curious which dev said that, I'll ask around. I'm not too sure which vulnerabilities that would bring with it.
Moving to suggestions.
It was in one of the bug threads. I through the person was wanted what kodaks wanted, so I posted the code change, but I believe, it was you who said that the code change opened up security vulnorabilities. I deleted the post after that, but i'll look around for your post about it
edit: its this thread peter:
http://community.mybboard.net/showthread...631&page=1
It wasn't exactly a security vulnerability, but it would allow non-admins to access the forum even when the board is closed using a URL such as:
http://www.yoursite.com/mybb/showthread....tion=login
I posted a fix on that bug thread, and I would think that this suggestion has already been committed into the code. Peter, maybe you can check, since I don't have SVN access right now.
Edit: Tikitiki, that's a different bug than this. This thread is talking about viewing the login page when the board is closed. The other thread is talking about the lost password/reactivation system when the user does not have permission to view the board.
yea. I realized that after my post, but the point is only admins (and mods?) can view the board when its closed. If the login page could simply be accessible, then the administrator could log in, to view the closed forum. If a normal member logged in then, it would display the error message.