MyBB Community Forums
[F] Logged In ACP Users [R] [C-Michael83] - Printable Version

+- MyBB Community Forums (
+-- Forum: Community Archive (
+--- Forum: Archived Forums (
+---- Forum: Archived Development and Support (
+----- Forum: Archived Bug Reports (
+------ Forum: MyBB 1.4.4 (
+------ Thread: [F] Logged In ACP Users [R] [C-Michael83] (/thread-46326.html)

Pages: 1 2

[F] Logged In ACP Users [R] [C-Michael83] - Scoutie44 - 2009-03-07

I'm not 100% sure if this is a bug, but it can be confusing at times. Say for example, a regular user tries to log into the AdminCP without the admin permissions. The user will not be logged in, however they will show as an 'Online Admin' on the dashboard.

Steps to reproduce:

1) Create user account without admin CP access.
2) Navigate to AdminCP directory and attempt to log in.
3) Log into ACP as administrator with Admin CP access.
4) Look at the 'Online Admins' area.

RE: Logged In ACP Users - DAMINK - 2009-03-08

Yep i just tested it and have the same problem.
Must be a bug. Although i dont see any problems with it other than just being annoying.

RE: Logged In ACP Users [R] - dvb - 2009-03-08

In the /admin/index.php file, find around line 97:
	$user = validate_password_from_username($mybb->input['username'], $mybb->input['password']);
		$query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
		$mybb->user = $db->fetch_array($query);

The line:
should be:
	if($mybb->user['uid'] && $mybb->usergroup['cancp'] == 1)
Please check and update us

RE: Logged In ACP Users [R] - Scoutie44 - 2009-03-08

Doesn't appear to work, I get this error:

SQL Error:
    1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') ORDER BY username' at line 1
    SELECT uid, username FROM MyBB_users WHERE uid IN() ORDER BY username 

RE: Logged In ACP Users [R] - dvb - 2009-03-08

Scoutie44, you're right, I'm sorry I'll recheck this.

Thank you for your help!

RE: Logged In ACP Users [R] - Scoutie44 - 2009-03-08

All I did was change that line.

RE: Logged In ACP Users [R] - Ryan Gordon - 2009-03-08

(2009-03-08, 07:39 PM)dvb Wrote: But I hadn't told you to change anything related to mysql query, you have probably changed something incorrectly, or misused the ACP.

The problematic query being execute in 'admin/modules/home/module_meta.php'
Line 106 :
 			$query = $db->simple_select("users", "uid, username", "uid IN(".implode(',', $uid_in).")", array('order_by' => 'username'));
And you're receiving this error because there is no valid rows in the 'adminsessions' table, this case should never occur...
The '/admin/index.php' will never include 'admin/modules/home/module_meta.php' unless you're a logged in admin and therefore at least one row exists in the 'adminsessions' table.

If you know what are you doing (as I assume) please revert the unneeded changes and test correctly, if you don't, just download a fresh mybb installation to your PC and upload a new clean '/admin/index.php'

Thank you for your help!

No dvb, he just applied your one fix. The issue is that $uid_in is now an empty array because of your change and MySQL doesn't allow blank IN() clauses.

[F] Logged In ACP Users [R] - Ryan Gordon - 2009-03-15

Thank you for your bug report.

This bug has been fixed in our internal code repository. Please note that the problem will not be fixed here until these forums are updated.

With regards,
MyBB Group

RE: [F] Logged In ACP Users [R] - Michael S. - 2009-03-22

Revision #4330

This fix isn't working. In admin/index.php
$db->delete_query("adminsessions", "uid='".$db->escape_string($mybb->user['uid'])."'");
should be
$db->delete_query("adminsessions", "uid='".$db->escape_string($mybb->user['uid'])."'");

RE: [F] Logged In ACP Users [R] [C-Michael83] - dvb - 2009-03-28

Ryan, I'm assuming you haven't read my PM with the fix from March, 9 ?
(only Ryan G can access it, important parts below)

replace with:
if($mybb->usergroup['cancp'] != 1 || !$mybb->user['uid'])
	$db->delete_query("adminsessions", "uid='".intval($mybb->user['uid'])."'");
	my_setcookie("adminsid", "");
	$login_message = $lang->error_invalid_admin_session;

This fix seems to fix the problem but it's a bit of duplicate since we're adding a row to adminsessions and set a cookie, after that we clean them both...

BTW, line 255:
			$login_message = $lang->invalid_admin_session;
should be:
			$login_message = $lang->error_invalid_admin_session;