2015-08-17, 02:50 PM
Newly-installed myBB 1.8.5, PHP 5.3.24, GoDaddy Linux server.
I want to prevent one group of members from accessing the lost-password functions. Many users have the same username and password. Any one of them can reset the password and break the system for the rest of them. The email with the new password will go to a useless address and I will have to restore the old password as admin.
The site serves a club with about 400 members. I created a group called "ReadOnly" which can read some forums but can't post or change anything. There is only one user in that group. All club members will have that username and password. This is so we can make documents easily available with some privacy. I did it this way instead of with a password-protected web page so club officers (with their own logins) can post without going through me. I have tested logging in simultaneously with the same username from two computers with different ip's and have found no problem except this one.
I temporarily solved the problem by commenting out several code blocks in member.php where I found "lostpw". The link still shows on the login page but now it takes you to a blank page. I'd like to gracefully refuse that function for the ReadOnly group and leave it for others. Any ideas?
I want to prevent one group of members from accessing the lost-password functions. Many users have the same username and password. Any one of them can reset the password and break the system for the rest of them. The email with the new password will go to a useless address and I will have to restore the old password as admin.
The site serves a club with about 400 members. I created a group called "ReadOnly" which can read some forums but can't post or change anything. There is only one user in that group. All club members will have that username and password. This is so we can make documents easily available with some privacy. I did it this way instead of with a password-protected web page so club officers (with their own logins) can post without going through me. I have tested logging in simultaneously with the same username from two computers with different ip's and have found no problem except this one.
I temporarily solved the problem by commenting out several code blocks in member.php where I found "lostpw". The link still shows on the login page but now it takes you to a blank page. I'd like to gracefully refuse that function for the ReadOnly group and leave it for others. Any ideas?