Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[F] Logged In ACP Users [R] [C-Michael83]
#1
I'm not 100% sure if this is a bug, but it can be confusing at times. Say for example, a regular user tries to log into the AdminCP without the admin permissions. The user will not be logged in, however they will show as an 'Online Admin' on the dashboard.

Steps to reproduce:

1) Create user account without admin CP access.
2) Navigate to AdminCP directory and attempt to log in.
3) Log into ACP as administrator with Admin CP access.
4) Look at the 'Online Admins' area.
good u
#2
This user has been denied support. This user has been denied support.
Yep i just tested it and have the same problem.
Must be a bug. Although i dont see any problems with it other than just being annoying.
#3
In the /admin/index.php file, find around line 97:
	$user = validate_password_from_username($mybb->input['username'], $mybb->input['password']);
	if($user['uid'])
	{
		$query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
		$mybb->user = $db->fetch_array($query);
	}

	if($mybb->user['uid'])
The line:
	if($mybb->user['uid'])
should be:
	if($mybb->user['uid'] && $mybb->usergroup['cancp'] == 1)
Please check and update us
Creativity is a drug I cannot live without.
[Image: 1]Support PM will be ignored
#4
Doesn't appear to work, I get this error:

SQL Error:
    1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') ORDER BY username' at line 1
Query:
    SELECT uid, username FROM MyBB_users WHERE uid IN() ORDER BY username 
good u
#5
EDITED:
Scoutie44, you're right, I'm sorry I'll recheck this.

Thank you for your help!
Creativity is a drug I cannot live without.
[Image: 1]Support PM will be ignored
#6
All I did was change that line.
good u
#7
(03-08-2009, 07:39 PM)dvb Wrote: But I hadn't told you to change anything related to mysql query, you have probably changed something incorrectly, or misused the ACP.

The problematic query being execute in 'admin/modules/home/module_meta.php'
Line 106 :
 			$query = $db->simple_select("users", "uid, username", "uid IN(".implode(',', $uid_in).")", array('order_by' => 'username'));
And you're receiving this error because there is no valid rows in the 'adminsessions' table, this case should never occur...
The '/admin/index.php' will never include 'admin/modules/home/module_meta.php' unless you're a logged in admin and therefore at least one row exists in the 'adminsessions' table.

If you know what are you doing (as I assume) please revert the unneeded changes and test correctly, if you don't, just download a fresh mybb installation to your PC and upload a new clean '/admin/index.php'

Thank you for your help!

No dvb, he just applied your one fix. The issue is that $uid_in is now an empty array because of your change and MySQL doesn't allow blank IN() clauses.
#8
Thank you for your bug report.

This bug has been fixed in our internal code repository. Please note that the problem will not be fixed here until these forums are updated.

With regards,
MyBB Group
#9
Revision #4330

This fix isn't working. In admin/index.php
unset($mybb->user);
$db->delete_query("adminsessions", "uid='".$db->escape_string($mybb->user['uid'])."'");
should be
$db->delete_query("adminsessions", "uid='".$db->escape_string($mybb->user['uid'])."'");
unset($mybb->user);
Greets,
Michael
-------------
[Image: donation_drive_sig.png]
#10
Ryan, I'm assuming you haven't read my PM with the fix from March, 9 ?
(only Ryan G can access it, important parts below)

find...
replace with:
if($mybb->usergroup['cancp'] != 1 || !$mybb->user['uid'])
{
	$db->delete_query("adminsessions", "uid='".intval($mybb->user['uid'])."'");
	my_setcookie("adminsid", "");
	unset($mybb->user);
	$login_message = $lang->error_invalid_admin_session;
}

This fix seems to fix the problem but it's a bit of duplicate since we're adding a row to adminsessions and set a cookie, after that we clean them both...

BTW, line 255:
			$login_message = $lang->invalid_admin_session;
should be:
			$login_message = $lang->error_invalid_admin_session;
Creativity is a drug I cannot live without.
[Image: 1]Support PM will be ignored


Forum Jump:


Users browsing this thread: 1 Guest(s)