Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RavenNuke(tm) v2.5x
Author Message
rebelt
Worker
Worker



Joined: May 07, 2006
Posts: 172

PostPosted: Fri Sep 07, 2012 10:06 am Reply with quote

Had a message from a superuser admin.
Quote:
I cannot change my password. Every time I go Admin-Users-Admin I get ip blocked. I have now protected my ip from being blocked, if i go Users-Admin I now get Access Denied.

Image

Could anyone help with this please.

_________________
I wish I knew what I was doing LOL 
View user's profile Send private message Visit poster's website
neralex
Site Admin



Joined: Aug 22, 2007
Posts: 1537

PostPosted: Fri Sep 07, 2012 10:52 am Reply with quote

Only the god admin user can modify other admin accounts.


Last edited by neralex on Fri Sep 07, 2012 4:15 pm; edited 1 time in total 
View user's profile Send private message
rebelt







PostPosted: Fri Sep 07, 2012 12:39 pm Reply with quote

I thought they could modify their own account though. Is that not the case then?
 
rebelt







PostPosted: Mon Sep 10, 2012 9:10 am Reply with quote

Just a bump really. Very Happy

So can a superuser change their own password or not?

Thanks

Edit: worked out the other question so removed it.
 
neralex







PostPosted: Mon Sep 10, 2012 9:43 am Reply with quote

Its a simple answer: no. Smile

Only the god admin user can modify admin accounts. That is the reason why get the message: "Access Denied". Try it self...


Last edited by neralex on Mon Sep 10, 2012 9:48 am; edited 1 time in total 
rebelt







PostPosted: Mon Sep 10, 2012 9:47 am Reply with quote

Thanks.

I recommended he changed his password every now and then, now I'll have to tell him he can't.

Seems strange a user can change their password but an admin can't though.
 
neralex







PostPosted: Mon Sep 10, 2012 9:54 am Reply with quote

Its not strange - this is best solution. Remember, the admin pw is the AUTH in the .staccess file and only you as god admin can write the .staccess. Admins should always be administered by only an account. Everything else is in my eyes a security risk.


Last edited by neralex on Mon Sep 10, 2012 9:59 am; edited 2 times in total 
rebelt







PostPosted: Mon Sep 10, 2012 9:56 am Reply with quote

Fair enough.

Thanks again
 
fkelly
Former Moderator in Good Standing



Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Mon Sep 10, 2012 3:23 pm Reply with quote

Anyone with PHPmyadmin access can change any password, anytime for anyone.
 
View user's profile Send private message Visit poster's website
neralex







PostPosted: Mon Sep 10, 2012 4:05 pm Reply with quote

Anyone with PHPmyadmin access can change the md5 hash, he must decrypt the PW to get it but if anyone has access to PHPmyadmin, then he has a god-admin user and don't need the PHPmyadmin access for changing a super-user PW but a super-user without a PHPmyadmin access needs anyone with a god-admin user to change the own PW. This is an fact, too! Smile
 
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Sun Sep 16, 2012 9:04 am Reply with quote

These are good points that you bring up. Just to clarify a bit though, there are up to two passwords associated with an Admin: 1) admin.php login, which is what gets stored in the core *Nuke DB table, and 2) if enabled, the .staccess protection of admin.php file itself (really an Apache provided protection).

For 1), I do find it odd that one cannot change their password. Maybe that should be allowed and brought in as a feature.

However, for 2), this is more of a site owner/operator decision point on whether access to admin.php should be changed and it is separate from 1) and managed and stored in a NukeSentinel(tm) table. This one needs to be managed still, in my opinion, by the site owner/operator, otherwise known as the "God" admin.

Thoughts?

_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RavenNuke(tm) v2.5x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©