PDA

View Full Version : Administrative and Maintenance Tools - Member's area in the admin cp.


Brad
23 Oct 2006, 08:15
This simple addition adds links to many areas of the vBulletin.com member's area right in your admin control panel. With this installed you can;

- Download vBulletin and Impex
- Browse the vBulletin user Manual
- Browse the vBulletin API documentation
- Send support tickets
- Browse the vBulletin.com message board
- View the Change logs

All from the admin control panel.

The new links will appear below the vBoptions table. An admin account will require access to the vBoptions before the new menu will appear. Although there is no issue with other admins begin able to view the pages (they can't unless they have the username/password for the member's area) there is really no reason for them to see such links. Instead of adding new admin permissions (I'm lazy) I just used the one already in place for vBoptions, as the 'main' admin (read: license owner) will likely have permission to use that anyway. ;)

To install upload the attached file to the following directory on your web-server; /home/webroot/vbulletin/includes/xml

Ev!L ErN!E
23 Oct 2006, 08:18
Attached file?

Brad
23 Oct 2006, 08:22
You're quick, and it's there now. ;)

KingPuyol
23 Oct 2006, 10:13
Oh man!!

I swear I wanted to make that hack..
I was 70% finished :(

TTG
23 Oct 2006, 10:33
Very useful .. thanks Brad
Clicked install

Snake
23 Oct 2006, 13:16
Thanks man!

itsatonline
23 Oct 2006, 18:00
thanks !
please help for permission config.php ?
666 ? 777 ? 555 ?

voteforbird
23 Oct 2006, 18:04
I'm getting an "invalid file" error upon upload.

ChavMagnet
23 Oct 2006, 19:00
Brilliant idea Install thanks alot .

Danny.VBT
23 Oct 2006, 21:25
Oh very nice to have contained via the AdminCP. :

bashy
24 Oct 2006, 01:03
41 downloads and only 15 installs lol...

Cheers m8 will install this now :)

Antivirus
24 Oct 2006, 03:21
sweet!

Floris
24 Oct 2006, 11:51
Instead of new admin permissions, why not limit this to the super admin only?

Another suggestion is to include a link to the security patches download area. Not something jelsoft fully promotes, but it is there and might be handy ;) http://members.vbulletin.com/patches.php

Biek
27 Oct 2006, 10:06
I love these little snippets that make life easier. Thanks!

phill2003
29 Oct 2006, 15:40
So let me get this straight, If i install this and someone manages to steal my password somehow or hacks the server that my site is on and changes my password then goes and logs into the admin section as me, Then they have free rain in the vbulletin members area to download anything on offer and bog off and pirate it to their hearts content :)

Hmm that's the way it reads to me, think i will give it a miss can't see why i would need to download from the vb members area from inside my board anyway.

But well done i presume some people will think this is a great addition.

Brad
29 Oct 2006, 16:32
If i install this and someone manages to steal my password somehow or hacks the server that my site is on and changes my password then goes and logs into the admin section as me, Then they have free rain in the vbulletin members area to download anything on offer and bog off and pirate it to their hearts content

No.

The only way anyone can get into the member's area is finding out your customer number and password. This modification never asks for such things, it just loads the member's area inside the admincp iframe.

It's no less secure then going directly to the member's area with your webbrowser.

Luggruff
08 Nov 2006, 18:43
No.

The only way anyone can get into the member's area is finding out your customer number and password. This modification never asks for such things, it just loads the member's area inside the admincp iframe.

It's no less secure then going directly to the member's area with your webbrowser.

Now you just said that it automaticly fills in the customer number and password, and then you said that they won't get access to the members area if they gain access to the adminCP.. did you not? Yes.

Instead of adding new admin permissions (I'm lazy) I just used the one already in place for vBoptions, as the 'main' admin (read: license owner) will likely have permission to use that anyway.

And if I'm the licence owner, and not userID #1 (as I presume you mean by that).. then what?

Listen to floris and make it a superadmin permission.

vbreal
13 Nov 2006, 21:50
thanks

Brad
17 Nov 2006, 17:06
Now you just said that it automaticly fills in the customer number and password, and then you said that they won't get access to the members area if they gain access to the adminCP.. did you not? Yes.



And if I'm the licence owner, and not userID #1 (as I presume you mean by that).. then what?

Listen to floris and make it a superadmin permission.
The permissions do nothing but hide the link. I rarely if ever log-in as super admin so this would be useless to me if I had done it that way. If you want it super admin only you'll have to do that part for yourself.

You seem confused here so allow me to explain;

All this does is link you to the member's area. This hack does not remember your username and password for the member's area, it does not automatically log you into the member's area, it does not allow anyone into the member's area that does not know your username and password for it.

In short it's just like typing in the address to the member's area in your web browser and visiting it that way. If you're smart and do not share your log-in details with anyone else you will be fine even if they know the link to the member's area.

Please, don't spread FUD in this thread. I know people may be iffy about linking such a thing from the admin cp and will probably have questions/concerns about it (which I am happy to answer and address).

johnrizz
17 Nov 2006, 21:24
Thanks!

blogtorank
17 Nov 2006, 21:40
If you are worried of someone hacking your forums and getting into the back-end then make your password tougher and only the ability to copy and paste the password to the forums to login only...

Just my thoughts ;)

Passes such as 15 chars strong and having yourself a text file named something other than mypasswords.txt on your computer, laptop and etc, hell name it this-is-for-the-party.txt.. Where all you have to do is copy/paste the passwords. I found this way to be the safest and more reliable way where even having a keylogger on your windowzzzzz machine this will help thwart the idea of you having to type this in.

Passwords as such are pretty nice, especially in critical areas:

pws8fInnTX4GLmo
jx7b5rAR1zpAe85
eauxE7I2lA8sBx7
RJPfm3sGkcjsQMG
QMwF4Ouh4vRbPCJ


Hope this helps anyone out with why they keep getting hacked or worried of being hacked, as it's plain and simple that script kiddies love those dictionary based keywords!! ;)

blogtorank
17 Nov 2006, 21:41
BTW *Installed*!!!

talenak
10 May 2007, 00:56
This is an extra, extra convenient mod. Installed and nominated for MOTM.

txspaderz
30 May 2007, 16:12
Yep, Installed. Thanks!