What is vldPersonals?

vldPersonals is a very easy to use dating/social software. It allows you to create a fully functioning & modern dating website in a matter of minutes. If You think it's too complicated - check vldPersonals!
Know more about how You can become a dating website owner

What is vldCrowd?

vldCrowd.com is the biggest unofficial community of vldPersonals owners. It is a place to share ideas and thoughts about Your dating website. It is a place to answer questions and receive answers.
Do You own a vldPersonals license? Don't hesitate and join!

Connect Today

Community members help each other to take their dating websites to the next level. Can You make your vldPersonals website better? Join and find out...

Connect With More Than 700 Dating Website Owners! Sign Up Today
781 0 5
I have this one question. How can I be able to protect the main administrator account? Here's the problem, once I assign moderators in my site, and I give them permission to manage all members. They can edit the administrator account too. :-/
 
Please help me about this.
 
UPDATE:
 
I can't believe that Gugu is trying to sell a simple modification to me. LOL I was just hoping that maybe someone already solved this since this is a serious problem if you have multiple moderators. And you want to prevent the hassles of getting locked out when a certain moderator does something stupid like changing your administrator password. :-)
 
Anyway, I've created a quick fix so that if you also have the same concern like me then feel free to use this. It's just a 6 lines of code and I'm not selling this for even a cent lol.
 
Open cp.members.php
 
Find this lines of codes inside Function show_edit:
 
//------------------------------------------------
// Check if user has access to this page
//------------------------------------------------
if ($SESSION->conf['member_id'] != $id && !$SESSION->conf['can_edit_all_profiles'] ||
$SESSION->conf['member_id'] == $id && !$SESSION->conf['can_edit_own_profile'])
{
$TEMPLATE->set_message("error", ($LANG['core']['no_access']), 1, 1);
return;
}
 
Below that add this:
 
//------------------------------------------------
// Check if target is Admin
//------------------------------------------------
$profile_obj = get_members_details($id, 1);
if ( $profile_obj['group_id'] == "1" && $SESSION->conf['can_edit_all_profiles'] && $SESSION->conf['group_id'] != "1")
{
$TEMPLATE->set_message("error", "You're not allowed to modify Administrator accounts.", 1, 1);
return;
}
 
Find this lines inside Function status_switch:
 
//------------------------------------------------
// Check if user has access to this page
//------------------------------------------------
if (!$SESSION->conf['can_edit_all_profiles'])
{
$TEMPLATE->set_message("error", ($LANG['core']['no_access']), 1, 1);
return;
}
 
Below that paste again this same code:
 
//------------------------------------------------
// Check if target is Admin
//------------------------------------------------
$profile_obj = get_members_details($id, 1);
if ( $profile_obj['group_id'] == "1" && $SESSION->conf['can_edit_all_profiles'] && $SESSION->conf['group_id'] != "1")
{
$TEMPLATE->set_message("error", "You're not allowed to modify Administrator accounts.", 1, 1);
return;
}

Comments

godyn

  • Posted on 01/22/2013 05:30 AM
You can easilty do this with <!-- IF functions
idea:
IF member_id=(moderator) don't show delete profile button...

gugu

  • Posted on 07/07/2012 01:31 AM
@ mimsy: you are a funny guy :)

padee

  • Posted on 07/04/2012 12:52 AM
Mimsy ;
 
Thanks for sharing the info and also alerting us , hope I could help you but unfortunately so so busy at the moment but will have a look at it in the future .

mimsy

  • Posted on 06/29/2012 09:04 PM
created a fix and i'm posting it here for free.

mimsy

  • Posted on 06/19/2012 10:09 PM
anyone? i hope you clearly understood my question.
I think this is very important in order to avoid admins from being locked out of their account.

Log in to leave a comment