Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Locked Myself out of Admin

patsjvpatsjv
edited November 2008 in Vanilla 1.0 Help
I'm new to Vanilla so go easy on me. While playing with settings I managed to limit the administrator functions, and have now managed to lock myself out of accessing the 'settings' tab. Is there a simple way to reset the default administrator role permissions to make them complete again? I'm now an 'administrator' without the ability to change settings. Ugh.

Comments

  • edited August 2006
    do you have access to phpMyAdmin or some other database tool?
    if so, go into your LUM_Role table, find the Master Administrator record, and look for the Permissions field.
    it will look something like this:
    a:39:{s:23:"PERMISSION_ADD_COMMENTS";i:0;} etc.
    now VERY CAREFULLY paste that entire field into a text editor, look for the parts that say "PERMISSION_(whatever);i:0" and change them to PERMISSION_(whatever);i:1 instead.
    copy and paste the new value back into into the database.
  • I'm alive again, Ithcy. Thanks for walking me through it and saving me.
  • glad i could help :)
  • I did that once myself, and kicked myself for not being more cautious, until someone showed me the way out too. I guess it taught me a lesson! I wonder how many people have done this?
  • MarkMark Vanilla Staff
    I wonder if I should disallow a role from editing itself?

    That would make sense - and prevent access escalation attacks.
  • You can't completely disallow it cause otherwiser admins wouldnt be able to turn on/off the ability to view whispers/hidden discussions and stuff would they? Unless they had a fixed master admin account which always had everything. Some sort of protection would be useful though. I was thinking you could just add some checking to make sure that atleast one role always had permission to give roles more permissions (to avoid the above happening) but avoiding access escalation would be useful too. Maybe have like a 'key role' setting which had to be enabled on atleast 1 role and meant it always had access to the roles/settings screen?
  • NickENickE New
    edited August 2006
    Mark, I wouldn't do that. Some extensions add custom permissions which the admin can only turn on if they can edit their own permissions.
  • MarkMark Vanilla Staff
    edited August 2006
    Screw you guys. I'm doing it. You can get funked.kidding :)
  • lol
  • Mark, maybe you don't need to be so drastic and disregard your loyal henchmen's advice? Maybe just a strong warning not to change this permission unless you absolutely know what you are doing? That would have been enough to stop me.
  • I'm for a warning too. A little label next to/under the item.

    Unchecking this box will prevent you from accessing the Settings tab with this role. Be sure at least one role has this option checked.

    Or, is it possible to disable it from being unchecked if Vanilla (somehow) "knows" it is the only role with that option(s) enabled?
  • The site admin can regain whatever permissions he/she wants if they have database access.
  • everyone grabs Mark before he gets a chance to commit mayhem ;-)
  • edited August 2006
    how about we let mark do what he feels he needs to do, and one of us just makes a "save/restore master administrator privileges" addon?
  • ^^ is this still the case? that a role can't edit itself?

    because i'm experiencing some trouble with that. I added some extensions that do not set themselves automatically ticked for the admin. So you have to tick the boxes for the admin role, but when I do that, I get a "You don't have permission to access to this document on this server" error..

    any suggestions?
This discussion has been closed.