Everone has admin authority!

[k9barry]

In my index file I currently have these settings:

$params["admins"] = array("Admins"=>"thisismypassword");
$params["shownotice"] = 1;
//$params["isadmin"] = true;

This worked perfectly in beta 5 and I just upgraded to beta 6 today changing nothing on the server or index.php file except to remove the $params["prefix"] = "myprefix_"; line from the params.

Now any user can execute the following commands: /rehash, /op, /deop and any other proir restricted command. I can still /identify with the password and be "sucessfully idnetified"

Any ideas on what changed?

[phpfreechat]

I'm almost sure you forget to rehash your chat after your changes.

[k9barry]

Sorry I did the rehash and even deleted the data folder and recreated it. Still any user can access the Admin commands (ie. /rehash, /ban.....) I will try to look into this further later tonight.

[nishil]

I did the same changes as barry and now i cant even identify.
The prompt only asks for nickname and not the password.

[k9barry]

I fixed the problem I was having with anyone being able to /rehash. I had /rehashed the data even removed the data folder and re-installed it, but no luck.

What finally worked was executing the /quit command and re-connecting.

Just thought I would let you know if some else is having the same troubles.

[k9barry]

Ok new information.

When I open the chat with firefox v1.5.0.7 I can run any command once logged in as any user name I choose. If I try to do this with IE7 I have to login as my Administrator and /identify [pass] to get to the /rehash command.

Additionally using ff, if I /quit and log back in I have to /identify [pass] to use the /rehash command.

I just tried doing this on your demo site and ff lets me rehash while ie does not.... I do not want to try the kick, ban controls without letting you know.

[phpfreechat]

Ok I figured out the problem.
In fact by default the pfc gives admin rights to the first connected personne on the server.

I just added the 'firstisadmin' parameter so you will be able to disable this feature.
here is the patch :

Code: Select all

Index: src/pfcglobalconfig.class.php
===================================================================
--- src/pfcglobalconfig.class.php       (révision 794)
+++ src/pfcglobalconfig.class.php       (copie de travail)
@@ -34,8 +34,10 @@

   // these parameters are dynamic (not cached)
   var $nick                = ""; // the initial nickname ("" means the user will be queried)
+
   var $isadmin             = false;
   var $admins              = array("admin" => ""); // the key is the nickname, the value is the password
+  var $firstisadmin        = true; // give admin rights to the first connected user on the server

   var $islocked            = false; // set this parameter to true to lock the chat for all users
   var $lockurl             = "http://www.phpfreechat.net"; // this is the url where the users must be redirected when the chat is locked
Index: src/commands/connect.class.php
===================================================================
--- src/commands/connect.class.php      (révision 794)
+++ src/commands/connect.class.php      (copie de travail)
@@ -44,7 +44,7 @@

     // check if the user is alone on the server, and give it the admin status if yes
     $isadmin = $c->isadmin;
-    if (!$isadmin)
+    if ($c->firstisadmin && !$isadmin)
     {
       $users = $ct->getOnlineNick(NULL);
       if (isset($users["nickid"]) &&

[k9barry]

Kerphi the patch works great...... I had been trying to narrow the problem down but it was too intermittent to be easy.

Thanks

[madmumbler]

Stupid question here probably...I'm working on this tutorial and I see a section of code in the pfcglobalconfig.class.php file where it's an array with dynamic params including nick, isadmin, etc.

Do I need to add that variable firstisadmin to that array too?

I am NOT a php expert! But I saw it there and thought I'd ask.

Thanks!

Lesli in SWFL.

[phpfreechat]

no, firstisadmin don't need to be dynamic