1 (edited by Connorhd 2005-01-20 16:49)

Topic: [Release] User Management Plugin

First of all i fully recommend you make a backup before using this plugin as although I have tested it there could either be problems or you could accidentally delete many of your users.

This mod provides two additional user management functions, user pruning which involves deleting users over a certain number of days old and with less than a number of posts. It also allows you to create users which is useful if you have cloed your forum from new registrations but wish to create users.

If you have any problems, comments, suggestions please tell me wink

Download - updated

Re: [Release] User Management Plugin

Great stuff. Another thing I can remove from the todo list smile

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: [Release] User Management Plugin

You mean accounts that are over a certain number of days old, not users I suppose smile

Re: [Release] User Management Plugin

lol yeh tongue

Re: [Release] User Management Plugin

thanks a lot, it is installed

6 (edited by Smartys 2005-01-19 23:37)

Re: [Release] User Management Plugin

There's an SQL injection possible:

PunBB reported: Unable to delete users 

Database reported: Unknown column 'a' in 'where clause' (Errno: 1054) 

Failed query: DELETE FROM forum_users WHERE (num_posts < a) AND (registered < 1106177066) AND (id > 2) AND (group_id > 3)

Oh, and IMO this should be an admin only thing, especially since deletion of users is typically left to admins (setting a minimum of 0 days and a max of 999999 posts with the delete admins/mods set to yes would also really screw your forum, especially since mods shouldn't be able to delete admins)

Otherwise, I really like it smile

Re: [Release] User Management Plugin

thanks a lot! great plugin

Re: [Release] User Management Plugin

Smartys wrote:

There's an SQL injection possible

i don't think its possible to cause a problem with this but i'll add intval() to be sure

Smartys wrote:

this should be an admin only thing

yeh probably i'll change that too wink

9

Re: [Release] User Management Plugin

so not to be dumb well i am anways i put this in the plugins folder.  Then upload it then after that it works or how does this work?

Re: [Release] User Management Plugin

yeh you just upload the file into the plugins folder and its added to the bottom of the admin menu smile

11

Re: [Release] User Management Plugin

wow thats supper simple lol.

Re: [Release] User Management Plugin

Mmm, came up with another suggestion: get rid of unverified users smile

Re: [Release] User Management Plugin

yeh good idea, i'll look at it some time, i'm a bit busy atm i have the database plugin, a tpl editor plugin for mypunbb, and a chat mod to make, so i might just leave this for a bit see if anything else comes up so i can get it all done at once

14

Re: [Release] User Management Plugin

And why plug-ins can be caused directly?
Disclosing of installation patch
http://your_name.ru/forums/plugins/AP_U … gement.php
It should seems to us any plug-in to begin

define('PUN_ROOT', '../');
require PUN_ROOT.'include/common.php';
require PUN_ROOT.'include/common_admin.php';


if ($pun_user['g_id'] > PUN_MOD)
{
Header("Location: ../index.php");
}

PHP - It is our life ...

Re: [Release] User Management Plugin

you don't access them directly you access them via the admin menu

Re: [Release] User Management Plugin

Dantes: Because there's a lot of things we don't want to have to do in the plugin code. That's why we use admin_loader.php.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

17

Re: [Release] User Management Plugin

îê I shall think as to deceive it smile

PHP - It is our life ...

Re: [Release] User Management Plugin

huh? editing plugins to be accessed directly would lead to security issues

19

Re: [Release] User Management Plugin

I just also am disturbed with protection
DISCLOSING of a way on my server very dangerously !!!

PHP - It is our life ...

20

Re: [Release] User Management Plugin

We want as to put the filter on SQL injection ...

PHP - It is our life ...

Re: [Release] User Management Plugin

huh? if you use the plugin properly it shouldn't be a problem

Re: [Release] User Management Plugin

Well, if the server has REGISTER_GLOBALS on, you can set db_type: dunno if that can be abused for anything

Re: [Release] User Management Plugin

Dantes is right. Adding

// Make sure no one attempts to run this script "directly"
if (!defined('PUN'))
    exit;

to the top of the plugin script should solve the problem.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: [Release] User Management Plugin

Smartys wrote:

Mmm, came up with another suggestion: get rid of unverified users smile

i was just thinking about this now, it will prune unverified users since they have 0 posts

Re: [Release] User Management Plugin

Well, there's a difference between unverified users and verified with 0 posts. Some forums require registration to view the forum: and some people never post, just read.