Forum Undeletable user and password chaning in Admin CP or User CP. inconsistent behaviour So I set my Admin account as undeletable in the Config.php. later, I logged into the AdminCP and via the Users panel I tried to change the password and email address of the Admin. I was informed that this was restricted and I couldn't do it. So far so good. I then ran up a second tab on the browser logged into the main forum with the same Admin account, I then, using the UserCP (Settings, my profile, Email and password etc.) I successfully changed both the password and email address for the admin account without a problem. On the first tab I ddi a refresh on the user panel and right away I could see that the email address was quite clearly changed. I also logged out and back in again with the new password. Surely this is a security flaw, the admin password and email shouldn't be changeable via the UserCP at best of times and certainly not if Admin is set to undeletable in the config.php and it's already preventing the AdminCp from modding that accounts details! Any thoughts? Rgds Pete |
الساعة الآن 05:52 AM |
Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.5.2 TranZ By
Almuhajir