[SPLIT] Best way to get emergency ACP Access/create Founder Status

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Get Involved
Post Reply
User avatar
axe70
Registered User
Posts: 258
Joined: Sun Nov 17, 2002 10:55 am
Location: Italy
Contact:

[SPLIT] Best way to get emergency ACP Access/create Founder Status

Post by axe70 »

warmweer wrote:
Wed Oct 07, 2020 8:30 am
DoctorB wrote:
Wed Oct 07, 2020 8:21 am
I am the senior admin on a medical forum. I have full ACP and db access as an 'admin'. Ironically our 'Founder' has died (yes, I know....) and has not passed Founder status to me. I understand I need to change my db settings to make myself Founder since the ACP options are not available. I think from searches the role I need is '3'?
Since you have db access:
For an emergency founder account see viewtopic.php?p=15519436#p15519436.
Create that account, make your own account a founder, then remove founder status of the old founder account (actually remove all permissions). Log in with your own founder account and remove the emergency founder account.
Editing the database directly is not to be recommended to new users especially when the script referenced above will do the job quickly and safely.
Explain me, how it can be secure to provide a script like the linked, that expose an admin account/pass that anybody know (even if for a while) and that require to execute a query via phpmyadmin.
Asking myself, why nobody did a simple php file that can do this easily in two ways: or update an user ID or create a new random username/pass.

I do not also see anyway a valid reason to remove my posts and procedure. Are you joking?
Last edited by HiFiKabin on Wed Oct 07, 2020 3:34 pm, edited 1 time in total.
Reason: [SPLIT FROM] Founder status
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 4972
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: Founder status

Post by HiFiKabin »

The script referenced has been used many many times and there has never been a report of any problems resulting from it.

You and I may well be happy to directly edit the database, but it is highly risky for a new inexperienced user, hence the deletion of your posts and the resulting discussion.
User avatar
axe70
Registered User
Posts: 258
Joined: Sun Nov 17, 2002 10:55 am
Location: Italy
Contact:

Re: Founder status

Post by axe70 »

You would never execute something like the suggested, here at phpbb.com. I'm sure.
- ehy! because we know how to manage things!
That's true, but my site is also important to me, maybe for me it is more important than phpbb.com (whenever it can be possible of course!).
Guess to access phpBB acp with the provided procedure, is +- impossible due to the timing of the execution, it need to be a randomness (improbable) event. In the security vision anyway, you should avoid kind of things like this. That's ok HiFiKabin, do not worry or care of what i say, are only excessive clarifications.

If i'll remember, will write a single php file that will do what required sometime in the future as easy delight. Not all people know how to manage phpmyadmin or mysql by a terminal.
I saw also there are people in trouble with extensions that may broke boards after an update. It also is an easy do to provide something that can fix kind of these issues easily. A little Swiss knife, into a single easy php file.

In the while, ok,
- For an emergency founder account see viewtopic.php?p=15519436#p15519436
User avatar
david63
Registered User
Posts: 18446
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Contact:

Re: Founder status

Post by david63 »

axe70 wrote:
Wed Oct 07, 2020 1:02 pm
I saw also there are people in trouble with extensions that may broke boards after an update. It also is an easy do to provide something that can fix kind of these issues easily.
There already is Knowledge Base - Disabling all extensions at once down at the bottom
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored
User avatar
axe70
Registered User
Posts: 258
Joined: Sun Nov 17, 2002 10:55 am
Location: Italy
Contact:

Re: Founder status

Post by axe70 »

david63 wrote:
Wed Oct 07, 2020 1:19 pm
axe70 wrote:
Wed Oct 07, 2020 1:02 pm
I saw also there are people in trouble with extensions that may broke boards after an update. It also is an easy do to provide something that can fix kind of these issues easily.
There already is Knowledge Base - Disabling all extensions at once down at the bottom
WoW! that's so easy to be improved adding more and more features! So nice suggestion
User avatar
Mannix_
Registered User
Posts: 922
Joined: Sun Oct 25, 2015 2:56 pm
Name: Matt
Contact:

Re: Founder status

Post by Mannix_ »

Someone needs to be lucky and know when you are adding that temporary admin account to use it and abuse it. What are the odds of that happening? Also you can change the username value to whatever you want so you only know it. So there is little to none risk involved doing this
-=-=-=-=-=-=-=-=-=-=-=-=-My Styles-=-=-=-=-=-=-=-=-=-=-=-=-
HexagonHexagonRebornCleanSilverProject Durango
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Need help with styling or want me to port a style to 3.3.x etc. contact me here or here.
New version of phpBB has been released? My styles aren't validated for it yet? Check my page for the latest downloads!
User avatar
axe70
Registered User
Posts: 258
Joined: Sun Nov 17, 2002 10:55 am
Location: Italy
Contact:

Re: Founder status

Post by axe70 »

Mannix_ wrote:
Wed Oct 07, 2020 1:49 pm
Someone needs to be lucky and know when you are adding that temporary admin account to use it and abuse it. What are the odds of that happening? Also you can change the username value to whatever you want so you only know it. So there is little to none risk involved doing this
If for you it is odd, to me it is not, why you have to push an user to use phpMyAdmin?
It is not dangerous if he is not skilled?
Why since my procedure was also a procedure using phpMyadmin, you removed it? You decide what it is hard for someone and what it is not for someone else?
User avatar
warmweer
Jr. Extension Validator
Posts: 5559
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium

Re: Founder status

Post by warmweer »

axe70 wrote:
Wed Oct 07, 2020 1:56 pm
If for you it is odd, to me it is not, why you have to push an user to use phpMyAdmin?
Because, the user requires access to phpMyAdmin (or similar) in order to be able to edit the database.
The topic starter mentioned he had that access so the solution offered (simple and riskfree) was possible without the need of having to explain which table, which record has to be edited and how.
In fact FTP access and ACP access to backup restore gives another solution (based on the same approach, even without phpMyAdmin access).

This topic was cleaned of the unnecessary extra comments (however worthwhile they may be) so I'm a bit surprised you continued in this direction. IMHO the discussion isn't useless but should be cut from this topic and either restarted in the phpBB Discussion forum (or moved there).
I'm not a good example in this respect as I have a tendency to go offtopic quite a few times but I take a hint when I see one.
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.
User avatar
axe70
Registered User
Posts: 258
Joined: Sun Nov 17, 2002 10:55 am
Location: Italy
Contact:

Re: Founder status

Post by axe70 »

phpbb_swiss_knife

* disable phpBB extensions (that maybe are causing errors)
* create Super User account with a random password
* update existent username with a new random password


I wrote/edit a 15min stupid php file this morning which allow to do this:

Code: Select all

/***
* Tasks: 
* disable phpBB extensions (that maybe are causing errors)
* create Super User account with a random password
* update existent username with a new random password
*
* Remove this file when finished: leaving this file in place, expose your phpBB board to high security risks!
*
* Usage: Download and unzip the file phpbb_swiss_knife.php
* May rename the file into something else (not strictly required) (i.e.: mySecretFile.php)
* upload it to your Board's root (i.e.: www.mydomain.com/phpBB3/)
* Point your browser to i.e.: www.mydomain.com/phpBB3/phpbb_swiss_knife.php or to /mySecretFile.php or whatever you renamed it) and follow instructions.
* Remove this file when finished: leaving this file in place, expose your phpBB board to high security risks!
*
* phpbb_swiss_knife Version 1.0.0 - axe70 2020
* Version 1.0.0 - david63 2017
* Based on modisson.php - Oyabun1 2015
*
* This script is free software. It comes without any warranty.
* license http://opensource.org/licenses/GPL-2.0 GNU General Public License v2.
*
* Ensure that you have a backup of your Database before to run this tool
*
*/
Usage:
* Usage: Download the file phpbb_swiss_knife.php
* May rename the file into something else (not strictly required) (i.e.: mySecretFile.php)
* upload it to your Board's root (i.e.: www.mydomain.com/phpBB3/)
* Point your browser to i.e.: www.mydomain.com/phpBB3/phpbb_swiss_knife.php or to /mySecretFile.php (or whatever you renamed it) and follow instructions.
* Remove this file when finished: leaving this file in place, expose your phpBB board to high security risks!
Remove the file when finished: leaving this file in place, expose your phpBB board to high security risks!

P.s i iwill post this into custom modifications forum, may adding tasks time by time.
Note that to disable extensions, it do not require to be logged in, like in the original file was.
Remove here if you think it is harmful or dangerous for someone.
Attachments
phpbb_swiss_knife.php
(11.87 KiB) Downloaded 7 times
User avatar
warmweer
Jr. Extension Validator
Posts: 5559
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium

Re: Founder status

Post by warmweer »

DoctorB wrote:
Thu Oct 08, 2020 8:00 am
Is this simpler method any more 'dangerous' than creating the temp member with the possible security risks of that (given an SQL export and site backup have been made)?
Creating the temp member with the emergency founder script poses no risk at all, and if you have a file and database backup (in a different location just to make sure - something easily forgotten by many) then whatever does/could go wrong would only cause a small bump in the road.

The point is that the emergency founder script has been tested and used and is 100% riskfree. If you know exactly what you are doing then another method may be equally safe but the point is that the solution offered and verified by the phpBB Team can be used by everyone.
While axe70's extra info (and script) could be an asset - it has not been tested by seasoned phpBB users and in this case using the existing tried and tested system should be a no-brainer.

I actually see no point in continuing the discussion in this topic: HifiKabin pointed to the topic in which all thoughts, additions/modifications/developments etc can be discussed.

The priority is solving the issue on your board using the verified system.
Improvements, additions, etc.. can come later (and can be discussed in a topic dedicated to that)
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.
User avatar
axe70
Registered User
Posts: 258
Joined: Sun Nov 17, 2002 10:55 am
Location: Italy
Contact:

Re: Founder status

Post by axe70 »

Completely agree. Except about the fact that a simple file like the phpbb_swiss_knife need to be tested out for security.
Anyway, yes please, remove my posts here and related replies, it has been posted into Custom Coding forum.
Thank you. Cheers!
User avatar
Mick
Support Team Member
Support Team Member
Posts: 22841
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably.

Re: Founder status

Post by Mick »

axe70 wrote:
Thu Oct 08, 2020 8:09 am
phpbb_swiss_knife
As has been said there’s little to no risk using the script linked to before, in fact, I’ve been using it on and off without issue for many years. I’m not sure why you feel the need to reinvent the wheel?
"The more connected we get the more alone we become" - Kyle Broflovski©
User avatar
axe70
Registered User
Posts: 258
Joined: Sun Nov 17, 2002 10:55 am
Location: Italy
Contact:

Re: Founder status

Post by axe70 »

Mick wrote:
Thu Oct 08, 2020 10:08 am
axe70 wrote:
Thu Oct 08, 2020 8:09 am
phpbb_swiss_knife
As has been said there’s little to no risk using the script linked to before, in fact, I’ve been using it on and off without issue for many years. I’m not sure why you feel the need to reinvent the wheel?
because as said elsewhere, may someone will find out useful this tools all together:
https://github.com/axew3/phpBB-swiss-knife
since do not require to access and execute code into phpmyadmin. And execute more tasks all in one with peace of mind.
There are scenario where the user have not rights to access to phpmyadmin? Do not know. But there are hosting providers that allow to install for you phpBB. It is possible to write something in 15 min to help someone, maybe even one only in this world, without being judged by you guys?
You can criticize my code, security bugs, not what i do for the pleasure to do in 5 min. Nor you should delete posts that you say are hard for the most.
May they are useful to someone instead, in different scenario. I was not pushing anyone to use my procedure.

The weel, long time ago was done of wood. Like your single procedure.
Post Reply

Return to “phpBB Discussion”