All members became admin

Need Some help here....i don't know what is going on...but all of my members now have admin privilage.

I already check the database, but there are no sign that they assigned to have admin privilage...

FYI, i just implemented Facebook connect plugins, all members who sign in using this, suddenly have admin privilage.

I tried to login without facebook connect, my new member register manually, but i this user still have admin privilage...

does anybody know, how to setting this privilage?

Thanks

  • Do you mean that they are admins in the sense that the Administration link appears in the top bar and that they can deactivate plugins etc.?

  • Yes Kevin, just like what u said.

    They can deactive and active the plugins, the can see the others profiles.

    When they see the others profile, there are some additional menus :

    Remove friend

    Profile

    Friends

    Files

    Report this

    Send a message

    Blog

    Pages

    Photo Albums

    Wish List

    Edit detailsBanDeleteReset passwordRemove adminExplore log

    Could u help me with this?

  • That is truly strange and a bit scary.

    A badly written canEdit permissions hook function can sometimes accidentally grant admin-like privileges for certain tasks (eg. allowing users to edit each other's profiles). But there should be no way to grant full admin privileges in Elgg without calling the make_user_admin function.

    If you turn off the Facebook plugin you are using, does the admin problem go away? What version of Elgg are you running? Are you running any other non-core plugins?

  • Kevin,

    I already tried it, disable facebook plugins, nothing happen..

    Now, new users who is registered withouth facebook account also have this administration link in their profile.

    Could you give some advice how to edit or hide this links ? So, only admin who will have this link.

    This is the print screen :

    http://www.facebook.com/?sk=media#!/photo.php?pid=1415236&id=1214262332

    I don't know how to insert pic here.

    I also use others plug in, such as event calendar, online, profile counter, tagcloud, wish list, etc

     

    Thanks :)

  • If your users have admin privileges, hiding links won't solve your problem (they can delete any content or groups, etc.)

    You did not say what version of Elgg you are using.

    I would suggest two things:

    a. use phpMyAdmin and look in the users_entity table for the admin field. Is this always set to "yes"?

    b. disable everything but the core Elgg plugins and see if the problem continues.

  • I am using elgg 1.7.

    Default for admin is no.

    I can not disable any plugins now....i should delete the folder from my cpanel now..

    I think, if i can hide the administration link, the other users wont know that they have admin privilages.

    Any idea?

     

  • Default? I was asking about the "admin" field value, not a default.

    Why can you not disable plugins?

    Sorry, but hiding that link won't solve your problem. You need to solve the problem itself.

  • Sorry,

    i mean the value is no...

    i don't know why i can't disable the plugins.

    There is a notification :

    Plugin croncheck was disabled successfully.

    but after i refresh the page, the plugin enable again

    Now some plugins can be disabled, and the others can't.

    There are the plugins that i can't disable

    plugin manager
    profile manager
    mood
    dislikes
    wlist
    tagcloud

  • Move those plugins to a temporary directory out of your Elgg install. That should disable them.

  • Kevin,

    I just disable all additional plugins.

    I tried to register new member, and still, this new user has administatrion link in her profiles.

    So, the problem not in the plugins.....

    Any idea what is going on with my elgg?