Need Some help here....i don't know what is going on...but all of my members now have admin privilage.
I already check the database, but there are no sign that they assigned to have admin privilage...
FYI, i just implemented Facebook connect plugins, all members who sign in using this, suddenly have admin privilage.
I tried to login without facebook connect, my new member register manually, but i this user still have admin privilage...
does anybody know, how to setting this privilage?
Thanks
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
Do you mean that they are admins in the sense that the Administration link appears in the top bar and that they can deactivate plugins etc.?
Yes Kevin, just like what u said.
They can deactive and active the plugins, the can see the others profiles.
When they see the others profile, there are some additional menus :
Remove friend
Profile
Friends
Files
Report this
Send a message
Blog
Pages
Photo Albums
Wish List
Edit detailsBanDeleteReset passwordRemove adminExplore log
Could u help me with this?
That is truly strange and a bit scary.
A badly written canEdit permissions hook function can sometimes accidentally grant admin-like privileges for certain tasks (eg. allowing users to edit each other's profiles). But there should be no way to grant full admin privileges in Elgg without calling the make_user_admin function.
If you turn off the Facebook plugin you are using, does the admin problem go away? What version of Elgg are you running? Are you running any other non-core plugins?
Kevin,
I already tried it, disable facebook plugins, nothing happen..
Now, new users who is registered withouth facebook account also have this administration link in their profile.
Could you give some advice how to edit or hide this links ? So, only admin who will have this link.
This is the print screen :
http://www.facebook.com/?sk=media#!/photo.php?pid=1415236&id=1214262332
I don't know how to insert pic here.
I also use others plug in, such as event calendar, online, profile counter, tagcloud, wish list, etc
Thanks :)
If your users have admin privileges, hiding links won't solve your problem (they can delete any content or groups, etc.)
You did not say what version of Elgg you are using.
I would suggest two things:
a. use phpMyAdmin and look in the users_entity table for the admin field. Is this always set to "yes"?
b. disable everything but the core Elgg plugins and see if the problem continues.
I am using elgg 1.7.
Default for admin is no.
I can not disable any plugins now....i should delete the folder from my cpanel now..
I think, if i can hide the administration link, the other users wont know that they have admin privilages.
Any idea?
Default? I was asking about the "admin" field value, not a default.
Why can you not disable plugins?
Sorry, but hiding that link won't solve your problem. You need to solve the problem itself.
Sorry,
i mean the value is no...
i don't know why i can't disable the plugins.
There is a notification :
Plugin croncheck was disabled successfully.
but after i refresh the page, the plugin enable again
Now some plugins can be disabled, and the others can't.
There are the plugins that i can't disable
plugin manager
profile manager
mood
dislikes
wlist
tagcloud
Move those plugins to a temporary directory out of your Elgg install. That should disable them.
Kevin,
I just disable all additional plugins.
I tried to register new member, and still, this new user has administatrion link in her profiles.
So, the problem not in the plugins.....
Any idea what is going on with my elgg?
- Previous
- 1
- 2
- Next
You must log in to post replies.