Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Aaargh, Members have super powers and I can't change that

edited February 2010 in Vanilla 2.0 - 2.8
Hello!
here's what's happening on my forum:
simple "Members" have super power, and I'm unable to change that: the changes I make do not get applied.
here's how my members permissions look like:

BsRappaz

obviously this is a huge mess, as forum users keep changing routes and such
help!

Comments

  • I even tried creating a new role, but it seems I'm unable to modify the permission table (it doesn't save changes)
  • edited February 2010
    Hi @akelone: if the Permission scheme was not changed in Vanilla 2 you can issue the following query to the mysql server:

    [SQL removed, the string created a horizontal scrollbar]

    But I'm not totally sure if this is the best way to do that in Vanilla 2, altough it works in 1.1.10.

    Bye
  • can anybody confirm that this could work on a vanilla 2 before I mess with my database? :P
  • tried it and it doesn't work :) thank you anyway
    it doesn't do anything
  • lucluc ✭✭
    edited February 2010
    Sure it doesn't do anything, tables in v2 are, by default, prefixed Gdn, not LUM.
  • ok, it doesn't work with GDN_ either: here's what I get
    #1054 - Unknown column 'Permissions' in 'field list'
  • Of course, they have not the same structure.
  • It seems that they have changed the way the ACL works and subsequently the structure of the database tables.

    I'm sorry for giving you the incorrect answer, here's the solution that reset the default permissions: http://pastebin.com/f2a209d32
    You can issue that as a single query.

    Bye

  • mmm not working:
    #1136 - Column count doesn't match value count at row 1
  • That's strange. I used mysqldump to retrieve the database schema and data from a fresh Vanilla2 setup, perhaps they changed the database structure a little bit?

    If you don't have any important information inside your fourm just reinstall it again.
    Issue a drop database command to your mysql server and install Vanilla2 from scratch.

    I'm sorry for the inconvenience, but that's a risk to take into account when using Beta software.

    Anyway, in the case you cannot reinstall Vanilla2, try editing the permission by hand using PHPMyAdmin or directly from MySql command Line.

    Bye
  • Some applications/addons could very well add columns, that's probably why your fresh install doesn't match his install.

    As you say, he should edit the permission by hand, but the underlying issue is that he is not able to save the change, and if he's not able to save any changes, how in the first places the permissions are not correct? As part of the installation creates the correct information.

  • I imported the roles and the users from a previous vanilla 1 install...
  • edited February 2010
    @alekone: Did it work?

    @luc: Indeed, I was suggesting him to use PHPMyAdmin to alter the permissions from the database table, that would bypass Vanilla2 saving issue.

    Anyway, I wouldn't let plugins alter the database schema. That could represent a security issue. What if a plugin plays with the database and expose any sensitive data, or just like in this case, alter users permission?

    My .2

    Bye
  • no, I imported roles and users from an old vanilla 1 install in the first place, and:
    - the actual problem is a result of that import, maybe
    - having imported the forum from the old one the answer is no, I can't delete and re-install the forum

    I'd be happy to manually set the roles, but (as you've seen) I'm a complete mySql ignorant.

    what would the correct command be? can I help you showing you the tables that I have?

    meanwhile, thank you for your help
  • edited February 2010
    Okay @alekone, don't worry I'm writing down a little script that you can upload on the server to restore the default Vanilla2 permissions. I hope this will let you login as administrator and fix the mess. All you will have to do is to write your database name, username and password in the file so it can connect and get the job done.

    I think you learned the lesson by yourself: always backup first.
  • edited February 2010
    I finished writing the script, to run it follow these steps:
    1. Download from here: http://gist.github.com/raw/299525/c596c627e792fef85500addb5b06cdeed5ad9faf/restorePermission.php/download
    2. Upload it in the root folder of Garden (the same where index.php is located).
    3. Point your browser to that file and hope that will work.

    No need for configuration, just upload and run. It knows about your Vanilla2 configuration (it's assumed that the Vanilla config is ./conf/config.php)

    It will download the Permission table schema and check if the one that you are using matches. In the case they don't match you will be informed and the difference will be outputted so you can paste here.
    Then it will empty your table and insert the Vanilla2 stock permissions.

    Let me know if that worked.

    If this doesn't remove users super powers perhaps it's time to take out the Cryptonite. lol.

    Bye
  • it's not working (mediatemple doesn't allow fopen)
    you can see the result here:
    http://bsrappaz.fatbombers.com/v2/restore.php

    :( I go out to buy some cryptonite.
  • edited February 2010
    Good Morning @Alekone

    I just finished polishing the script, it won't rely solely on the downloadable data. So if fopen is disabled it can use a embedded table definition.

    I hope this will make the script run on your hosting environment.

    http://gist.github.com/raw/299525/9fac1aa3c9665d14333191e88656ff65ed180628/restorePermission.php

    As before, just download the file, upload and run.

    I noticed that the previous version wouldn't work because my table definition was altered by CommentScore plugin. Go figure out.

    Now I used a fresh Vanilla2 install, without plugins and other things like that, so it MUST work.
    Indeed I tested it before uploading to github and it did its work.

    Let me know and good luck.

    Bye
  • ok!
    thank you very much!
    it worked... except that now I cannot set which users can see which forums... the forums panel disappeared in the role section.

    I think it's time to give up and run a fresh and empty install... thank you anyway!
    you have been more than supportive!
Sign In or Register to comment.