Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Forums permissions nightmare : all users being granted admin access
Hello all, I just found out that all the users that sign up to my site are being provided admin access automatically. On my friend's head's up, I signed up using another id on my own forum and was scared to hell by the permissions i were having by default( as a newly registered user) .
1) I have searched all over the web, found no similar issues.
2) I had this site imported from old phpBB.
3) Users can do literally anything including deleting my(admin) account. I tried to close the forums for all registered users temporarily by disabling "Signin" under allow, but that didnt work either.
Somebody please help me. This is a worst nightmare.
1) I have searched all over the web, found no similar issues.
2) I had this site imported from old phpBB.
3) Users can do literally anything including deleting my(admin) account. I tried to close the forums for all registered users temporarily by disabling "Signin" under allow, but that didnt work either.
Somebody please help me. This is a worst nightmare.
Tagged:
0
Comments
If for some reason the default role is not member, and or you are using a custom role you need to change the permissions for that role and rename it. Just make sure that you are saved under admin rights, first.
When you do custom role it is easy to make a mistake, and I think the default options are not that great. Even if you didn't intend to create a custom role you may have done by accident.
grep is your friend.
Install a clean vanilla 2.0.18 and compare the roles / permissions with your site.
I hope you have a localhost set up on your local PC so you can do some changes locally.
There was an error rendering this rich post.
Should i rename the registered to member?