miniBB ® 

miniBB

®
Support Forums
  
 | Start | Register | Search | Statistics | File Bank | Manual |
Specific miniBB Support Forums / Specific /  
 

Externally authenticated admin can't access admin panel

 
Author kevinfcook
Partaker
#1 | Posted: 8 Feb 2014 02:49 
All,

I followed the guide called: synchronizing_minibb on your site (excellent guide by the way...thanks for putting that together) to authorize users using my built in authentication system.

In my database, I have a field called 'IsAdmin'. In 'bb_cookie.php' in the 'user_logged_in' function, I have the following lines:
if($isAdmin==1) {
$GLOBALS['logged_admin']=1;
$GLOBALS['logged_user']=0;
}
else {
$GLOBALS['logged_admin']=0;
$GLOBALS['logged_user']=1;
}

This seems to work just fine. I can post as a user, view profiles, etc etc. When I log in with an admin user, I see the 'Administrative Panel' link at the bottom of any forum pages. When I'm logged in as a normal user, I don't see this link. However, when I click this link as an admin, it takes me to bb_admin.php and asks me to log in.

Does anyone know why the system is not allowing me into the admin panel without reauthenticating? I want the authentication to be automatic. I don't want admins to have to relogin when they go to the admin panel if this is possible.

Thanks for any help!!
Kevin

Author Paul
Lead Developer 
#2 | Posted: 8 Feb 2014 18:19 
Whatever I could recommend, is to look at your cookie or session first, that one is set by the browser when you are logged in as admin. It should be equal to that one set for the admin.

Also, in the script itself, miniBB authenticates admin ID as equal to 1 in many cases. You must be sure your admin user has ID = 1.

Author kevinfcook
Partaker
#3 | Posted: 8 Feb 2014 19:05 
Thanks for the reply Paul!

The issue was that my users ID was not == 1. When I set the actual ID == 1, it worked.

I'd love to be able to allow admin access to my entire admin group, so I'm going to search through the code and remove the check to see if ID==1. Any hints on where to look? :)

Thanks!
Kevin

Author kevinfcook
Partaker
#4 | Posted: 8 Feb 2014 19:25 
Never mind, I figured out a way to hack around it! I did the following in my user_logged_in function:

if($c[0]==1) {
$GLOBALS['user_id']=1;
$GLOBALS['logged_admin']=1;
$GLOBALS['logged_user']=0;
}
else {
$GLOBALS['logged_admin']=0;
$GLOBALS['logged_user']=1;
}

I know its a complete hack, but it doesn't seem to break anything since I do all of my user management/profile stuff externally.

Thanks,
Kevin

Author Paul
Lead Developer 
#5 | Posted: 9 Feb 2014 14:01 
Probably this is the most simple and working hack, I did it several times on integrations, too. Glad it works for you.

But you must keep in mind, that by miniBB concepts there should be only one root admin available for the forum, it is kind of security term. However this is up to you - on customized integrations and external users table, as you see, there could be a little escape from this concept ;)

Good luck! Thanks for choosing miniBB.

Specific miniBB Support Forums / Specific /
 Externally authenticated admin can't access admin panel
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


  ?
Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.


Before posting, make sure your message is compliant with forum rules; otherwise it could be locked or removed with no explanation.

 

 
miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Try the Captcha add-on: protect your miniBB-forums from the automated spam and flood.


  ⇑