god account now cannot change User Level

Pligg CMS Forum > Questions and Comments
Register an Account

Login

User Name:

Password:

Remember Me?
Reply
Page 1 of 2 1 2
 
Thread Tools Display Modes
  #1 (permalink)  
Old 09-13-2007, 03:31 AM
New Pligger
  
Join Date: Aug 2007
Posts: 15
Hi,

I am getting the error below whenever I tried to change any user's User Level to either "Admin" or "Normal". Anyone has any idea why?

"Invalid token (hack attempt) or timeout. Timeout is 5 minutes. Go back, refresh that page, and try again."
Reply With Quote
  #2 (permalink)  
Old 09-13-2007, 08:52 PM
New Pligger
  
Join Date: Sep 2007
Posts: 11
I get the same thing in beta 9.8. I tried giving a friend a bump from normal to admin. I gave up and created a new account for him with admin privileges from the beginning.
Reply With Quote
  #3 (permalink)  
Old 09-13-2007, 09:39 PM
AshDigg's Avatar
Mayor of PliggVille/Coder
  
Join Date: Dec 2005
Posts: 1,515
Is this a new install or an upgrade?
Reply With Quote
  #4 (permalink)  
Old 09-13-2007, 10:31 PM
Casual Pligger
Pligg Version: 9.9
Pligg Template: convergence
  
Join Date: Sep 2007
Location: Netherlands
Posts: 37
i did fresh install and have the same isseu
Reply With Quote
  #5 (permalink)  
Old 09-14-2007, 01:05 AM
New Pligger
  
Join Date: Sep 2007
Posts: 11
yeah, fresh install of 9.8 on 2 sites
Reply With Quote
  #6 (permalink)  
Old 09-14-2007, 04:58 AM
New Pligger
  
Join Date: Aug 2007
Posts: 15
Quote:
Originally Posted by AshDigg View Post
Is this a new install or an upgrade?
I think I have problems with both upgrade and fresh.
Reply With Quote
  #7 (permalink)  
Old 09-14-2007, 07:17 AM
Casual Pligger
  
Join Date: Jul 2007
Posts: 60
We experienced the exact error when attempting to delete an account.

We had upgraded from 9.7 to 9.8
Reply With Quote
  #8 (permalink)  
Old 09-14-2007, 08:29 AM
New Pligger
  
Join Date: Sep 2007
Posts: 10
I have the same problem...

Guys there was also a serious problem and i have solved it. Please also everyone check this out http://forums.pligg.com/bug-report/8...g-listing.html
Reply With Quote
  #9 (permalink)  
Old 09-14-2007, 08:38 AM
New Pligger
  
Join Date: Sep 2007
Posts: 10
Hmm... It seems when we click and edit a user token from $_GET is empty. I am still on that and will post here as soon as i got something
Reply With Quote
  #10 (permalink)  
Old 09-14-2007, 09:34 AM
New Pligger
  
Join Date: Sep 2007
Posts: 10
Good news: I found the problem and fixed...

Edit admin_users.php and find

PHP Code:
        if ($_GET["mode"] == "edit"){ // edit user
            // code to prevent CSRF
                // doesn't matter if a token exists. if we're viewing this page, just
                // create a new one or replace the existing.
                $_SESSION['token_admin_users_edit'] = md5(uniqid(rand(), TRUE));
                $_SESSION['token_time_admin_users_edit'] = time();
                $main_smarty->assign('token_admin_users_edit'$_SESSION['token_admin_users_edit']);
            // code to prevent CSRF 
and change:

PHP Code:
            $main_smarty->assign('token_admin_users_edit'$_SESSION['token_admin_users_edit']); 
to

PHP Code:
            $smarty->assign('token_admin_users_edit'$_SESSION['token_admin_users_edit']); 
Here you go..!
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode


Similar Threads
Thread Thread Starter Forum Replies Last Post
Submit Antispam Addon v 0.1 AnAlienHolakres3 Free Modules 45 12-05-2011 12:48 AM
Problem With User Account Activation! makrani Questions and Comments 9 05-06-2009 11:59 AM
access right of admin level user OnlyBlue Questions and Comments 4 08-12-2007 09:53 PM
[SOLVED] rights/access according to user level? stevux Questions and Comments 4 07-26-2007 07:19 AM


Pligg Modules and Pligg Templates from Pligg Pro Find support on the Pligg CMS Forum - 24 hours a day! Make a donation to support Pligg CMS development