Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
Cyb - Login To User Account Details »
Cyb - Login To User Account
Mod Version: 2.3, by Valter (Coder) Valter is offline
Developer Last Online: May 2014 I like it Show Printable Version Email this Page

vB Version: 3.8.x Rating: (63 votes - 4.89 average) Installs: 951
Released: 10 Jan 2009 Last Update: 11 Apr 2009 Downloads: 4860
Not Supported DB Changes Uses Plugins Auto-Template  

Info:
This will allow forum administrators to simply login to user accounts (to test forum functions, permissions etc...). SuperAdmin can choose admins who are able to use this function. SuperAdmin can set also who can login to other admin accounts. "Login As User" is shown in member profiles and Quick User Links (can be disabled). Option is automatically hidden in your own account and if target user is admin while you have no permissions to login to admin accounts.

See screenshots.


Installation:
1. Import XML file (as product): AdminCP > Plugin System > Manage Products > [Add/Import Product]


Variables:
-Link to login to user in memberinfo: $cyb_ltoua_link_mi
-Logged in as user alert: $cyb_ltoua_alert


To set options:
Go to: AdminCP > vBulletin Options > Cyb - Login To Other User Account


Versions:
v1.0 - May 20. 2006.
-First Release
v1.1 - May 21. 2006.
-Now SuperAdmin can log into other admins
v1.2 - Aug 04. 2006.
-Release of this hack for vB v3.6
v1.5 - Aug 29. 2006.
-Added option to easily go back to admin account
-Alert can be enabled/disabled
-Added "Product Version Checking"
-Only Admins allowed to use function can see "Login As" links
-Several code improvements
v1.6 - Sep 01. 2006.
-Fixed bug (error message at the top of "add new user" page)
-Fixed bug (uncached template)
v1.7 - Sep 05. 2006.
-Now only SuperAdmin can access settings where you choose which Admins can use the hack
-You can also set Admins who will be able to use other Admins accounts (only SuperAdmin can set this)
-Alert moved to navbar so it is now shown on any page to Admin who is logged in as someone else
v1.8 - Apr 23. 2007.
-"Last activity" not changed for target user when admin used account
-"Login As User" automatically hidden in your own account and if target user is admin and you have no permissions to login to admin accounts
-Admin not logged out from ACP when back to original account, except session expired regularly
-Added option to modify alert box CSS
-Many other code improvements and optimizations
-If you have older version of this hack installed please uninstall it before installing latest version or it will not work properly
v1.9.1 - Jul 23. 2007.
-Fixed bug (Security Exploit)
-Fixed bug ("login as user" doesn't work if you access user profile via last post info)
-"Go back" alert moved to header (for must of users there is no need to edit custom styles anymore)
-Now you can go back from banned user accounts without clearing cookies manually
v2.0 - Nov 08. 2007.
-New: Actions logged in Moderator Log
-Fixed bug where admins with primary usergroup different than 6 are not able to use hack
-Several minor bugs fixed
--You MUST uninstall older version before installing this one in order to get it working properly
v2.1 - May 03. 2008.
-Compatible with vBulletin 3.7
-Minor bugs fixed
v2.2 - Jun 23. 2008.
-Added option to disable logs
-Added option to switch to vB 3.6.x compatibility mode
-Fixed bug (session lost for target user when you go back to admin)
-Fixed bug (sessions lost for guests/bots when you login as another user)
-Made several compatibility improvements
v2.3 - Apr 11. 2009.
-Bug fix (non-Admins able to login to user accounts in some cases)
-Bug fix (Admin can not search product entries in ModLog by product ID)
-Bug fix (logging error if username contains special characters)
-Bug fix (Admin must be member of usergroup 6 to use product)
-Minor bugs fixed


Click INSTALL if you like this hack.

Download Now

Only licensed members can download files, Click Here for more information.

Screenshots

Click image for larger version

Name:	loginasuser.jpg
Views:	3480
Size:	25.0 KB
ID:	92196   Click image for larger version

Name:	edituser.jpg
Views:	2489
Size:	101.0 KB
ID:	92197   Click image for larger version

Name:	alert.jpg
Views:	2176
Size:	16.5 KB
ID:	92198   Click image for larger version

Name:	adminset.jpg
Views:	2182
Size:	32.6 KB
ID:	92199  

Click image for larger version

Name:	acp.jpg
Views:	1759
Size:	60.1 KB
ID:	92200  

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Similar Mod
Mod Developer Type Replies Last Post
Miscellaneous Hacks Cyb - Login To User Account Valter vBulletin 3.7 Add-ons 158 13 Aug 2014 15:54
Add-On Releases Cyb - Login To User Account Valter vBulletin 3.6 Add-ons 244 29 Nov 2009 14:14
Cyb - Login To User Account Valter vBulletin 3.5 Add-ons 23 14 Apr 2009 20:10

  #61  
Old 09 Apr 2009, 09:20
Phobos49 Phobos49 is offline
 
Join Date: Jan 2009
Did somebody already cross check versions 3.7, 3.6 and 3.5 if they have the same heavy bug?

btw: every admin using this AddOn should be informed "asap" by eMail as soon as Cybernetec or vb-Admin has confirmed this bug.

Last edited by Phobos49; 09 Apr 2009 at 09:28.
Reply With Quote
  #62  
Old 09 Apr 2009, 09:47
Phobos49 Phobos49 is offline
 
Join Date: Jan 2009
Here I go again...

Seems like we have a worst-case-scenario... I just tried to "hijack" an admin account of a forum postet in the signatur of an user using the 3.7-Version.

Unfortunatly, I was successfull...
I now have full access of his forum! Don't worry - I will not do any harm!

ADMINs! Please remove all versions of this AddOn & inform every admin to disable this AddOn as soon as possible!
If vb-Admins would like to test hijacking forums - send PN an I'll give you some links to vunerable forums. There you can hijack any account you want. Unbelivable!!!!
Reply With Quote
  #63  
Old 09 Apr 2009, 10:15
TheCatcher's Avatar
TheCatcher TheCatcher is offline
 
Join Date: Oct 2007
Real name: Unknow
Confirm the Phobos49 called Bug!
Reply With Quote
  #64  
Old 09 Apr 2009, 10:51
Sweeks's Avatar
Sweeks Sweeks is offline
 
Join Date: Jul 2008
Told you it wasnt impossible The only mod that does the same and seems secure right now is:

http://www.vbulletin.org/forum/showthread.php?t=168819
________
FISTING MILF

Last edited by Sweeks; 06 Apr 2011 at 13:55.
Reply With Quote
  #65  
Old 14 Apr 2009, 13:06
rmxs's Avatar
rmxs rmxs is offline
 
Join Date: Apr 2006
I think now the problem fixed :P
__________________
:banana::bunny: :banana:
Reply With Quote
  #66  
Old 14 Apr 2009, 13:09
KURTZ KURTZ is offline
 
Join Date: Nov 2006
Real name: Christian
changelog?
Reply With Quote
  #67  
Old 14 Apr 2009, 13:10
sturdy sturdy is offline
 
Join Date: Aug 2005
Im currently using this hack for my forum. But how is it possible that somebody easily uses the url ? Does he need an account on the forum or which way does it work ?
Reply With Quote
  #68  
Old 14 Apr 2009, 13:33
-=Leb=-'s Avatar
-=Leb=- -=Leb=- is offline
 
Join Date: Jan 2008
a confirmation from cyb will be nice.
Sorry if i ask Cyb, is this mod safe now? can i install it?
__________________
For You Who Like To Play CounterStrike Source, Check Our Website At:
FireWaLL Website

Last edited by -=Leb=-; 14 Apr 2009 at 13:42.
Reply With Quote
  #69  
Old 14 Apr 2009, 13:35
-=Leb=-'s Avatar
-=Leb=- -=Leb=- is offline
 
Join Date: Jan 2008
if this mod safe now, plz edit phobos post above!
__________________
For You Who Like To Play CounterStrike Source, Check Our Website At:
FireWaLL Website
Reply With Quote
  #70  
Old 14 Apr 2009, 13:53
Phobos49 Phobos49 is offline
 
Join Date: Jan 2009
Originally Posted by Leb View Post
if this mod safe now, plz edit phobos post above!
Why? Version 2.2 ist absolutly unsafe!

Version 2.3 should be safe now (did not test myself yet).

But every admin MUST updated to 2.3 to secure his forum!

So I am not going to edit my posting.
Reply With Quote
  #71  
Old 14 Apr 2009, 15:06
Sweeks's Avatar
Sweeks Sweeks is offline
 
Join Date: Jul 2008
Originally Posted by sturdy View Post
Im currently using this hack for my forum. But how is it possible that somebody easily uses the url ? Does he need an account on the forum or which way does it work ?
Guests could also use the exploit.
________
Ipad guide

Last edited by Sweeks; 06 Apr 2011 at 14:02.
Reply With Quote
  #72  
Old 14 Apr 2009, 15:34
sturdy sturdy is offline
 
Join Date: Aug 2005
When I try to add this url-code to the member.php I just see a login screen. So, there is no problem is it ?
Reply With Quote
  #73  
Old 14 Apr 2009, 16:56
Phobos49 Phobos49 is offline
 
Join Date: Jan 2009
Originally Posted by sturdy View Post
When I try to add this url-code to the member.php I just see a login screen. So, there is no problem is it ?
If you allow guest to view member profiles - you will have this problem. Try!
Reply With Quote
  #74  
Old 14 Apr 2009, 17:05
atmaca's Avatar
atmaca atmaca is offline
 
Join Date: Jan 2008
Location: Turkey/Gazi Antep
Real name: Abdullah
Thanks for update.
Reply With Quote
  #75  
Old 14 Apr 2009, 20:09
Valter Valter is offline
 
Join Date: Aug 2005
New Version!

v2.3 - Apr 11. 2009.
-Bug fix (non-Admins able to login to user accounts in some cases)
-Bug fix (Admin can not search product entries in ModLog by product ID)
-Bug fix (logging error if username contains special characters)
-Bug fix (Admin must be member of usergroup 6 to use product)
-Minor bugs fixed

Upgrade Info:
-Import product XML, allow overwrite
-Revert product templates if any modified
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 2 (0 members and 2 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 11:10.

Layout Options | Width: Wide Color: