| Author |
 Topic  |
|
wrighty
Starting Member
7 Posts |
 Posted - 05 September 2002 : 11:16:10
|
How can I hide Admin accounts from the members list. I think it is not good practice to show usernames for admin accounts. You give any Hacker a half the login information. I wish to continue to show other members. Could this be a Admin Option. The only way I have found to hide members is to remove the following code from inc_header.asp:-
" <a href=""members.asp""" & dWStatus("Current members of these forums...") & " tabindex=""-1""><acronym title=""Current members of these forums..."">Members</acronym></a>" & vbNewline & _
" |" & vbNewline & _
Any help would be appreciated.
Keep up the good work
Ruirib: Moved from the General Help Forum. |
Edited by - ruirib on 27 September 2002 13:29:21 |
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 05 September 2002 : 11:52:31
|
| And what prevents the hacker from signing up and then viewing the members list and seeing the admin username? And what prevents him from hacking into a members account (if that is even possible), then finding the admin username and hacking that too? |
Support Snitz Forums
|
 |
|
|
wrighty
Starting Member
7 Posts |
Posted - 05 September 2002 : 12:05:08
|
| No: The idea is that you remove all references to Admin accounts from the members list. If a hacker does hack a members account, they will still not see the admin account usernames. |
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 05 September 2002 : 12:27:57
|
quote:
I wish to continue to show other members.
That was what I was basing my post on.
Try this, in members.asp, after line 153, add the following code in red:strSql3 = " WHERE M_STATUS = " & 1
strSql3 = " AND M_LEVEL < " & 4 And then line 113, add the code in red:whereSql = " WHERE M_LEVEL < " & 4 & " AND ("Haven't tested this. Let me know if it works. Also try searching for the admin username to see if it shows up. |
Support Snitz Forums
|
Edited by - Davio on 05 September 2002 12:28:44 |
|
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 05 September 2002 : 12:40:27
|
That too. Unless you restrict access to your forum to members only. But then that doesn't stop them from registering and seeing your username on your post.
Really, you have nothing to worry about a hacker knowing your username. Just as long as you have a good password (which is encrypted) and your database not downloadable from the web, you should be safe. |
Support Snitz Forums
|
|
|
|
wrighty
Starting Member
7 Posts |
Posted - 05 September 2002 : 16:02:32
|
Point taken about the posts, should have engaged brain before setting fingers to work.
However, I tried the code changes, but now receive the following error:-
Microsoft JET Database Engine error '80040e14'
Syntax error in FROM clause.
forum/members.asp, line 234
Thanks in advance.
|
|
|
|
davemaxwell
Access 2000 Support Moderator
USA
3020 Posts |
Posted - 05 September 2002 : 17:20:01
|
This line:
strSql3 = " AND M_LEVEL < " & 4
should be:
strSql3 = strSQL3 & " AND M_LEVEL < " & 4 |
Dave Maxwell
Barbershop Harmony Freak |
|
|
|
wrighty
Starting Member
7 Posts |
Posted - 05 September 2002 : 17:29:28
|
Sorry,
Fixed the error message, but can still see forum admin user in members list.
Thanks |
|
|
|
pknaz
Junior Member
USA
117 Posts |
Posted - 05 September 2002 : 18:01:09
|
is your "M_Level" actually 4, or is it 3?
|
|
|
|
MDGamezz
Junior Member
USA
100 Posts |
Posted - 05 September 2002 : 18:44:01
|
Would it not be easy enough for you to give yourself a custom title?
It's not as if you have to have admin or moderator under your username.
Change the title and the color of your stars to make it look just like any other account on your board.
|
MDGamezz |
|
|
|
ewyglend
New Member
83 Posts |
Posted - 27 September 2002 : 13:17:55
|
| I am wanting to do the same thing with hiding the admin, but not for security reasons. I tried adding the above code, but it did nothing for hiding the admin username. Is there any other way to do this? |
|
|
|
GauravBhabu
Advanced Member
4288 Posts |
Posted - 27 September 2002 : 13:49:48
|
This line
strSql3 = strSQL3 & " AND M_LEVEL < " & 4
should be
this - to filter Admins
strSql3 = strSQL3 & " AND M_LEVEL < " & 3
this - to filter admins and Moderators
strSql3 = strSQL3 & " AND M_LEVEL < " & 2 |
Edited by - GauravBhabu on 27 September 2002 13:51:20 |
|
|
|
burthold
Junior Member
USA
426 Posts |
Posted - 27 September 2002 : 14:00:47
|
Any hacker is going to run through common names aka Admin Administrator Owner Root etc etc. Most of them are script kiddies these days and I have yet to see a login hacker that didn't contain Admin.
Wes |
|
|
|
ewyglend
New Member
83 Posts |
Posted - 28 September 2002 : 00:24:32
|
| I have tried changing 4 to 3 yet it doesnt do a thing. |
|
|
|
ewyglend
New Member
83 Posts |
Posted - 29 September 2002 : 02:50:33
|
Woops! Actually, it does work very well, but not quite how I want it to. I wanted to have just the "admin" user name not show up. I have other admin's with different user names that I want to show up. So I tried this:
strSql = strSQL & " AND M_NAME = " & admin
but that didn't work. Any ideas? |
|
|
|
Topic |
|
Topic Locked
