search

PHPfox-Official / phpfox-v4-issues

phpFox Public Bug Tracker
https://phpfox.com
30 stars 21 forks source link

admin banned from site #2893

Closed spirogg closed 4 years ago

spirogg commented 4 years ago

Important

Please follow this template!

What's happened?

... i was creating another user and gave the name Admin noticed I was able to use this name to create a new user, after wards I added a ban word Admin and it locked me out, I thought it would ban someone from adding that name as a user but instead it looked me out as an administrator?

this is not working right the ban words!!!!!!!!!!!!

1) the admin should never be banned from the website. no matter what ban words i use.

2) why does it allow to have the same username as another person especially admin icreated 3 accounts with the name Admin one is administrator he is Admin 2 was registered user named admin he was admin_1 3 was registered user again named admin and he was admin_2

so now how do i get unbanned as administrator, where in the databse or where in what setting in backend from ftp can I remove the Ban for the admin ?

Steps to reproduce:

  1. selected ban words Admin
  2. logged out
  3. now locked out says Admin is Banned from website ?

What's expected?

... Admin should nver be banned from website ever, no matter what ban words we use

Browsers and Devices tested

(Example: Chrome on iPhone X, Safari on Macbook, Miscrosoft Edge on Windown 10, Firefox on Ubuntu 16.04, ...)

...

Server information

(Example: CentOS 7, php 7.1 apache)

... centOS7 php7.3.17

phpFox version

(Example: phpFox 4.6.0)

...fresh install 4.7.10

Screenshots

...

lethality commented 4 years ago

The ban system is terrible, there's a forum post about how they match email addresses too (apparently you can't use two wildcards anymore to ban *@alwayschanges.domain.com), and not to mention the banned words lists the words in the source, so anyone can view it to circumvent the filter, AND it doesn't look great having a bunch of expletives, some racist/vulgar, being visible anywhere on your site, even if it's the source.

But for your problem, in phpfox_user, change the user_group_id to 1 for the admin user, and you might need to check phpfox_ban to remove it for now, because I presume it will re-ban you when you log in again, if it still matches.

spirogg commented 4 years ago

ok went to phpmyadmin found table phpfox_user andchanged my name and username then was able to login again as administrator now I need to delete the ban filter

@harrison05 and phpfox PLEASE.... this ban filter system needs to be revamped and build it as its own app so you can make changes to it and fix bugs and release the fixes sooner than a core feature that needs a new build all the time.. https://github.com/PHPfox-Official/phpfox-v4-feature-requests/issues/957 Spiro

spirogg commented 4 years ago

@lethality thanks for helping :)

hamadax commented 4 years ago

I reported a similar issue twice I think. Ban words can filter out various elements on the front end and the admin panel as well. I found it to be unpredictable and impractical. I removed all ban words since they were interfering with normal functioning of the site. I am still using the ban system for usernames and certain emails and it does the job in the registration form. We definitely need a way to search and filter through the list in the admincp. I currently have over 15K records there. Any editing I do to the the list is better done directly in the database due to the lack of a search and filter functions.

harrison05 commented 4 years ago

Hi @spirogg

the admin should never be banned from the website. no matter what ban words i use.

We will review and improve this feature.

Regards.