How to Audit Moderators and Administrators

Keeping an eye on who is permitted to do what is incredibly important. Sadly, phpBB 2.0 does not contain an easy way to audit the number of people with administrator or moderator rights. I typically resort to periodically running two simple SQL queries using the phpMyAdmin front end to MySQL. Here, I'll explain how to run those queries.

■ Note Contact your hosting provider to determine the location of phpMyAdmin on the server, as this location varies from host to host.

When you have phpMyAdmin open, select the database you created for phpBB (when you installed phpBB, as described in Chapter 8) by clicking the name of the database in the left pane. This will load a listing of this database's tables in the main area of the window. Newer versions of phpMyAdmin (which most hosts run) have a SQL tab just above the area where the tables of the database are listed. Click that tab, and you'll be presented with a SQL query box, which should resemble Figure 10-1.

Figure 10-1. The SQL query box in phpMyAdmin 2.6.1

You'll input a raw SQL query here. In the query box, type the following line to check who has administrator rights, substituting <yourprefix> with the database prefix you selected while setting up your phpBB (typically phpbb):

SELECT user_id, username FROM <yourprefix>_users WHERE user_level = 1

To check to see which users have moderator permissions, run this query:

SELECT user_id, username FROM <yourprefix>_users WHERE user_level = 2

The queries return the user ID number assigned by phpBB at registration and the username of the empowered users, in a table structured like the one shown in Figure 10-2.

T-► userjd username

Figure 10-2. The results of running the administrator query

Tip If you find SQL queries cumbersome and inconvenient, as most people do, a far more graceful alternative to running these queries exists as a modification to the board. Visit http://www.phpbbhacks.com/ download/2977 to download the feature, and flip ahead to Chapter 11 for pointers on installing it.

Auditing on a regular basis is a good method for detecting people who may have surreptitiously gained administrative or moderator access without your knowledge. If you find people who are administrators that you don't want as administrators, you can edit their permissions (see the "Setting Per-User Permissions" section later in this chapter) and remove their rights. Then be sure to read the "Installing Updates" section, coming up soon, as you may have a security flaw.

Was this article helpful?

0 0

Post a comment