Hello

When you are an admin, and you click "admin", it asks for you to enter your password again to double check you should be there.

However, if you don't know the password (like me I forgot mine) you can just goto the member center and change it (it only asks for the new password twice [for admins i beleive]) and then click admin and put in the password you just created.

So when an admin changes their own password, it should ask for the old password AND the new passwords. But when the admin changes a user's password, it should only require the new password (but not when they edit an admins).

Tim

Hmm.  I guess I'll get rid of the password verification.  lol

I wouldn't, I think it's an excellent idea. Surely it can be set back to the old way just for admins.
I'm willing to mod it if you are too busy Justin.

Quoted from Martin

I wouldn't, I think it's an excellent idea. Surely it can be set back to the old way just for admins.
I'm willing to mod it if you are too busy Justin.

Yeah, but my problem is that an Admin could easily change another Administrator password, or anything else.

What I could do is make all Admin only pages require verification.  That might work ...

But they would have to know the other admins password to be able to change it.

That was why I suggested going back to the old way for admins where they have to input the current password before they can change it.

Quoted from Martin

But they would have to know the other admins password to be able to change it.

That was why I suggested going back to the old way for admins where they have to input the current password before they can change it.

Hmm.  I like being able to change members passwords, though.  Sometimes it's needed, and I think administrators should be able to do so.  You could make a mod to disable it if you wanted to though.  I think I'm going to require administrator validation every three days for all Administrator functions though.

This does sound kind of like Windows Vista's UAC or whatever though ...  

I think you are not understanding what I am suggesting. The old method of having to input the old password first would be admins only.

if member is admin

the old way

else

the new way

endif


I personally wouldn't want to keep having to authorise for every admin function, it's the one thing about vista I despise and the reason I un-installed it. M$ have gone overboard with security and this in my opinion this has ruined it.

But that is no differennt to how Unix works.

Quoted from Martin

I personally wouldn't want to keep having to authorise for every admin function, it's the one thing about vista I despise and the reason I un-installed it. M$ have gone overboard with security and this in my opinion this has ruined it.

You can turn it off in Vista (I know I do ).

And it's set to stay logged in for 3 days on E-Blah.

I get what you're saying now, but the purpose is for non-admins to re-enter their password so someone can't change their login if they forgot to logout at the library or something.

All right, I expanded Administrator Verification.  Now everywhere that requires Administrator Validation, will require it.  That mean profile editing -- it will require verification (for non-admins).  Along with many other things.  On top of that, I've added an option to stay logged in for a longer period of time, as 3 days can become an annoyance.  

The options are:

3 hours
6 hours
24 hours
3 days
1 week
2 weeks
1 month

So it should cover pretty much everyone.  

Forgot to post the screenshot ...

Password verification is there now.