Jump to content

Preventing 'admin' inpersonation

Gath

By Gath
in Application Design

 Share

Recommended Posts

Gath Member

Gath

Posted
Posted

Hello.

 

So, on my site i wanted to 'block' the possibility for an user to create a 'username/nick' pretending to be part of the community 'administration'.

 

On that list i already have:

'site name' (e: phpfreaks)

'the name of the creator/admin' (e: John Doe)

Administrator

Admin

GM

GameMaster

 

and... i dont know anymore :)

Any idea would be welcome.

The particular community i wanted this for is made of a forums and a web-game (therfore the 'GameMaster'), altought i wanted some geral ideas also.

Link to comment
https://forums.phpfreaks.com/topic/52594-preventing-admin-inpersonation/
Share on other sites
Nameless12 Member

Nameless12

Posted
Posted

you should have a whole table of admins storing the users id and their administration level, the users have no way of changing their user_id so its pretty much impossible for them to pretend to be an admin. If you are just worred about people going around with a username of ADMIN, just filter out names you dont allow in registration page.

steelmanronald06 Advanced Member

steelmanronald06

Posted
Posted

I think he has got that much down, Nameless12.  I think he is looking for other names that might be used.  Some are:

 

Mod

Moderator

Global Admin

Global Administrator

Owner

Webmaster

Leader

 

Really, anything that shows leadership. BUT, it is going to be hard to block all of them. 

448191 Advanced Member

448191

Posted
Posted

There should be a clear distinction between FUNCTION (or position) and USERNAME. Making those two the same is asking for trouble. Better off simply offering unique identification of some kind to admins and mods. Like SMF uses red and blue fat stars. Without those it is useless for anyone to impersonate an admin or mod.

 

In addition you can add a simple string check for 'admin' and 'moderator'. Not that anyone would fall for an impersonation when you use distinctive visual marks, but just because it looks a little silly. I personally would allow GameMaster, Webmaster and whatever.

 

Imagine a user named Administrator with the position of n00bie right below it. That'd look silly.

 

 

Liquid Fire Advanced Member

Liquid Fire

Posted
Posted

I think he means he just wants to block name that would make it appear they are a admin.  I don't think the if they create a account with a username could SuperAdmin that they would have admin rights but other poeple on the site might think he or she is an admin becuase of there name.

Gath Member

Gath

Posted
  • Author
Posted

Yes, the actual admins will have a "visual" effect. What i want to prevent is if someone new to the community enters and some "scammer" tries to abuse that person, to make sure the person isnt fooled easily.

 

And no, the "names" and "position" arent related :) I just want to clear all names to avoid problems.

 

 

And yeah, in the end one cant ever prevent all abuse, but trying to narrow it sometimes works wonders :)

 

Thanks for the input.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.