MiniBB Administrator

One of the many flaws that the miniBB forum has is that the code as supplied by the original authors requires that the person with administrator access be set up with user_id 1 in the database. This makes it more obvious as to which record in the database that needs to be compromised in order to gain the greatest access. Also where you are integrating the code with an existing membership system the administrator of the existing system may not be the one with an id of one.

Fortunately the licence under which the original authors made miniBB available allows anyone to modify the script and distribute copies of the modified script provided that it is done under the same licence - that means that if you modify the script and distribute it then others can modify and distribute your version.

Modifying miniBB to allow for a different user being the one that has the administrator access is not all that difficult. It does however involve changing the code in a number of the core files that the original authors may modify when they release future versions of the script. Rather than simply making copies of the modified files available and having them end up out of date the next time the original script gets modified, I am instead going to tell you how to modify the code yourself to make it easier to change which user is the administrator. That way if any of the affected files get updated by the original authors you can simply reapply the change to the new version of the file.

There are fourteen files in miniBB that all need to have the same change applied in order to make it easy to change which id belongs to the administrator. These are:

The same change needs to be made to each of these files. Open each of these files in turn in your editor and select the find and replace option editor option. The value you need to find is user_id==1 and the value you need to replace it with is isAdmin($user_id) which replaces all of the hard coded tests for the user_id being one with calls to a function. One of the files also contains a user_id!=1 to be replaced with !isAdmin($user_id).

All that remains to be done now is to add the function to the script Since the setup_options.php file contains configuration info and is included in all the pages this seems the most appropriate place to add the new function. Start by inserting the following code somewhere in that file:

function isAdmin($user_id) {
return $_user_id==1;

All we have done to this point is to move all of the tests for whether the user is the administrator into a separate function. To actually change the administrator from the registered user with id = 1 to some other id we now simply replace the 1 in the function with the id of the user that we actually want to have as the administrator.

I have seen some people ask about whether it is possible to have more than one administrator and the original authors answered "no". Well with this change in place you can have more than one administrator. For example if the users with ids 42 and 57 are both supposed to be administrators then simply change the function to read:

function isAdmin($user_id) {
return $_user_id==42 || $user_id==57;

Note that the script still has only the one username and password coded in the setup_options.php file and so all administrators will need to use the same values if the admin option asks them to log in again to access it. If you are also making changes to integrate the forum with a membership site then you can easily update things so that the administrators can access that page without having to log in again.

The script also only has one spot on the statistics page to display the administrator name. The easiest way to resolve this issue is to update the stats.html file to remove the administrator name from what gets displayed. I can't see how the username of the administrator needs to be a part of the statistics anyway.

To make it easier to apply all these changes to miniBB 3.0.2 (the current version at the time of writing) you can download all the updated files.

Disclaimer: As I did not write the original script I am not as familiar with the code as the original authors and so the testing that I have done may have missed something. If you find a spot in the code where the script still refers to id 1 as the admin please let me know.


This article written by Stephen Chapman, Felgall Pty Ltd.

go to top

FaceBook Follow
Twitter Follow