[SOLVED] is there a way to prevent create super user via CB api?

saman2
ONLINE
Posts: 404
Thanks: 7
Karma: -1

6 years 6 months ago - 6 years 6 months ago #303761 by saman2

[SOLVED] is there a way to prevent create super user via CB api? was created by saman2

hi
i am using CB api to create my users. is there anyway to prevent super user? i write some code to prevent user in super group user group. but i want to know is it possible freeze to create super user in all way.
Have you any other security advise when we use CB api to create user?
are you see usual Joomlapolice users security problem when they work with CB api?
i'm worry about that because my first time.

Last edit: 6 years 6 months ago by krileon. Reason: Added [SOLVED] tag to subject

Please Log in or Create an account to join the conversation.

krileon
ONLINE
Posts: 48444
Thanks: 8279
Karma: 1443

6 years 6 months ago #303795 by krileon

Replied by krileon on topic is there a way to prevent create super user via CB api?

Users don't get to select their usergroup for frontend registrations so it has never been an issue. Are you accepting a POST value for "gids"? The below tutorial does not do this as it specifically sets it to your Joomla new user usergroup parameter, which has no cause for concern.

www.joomlapolis.com/documentation/279-community-builder/tutorials/18362-registering-a-user-through-cb-api

If you are accepting a usergroup value from POST you need to apply filtering to it and clean out any usergroup ids you don't want to accept.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

saman2
ONLINE
Posts: 404
Thanks: 7
Karma: -1

6 years 6 months ago #303802 by saman2

Replied by saman2 on topic is there a way to prevent create super user via CB api?

krileon wrote:
If you are accepting a usergroup value from POST you need to apply filtering to it and clean out any usergroup ids you don't want to accept.

yes i do this.so it is enough.
thank you

Please Log in or Create an account to join the conversation.

Moderators: beat, nant, krileon