next »

[John]

I created a profile for a person to manage the calendar, they have permission to change/reset a lost password. While testing I also found that they could change the Administrator password (mine). I don't think thay should be able t change the administrator password!

The method to change the password is:
Select Edit/Delete Users
Edit Administrator
Change password

[DanO]

** I don't think they should be able to change the administrator password! **

You're probably right however if that password was ever lost, it might be difficult to set a new one?

If you want to change the script's functioning in that regard though:

1. Open the edit_delete_users.html file.

2. Find the line:
foreach $record (sort { $a->{'username'} cmp $b->{'username'} } @$users) {

3. Try ADDING this line directly after the above one:

code:

next if ($record->{'username'} eq "Administrator");

Which should skip printing of the form buttons for the Administrator's record altogether.

Let us know if it solves your dilemma.

Dan O.

[This message has been edited by DanO (edited September 10, 2006).]