Support

Admin Tools

#9799 403 - An error has occurred. - Using User Manager

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by slaes on Tuesday, 20 September 2011 09:34 CDT

Tuesday, 22 March 2011 15:00 CDT

jmack50
Just installed Admintools Pro 2.0.1. I opened User Manager and tried to changed the editor I use. On trying to save the change, I received "403 - An error has occurred." It didn't save and from that point everything I clicked on rendereed the 403 - An error has occurred. I couldn't close User Manager or exit Joomla. I had to close and open the browser to login again. The problem still exist after I login again. Everything else appears to work.

The only change I made with Admintools was to reset the Superadmin ID. I don't know if the problem existed before I reset the ID.

Joomla 1.5.22
Linux/Apache
PHP 5.2.16
MySQL 5.1.47

I read the documentation and the 403 Error posts in this Forum. Nothing seems to match my issue or I am not understanding it.

Tuesday, 22 March 2011 16:35 CDT

nicholas
This is a feature of the Web Application Firewall which comes turned on by default and prevents editing back-end users. This is to protect you in case a hacker infiltrates your site. If the hacker is not able to change your credentials it is not possible to "hold hostage" your site.

In order to disable that feature, go to Components, Admin Tools, Web Application Firewall, WAF Config then find the "Disable editing backend users' properties" setting and set it to No. Save and you're set :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 22 March 2011 17:32 CDT

jmack50
Thanks for the quick response. I am a new user and I will eventually have the time to learn all of ATPro features.

Wednesday, 23 March 2011 03:31 CDT

nicholas
No worries! Admin Tools 2 has everything but the kitchen sink :) It takes a while to get familiar with all of its features.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 04 May 2011 07:04 CDT

goslingcools
Jeez... installed numerous times on different servers to find what was blocking the user manager...

But I was (as Super Admin) not able to change anything in the user manager... That is probably not the meaning, right?

Wednesday, 04 May 2011 07:08 CDT

nicholas
On the contrary, this is exactly the meaning of this feature! If your site gets infiltrated (a hacker logs in as a Super Administrator), the first thing a hacker will try to do is to change your login credentials so that you can't get access to your site easily. Blocking this functionality is putting a hurdle to the attacker so that you have more time to log back into your site and activate the Emergency Off-Line mode.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 07 June 2011 10:49 CDT

user14074
Ah! There that bugger is. Teach me for not more thoroughly reading the manual! ;-)

Okay, I totally get the point of such a feature now. I'm trying to think of a way that you could still allow one user changes to user access levels without shutting it off for everyone, but I can't think of a way.

But I'm glad I found this! Thanks.

Tuesday, 07 June 2011 13:32 CDT

nicholas
Hm... Even though it is actually MUCH easier to filter just one user, there's no point. The idea is to stall a hacker by frustrating him long enough for you to log in to your site, kick the impostor out and enable the Emergency Off-Line Mode.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 20 September 2011 08:40 CDT

user42438
Not sure of the usefulness of this, surely if a hacker gets into the site as SuperAdmin they could go to the admin utils and change the setting?

Tuesday, 20 September 2011 09:20 CDT

slaes
actually your able to protect the admin tools component with a master password which will prevent/slow right down what your suggesting from happening. For all intensive purposes if you have, admin login email notification setup, should you site become compromised you will be able to login, active the emergency shut down feature while diagnosing the breach, as opposed to being entirely locked out of your site while the hacker reps havoc.

p.s. If your in a position where your SA has been compromised, obviously there are much deeper issues.

Tuesday, 20 September 2011 09:31 CDT

user42438
Good point. What a great tool! :)

Tuesday, 20 September 2011 09:34 CDT

slaes
mate, without ATP, solid backups and a good secure server/host i would not know how one sleeps at night ;)

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!