Giuseppe Iuculano wrote:
Hi Ivan,Why an installation shouldn't have the default wordpress admin user?
Well, the 'default' administrator may no longer exist for several reasons, but the main reason is because it was removed after installation since it didn't seem necessary to keep it based on the fact that wordpress uses a 'role' based authorization system. Therefore assigning the 'administrator' role to a user should IMHO be enough to have an administrator.
Note that the only place I could find where authorization is based on the numeral '1' is in wp-admin/upgrade.php. All the other wp functions use the roles and capabilities functionality, and therefore *every* other administrative functions can be performed using a user with the 'administrator' role - *except* - for the upgrade process.
Unfortunately "current_user_can('administrator')" doesn't work.
Right... But I tried with "current_user_can('level_10')" and that seems to work fine. Something like :
******
--- upgrade.php.orig 2009-08-15 12:35:51.000000000 +0200
+++ upgrade.php 2009-08-15 12:27:25.000000000 +0200
@@ -21,6 +21,7 @@
$current_user = wp_get_current_user();
$user_id = $current_user->ID;
if ($user_id != 1)
+ if(!current_user_can('level_10'))
wp_safe_redirect('../wp-login.php?upgrade');
timer_start();
******
works for me. Alternatively, the 'import' capability could be checked
instead since this entails the capacity to perform administrative
functions on the wp database.
Anyway.. No big deal for me. Whenever an upgrade is needed, I can always make a quick change to wp-admin/upgrade.php.
--Ivan
smime.p7s
Description: S/MIME Cryptographic Signature
