Question Rank changed, but how?

I'm investigating an incident on our forum. One of our moderators¹ lost his rank in the past 48 hours. I went through the Kunena logs, but there is no entry with that user as target for the given time period.

We only have two users which are able to access the Joomla backend and change Kunena settings. My colleague hasn't logged in in the past 48h. I usually do all the administration and my colleague helps out when needed or when I'm away. I didn't change the mod's profile, either.

There is two more possibilities I can think of at the moment.

1. It happened during the update to v5.1.10.1
On 5 March I updated the forum to the latest version. It went through without any errors or warnings and a quick check didn't reveal anything out of the ordinary. However, we setup our own ranks, including Moderator. The only rank still left from the installation is the Administrator rank. Initially, we didn't want to use ranks, but later we decided to make use of it to scratch an itch, so to speak.

So, is there some script running during or triggered by the update, that could possibly have made a change?

2. Rank can be changed in the frontend somehow
Is there a way of changing ranks from the frontend, that I'm not aware of? That's the only other thing I could think of. Of course, there's also the possibility of a hack, but the system logs give no indication so far.

¹I just checked another mod's settings who's profile was almost identical. He also lost his rank. In addition, I'm seeing a user that does have the rank Moderator, but I never gave it to him. It's all very weird and it worries me quite a bit.

[hr]

Database collation check: ✔ The collation of your table fields are correct

Joomla! SEF: Enabled | Joomla! SEF rewrite: Enabled | FTP layer: Disabled |

This message contains confidential information

htaccess: Exists | PHP environment: Max execution time: 30 seconds | Max execution memory: 128M | Max file upload: 8M

Kunena menu details:

Warning: Spoiler!

ID	Name	Menutype	Link	Path	In trash
741	Forum	kunenamenu	view=home&defaultmenu=753	forum	No
742	Index	kunenamenu	view=category&layout=list	forum/index	No
743	Recente Onderwerpen	kunenamenu	view=topics&mode=replies	forum/recent	No
744	Ongelezen	kunenamenu	view=topics&layout=unread	forum/unread	No
745	Nieuw Onderwerp	kunenamenu	view=topic&layout=create	forum/newtopic	No
746	Geen Reacties	kunenamenu	view=topics&mode=noreplies	forum/noreplies	No
747	Mijn Onderwerpen	kunenamenu	view=topics&layout=user&mode=default	forum/mylatest	No
748	Profiel	kunenamenu	view=user	forum/profile	No
749	Hulp	kunenamenu	view=misc	forum/help	No
750	Zoeken	kunenamenu	view=search	forum/search	No
771	Gebruikers	kunenamenu	view=user&layout=list	forum/userlist	No
772	Statistieken	kunenamenu	view=statistics	forum/statistics	No
751	Forum	mainmenu	Itemid=741	tcn-forum	No

Joomla default template details : astroid_template_zero | author: JoomDev | version: 2.0.2 | creationdate: Nov 2018

Kunena default template details : Crypsisb3 | author: Kunena Team | version: 5.1.10.1 | creationdate: 2019-03-04

Kunena template params:

Warning: Spoiler!

DefaultCategoryicon	fa-motorcycle
profileIconset	default
DefaultIconset	tcn_topic_icons
editorIconset	default
borderless	1
tooltips	1
SubjectLengthMessage	80
fullactions	0
quick	1
displayMenu	0
displayDropdownMenu	0
displayDropdownContent	1
displayModule	1
displayBreadcrumb	1
displayAnnouncement	1
displayFooter	1
avatarPosition	left
formRecover	1
labels	0
whoisonlineName	default
avatarType	img-rounded
topicicontype	fa
fontawesome	1
icons	0
socialshare	0
socialsharetag
socialtheme	classic
optional_username	0
writeaccess	0
localstorage	1
IconColor	#383892
IconColorNew	#fd9604
editor	0
video	1
maps	0
emoticons	1
twitter	0
ebay	0
link	1
picture	1
hide	1
spoiler	1
table	1
code	1
quote	1
divider	1
instagram	0
soundcloud	0
confidential	1
hr	1
listitem	1
supscript	1
subscript	1
numericlist	1
bulletedlist	1
alignright	1
alignleft	1
center	1
underline	1
italic	1
bold	1
strikethrough	1
colors	1
size	1
wysibb	bold,italic,underline,strike,sup,sub,justifyleft,justifycenter,justifyright,|,img,video,link,|,bullist,numlist,|,fontcolor,fontsize,fontfamily,|,quote,code,table,removeFormat
avatarSizeX	40
avatarSizeY	90
avatarSizeXThumb	36
avatarSizeYThumb	36
avatarSizeXWelcome	72
avatarSizeYWelcome	72
avatarSizeXList	36
avatarSizeYList	36
avatarSizeXPost	72
avatarSizeYPost	72
avatarSizeXProfile	100
avatarSizeYProfile	100
templatebyText
templatebyName
templatebyLink

Kunena version detailed: Kunena 5.1.10.1 | 2019-03-04 [ Janus ]
| Kunena detailed configuration:

Warning: Spoiler!

Kunena config settings:
board_offline	0
enablerss	1
threads_per_page	20
messages_per_page	20
messages_per_page_search	20
showhistory	1
historylimit	20
shownew	1
disemoticons	0
template	crypsisb3
showannouncement	1
avataroncat	1
catimagepath	category_images
showchildcaticon	0
rtewidth	450
rteheight	300
enableforumjump	1
reportmsg	1
username	0
askemail	0
showemail	0
showuserstats	1
showkarma	0
useredit	1
useredittime	86400
useredittimegrace	600
editmarkup	1
allowsubscriptions	1
subscriptionschecked	1
allowfavorites	1
maxsubject	50
maxsig	300
regonly	0
pubwrite	0
floodprotection	0
mailmod	0
mailadmin	-1
captcha	-1
mailfull	0
allowavatarupload	1
allowavatargallery	1
avatarquality	75
avatarsize	2048
imageheight	800
imagewidth	800
imagesize	4096
filetypes	txt,rtf,pdf,zip,tar.gz,tgz,tar.bz2,gpx,gdb,itn
filesize	4096
showranking	1
rankimages	1
userlist_rows	30
userlist_online	1
userlist_avatar	1
userlist_posts	1
userlist_karma	0
userlist_email	0
userlist_joindate	1
userlist_lastvisitdate	1
userlist_userhits	0
latestcategory
showstats	1
showwhoisonline	1
showgenstats	1
showpopuserstats	1
popusercount	10
showpopsubjectstats	1
popsubjectcount	10
showspoilertag	1
showvideotag	1
showebaytag	0
trimlongurls	1
trimlongurlsfront	40
trimlongurlsback	20
autoembedyoutube	1
autoembedebay	1
ebaylanguagecode	en-us
sessiontimeout	3600
highlightcode	1
rss_type	post
rss_timelimit	month
rss_limit	100
rss_included_categories
rss_excluded_categories
rss_specification	atom1.0
rss_allow_html	1
rss_author_format	name
rss_author_in_title	1
rss_word_count	0
rss_old_titles	1
rss_cache	900
defaultpage	recent
default_sort	asc
sef	1
showimgforguest	1
showfileforguest	1
pollnboptions	4
pollallowvoteone	1
pollenabled	1
poppollscount	5
showpoppollstats	0
polltimebtvotes	00:15:00
pollnbvotesbyuser	100
pollresultsuserslist	1
allow_user_edit_poll	0
maxpersotext	50
ordering_system	replyid
post_dateformat	datetime_today
post_dateformat_hover	datetime
hide_ip	0
imagetypes	jpg,jpeg,gif,png
checkmimetypes	1
imagemimetypes	image/jpeg,image/jpg,image/gif,image/png
imagequality	80
thumbheight	128
thumbwidth	128
hideuserprofileinfo	put_empty
boxghostmessage	0
userdeletetmessage	4
latestcategory_in	1
topicicons	1
debug	0
catsautosubscribed	0
showbannedreason	0
showthankyou	0
showpopthankyoustats	0
popthankscount	5
mod_see_deleted	1
bbcode_img_secure	image
listcat_show_moderators	0
lightbox	1
show_list_time	0
show_session_type	2
show_session_starttime	900
userlist_allowed	0
userlist_count_users	2
enable_threaded_layouts	0
category_subscriptions	topic
topic_subscriptions	first
pubprofile	0
thankyou_max	10
email_recipient_count	0
email_recipient_privacy	bcc
captcha_post_limit	3
image_upload	registered
file_upload	registered
topic_layout	flat
time_to_create_page	1
show_imgfiles_manage_profile	0
hold_newusers_posts	0
hold_guest_posts	0
attachment_limit	4
pickup_category	1
article_display	intro
send_emails	1
fallback_english	1
cache	1
cache_time	60
iptracking	1
rss_feedburner_url
autolink	1
access_component	0
statslink_allowed	1
superadmin_userlist	0
legacy_urls	0
attachment_protection	1
categoryicons	1
avatarresizemethod	1
avatarcrop	1
user_report	1
searchtime	365
teaser	0
ebay_language	146
allow_change_subject	0
max_links	6
read_only	0
ratingenabled	0
url_subject_topic	1
log_moderation	1
attach_start	0
attach_end	14
attachment_utf8	1
autoembedsoundcloud	1
emailheader	/media/kunena/email/hero-wide.png
user_status	1
signature	1
personal	1
social	0
plain_email	1
moderator_permdelete	1
avatartypes	gif, jpeg, jpg, png
smartlinking	0
defaultavatar	nophoto.png
defaultavatarsmall	s_nophoto.png
quickreply	1
avataredit	1
activemenuitem
mainmenu_id
home_id
index_id
moderators_id
topiclist_id
misc_id
profile_id
search_id
avatar_type	0
sef_redirect	1
allow_edit_poll	0
use_system_emails	0
autoembedinstagram	1

| Kunena integration settings:

Warning: Spoiler!

Kunena - Finder Enabled
Kunena - AltaUserPoints Disabled
Kunena - Community Builder Disabled
Kunena - Easyblog Disabled
Kunena - Easyprofile Disabled
Kunena - Easysocial Disabled
Kunena - Gravatar Disabled
Kunena - JomSocial Disabled
Kunena - Joomla Enabled: access=1 login=1
Kunena - Kunena Enabled: avatar=1 profile=1
Kunena - UddeIM Enabled: private=1

| Joomla! detailed language files installed:

Warning: Spoiler!

Joomla! languages installed:
nl-NL	Dutch (nl-NL)
en-GB	English (en-GB)

Third-party components: UddeIM 4.0

Third-party SEF components: None

Plugins: None

Modules: None

In addition, I'm seeing a user that does have the rank Moderator, but I never gave it to him.

Please disregard the mystery moderator. It could well be a red herring.

The more I think about it, the more I'm convinced that this a bug in the latest Kunena release. Moderator ranks are assigned by some logic in Kunena. I never actively assigned the rank to anyone. I only changed the icon for the moderator rank and changed the moderation settings in the backend user interface. The ranks were assigned automagically. Thus,

I went through the Kunena logs, but there is no entry with that user as target for the given time period.

makes perfect sense. Nobody changed the moderator ranks. They are just no longer automagically assigned as they were before.

If you would like me to run further tests, let me know. I already produced a list of moderators and their assigned ranks, if any, should you be interested.

Which error you mean? I can not reproduce a mistake of this kind,
A Moderator and a rank are two different things.
Choose in the backend Kunena -> Users an user. You see the tabs Moderation and Forum Settings.
If you set on the first tab "Is moderator? = Yes" the user get automatically the rank Moderator and moderate rights either global or only for selected categories.

But if you set the rank on the tab Forum Settings, this is only a rank title without extra rights.

There is no error that I can see. I'm only seeing the results of something that has changed presumably since the update.

A Moderator and a rank are two different things.

Right and wrong at the same time. There is a default rank called Moderator. That's what I'm talking about. It's automagically assigned to users given the role of moderator on the forum. At least that's how it was (or I guess that's how it was).

Best to give an example:

username	moderator	rank_title
mod	1	NULL

That particular user is one of our global moderators. Before the update, the moderator badge, a custom image, I uploaded, for the rank moderator, was displayed below his account. You can see that he's got no rank assigned (NULL). Now, after the update, he's wearing the administrator badge. That's the red dots. I didn't change the image for that rank.

So, without us changing anything on the given user's settings, profile etc. his appearance changed. The update is the only change applied to the forum that could have such an effect, I guess.

Maybe the question boils down to: what is the magic that is applied for the moderator rank, or any other of the special ranks for that matter, to show in the frontend without assigning it explicitly in the backend. Also, somehow related, what takes precedence? A special, automagically assigned rank or an explicitly assigned rank (set in the backend)?

On our forum, we distinguish between paying members of our club and non-paying forum users. Members have access to special members-only boards. In order to help distinguish members from non-members visually, every member gets a special badge. We realize that by explicitly assigning them the custom special rank member. Any member could become a moderator on the forum, globally or for selected boards. So, once I elevate a users permission to moderator, should the associated rank automagically be displayed or do I have to change it in the backend?

Quite a question for something I could easily try out myself, I know. I'm just trying to better understand the applied logic. Without knowing what the intended behavior is, it's hard to tell misbehavior.

Here a list of automatic ranks.
Registered - Author - Publisher - Editor - Manager | Kunena rank is Member (Rank Image changes by number of posts)
Admin - Super User | Kunena Rank is Admin
Category Moderator | Rank is Moderator only in the assigned categories (in other categories he is Member)
Global Moderator | Rank is Moderator

Exceptions:
If you set Admins and Super User as Moderator - The rank remain Admin

Special Ranks (tab Forum Settings)
If you choose here a special rank title for an user (example Spammer), this changes only the rank image but not the rights. With this option you can also change the rank image for admins or mods.
docs.kunena.org/en/manual/backend/ranks/add-rank

Thank you very much for the overview. I would say there's a bug in the latest version then. The user in question is a normal user¹ in Joomla. In Kunena he's a Global Moderator. So, his rank image should be that of a Moderator:

Global Moderator | Rank is Moderator

Unless, there's something else that needs to be taken into consideration. Does Kunena look at all at access levels? I'm asking, because your answer triggered something in my memory. I recently² tried to configure Joomla such that Global Moderators can access the Kunena configuration logging in to the backend without them getting access to other settings than Kunena. That's a desire, because not everything can be configured from the frontend, e.g. boards.

I did not succeed, so far. But I did change some access levels for the Joomla group our Global Moderators are member of:

Kunena Forum | Access Administration Interface | Allowed
Global Configuration | Administrator Login | Allowed

Members of that Joomla group can now login to the backend, but the Components menu is not available for them. The same approach did work for a different component we are using on our website.

¹not in the Super Users group nor being granter the Super User ACL
²before, but possibly on the same day, I installed the update

I just checked the User Activity Log in Joomla. The ACL changes were applied the day before I installed the update. I didn't notice the change of rank until a couple of days after the update. So, the ACL modification is definitely another candidate for the changed rank.

Thank you very much for the overview. I would say there's a bug in the latest version then. The user in question is a normal user1 in Joomla. In Kunena he's a Global Moderator. So, his rank image should be that of a Moderator:

Yes correct, unless you have created an own Kunena rank for this user.

Unless, there's something else that needs to be taken into consideration. Does Kunena look at all at access levels?

Joomla user groups such as Author, Editor ect.. are for Kunena only normal registered users without extra rights. Only Admins and Super Users have more rights.

I recently tried to configure Joomla such that Global Moderators can access the Kunena configuration logging in to the backend without them getting access to other settings than Kunena. That's a desire, because not everything can be configured from the frontend, e.g. boards.

I did not succeed, so far. But I did change some access levels for the Joomla group our Global Moderators are member of:

Kunena Forum | Access Administration Interface | Allowed
Global Configuration | Administrator Login | Allowed

Now it's all clear. This members are admins now.
In the frontend are the differences between Admins and Global Moderators minmimal, such as a Moderator can't ban an another Moderator but a Admin can do it.
But in the backend you have a security problem now. All the users of this group have the possibility, to delete permanently all members from your web page.
Please see this doc and scroll down to the Info bar.
docs.kunena.org/en/faq/admins-only-for-kunena

Yes correct, unless you have created an own Kunena rank for this user.

No, I have not. But I infer from your answer that manually assigned ranks in the backend take precedence over automatically calculated ranks based on permissions or post count.

This members are admins now.

So, Kunena does look at the assigned ACLs then? Not a problem, just good to know.

But in the backend you have a security problem now. All the users of this group have the possibility, to delete permanently all members from your web page.

First of all, I wouldn't call it a security problem. It's a matter of trust. Or, to quote sudo:

With great power comes great responsibility.

Second, as I mentioned, the users are not yet able to see anything in the backend. Obviously, I have missed something setting it up. I will go through the documentation and try to figure out what. Thanks for pointing me in the right direction.

I would also like to thank you for you support once again. I'm glad this turned out to be a red herring and not a bug or, worse, a security incident.

All done! :woohoo:

Our two global mods now have access to the Kunena backend. I actually came across the documentation page you pointed me to, before. It just didn't register as being related to what I was trying to achieve. Maybe renaming the document to something like "Access to Joomla backend only for Kunena component for forum administrators" might help. I know it's a mouth full...

Anyway, I'm glad I can put this behind me.