I couldent find anything like this, even if it is so simple, anywhere on here so i decided to make it myself..

Description:
Checks IP of moderator or administrator before allowing access to mod/admincp or editing threads.

Requires mods to functions_login.php,postings.php,inlinemod.php, txt file named ippool.txt in forum root directory,apparse.php uploaded to forum root,ipauth.php uploaded to forum root.

Instructions for install:


1.download attachments
2.open adminprotection.php and edit the variables to their correct settings.
3.upload ipauth.php,apparse.php,adminprotection.php,ippool. txt to forum root
4.find..
// admin control panel or upgrade script login
if ($logintype === 'cplogin')
{ in includes/functions_login.php and add under //admin protection
include 'adminprotection.php';
checklogin();
//end admin protection
5. find.. if ($logintype === 'modcplogin')
{ and add below //admin protection
include 'adminprotection.php';
checklogin();
//end admin protection
6. find..
switch ($_REQUEST['do'])
{
case 'openclosethread':
case 'dodeletethread':
case 'dodeleteposts':
case 'domovethread':
case 'updatethread':
case 'domergethread':
case 'dosplitthread':
case 'stick':
case 'removeredirect':
case 'deletethread':
case 'deleteposts':
case 'movethread':
case 'editthread':
case 'mergethread':
case 'splitthread': in posting.php(located in forum root) and add above..//admin protection
include 'adminprotection.php';
checklogin();
//end admin protection

7. find..

switch ($_POST['do'])
{
case 'open':
case 'close':
case 'stick':
case 'unstick':
case 'deletethread':
case 'undeletethread':
case 'approvethread':
case 'unapprovethread':
case 'movethread':
case 'mergethread':

in 'inlinemod.php' in forumroot, add

//admin protection
include 'adminprotection.php';
checklogin();
//end admin protection

in between the switch ($_POST['do'])
{ and case 'open':
case 'close':
case 'stick':
case 'unstick':
8. CHMOD apparse and adminprotection.php to 777
9. visit http://yoursite.com/ipauth.php and enter your ip and click submit
10. repeat for all admins/moderators on your forum
11. you're finished!

*note this hack does not work with a dynamic ip yet, i plan to add it later on.

Future Mods:
Switch to MySQL table,Support for DSL/dialup IPs,Save to database on all unauthorized logins

You know IPs can be spoofed, right? ;)

I've unfortunately had to remove the attachment for the time being..

Hopefully the author can make some necessary adjustments to the installation, and it can be re-uploaded again shortly.

all fixed, organized the code alot better too =) Now will send email/log to file when unauthorized user tries to login.

Thanks for the quick fix-me-up cerjam, it is much appreciated. :)

And if my PC breakes donw?huh?

I suppose you have never tried to login at more tham one PC. HMM not sure this is such a good Idea. Unless you have a static IP this is not good.

I suppose you have never tried to login at more tham one PC. HMM not sure this is such a good Idea. Unless you have a static IP this is not good.

That is common sense and i'm really tired of hearing people complain and moan about the usage of modifications. This is not simply directed towards you mholtum. Time and time again, when someone creates a piece of work someone always has to come out of their hole and try to make a claim as to why the modification "is not good or should not be used". I'm pretty sure if people wanted to use their admincp at other terminals they would make intelligent arragements to do so. It's a code, we shoulden't have to hear debates about why people shoulden't add this or that to their community because of unpractacality or your take on various ethical issuues.

I'm not coming back into this thread so don't waist your time.

Good work cerjam by the way

:banana:

I suppose you have never tried to login at more tham one PC. HMM not sure this is such a good Idea. Unless you have a static IP this is not good.


Well then i suppose you can just got right back into ipauth.php and add your new ip :idea:


one a side note it would be a pain in the butt for dial up folks, does this support wildcards?

That is common sense and i'm really tired of hearing people complain and moan about the usage of modifications. This is not simply directed towards you mholtum. Time and time again, when someone creates a piece of work someone always has to come out of their hole and try to make a claim as to why the modification "is not good or should not be used". I'm pretty sure if people wanted to use their admincp at other terminals they would make intelligent arragements to do so. It's a code, we shoulden't have to hear debates about why people shoulden't add this or that to their community because of unpractacality or your take on various ethical issuues.

I'm not coming back into this thread so don't waist your time.

Good work cerjam by the way

:banana:
AMEN!

That is common sense and i'm really tired of hearing people complain and moan about the usage of modifications. This is not simply directed towards you mholtum. Time and time again, when someone creates a piece of work someone always has to come out of their hole and try to make a claim as to why the modification "is not good or should not be used". I'm pretty sure if people wanted to use their admincp at other terminals they would make intelligent arragements to do so. It's a code, we shoulden't have to hear debates about why people shoulden't add this or that to their community because of unpractacality or your take on various ethical issuues.

I'm not coming back into this thread so don't waist your time.

Good work cerjam by the way

:banana:
Wow. I was simply trying to point out that there COULD be an issue for some with this installed. There are many people here that are fairly new to vb and install modification after modification without much thought. Trying to save someone a little stress

Very useful mod, prevents the security of your entire forum from relying on all of your moderator/admin passwords.

Nice work *installed*

ick, i woke up to a inbox full of 'unauthorized login' emails, i misplaced the code in functions_login.php, check original post for fix.

Good job on that!

/me installs

prevents you from logging on elsewhere

No? What do you think ipauth.php is for? lets you add another ip to the ippool. and it doesnt support wildcards yet, i use dialup myself and it really isnt a hassle adding my ip everytime i reconnect, but then again i stay online for 3-4 days at a time >.>

I'm using .htaccess for extra protection, but I don't see how this couldn't work.

Parse error: syntax error, unexpected T_INCLUDE, expecting T_CASE or T_DEFAULT or '}' in /home/epirate/public_html/forums/inlinemod.php on line 93

switch ($_POST['do'])
{
//admin protection
include 'adminprotection.php'; <-- line 93.. all files are in place and edited properly. just somehow managed to kill my inline.
checklogin();
//end admin protection
case 'open':
case 'close':
case 'stick':
case 'unstick':
case 'deletethread':
case 'undeletethread':
case 'approvethread':
case 'unapprovethread':
case 'movethread':
case 'mergethread':

can edit posts and what not.. seems to be working fine in that respect, however with that error being on line 93, it has effectively killed my entire inline mod tool.. uninstalled from the inline mod tool though and my inline works perfect again. so yeah.. call that a bug. sad imo.. i was really looking forward to this hack helping to beef up the security on my board.

8. CHMOD apparse and adminprotection.php to 777

DO NOT DO THIS.. if you have someone THINKING bout or ATTEMPTING to hack your forum.. i recently had a member use the 777 to his own advantage and save blank adminprotection.php and apparse files to my ftp in an attempt to gain access to my admincp..