Hi,

Is there any such mod that locks a predefined user account to a single ip?

Thanks.

Lock the account to the IP.. you mean so only that IP can log in to that account?

Not that I know of. And why would you do that? Some users, like myself, have dynamic IPs. So, I'd sign up and a couple of days later be locked out because my IP changed.

It could be a hacking prevention technique, although again, it's very risky.
This could probably be added to the login check (do a query to see if IP field matches the current IP)

Yeah, I'm sure you can write a plugin to check if the IP you are using currently is the same as the one your registered with. But, as I said, you will lock out a lot of users who have dynamic IPs. I know if that happened to me, I'd just leave the site.

Agreed Lynne. Unless you set a condition in the plug-in (for maybe admins only?).

if($username = 'Admin'){
// execute code
}

Again, you're limited to what you can use because the user isn't actually logged in, which limits your variables.

I always find .htaccess protection much more effective than per-user protection.

Hi

Yes it would be for myself or any staff that has a static ip, the ip could be manually modified via SQL if needed, or if the ip could be encoded in md5 would be rather good too.

Security is a maximum these days every one is trying to hack me :P

The login redirect page uses the following hooks:

init_startup
cache_permissions
style_fetch
cache_templates
global_start
parse_templates
fetch_musername
notices_check_start
notices_noticebit
global_setup_complete
login_verify_success
fetch_userinfo_query
fetch_userinfo
login_process
login_redirect
redirect_generic


I'ma guess you'd use login_process or fetch_userinfo_query and just do an if statement that executes a query to grab the IP and compare.
If you want maximum security, remember to use .htaccess on mod and admincp dir's, rename the dir's to random strings and never chmod anything 777 (although as an owner of a large MMORPG forum I'd guess you know most of this).

I wouldn't recommend hashing your IP address.. for a few reasons. The main one being it's just added load for your server which is unnecessary.