PDA

View Full Version : Administrative and Maintenance Tools - vB3.5 Email notification if someone attempts to access your Admin or Mod CP


Boofo
09-25-2005, 10:00 PM
vB3.5 Email notification if someone attempts to access your Admin or Mod CP
Version 1.0.1
(By Boofo)

What does this modification do?
When someone tries to login to your Admin CP or Mod CP, you will get an email that contains the username they tried, the password they tried, their IP address, hostname, number of strikes, referrer, script, and the date & time of the attempt. It also will now distinguish itself in the message subject between a failed Admin CP attempt and a failed Mode CP attempt, so you will know right off which CP they tried to login to.

NOTE: To alleviate anyone getting upset about plain text passwords being transmitted from the server, the ONLY time a plain text password is sent, is when it is a failed login attempt. It is not stored on the server anywhere and no hashed passwords are ever revealed to anyone. I think it's good to know if anyone is getting close to what my CP password is so I can change it if necessary.

Credits:
Thanks to EvilLS1 for making the vB 3.0 version of this modification on which this update is based and released with permission.

Version Information:
Version 1.0.0 --Initial release
Version 1.0.1 --Fixed user name being wrong on a user attempt.


Installation overview:
--------------------------------------
Files to edit: (2)
--incudes/adminfunctions.php
--login.php


What it looks like in the Mod CP when an anonymous users tries to login:

-----------------------------------------------------
Someone is trying to login to your Your Forums Mod CP!
-----------------------------------------------------
Username tried: Ned
Password tried: does this work?
IP Address: 1.123.23.4
Host: 1-123-23-4.some.name.com
Strikes: 4 out of 5
Referer: http://www.yoursite.com/forums/modcp/
Script: http://www.yoursite.com/forums/login.php
Date & Time: Monday, September 26th, 2005 at 8:22:29 am
-----------------------------------------------------

What it looks like in the Mod CP when a user from your site tries to login:

-----------------------------------------------------
Someone is trying to login to your Your Forums Mod CP!
-----------------------------------------------------
Username tried: Boofo
Password tried: does this work?
IP Address: 1.123.23.4
Host: 1-123-23-4.some.name.com
Strikes: 4 out of 5
Referer: http://www.yoursite.com/forums/modcp/
Script: http://www.yoursite.com/forums/login.php
Date & Time: Monday, September 26th, 2005 at 8:22:29 am
-----------------------------------------------------
USER ATTEMPT: Your Forums has identified this registered user as: Boofo

Mith
09-26-2005, 11:29 AM
Great hack!

I've tested this, and I do indeed get an E-mail message informing me of a wrongful attempt..

However..

The bottom information is incorrect:

Username tried: Boofo
Password tried: does this work?
IP Address: 1.123.23.4
Host: 1-123-23-4.some.name.com
Strikes: 4 out of 5
Referer: http://www.yoursite.com/forums/modcp/
Script: http://www.yoursite.com/forums/login.php
Date & Time: Monday, September 26th, 2005 at 8:22:29 am
-----------------------------------------------------
USER ATTEMPT: Your Forums has identified this registered user as: Boofo


So on my boards if I try to log in using the username Boofo (and as you and I both know, you aren't an admin of my board)

Then it comes up with the message above BUT

the bottom line SHOULD read:
USER ATTEMPT: Your Forums has identified this registered user as: <my user name>

So I think some small problem there.

Cheers

Boofo
09-26-2005, 01:06 PM
Fixed! ;)

And how come I'm not an Admin on your board? ;)

TheComputerGuy
09-26-2005, 02:17 PM
Installed

Thanks Boofo :)

Boofo
09-26-2005, 02:37 PM
You're very welcome, sir. ;)

Hope to see you on the new site. ;)

icebox12
09-26-2005, 03:41 PM
Good hack :)

I'm currently installing this on to my own forum I will post my full feedback on this after the installation has been completed.

Boofo
09-26-2005, 03:46 PM
Good hack :)

I'm currently installing this on to my own forum I will post my full feedback on this after the installation has been completed.

Which should take about 2 minutes. ;)

Darkwaltz4
09-26-2005, 04:00 PM
hmm, this is an interesting hack, but i assume it sends to the same email for every failed attempt

this could reveal to that email the password of one of the mods, who just accidentally mispelled their USERNAME on the login panel.

i dunno, but mods might not enjoy this, and this might be an idea: if a submitted username matches an existing username, then the email of that username is the one who recieves the email :) that way the user in question knows they were the one targeted. (and perhaps the 'main' email getting the truly perhaps random attempt notices)

edit: hmm, although that wouldnt fix the whole mispelled name + correct password thing hmm...

truly a touchy subject :-p

edit: furthermore, this cant check if a login attempt worked, but wasnt that user (fully understandable), so this could actually serve to further give out your password :-/

nexialys
09-26-2005, 04:04 PM
screenshot ?!

mouahhh... i had to ask !!! be the first is always good!

Boofo
09-26-2005, 04:10 PM
The first post shows you what it looks like. LOL

Boofo
09-26-2005, 04:19 PM
hmm, this is an interesting hack, but i assume it sends to the same email for every failed attempt

this could reveal to that email the password of one of the mods, who just accidentally mispelled their USERNAME on the login panel.

i dunno, but mods might not enjoy this, and this might be an idea: if a submitted username matches an existing username, then the email of that username is the one who recieves the email :) that way the user in question knows they were the one targeted. (and perhaps the 'main' email getting the truly perhaps random attempt notices)

edit: hmm, although that wouldnt fix the whole mispelled name + correct password thing hmm...

truly a touchy subject :-p

edit: furthermore, this cant check if a login attempt worked, but wasnt that user (fully understandable), so this could actually serve to further give out your password :-/

I explained the passsord reason in the first post. If the main Admin of your board cannot be trusted with the information if you make a mistake, then you really shouldn't be a Mod there anyway, right? ;)

I think the main Admin should get an email if someone attempts to log in no matter what account is trying to be used. Your idea of sending an email to the username tried is an intersting idea, but only as long as it would be staff personel that had access to whatever CP was trying to be accessed.

How could it further give out your password if they make a successful login? You wouldn't get an email and no information would be sent. If they make a successful login, they would already know your passord. Duh? ;)

Darkwaltz4
09-26-2005, 04:26 PM
well of course, but anywhere where passwords are lying around in plaintext are troublesome if something is compromised (its happened to my email once). and also the untrustworthy admin thing :-p

well, yeah sorry i implied the 'and must be a mod/admin thing as well' :-p

im saying it could further give it out if its coupled with the whole compromised thing above. youd think this would be some sort of safeguard against logins who arent you, whereas its undetectable and yet posts your password in plaintext somewhere :-p hence the possibility of being negative on the whole.

im just helping to examine some vulnerabilities which can (and for me, have) arise

Boofo
09-26-2005, 04:34 PM
The plain text password is not stored anywhere. It is only sent in the email. So there is no way for anyone to get it, because it isn't there. ;)

Darkwaltz4
09-26-2005, 04:45 PM
yes it is stored somewhere; in the email message, as plaintext :-p thats what i keep talking about. if this message is left in the email client, and the email account is compromised, then the hacker has a host of email messages containing login failures at their disposal, and can probably deduce correct passwords from common mistakes with logins (like mispelled name + correct password)

if they did this quietly, then they could use them to log into the CPs, and nobody would detect that - correct login :-p

Boofo
09-26-2005, 04:50 PM
Well, I don't feel that way about it so if someone doesn't want to have the password in the email, they can comment the password line out in the code. Simple as that. Easy fix.

Delphiprogrammi
09-26-2005, 06:44 PM
i was waiting for this ...

Boofo
09-26-2005, 06:58 PM
The wait is over! ;)

Marco van Herwaarden
09-26-2005, 07:19 PM
/me moves Boofo up on his ignore list, oops he already was on top.
/me will from now on stay away from each board that is touched by Boofo

Boofo
09-26-2005, 07:29 PM
I wish I had known that was all it took a long time ago. ;)

Delphiprogrammi
09-26-2005, 07:40 PM
hi,

I don't receive the warning email ... vbulletins mails function is working fine (i know for sure since i tested it => maintenance =>diagnostics =>email test) and no PHP errors are displayed anywhere so i goto my admincp and i enter wrong login and password but nope .. vbversion i'm using (look at the left side) :D

Boofo
09-26-2005, 07:58 PM
EvilLS1 did one for 3.0. Try that one. ;)

Delphiprogrammi
09-26-2005, 08:22 PM
EvilLS1 did one for 3.0. Try that one. ;)

eerm i'm wrong i'm using vb 3.5.0(RC3)

Boofo
09-26-2005, 08:24 PM
Then upload fresh files and re-edit them. There's no way it should not work. It goes to the webmasteremail.

concepts
09-26-2005, 09:53 PM
Great Hack [installed]

**works Great!

utw-Mephisto
09-26-2005, 11:47 PM
Is there a way to create a thread also in a certain forum ?

utw-Mephisto
09-26-2005, 11:48 PM
A Plugin rather then fileedits would be great too

Boofo
09-26-2005, 11:52 PM
Is there a way to create a thread also in a certain forum ?

Wrong forum? ;)

Boofo
09-26-2005, 11:53 PM
A Plugin rather then fileedits would be great too

You're right, a plug-in would be beter. But there are no hooks to handle this so we're stuck with file edits for now. I tried, but it couldn't happen. :(

utw-Mephisto
09-27-2005, 12:17 AM
Wrong forum? ;)

No, I mean a thread instead an email :)

Boofo
09-27-2005, 12:26 AM
I wouldn't do that as there is some personal info (ips, password tried) that really doesn't need to be posted anywhere. I only convereted this because I like to know if someone is messing around with the board. And since the email only comes to me, I feel that it is safeguarded enough for my purpose. I'm catching all sort of flack now over the tried password being sent. Think of the flack I would get over it being sent to a thread. ;)

C_P
09-27-2005, 12:28 PM
A word of warning, for shits and giggles, I thought I'd see if this would function on vBulletin Version 3.0.7. This seems to install fine until you log out.... you cannot get back in! ;) So, for those that are gonna ask if it works on older versions.... nope.
Once the General Release of 3.5 non RC is out, I'll be back to get this one.
Thanks Boofo!

Boofo
09-27-2005, 12:32 PM
A word of warning, for shits and giggles, I thought I'd see if this would function on vBulletin Version 3.0.7. This seems to install fine until you log out.... you cannot get back in! ;) So, for those that are gonna ask if it works on older versions.... nope.
Once the General Release of 3.5 non RC is out, I'll be back to get this one.
Thanks Boofo!

Well, of course it won't run on earler versions of 3.0. Things have changed. There is a 3.0 version of this out that works fine. This is the 3.5 upgrade to the earlier version. ;)

TyleR
09-27-2005, 12:36 PM
Nice Bob..

/me clicks install

Delphiprogrammi
09-27-2005, 09:41 PM
Then upload fresh files and re-edit them. There's no way it should not work. It goes to the webmasteremail.

problem solved must of been typo anyway nice one and working like a charm

* Delphiprogrammi clicks install

Boofo
09-27-2005, 10:57 PM
Glad it's working for you. ;)

dreck
09-28-2005, 08:06 PM
*INSTALL*

Nice hack... works great!

Thanks Boofo

utw-Mephisto
09-28-2005, 10:44 PM
Works on 3.5 finall too :) Thanks

utw-Mephisto
09-28-2005, 10:45 PM
Works on 3.5 finall too :) Thanks

utw-Mephisto
09-28-2005, 10:45 PM
Works on 3.5 gold too :) Thanks

Alien
09-28-2005, 11:50 PM
Woah, triple whammy post! :) Now that's appreciation, Boofo!

...works great, thanks so much for this!

Boofo
09-29-2005, 04:25 AM
Then make sure you click the install button in case there are any updates in the future.

Alien
09-29-2005, 04:28 AM
Damnit, missed that click. Done!

dreck
09-29-2005, 10:14 PM
upgraded to gold.. re-edited templates.. np!

Thanks.

Ncturnal
09-30-2005, 01:06 AM
Awesome. Is there anyway to set something similar up for specific usernames trying to access the forum area, particularly any accounts that have access to hidden admin forums?

Delphiprogrammi
09-30-2005, 05:56 PM
hi,

updated to 3.5.0 reedited the code (working fine) i also modified it a bit sow if you get a warning e-mail somebody is trying to access your /admincp or /modcp you will get that e-mail with a high priority (if you use outlook express to read your mail you'll see a red exclamation image nexto the email)

since this hack isn't mine i can't post any code ...

Boofo
09-30-2005, 06:18 PM
hi,

updated to 3.5.0 reedited the code (working fine) i also modified it a bit sow if you get a warning e-mail somebody is trying to access your /admincp or /modcp you will get that e-mail with a high priority (if you use outlook express to read your mail you'll see a red exclamation image nexto the email)

since this hack isn't mine i can't post any code ...

PM me the changes and let me see what you've done. If I add then, I will credit you in the first post. ;)

silurius
10-01-2005, 03:51 AM
Awesome hack - has this been validated in 3.5 Gold?

Boofo
10-01-2005, 01:22 PM
Awesome hack - has this been validated in 3.5 Gold?

https://vborg.vbsupport.ru/showpost.php?p=782125&postcount=43

silurius
10-01-2005, 03:17 PM
Worked beautifully! Clicking Install.

Delphiprogrammi
10-03-2005, 09:50 AM
Boofo,

Do you have any idea why it stopped working with the changes i pm'ed to you it doesn't send an email at all since the upgrade to 3.5.0 gold not even when i comment my modifications out and leave it to the original hmmmm

/me reading php manual about email headers

Boofo
10-03-2005, 10:38 AM
Boofo,

Do you have any idea why it stopped working with the changes i pm'ed to you it doesn't send an email at all since the upgrade to 3.5.0 gold not even when i comment my modifications out and leave it to the original hmmmm

* Delphiprogrammi reading php manual about email headers

It seems to be working fine for everyone else on Gold so it must be something you either changed or added causing the problem.

Milesian
10-03-2005, 01:24 PM
Working fine for me on Gold too. Installed :)

NuclioN
10-03-2005, 06:20 PM
After install there's an error when someone wants to get the password mailed!

http://www.url.com/forums/$vboptions[bburl]/login.php?$session[sessionurl]do=lostpw

Boofo
10-04-2005, 12:10 AM
After install there's an error when someone wants to get the password mailed!

http://www.url.com/forums/$vboptions[bburl]/login.php?$session[sessionurl]do=lostpw

This hack shouldn't affect that at all.

NuclioN
10-04-2005, 08:16 AM
Hm..maybe it's a bug then, i've asked for this on vbulletin.com

Boofo
10-04-2005, 08:28 AM
Hm..maybe it's a bug then, i've asked for this on vbulletin.com

No one else has reported it and I have never seen it happen. ;)

wolfyman
10-08-2005, 05:48 PM
Thanks Boofo :)

vibe
10-09-2005, 10:46 PM
this is one great mod

Rover416
10-10-2005, 07:44 AM
Just what i was looking for.

Thank you.

lefteris
10-12-2005, 12:16 PM
http://www.url.com/forums/$vboptions[bburl]/login.php?$session[sessionurl]do=lostpw

Iave the same problem and in the wrong password (login.php) i see an error.
$strikes...of 5

wolfyman
10-12-2005, 01:01 PM
can this work for mods too?

Boofo
10-12-2005, 02:03 PM
http://www.url.com/forums/$vboptions[bburl]/login.php?$session[sessionurl]do=lostpw

Iave the same problem and in the wrong password (login.php) i see an error.
$strikes...of 5

Make sure you are using the 1.0.1 version of this hack.

Boofo
10-12-2005, 02:04 PM
can this work for mods too?

It works on both the Admin CP and the Mod CP so yes, it will work for Mods, too. ;)

hillbilly_jim
10-14-2005, 03:58 AM
After installing, if I enter an incorrect password I now get the "page can not be displayed error" instead of redirecting. I do receive the email notification.

Kihon Kata
10-14-2005, 04:29 AM
After install there's an error when someone wants to get the password mailed!

http://www.url.com/forums/$vboptions[bburl]/login.php?$session[sessionurl]do=lostpw

Will this work on 3.5 full? I have installed this. When I try to login to my admcp with another username/pswd, I am NOT receiving email notifs.

Kihon Kata
10-14-2005, 04:29 AM
Will this work on 3.5 full? I have installed this. When I try to login to my admcp with another username/pswd, I am NOT receiving email notifs.

Boofo
10-14-2005, 07:32 AM
After installing, if I enter an incorrect password I now get the "page can not be displayed error" instead of redirecting. I do receive the email notification.

Re-do the file edits. You must have made a mistake installing the hack. ;)

Will this work on 3.5 full? I have installed this. When I try to login to my admcp with another username/pswd, I am NOT receiving email notifs.

The email is sent to the webmaster email of the site. Make sure that is your email. ;)

And yes, it is fully compatible with 3.5 Final.

lefteris
10-14-2005, 08:43 AM
i have the 1.0.1 version. but i have that problem.If i go to logout then the url is http://www.gsmforum.gr/forum/$siteurl

Boofo
10-14-2005, 08:44 AM
i have the 1.0.1 version. but i have that problem.If i go to logout then the url is http://www.gsmforum.gr/forum/$siteurl

You need to recheck your files edits. ;)

Andyrew
10-17-2005, 08:33 PM
Installed and working great

hillbilly_jim
10-18-2005, 03:10 AM
Re-do the file edits. You must have made a mistake installing the hack. ;)
After re-editing the files 3 times I still get the erorr. I used the original files and have no other edits to them.

Kihon Kata
10-18-2005, 03:53 AM
After re-editing the files 3 times I still get the erorr. I used the original files and have no other edits to them.

Mine also doesn't work. I have edited my files twice. I have PM'ed you Boofoo also so you can look at my code. Have you received them?

Boofo
10-18-2005, 11:16 AM
Mine also doesn't work. I have edited my files twice. I have PM'ed you Boofoo also so you can look at my code. Have you received them?

First of all it's Boofo. ;)

And yes I recieved your PMs but I am right in the middle of a personal situation that demands my time for another few days so I will be scarce here and not be able to look at anything until then, sorry.

All I can say for now is to upload fresh copies of your files and re-edit them. And make sure the webmaster email on your site is your email. That is where the email is sent to.

When I get done with what is going on, I will look into it.

Kihon Kata
10-18-2005, 12:10 PM
First of all it's Boofo. ;)

And yes I recieved your PMs but I am right in the middle of a personal situation that demands my time for another few days so I will be scarce here and not be able to look at anything until then, sorry.

All I can say for now is to upload fresh copies of your files and re-edit them. And make sure the webmaster email on your site is your email. That is where the email is sent to.

When I get done with what is going on, I will look into it.

Oh ok. Sorry. I'll try to edit them one more time. (Yes the webmaster email is mio)

THanks

Salazar
10-19-2005, 10:25 AM
Hey Boofo, thanks for sharing this hack! I already used it on 2.3.x

I have one question though: Is it possible to hardcode the e-mail address? My webmaster e-mail is a redirection to my and my co-admin's address and I don't want to bother her by recieving those mails.

Thanks in advance!

Boofo
10-19-2005, 10:38 AM
Hey Boofo, thanks for sharing this hack! I already used it on 2.3.x

I have one question though: Is it possible to hardcode the e-mail address? My webmaster e-mail is a redirection to my and my co-admin's address and I don't want to bother her by recieving those mails.

Thanks in advance!

Remind me on the weekend and I will look at it and see if it can be done. I am on my way out of state in about 2 hours and still have what seems like 3 hours worth of getting ready to go. ;)

Salazar
10-19-2005, 04:41 PM
Maybe someone else has a clue.

I read the code and wondered if the following could work.

Instead of:

vbmail($vbulletin->options['webmasteremail'], $subject, $message, true);

This:

vbmail(blubb@blubba.blu, $subject, $message, true);

GT2.0
10-19-2005, 08:53 PM
Woohoo! nice :)

fn9mm
10-22-2005, 10:30 AM
Works like a charm on my 3.5 Gold, Thx !!!
Nice Feature

hydrostatic
10-25-2005, 04:47 AM
I would love it if this can be plugin. Is this not possible at all?

lefteris
10-25-2005, 12:10 PM
i have redit my files Adminfunction.php - login.php but i have the same problem.
my login.php code is
*** File removed, no posting of full vB files (MarcoH64) ***

RaceJunkie
10-26-2005, 01:02 AM
Works great only one problem.

It does not display the password tried in the email.

Boofo
10-26-2005, 06:47 AM
Works great only one problem.

It does not display the password tried in the email.

The only way that could happen is if they tried to login with a blank password.

RaceJunkie
10-26-2005, 10:50 AM
The only way that could happen is if they tried to login with a blank password.


Retried it and everything working great..

Thanks!!

lefteris
10-27-2005, 06:47 AM
what can i do to fix my problem?
If i press logout then all links inside the login.php it's $url , $strike etc etc

What can i do for that?
I have redit my files and it's everything ok.

Boofo
10-27-2005, 03:02 PM
what can i do to fix my problem?
If i press logout then all links inside the login.php it's $url , $strike etc etc

What can i do for that?
I have redit my files and it's everything ok.

Try re-editing the files but start with clean fresh files. You must have missed something somewhere. ;)

Salazar
10-27-2005, 04:02 PM
err Boofo, you owe me a comment on hardcoding the e-mail adress :D

Boofo
10-27-2005, 04:11 PM
err Boofo, you owe me a comment on hardcoding the e-mail adress :D

Try:

vbmail("blubb@blubba.blu", $subject, $message, true);

Salazar
10-28-2005, 05:29 PM
That worked perfectly. Thank you!

phonexpo
11-06-2005, 04:32 PM
I get this error after putting in wrong password, any ideas how to fix it?;

Parse error: parse error, unexpected T_CLASS, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or '}' in /home/www/phonexpo.net/includes/class_mail.php on line 409

Delphiprogrammi
11-06-2005, 04:55 PM
I get this error after putting in wrong password, any ideas how to fix it?;

that's a PHP syntax error make sure you closed all { } ; " ' etc etc most likely the error is in login .php

Boofo
11-06-2005, 09:41 PM
I get this error after putting in wrong password, any ideas how to fix it?;

I would say to re-edit the files as I have no idea what is causing that but it shouldn't have anything to do with this hack. ;)

Paul_d_g
11-13-2005, 11:56 AM
Will this work for 3.5.1?

Boofo
11-13-2005, 12:29 PM
Will this work for 3.5.1?

Yes, it should. There are others using it on 3.5.1 and it seems to be working ok for them. ;)

fn9mm
11-13-2005, 01:23 PM
Will this work for 3.5.1?

works fine on my board 351

knigwhil
11-24-2005, 04:19 AM
Works perfectly, thanks.

Andyrew
12-10-2005, 07:51 AM
Should this work on 3.5.2 i have tried and cannot get it to work, i had it working on 3.5.0 and 3.5.1 :disappointed:

Delphiprogrammi
12-10-2005, 08:34 AM
Should this work on 3.5.2 i have tried and cannot get it to work, i had it working on 3.5.0 and 3.5.1 :disappointed:

works fine on 3.5.2

klaush
12-10-2005, 11:31 AM
Thanks, Boofo!

Great and very useful!

*installed*

fn9mm
12-10-2005, 01:42 PM
Should this work on 3.5.2 i have tried and cannot get it to work, i had it working on 3.5.0 and 3.5.1 :disappointed:
U have to reapply the changes to :
--incudes/adminfunctions.php
--login.php
after upgrading to 3.5.2

if you did, recheck the changes to see if they are correct

klaush
12-10-2005, 01:46 PM
Should this work on 3.5.2 i have tried and cannot get it to work, i had it working on 3.5.0 and 3.5.1 :disappointed:

Yep, no problem at all! Do the installation as described and everything?s working like a charm.

Andyrew
12-10-2005, 02:11 PM
Yep, no problem at all! Do the installation as described and everything?s working like a charm.

It was working all the time, it was USER error, i was logging into my forums with a wrong password instead off trying to log into my Admincp :o :speechless: :p

bobad
01-09-2006, 01:35 AM
Works great... a useful tool. Thanks
*installed*

kassem
01-11-2006, 07:16 AM
Thanks for this hack, I've under 3.5.3 I hope it's works.

IrPr
01-11-2006, 09:32 PM
works fine on 3.5.3 ;) nice !

Posof
01-14-2006, 10:00 AM
:squareeyed:

Where do i need make the changes so that my other admin receiv a e-mail to when they try with his Password..

Ore is it possible to add somany members groups that i want with this..

Thanks

:ermm:

Megareus Rex
01-22-2006, 09:14 PM
Nice hack, and it actually displays the password this time (I remember on the 3.0 version, I couldn't get it to show the password that was tried).

Hostboard
02-05-2006, 02:38 PM
I want to just log failed attempts to the ACP. If I just edit the incudes/adminfunctions.php will this be all I need to do?

davis31b
02-14-2006, 04:19 PM
i noticed that on this hack it doesn't like putting in comments ie: <!-- hack here --> other than that it works great so if you have failed login attempts just delete the comments

Hornstar
02-18-2006, 08:50 AM
I want to also know if someone is trying to login to a certain user, example (userid 1,2,3)

How would I change this so it can also find out if someone is trying to login to those users.

Thanks

DementedMindz
02-23-2006, 11:05 AM
question just wanted to make sure this will still work for 3.5.4

phonexpo
02-23-2006, 11:08 AM
question just wanted to make sure this will still work for 3.5.4

I'm sure it will be ok, I've been using it on the 3/4 updates with no problems. I'll be upgrading l8r I'll put it in and let you know.

Freak0204
02-26-2006, 04:59 AM
Great hack! Thanks so much!

Nathan2006
03-14-2006, 01:30 PM
Hi I was just wondering if this hack will work with

htaccess Protection for admincp & any dir
https://vborg.vbsupport.ru/showthread.php?t=105179


Thanks :)

EDIT: Yes it works lol ;)

Treak
03-16-2006, 08:18 AM
you should officially make this little guy your avtar.. https://vborg.vbsupport.ru/external/2006/03/21.gifcause you are jus that! https://vborg.vbsupport.ru/external/2006/03/22.gif

best hack out there.. is this one by far!!!

also YES THIS DOES WORK ON 3.5.4 !! AND IT WORKS TOO GOOD.. GREAT HACK!!!

cudaxtreme
04-06-2006, 03:36 PM
Hi,

I did all the necessary changes but I have some code appearing on the admin login screen

md5password_utf); js_do_options(this)">

would appear on the top left corner of the admin login screen

zweefer
04-06-2006, 09:34 PM
Thanks! This is just what i needed!

rareclownfish
04-12-2006, 02:31 AM
I installed it on 3.5.4 it's been about an hour and I still haven't recieved an email how long dies it take?

rareclownfish
04-12-2006, 02:44 AM
I just got the email nice hack.

Pamela
06-16-2006, 05:51 AM
*clicks install*

Works great! Thanks!!! :banana:

Ncturnal
08-18-2006, 06:41 AM
It works in vB 3.6.0 as well. There was only a minor change in the instructions. In the 3.6.0 code they added ?do=login after login.php. Simply change the instructions for modifying adminfunctions.php as follows:


In incudes/adminfunctions.php

Find:
--------------------------------------

<form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">


--------------------------------------
REPLACE it with:
--------------------------------------

<?php
if ($logintype=='cplogin' OR $logintype=='modcplogin')
{
echo '<form action="../login.php?do=login" method="post" name="loginform" onsubmit="document.forms.loginform.vbpassword.value=document .forms.loginform.vb_login_password.value; md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">';
}
else
{
echo '<form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">';
}
?>

--------------------------------------
Find:
--------------------------------------

<input type="hidden" name="vb_login_md5password_utf" value="" />

--------------------------------------
BELOW it add:
--------------------------------------

<input type="hidden" name="vbpassword" value="" />

All of the instructions for the login.php edits did not change. Great hack!

wolfyman
08-18-2006, 09:44 AM
thanks for the above information, I was just getting around to editing my previous hacks and that was one of my top questions!

the code to search for in the first edit is wrong, though.

first edit, find this:

<form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">

phonexpo
08-18-2006, 11:58 AM
Thanks guys I have this working on vB360 now, although I had to put a "," at the end of this code on the login.php on line 83;


'postvars' => TYPE_STR,

RaceJunkie
08-19-2006, 01:04 AM
Working fine in 3.6

AngusMacGyver
08-25-2006, 10:58 PM
It works on 3.6.0

blind-eddie
08-27-2006, 05:17 PM
Will this work in 3.5.3?

blind-eddie
08-28-2006, 04:49 PM
*bump*

Ncturnal
08-28-2006, 11:36 PM
Yes. I used it in 3.5.2, 3.5.3, 3.5.4, and now 3.6.0.

blind-eddie
08-29-2006, 12:56 AM
rgr,Thank You

brvheart
08-30-2006, 01:32 PM
works great in 3.6 without having to make any adjustments to directions :) thanks boofo

curriertech
09-29-2006, 02:17 AM
Working for me in 3.6.1 but it always says 'undefined' for the password (which is fine with me). :)

LostOne
09-29-2006, 02:25 AM
On my old phpbb board someone tried and succeeded and messed up my whole board. This is quite the perfect hack for protection, I'll try the 3.6 version available and hope I won't mess the installation.

Thanks

PoetJA-1975
10-08-2006, 08:31 AM
Thanx for this extra security - Much appreciation!

Jacquii.

adwade
10-31-2006, 01:48 PM
I have never tried editing a PHP file before, and I must admit the structure of one was a bit foreign to me as I'm not a coder. However, following the instructions above for vB v3.6 (Thanxx Ncturnal & wolfyman) as carefully as I could...IT WORKED! So I now have this running on my install of vB v3.6.2

MANY THANXX Boofo for having developed this! :banana:

PoetJA-1975
01-21-2007, 03:24 PM
It works in vB 3.6.0 as well. There was only a minor change in the instructions. In the 3.6.0 code they added ?do=login after login.php. Simply change the instructions for modifying adminfunctions.php as follows:


In incudes/adminfunctions.php

Find:
--------------------------------------

<form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">


--------------------------------------
REPLACE it with:
--------------------------------------

<?php
if ($logintype=='cplogin' OR $logintype=='modcplogin')
{
echo '<form action="../login.php?do=login" method="post" name="loginform" onsubmit="document.forms.loginform.vbpassword.value=document .forms.loginform.vb_login_password.value; md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">';
}
else
{
echo '<form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">';
}
?>

--------------------------------------
Find:
--------------------------------------

<input type="hidden" name="vb_login_md5password_utf" value="" />

--------------------------------------
BELOW it add:
--------------------------------------

<input type="hidden" name="vbpassword" value="" />

All of the instructions for the login.php edits did not change. Great hack!

Thanx for the info - Works fantastically!:up:

Jacquii.

blind-eddie
01-22-2007, 12:57 AM
You guys know this is in vb already in 3.6.4

Terminatoronly
01-22-2007, 07:01 AM
great mod thanks boofo i will use it

PoetJA-1975
01-22-2007, 08:13 AM
You guys know this is in vb already in 3.6.4

nope - sure didn't

JAcquii.

dcpaq2xx
03-14-2007, 01:39 PM
You guys know this is in vb already in 3.6.4

Where do I find that at? How is it enabled or used?

Thanks

Doug

dcpaq2xx
03-14-2007, 05:12 PM
You guys know this is in vb already in 3.6.4

Yes but from what I see this mod is completely different from the default Vb version your referring to.

http://www.vbulletin.com/forum/showthread.php?p=1322160#post1322160

Doug

blind-eddie
03-14-2007, 08:42 PM
Exactly the same...Make sure your settings are correct...log in to your admincp, with wrong password.....then go check your email. You will have email of who it was & there ip.

dcpaq2xx
03-14-2007, 08:43 PM
Yeah, but what I like about this here hack is that its restricted to just the admin seeing it, which I beleive is how it should be done. The members dont need to know this, this should be sent to the admin.

Doug

blind-eddie
03-15-2007, 02:51 AM
dcpaq2, you would still be the only one who sees the email informing you that someone attemped to access your admincp.....You get emails regarding site info?

dcpaq2xx
03-15-2007, 03:02 AM
Maybe Im thinking of the login strike system, 5 bad logins locks you out for 15 minutes and an email is sent to that user id. Myabe im getting the two confused.

Doug

dcpaq2xx
03-15-2007, 01:05 PM
Blind-Eddie,

I did a test trying to login to the admin cp with a bad password and the system does log the attempt, but I dont receive any email letting me know about it and it doesnt even tell me what the password was that was trying to be use.

As far as I am concerned I think I am going to try this hack, it seems to be more thourough and more what I am looking for.

Seems as though the Vbulletin staff always leave out the most important stuff. :rolleyes:

Doug

benjaminbih
05-20-2007, 05:43 PM
Installation Instructions:
--------------------------------------
In includes/adminfunctions.php

Find:
--------------------------------------

<form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">

--------------------------------------
REPLACE it with:
--------------------------------------

<?php
if ($logintype=='cplogin' OR $logintype=='modcplogin')
{
echo '<form action="../login.php?do=login" method="post" name="loginform" onsubmit="document.forms.loginform.vbpassword.value=document .forms.loginform.vb_login_password.value; md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">';
}
else
{
echo '<form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">';
}
?>

--------------------------------------
Find:
--------------------------------------

<input type="hidden" name="vb_login_md5password_utf" value="" />

--------------------------------------
BELOW it add:
--------------------------------------

<input type="hidden" name="vbpassword" value="" />

--------------------------------------

The Code changes in this mod for login.php don?t need to be changed! Its the same for vB 3.6.7

dcpaq2xx
05-20-2007, 06:09 PM
Thank you for the heads up benjaminbih.

If you wouldnt have said anything I would not have even noticed that the code got wiped out in login.php by the 3.6.7 upgrade as well as having to add in extra code in the adminfunctions file as it is something that doesnt get used everyday.

A big thank you to you, and a big thank you to Boofo for offering this hack to us and keeping it up to date.

Doug

benjaminbih
05-20-2007, 10:59 PM
Thank you for the heads up benjaminbih.

If you wouldnt have said anything I would not have even noticed that the code got wiped out in login.php by the 3.6.7 upgrade as well as having to add in extra code in the adminfunctions file as it is something that doesnt get used everyday.

A big thank you to you, and a big thank you to Boofo for offering this hack to us and keeping it up to date.

Doug

Oh i forget it :o


The Code changes in this mod for login.php don?t need to be changed! Its the same for vB 3.6.7

dcpaq2xx
05-20-2007, 11:20 PM
The Code changes in this mod for login.php don?t need to be changed! Its the same for vB 3.6.7

I did not say anything about code being 'changed' in login.php. I said the code got wiped out, big difference. :)

Doug

rjmjr69
05-21-2007, 12:09 AM
Works just perfectly with 3.6.7 Thanks

Boofo
05-24-2007, 05:36 PM
Since I am still running 3.5.4, I'm not sure what has changed in 3.6. If someone could let me know what instructions I need to upgrade, I will add the 3.6 version to this post, too. ;)

Nathan2006
08-12-2007, 04:49 AM
Since I am still running 3.5.4, I'm not sure what has changed in 3.6. If someone could let me know what instructions I need to upgrade, I will add the 3.6 version to this post, too. ;)


This is still working great for 3.68

I totally forgot about this :D

Email is still sending too.

PoetJA-1975
09-03-2007, 03:07 AM
Yeppers - still works for 3.6.8 brilliantly!
Thanx again for sharing - should be a default feature!

Jacquii.

MB-Soft
09-10-2007, 03:22 PM
Works great in vB 3.6.8 :)

Thanks!

brvheart
09-16-2007, 02:09 PM
not working on 3.6.8 :(, MB what edits did you use?

Vman
01-03-2008, 04:06 AM
DITTO!!! I just installed it in 3.6.8 and its not working, there are no error messages, but when attempted to make false login attempts, there were not email notifications sent!!!!!

Can someone PLEASE fix this minor issue since this a good hack/plug to have!!!!

Thanks

Boofo
01-31-2008, 08:04 PM
This is working on 3.7.0 beta 4. I have posted the vb 3.7.0 beta 4 version in the 3.7 modifications area.

segwayon
05-23-2008, 11:43 PM
One difference I noticed when installing in 3.6.8 was one of the lines I was supposed to find:

<form action="../login.php" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">

And this was what I found in 3.6.8:

<form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">

I didn't alter any of the replacement code:

... etc ... <form action="../login.php" method="post" ... etc ...

Should I have kept the same pattern in the form tag?

Boofo
05-23-2008, 11:55 PM
Maybe you ought to go all out and install the 3.7 version of this hack which has the line you are looking for. ;)