vb.org Archive - Email notification if someone attempts to access your Admin CP

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vBulletin 3.0 Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=33)

- - Email notification if someone attempts to access your Admin CP (https://vborg.vbsupport.ru/showthread.php?t=64519)

Excellent Hack!

Install Button > Click!

Worked beautifully on my vB 3.0.5. I accidentally locked myself out for 15 minutes though. Any chance of making a hack, or an addon, that makes it so user id 1 cannot be locked out? Someone could go to your forum and try to log in 6 times and then you have to wait 15 minutes.

My idea would be that the hack would stop the person trying to login from continuing to attempt to login, but to NOT lock out the admin's account. It may seem stupid, but someone with your talent should be able to work something out? :)

Quote:

Originally Posted by therczone

You could bypass it for the admins account but that would defeat the whole purpose of the strike system b/c if your not logged in it has no way of knowing if you're the admin or not.

You could do something like this, so that it doesn't give the admin strikes or lock him out when trying to login to the control panel as long as he's already logged into the board:

In includes/functions_login.php find:

Code:

function verify_strike_status($username = '')

{

        global $DB_site, $vboptions;



        $DB_site->query("DELETE FROM " . TABLE_PREFIX . "strikes WHERE striketime < " . (TIMENOW - 3600));



        if (!$vboptions['usestrikesystem'])

        {

                return 0;

        }

Replace it with:

Code:

function verify_strike_status($username = '')

{

        global $DB_site, $vboptions, $bbuserinfo;



        $DB_site->query("DELETE FROM " . TABLE_PREFIX . "strikes WHERE striketime < " . (TIMENOW - 3600));



        if (!$vboptions['usestrikesystem'] OR $bbuserinfo[usergroupid]==6)

        {

                return 0;

        }

Find:

Code:

// ###################### Start exec_strike_user #######################

function exec_strike_user($username = '', $strikes = 0)

{

        global $DB_site, $strikes, $vboptions;



        if (!$vboptions['usestrikesystem'])

        {

                return 0;

        }

Replace it with:

Code:

// ###################### Start exec_strike_user #######################

function exec_strike_user($username = '', $strikes = 0)

{

        global $DB_site, $strikes, $vboptions, $bbuserinfo;



        if (!$vboptions['usestrikesystem'] OR $bbuserinfo[usergroupid]==6)

        {

                return 0;

        }

With that change, if the admin is logged in to the forum but not the control panel it will not give him a strike for an incorrect cp login and shouldn't lock him out even if someone else has 5 strikes with his username. All other usergroups will still get a strike.

If you're not logged into the forum you'll still get a strike.

I didn't test it but it should work.

Thanks for verifying that this hack works with 3.0.5 btw. :)

Quote:

Originally Posted by therczone

Just set up a second admin account for yourself. I use 2 so that if one has a problem, I have a back door.

well,

this hack works fine except for one little thing

Code:

Script: http://www.yoursite.com/forums/login.php

why isn't this line hypperlinked ?? this is bugging me i know just a rediculious detail but it's bugging me

Quote:

Originally Posted by Delphiprogrammi

well,

this hack works fine except for one little thing

Code:

Script: http://www.yoursite.com/forums/login.php

why isn't this line hypperlinked ?? this is bugging me i know just a rediculious detail but it's bugging me

Uuhm then get it hyperlinked? <a href=...

Installed. Not working.

1. Version 3.0.3 (patched init.php - twice)
2. vBadvanced hack
3. IBProarcade hack
4. vBquiz hack

Checked and tried everything (twice) listed in the "Checklist"... still no luck?

I have a question: my administrator folder IS NOT named "admincp", could this be the cause?

Thanks.
mm :nervous:

Mechanical Mind,
I don't think the name of the folder would have any effect on it but I could be wrong.

The only other thing I can think of is maybe one of the other hacks changes something which effects this hack. Since I don't use any of those myself I can't say for sure. You could try applying this hack to fresh un-modified files and see what happens.

Quote:

Originally Posted by Delphiprogrammi

well,

this hack works fine except for one little thing

Code:

Script: http://www.yoursite.com/forums/login.php

why isn't this line hypperlinked ?? this is bugging me i know just a rediculious detail but it's bugging me

Its not hyperlinked for two reasons:
1) Its not meant to be clicked on. That line is only there to show you where the intruder is attempting to login from.. i.e. your site or a remote script.
2) Not all email clients support HTML.

oooh so i didn't do anything wrong i thought i did something wrong ok so i didn't anyway your hack worked fine with vb 3.0.3 & 3.04 & 3.0.5 i don't use any of those other either

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (7)bbcode_code_printable (4)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (1)pagenav_pagelinkrel (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01179 seconds Memory Usage 1,752KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (7)bbcode_code_printable (4)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (1)pagenav_pagelinkrel (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: