works great!!! thanks firefly

It only sends me mail when someone tries accessing with an Admin user name

normal users and their passwords arent emailed
made up user names and passwords arent emailed either

can this be added in?

what a cooooooool hack . thank you so much . lol.

[QUOTE]Originally posted by Mutt
firefly, I've added alittle to your hack

Here's the chunk of code that needs to be added to 2 files

PHP Code:

---

            // email alert
            $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
            $iphostname = @gethostbyaddr($ipaddress);
            if ($HTTP_COOKIE_VARS['bbuserid']) {
                $realuserid = $HTTP_COOKIE_VARS['bbuserid'];
                $realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$realuserid'");
                $MessageAddon .= "\nThier cookie identifys them as ".addslashes($realusername[username]."\n");
            }
            if ($sessionids=$DB_site->query("SELECT userid FROM session WHERE host='$ipaddress' AND userid>0 GROUP BY userid")) {
                while ($sessionid = $DB_site->fetch_array($sessionids)) {
                    $realusername=$DB_site->query_first("SELECT username FROM user WHERE userid='$sessionid[userid]'");
                    $MessageAddon .= "\nSessions identifys them as ".addslashes($realusername[username]);
                }
            }
            $message="Someone is trying to login to the $bbtitle control panel!\nThe Script was : $PHP_SELF\n\nUsername they tried to use: $loginusername\nPassword they tried to use: $loginpassword (".md5($loginpassword)." in encryption)\n\nThe IP address is: $ipaddress\nThe host is: $iphostname\n\nSearch for members using this ip\n $bburl/admin/user.php?action=doips&s=&ipaddress=$ipaddress\n$MessageAddon";
            mail($webmasteremail,"Warning: vBulletin Admin Login Attempted",$message,"From: \"$bbtitle Admin CP\" <$webmasteremail>");
            // email alert 


---

the first addition is in sessions.php as instructed by firefly

it goes right after

PHP Code:

---

 if (md5($loginpassword)!=$bbuserinfo[password]) { 


---

then second additon is in adim/global.php

and it goes right after

PHP Code:

---

$getperms=$DB_site->query_first("SELECT cancontrolpanel FROM user,usergroup WHERE user.usergroupid=usergroup.usergroupid AND user.userid='$bbuserinfo[userid]'");
if ($getperms[cancontrolpanel]!=1) { 


---

now you'll get an email like this



now the email gets sent for any incorect login instead of just ones with a correct username and wrong password. If they are somehow listed in sessions under multiple userids, (logged on and then logged on again under a second account) you'll get them all.

Firefly, thanks for this. I really like it and plan to keept expanding it. Security is key. I have a bunch of jerkoffs at my Stern site and have been pushing off upgrading it to VB until I had lots of admin tools like this little email notice.

I'll be doing something very similar to this which will be used to track multiple accounts.

Hey people, let me know if you have any problems with this

> New at vBulletin.org!
> You can now reply to the thread by replying to this message

that is an amaaaaaasing great feature!!!!
vbulletin.org, you are real cool guys.

And they know it...

Satan

> And they know it...

LOL. Do you think those cool guys would tell me what hack is used to send
new posts by email???

I dont think it is released...

If it is, then it is a well kept secret...

I think FireFly wanted it to be a vb.org exclusive, but I may be wrong...

Satan

@FireFly:

Do you release a new complete explanation for this hack in the first post in this thread?

I followed many of this long thread tips and now I have at least 5 different points where the email is launched... ;)

To optimize code, I created a function mail2wm() within adminfunctions.php so I simply call it from everywhere passing some parameters... :p

So, I can receive many emails each time. A general question is: could I set, within that function, a global variable to tell the function itself it has already done its job ?
Sorry, but I'm not too good at php about globals and sessions... Actual question is: such a global variable will be unique for the entire board - each user - or only for that user set it up ?
First case, could I 'localize' any way that variable for that particular session ?

Thanks a lot, and sorry for the O-T.
Bye

Thanks for this hack FireFly! Working on 2.2.5. :D

Great hack-Great Work!!
Thank U Very Much!!! :D

cant seem to find this code from sessions.php

[QUOTE]if (md5($loginpassword)!=$bbuserinfo[password]) {

What version of vB are you running, Grealm?

Did someone already get this code working on Apache 2.0 ?

I understand it should be something like:
$ipaddress=iif(HTTP_SERVER_VARS("REMOTE_ADDR")!="" ,HTTP_SERVER_VARS("REMOTE_ADDR "),$HTTP_HOST);
$iphostname = @gethostbyaddr($ipaddress);

but I can't get it work.

Peter

Works great on 2.2.6. And I'm a newbie that isn't too informed about hacks :)

[QUOTE]Originally posted by Heckwork
Did someone already get this code working on Apache 2.0 ?

Upgraded to 2.2.6 and working great! :)

Dude stop installing my hacks! ;)

I'm sorry, I'm sorry! I just wanna be the first to have them all, and it's your own fault for making such good hacks in the first place! :p

:p

BUUUURRRRRRRRRP !!!!!

Ahhhhh....

That sure was a good hack...

Off to find somemore now...

stupid question, but where do I install this hack? where do you find the sessions.php file?

[QUOTE]Originally posted by allen
stupid question, but where do I install this hack? where do you find the sessions.php file?

Great job mutt and firefly!!

:)

This code can also be used (with slight modifications) to flag attempted unauthorised use of moderation features in moderator.php.

Find each occurance of:

Before this line of code add:

I've found a few users trying the mod screen via the admin link that is displayed to all users in the template getinfo.

Users accessing the moderator.php options can also be viewed in the Currently Active Users list with the description "Unknown Location:/moderator.php"

Good job FireFly :) Just installed it :D

great hack, i likes :)

thanks!

I've installed the hack (version 2.2.6) and it works - but I get an email not just every time I log in incorrectly, but CORRECTLY too. Also, I get a mail every time I save something in the cp. So for instance, I just logged in (correctly), changed some colours, and have now received NINE emails!

Anyone had this? Or know how to deal with it?

Thanks in adance,

Spinach

Yeah, I had that, too. I just uninstalled it. There's some other similar version out there somewhere.

Working great, thanks Chen. :D

LOL! Damn Spinach .... that's funny. I installed it and it works perfectly :) If I were you, I would uninstall it and re-install it. This hack works great :)

If a n00b like me can install this ;)

...then so can you!

Great hack! I just installed it!

[QUOTE]Originally posted by Mutt
then second additon is in adim/global.php

and it goes right after

now the email gets sent for any incorect login instead of just ones with a correct username and wrong password. If they are somehow listed in sessions under multiple userids, (logged on and then logged on again under a second account) you'll get them all.

Hey people, let me know if you have any problems with this [/B]

I installed this long time ago and it works......

Doesn't seem to work for me either..

OOPPPPSSS sorry.. it does work but only if I use admin name.. I was under the impression it worked on any name.. Now if only I can work out how to add the hack for that and install it :banana:

It's been working for me for a loooong time... I use Mutt's version, which works in all cases.

Hmn... any ideas on what could have gone wrong? I followed the directions to the letter.

Where can I get that version? I can't seem to find it here. :surprised:

[QUOTE]Originally posted by Erwin
It's been working for me for a loooong time... I use Mutt's version, which works in all cases.