vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.5 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=113)
-   -   Admin Protection (https://vborg.vbsupport.ru/showthread.php?t=116041)

cerjam 05-18-2006 10:00 PM
Admin Protection
 
I couldent find anything like this, even if it is so simple, anywhere on here so i decided to make it myself..

Description:
Checks IP of moderator or administrator before allowing access to mod/admincp or editing threads.

Requires mods to functions_login.php,postings.php,inlinemod.php, txt file named ippool.txt in forum root directory,apparse.php uploaded to forum root,ipauth.php uploaded to forum root.

Instructions for install:


1.download attachments
2.open adminprotection.php and edit the variables to their correct settings.
3.upload ipauth.php,apparse.php,adminprotection.php,ippool. txt to forum root
4.find..
Code:
                // admin control panel or upgrade script login
        if ($logintype === 'cplogin')
        {
in includes/functions_login.php and add under
Code:
//admin protection
        include 'adminprotection.php';
        checklogin();
//end admin protection
5. find..
Code:
        if ($logintype === 'modcplogin')
        {
and add below
Code:
//admin protection
        include 'adminprotection.php';
        checklogin();
//end admin protection
6. find..
Code:
switch ($_REQUEST['do'])
{
        case 'openclosethread':
        case 'dodeletethread':
        case 'dodeleteposts':
        case 'domovethread':
        case 'updatethread':
        case 'domergethread':
        case 'dosplitthread':
        case 'stick':
        case 'removeredirect':
        case 'deletethread':
        case 'deleteposts':
        case 'movethread':
        case 'editthread':
        case 'mergethread':
        case 'splitthread':
in posting.php(located in forum root) and add above..
Code:
//admin protection
        include 'adminprotection.php';
        checklogin();
//end admin protection
7. find..
Code:
switch ($_POST['do'])
{
        case 'open':
        case 'close':
        case 'stick':
        case 'unstick':
        case 'deletethread':
        case 'undeletethread':
        case 'approvethread':
        case 'unapprovethread':
        case 'movethread':
        case 'mergethread':
in 'inlinemod.php' in forumroot, add
Code:
//admin protection
        include 'adminprotection.php';
        checklogin();
//end admin protection
in between the
Code:
switch ($_POST['do'])
{
and
Code:
        case 'open':
        case 'close':
        case 'stick':
        case 'unstick':
8. CHMOD apparse and adminprotection.php to 777
9. visit http://yoursite.com/ipauth.php and enter your ip and click submit
10. repeat for all admins/moderators on your forum
11. you're finished!

*note this hack does not work with a dynamic ip yet, i plan to add it later on.

Future Mods:
Switch to MySQL table,Support for DSL/dialup IPs,Save to database on all unauthorized logins

Boofo 05-19-2006 06:25 AM
You know IPs can be spoofed, right? ;)

Oblivion Knight 05-19-2006 07:51 AM
I've unfortunately had to remove the attachment for the time being..

Hopefully the author can make some necessary adjustments to the installation, and it can be re-uploaded again shortly.

cerjam 05-19-2006 08:35 AM
all fixed, organized the code alot better too =) Now will send email/log to file when unauthorized user tries to login.

Oblivion Knight 05-19-2006 08:49 AM
Thanks for the quick fix-me-up cerjam, it is much appreciated. :)

Ziki 05-19-2006 11:14 AM
And if my PC breakes donw?huh?

mholtum 05-19-2006 12:10 PM
I suppose you have never tried to login at more tham one PC. HMM not sure this is such a good Idea. Unless you have a static IP this is not good.

fcreature 05-19-2006 12:55 PM
Quote:
Originally Posted by mholtum
I suppose you have never tried to login at more tham one PC. HMM not sure this is such a good Idea. Unless you have a static IP this is not good.
That is common sense and i'm really tired of hearing people complain and moan about the usage of modifications. This is not simply directed towards you mholtum. Time and time again, when someone creates a piece of work someone always has to come out of their hole and try to make a claim as to why the modification "is not good or should not be used". I'm pretty sure if people wanted to use their admincp at other terminals they would make intelligent arragements to do so. It's a code, we shoulden't have to hear debates about why people shoulden't add this or that to their community because of unpractacality or your take on various ethical issuues.

I'm not coming back into this thread so don't waist your time.

Good work cerjam by the way

:banana:

Ntfu2 05-19-2006 02:13 PM
Quote:
Originally Posted by mholtum
I suppose you have never tried to login at more tham one PC. HMM not sure this is such a good Idea. Unless you have a static IP this is not good.

Well then i suppose you can just got right back into ipauth.php and add your new ip :idea:


one a side note it would be a pain in the butt for dial up folks, does this support wildcards?

C_P 05-19-2006 02:24 PM
Quote:
Originally Posted by fcreature
That is common sense and i'm really tired of hearing people complain and moan about the usage of modifications. This is not simply directed towards you mholtum. Time and time again, when someone creates a piece of work someone always has to come out of their hole and try to make a claim as to why the modification "is not good or should not be used". I'm pretty sure if people wanted to use their admincp at other terminals they would make intelligent arragements to do so. It's a code, we shoulden't have to hear debates about why people shoulden't add this or that to their community because of unpractacality or your take on various ethical issuues.

I'm not coming back into this thread so don't waist your time.

Good work cerjam by the way

:banana:
AMEN!

mholtum 05-19-2006 03:00 PM
Quote:
Originally Posted by fcreature
That is common sense and i'm really tired of hearing people complain and moan about the usage of modifications. This is not simply directed towards you mholtum. Time and time again, when someone creates a piece of work someone always has to come out of their hole and try to make a claim as to why the modification "is not good or should not be used". I'm pretty sure if people wanted to use their admincp at other terminals they would make intelligent arragements to do so. It's a code, we shoulden't have to hear debates about why people shoulden't add this or that to their community because of unpractacality or your take on various ethical issuues.

I'm not coming back into this thread so don't waist your time.

Good work cerjam by the way

:banana:
Wow. I was simply trying to point out that there COULD be an issue for some with this installed. There are many people here that are fairly new to vb and install modification after modification without much thought. Trying to save someone a little stress

Drewish 05-19-2006 04:43 PM
Very useful mod, prevents the security of your entire forum from relying on all of your moderator/admin passwords.

Nice work *installed*

cerjam 05-19-2006 06:07 PM
ick, i woke up to a inbox full of 'unauthorized login' emails, i misplaced the code in functions_login.php, check original post for fix.

Snake 05-19-2006 06:28 PM
Good job on that!

/me installs

PennylessZ28 05-19-2006 07:30 PM
prevents you from logging on elsewhere

cerjam 05-19-2006 08:06 PM
No? What do you think ipauth.php is for? lets you add another ip to the ippool. and it doesnt support wildcards yet, i use dialup myself and it really isnt a hassle adding my ip everytime i reconnect, but then again i stay online for 3-4 days at a time >.>

Shaliza 05-22-2006 04:55 AM
I'm using .htaccess for extra protection, but I don't see how this couldn't work.

Watched 08-03-2006 06:41 AM
Parse error: syntax error, unexpected T_INCLUDE, expecting T_CASE or T_DEFAULT or '}' in /home/epirate/public_html/forums/inlinemod.php on line 93

Code:
switch ($_POST['do'])
{
        //admin protection
        include 'adminprotection.php';  <-- line 93.. all files are in place and edited properly.  just somehow managed to kill my inline.
        checklogin();
    //end admin protection
        case 'open':
        case 'close':
        case 'stick':
        case 'unstick':
        case 'deletethread':
        case 'undeletethread':
        case 'approvethread':
        case 'unapprovethread':
        case 'movethread':
        case 'mergethread':
can edit posts and what not.. seems to be working fine in that respect, however with that error being on line 93, it has effectively killed my entire inline mod tool.. uninstalled from the inline mod tool though and my inline works perfect again. so yeah.. call that a bug. sad imo.. i was really looking forward to this hack helping to beef up the security on my board.

Watched 08-16-2006 03:49 AM
8. CHMOD apparse and adminprotection.php to 777

DO NOT DO THIS.. if you have someone THINKING bout or ATTEMPTING to hack your forum.. i recently had a member use the 777 to his own advantage and save blank adminprotection.php and apparse files to my ftp in an attempt to gain access to my admincp..


All times are GMT. The time now is 06:18 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01216 seconds
  • Memory Usage 1,769KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (11)bbcode_code_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (19)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete