vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 4.x Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=245)
-   -   End-User Options - Second Level Login by liamwli (https://vborg.vbsupport.ru/showthread.php?t=289412)

liamwli 10-20-2012 10:00 PM
Second Level Login by liamwli
 
1 Attachment(s)
THIS MOD IS FOR VBULLETIN 4.1.0+

This modification provides a feature for users of your forum to request a code via email on login, which is then needed to complete the login process.

This mod is similar to the Infinity: Dual Authentication LITE modification.

This mod differs in a few aspects however:
  1. You have the ability to force usergroups to use this mod
  2. This mod only has the second code option
  3. This mod doesn't stop people accessing the usercp if you don't want them to use this mod ;)

Like I said, you have the ability to force usergroups to use this mod. If a user is in a usergroup you have forced, then they will get an error when they view the forumhome if they have't enabled this mod on their account.

As well as that, there is an option for Admin's to specify their own custom code algorithm. This will allow Admin's to choose how the random second code is generated, if they so wish.

Screenshots below. Please mark as installed for more support.

Changelog:
1.1.0
Added hooks to allow further development
Removed unused plugin

1.0.1
Fixed mutiple SQL Injection vulnerabilities.

1.0
Initial Release

liamwli 10-21-2012 03:26 PM
Reserved

I shall be adding some hooks to this mod in a later version, incase people would like to expand its capability.

Nirjonadda 10-21-2012 04:16 PM
Not working get database error ?

Database error in vBulletin 4.1.10:

Invalid SQL:
SELECT authon FROM vbliam_sll WHERE userid='3';

MySQL Error : Table 'user_forumdata.vbliam_sll' doesn't exist
Error Number : 1146
Request Date : Sunday, October 21st 2012 @ 11:14:12 PM
Error Date : Sunday, October 21st 2012 @ 11:14:13 PM
Classname : vB_Database
MySQL Version : 5.1.65-cll

liamwli 10-21-2012 04:21 PM
Quote:
Originally Posted by Nirjonadda (Post 2374815)
Not working get database error ?

Database error in vBulletin 4.1.10:

Invalid SQL:
SELECT authon FROM vbliam_sll WHERE userid='3';

MySQL Error : Table 'user_forumdata.vbliam_sll' doesn't exist
Error Number : 1146
Request Date : Sunday, October 21st 2012 @ 11:14:12 PM
Error Date : Sunday, October 21st 2012 @ 11:14:13 PM
Classname : vB_Database
MySQL Version : 5.1.65-cll
Hmm. I shall look into this.

It looks like the table has been made without the prefix. Should be an easy fix.

Please could you open phpmyadmin and do a table search for liam_sll and tell me what it is actually called, and then execute this SQL query, then try using the mod again?

Code:
RENAME TABLE `liam_sll` TO `vbliam_sll`

Nirjonadda 10-21-2012 04:32 PM
So you can not fix with Manual execute this SQL query ? please try to fix database create table when while installing this mod !

liamwli 10-21-2012 04:32 PM
Quote:
Originally Posted by Nirjonadda (Post 2374825)
So you can not fix with Manual execute this SQL query ? please try to fix database create table when while installing this mod !
I just fixed it, but you probably already have a table, so there is not much point in making a new one ;)

Nirjonadda 10-21-2012 04:46 PM
Its bug on main login ,when Enabled this mod my main login password not work,cannot login my site, how to fix?

YOODA230 10-21-2012 04:49 PM
Brilliant idea

liamwli 10-21-2012 04:51 PM
Quote:
Originally Posted by Nirjonadda (Post 2374831)
Its bug on main login ,when Enabled this mod my main login password not work,cannot login my site, how to fix?
What actually happens in detail?

Does it give you the vbulletin incorrect password page?

Nirjonadda 10-21-2012 04:53 PM
Yes ! I think when login with 1st password we get Second Level Login page but cannot 1st login with main password !

liamwli 10-21-2012 05:00 PM
Quote:
Originally Posted by Nirjonadda (Post 2374836)
Yes ! I think when login with 1st password we get Second Level Login page but cannot 1st login with main password !
Right, when you login with the main system on the homepage, where does it take you?

Please could you screenshot. It should take you a plain page with only a text box and some text, asking you to enter the second code sent to your email address.

Nirjonadda 10-21-2012 05:04 PM
when i login with the main system on the homepage get error page,
vBulletin Message
You have entered an invalid username or password.

liamwli 10-21-2012 05:11 PM
Quote:
Originally Posted by Nirjonadda (Post 2374839)
when i login with the main system on the homepage get error page,
vBulletin Message
You have entered an invalid username or password.
Just like you would with an invalid username or password really?

Please could you delete all your cookies first (could be a browser issue, I got this only once).

After that, reinstall the mod.

Nirjonadda 10-21-2012 05:22 PM
Does not fixed this issue , uninstalled this mod , reason it make high server load with use many more RAM memory !

liamwli 10-21-2012 05:24 PM
Quote:
Originally Posted by Nirjonadda (Post 2374844)
Does not fixed this issue , uninstalled this mod , reason it make high server load with use many more RAM memory !
These types of mods do generally cause a small increase in server load.

I will attempt to fix all issues and optimize code in a future version

MegaManSec 10-22-2012 02:46 AM
it has an sql injection in it. (probably more than just one)

Code:
        $vbulletin->input->clean_array_gpc('p', array(
                'vb_login_username'        => TYPE_STR,
                'vb_login_password'        => TYPE_STR,
                'vb_login_md5password'    => TYPE_STR,
                'vb_login_md5password_utf' => TYPE_STR,
                'postvars'                => TYPE_BINARY,
                'cookieuser'              => TYPE_BOOL,
                'logintype'                => TYPE_STR,
                'cssprefs'                => TYPE_STR,
                'inlineverify'            => TYPE_BOOL,
                'redirect'                => TYPE_NOHTML));

        //get userinfo
        $userinfo = $vbulletin->db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE username='" . $vbulletin->GPC['vb_login_username'] . "'");

liamwli 10-22-2012 10:55 AM
Quote:
Originally Posted by MegaManSec (Post 2374943)
it has an sql injection in it. (probably more than just one)

Code:
        $vbulletin->input->clean_array_gpc('p', array(
                'vb_login_username'        => TYPE_STR,
                'vb_login_password'        => TYPE_STR,
                'vb_login_md5password'    => TYPE_STR,
                'vb_login_md5password_utf' => TYPE_STR,
                'postvars'                => TYPE_BINARY,
                'cookieuser'              => TYPE_BOOL,
                'logintype'                => TYPE_STR,
                'cssprefs'                => TYPE_STR,
                'inlineverify'            => TYPE_BOOL,
                'redirect'                => TYPE_NOHTML));

        //get userinfo
        $userinfo = $vbulletin->db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE username='" . $vbulletin->GPC['vb_login_username'] . "'");
No, it doesn't. That code is only run if the username and password are correct.

Check the if statement at the top.

For this to work, someone would have to have a username that contained the SQLi.

MegaManSec 10-23-2012 12:39 AM
Quote:
Originally Posted by liamwli (Post 2375020)
No, it doesn't. That code is only run if the username and password are correct.

Check the if statement at the top.

For this to work, someone would have to have a username that contained the SQLi.
????

go directly to liam_sll.php
if (($_POST['do'] == 'login') && ($vbulletin->options['liam_dualauth_onoff']))

set post 'do' to login

BirdOPrey5 10-24-2012 04:54 PM
Mod restored from Quarantine.

Skyrider 10-26-2012 04:48 PM
Awesome mod, but for now I've disabled it. For some odd reasons after too many code submissions and testing the plugin, I was unable to log in on my own account saying I've entered an incorrect username/password. by disabling the mod, everything ran fine again and I was able to login normally.

liamwli 10-27-2012 03:53 PM
Quote:
Originally Posted by FF|Skyrider (Post 2376130)
Awesome mod, but for now I've disabled it. For some odd reasons after too many code submissions and testing the plugin, I was unable to log in on my own account saying I've entered an incorrect username/password. by disabling the mod, everything ran fine again and I was able to login normally.
I noticed that, but I don't know why or when it occurs....

Prorockz 11-11-2012 05:48 PM
anything for vBulletin 3.8x?????

liamwli 11-11-2012 05:55 PM
Quote:
Originally Posted by Prorockz (Post 2380322)
anything for vBulletin 3.8x?????
No, sorry.

Alibass 11-17-2012 08:35 PM
Quote:
Originally Posted by FF|Skyrider (Post 2376130)
Awesome mod, but for now I've disabled it. For some odd reasons after too many code submissions and testing the plugin, I was unable to log in on my own account saying I've entered an incorrect username/password. by disabling the mod, everything ran fine again and I was able to login normally.
Quote:
Originally Posted by liamwli (Post 2376314)
I noticed that, but I don't know why or when it occurs....
Has this issue been fixed and if so when is next release?

Nirjonadda 03-10-2013 03:14 PM
Please have any update for work on 4.2.0?

YOODA230 01-28-2015 12:14 AM
Up Up Up one of the best mod make your site secure


All times are GMT. The time now is 07:14 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01273 seconds
  • Memory Usage 1,795KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_code_printable
  • (12)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (26)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete