[OzzModz] ACP Authentication
 

Another mod brought to you by,
https://vborg.vbsupport.ru/external/2015/01/1.png

This is a small mod that will allow admins to set up htaccess login for their ACP, without file edits, or cpanel.

It is a simple installation, just import the product XML, ozzmodz_secure_acp

You can edit the options under the settings, [OzzModz] ACP Authentication Settings

Once you set up the options, you can then share the username and password with all your members that are allowed to access the ACP.

Note: If you forget the username or the password, or have a problem logging in, just add the following to the includes/config.php right below the <?php tag :
Then you can assess your ACP, and make the necessary adjustments to the mods settings, then remove that line from the includes/config.php

Note: If you have never edited your includes/config.php before, please read this first, Editing Your config.php File

First screenshot is what the log in box looks like.
Second screenshot is what the settings look like.
Third screenshot is what the error message looks like if the users presses cancel.

Complete Feature List

• Option to disable the mod completely.
• Option to set what the login username will be.
• Option to set what the login password will be.

Frequently Asked Questions.

Q. Why do I need this mod?

A. This just adds a extra layer of security to your ACP, by asking for a additional username and password, in order to log in to it. Sure you can do this with file edits or in cpanel, but why bother, this makes it simple.

Q. Why did you make this mod?

A. It was something I was doing by editing the admincp/index.php file, but I would always forget to make the changes when I updated the site.

-------------------------------------------------------------------------------------------

If you like this mod please hit the https://vborg.vbsupport.ru/external/2015/08/1.png button to the right ---->

Please remember to click the, https://vborg.vbsupport.ru/external/2015/08/2.png button to the right if you installed the mod ---->

What does 'Marking As Installed' do ?

* It helps you to stay on top of updates - members who have installed modifications will be notified whenever new updates are available.

* For security issues - vbulletin.org will contact all members who have installed a modification whenever a security issue is brought to their attention.

* Marking a modification as installed also helps me know how many people are using my work, giving me extra incentive to provide more features and new modifications.

I appreciate the support!
-------------------------------------------------------------------------------------------

v1.0.0 Initial release. (6-29-14)

Reserved.

This worked perfectly, thanks a lot ozzy! Very easy adding another layer of security to the site :)

installed and marked

Glad you like it, and thanks for marking as installed. :)

Just to ask, this is another layer of security beside .htaccess? So we could set two additional passwords, one with your mod and one with .htaccess?

I have not tried that yet, not sure how it would work. Perhaps you can try it out and let us know. :)

Very nice Ozzy. This is a nice mod in addition to your ACP IP verification mod. Thanks.

Thanks, glad you like it, and thanks for marking as installed. :)

Where are you seeing that error?

On your own site in WOL. :D

Yeah that is not from this mod, I have noticed it occasionally, but have not been able to track it down, as it appears sporadically.

Worked good on a 4.2.0 test system by itself

but when combining with the regular apache .htaccess file
it got hung in a loop when entering a bad password

The Apache error log kept logging this repeatedly:

authentication failure for ".../admincp/options.php": Password Mismatch,
referer: http://.../admincp/options.php?do=dooption

Yeah I kinda figured it would not work with regular htaccess. Thanks for testing it out. :)

Very nice Ozzy thanks for this

hope all is well

This makes things easy! Nice work Ozzy! I hate setting up htaccess passwords.

Thanks, things are ok for now.

Glad us like it, and thanks for marking as installed. :)

It wants my new PW every 5 seconds. Followed the guidelines to a T.

Bummer

Are you sure you don't have some other form of .htaccess running as well? Perhaps a file edit or cpanel.

I do, but wasn't aware it'd be an issue. It's all good. I'll just burn it.

Thanks as always, Ozzy

Well, I managed to do that by myself, so I'll consider the entire process a victory.

So you decided to do the protection without the mod?

Not sure what you mean, man. I just flicked the mod off in the ACP

Right, the mod is off, but you are still using the other .htaccess protection you had in place instead of the mod.

yes. cheerz

So what way are you doing the authentication?

Is it not danger to giving access to ACP for members?
How to Give access for few items only at ACP?
Is there a way to allow Super Moderators to manage only the USERS and its sub menu under ACP?
Thanks in advance.

Once you set up the options, you can then share the username and password with all your members that are allowed to access the ACP. Meaning any administrators. :)

Not with this mod, this is just for securing your ACP, not adding any functionality. :)

Thanks for the response.
Can you suggest any other Mod for this purpose?
Thanks

hey ozzy any chance you can make this individual so each admin can put there own password for this ???

Create usergroup with admin privileges allowed, but give them only access to users' options when you put someone in that usergroup. Would this be OK for you?

Thanks for the response.
I tried with Admin privileges,
but it is allowing for everything but not allowing to edit the user profile.
https://dl.dropboxusercontent.com/u/...ermissions.jpg

Me is not ozzy, but maybe allowed to answer too :rolleyes:

It would be possible, even without an extra login like this nice, awesome mod (*hint hint*).
Have seen this in an old CMS where Administrators had 2 passwords, one for the frontend and one for backend.
So theory is, to add another password field in the db (can be NULL or '' or something for non-admins) and change the login-function to check if user wants to login to ModCP/AdminCP, if yes use the second password field for authentication.
This password could be changed in the UserCP (only displayed for Mods/Admins).

Thanks.

Maybe I wasn't clear in my explanation.

You need to create new usergroup. This usergroup should have admin privileges set to yes, i.e. like you made new type of admins.

After that, when you promote someone into this usergroup, give it only access to certain areas of ACP. Some areas goes by default, but many don't.

I didn't meant to suggest that you edit permissions already allowed to supermoderators. Also, there's permission for making certain usergroup supermoderator usergroup. In same group of permissions you make admin's usergroup. Actually, in that group of permissions there are only these two options.

If i've lost the password, where can i find it in the ftp? thanks

Note: If you forget the username or the password, or have a problem logging in, just add the following to the includes/config.php right below the <?php tag :
Then you can assess your ACP, and make the necessary adjustments to the mods settings, then remove that line from the includes/config.php

Note: If you have never edited your includes/config.php before, please read this first, Editing Your config.php File

thats already in there for some reason. still wont let me access without the password tho :(

Then it is not from this mod, you must have some other authentication going on.

But you can check the setting table, the settings, ozzmodz_secure_acp_username
and ozzmodz_secure_acp_password

managed to remember the password and it is this mod.

at the top of config is says this

Well yeah, the two // means that line is commented out, thus not disabling your mods. :)