vb.org Archive - lock account to a single IP

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)

- - lock account to a single IP (https://vborg.vbsupport.ru/showthread.php?t=222360)

MentaL

09-03-2009 06:31 AM

lock account to a single IP

Hi,

Is there any such mod that locks a predefined user account to a single ip?

Thanks.

James Birkett

09-03-2009 03:19 PM

Lock the account to the IP.. you mean so only that IP can log in to that account?

Lynne

09-03-2009 03:21 PM

Not that I know of. And why would you do that? Some users, like myself, have dynamic IPs. So, I'd sign up and a couple of days later be locked out because my IP changed.

James Birkett

09-03-2009 03:23 PM

It could be a hacking prevention technique, although again, it's very risky.
This could probably be added to the login check (do a query to see if IP field matches the current IP)

Lynne

09-03-2009 03:24 PM

Yeah, I'm sure you can write a plugin to check if the IP you are using currently is the same as the one your registered with. But, as I said, you will lock out a lot of users who have dynamic IPs. I know if that happened to me, I'd just leave the site.

James Birkett

09-03-2009 03:42 PM

Agreed Lynne. Unless you set a condition in the plug-in (for maybe admins only?).

PHP Code:


		
			
if($username = 'Admin'){
// execute code
}

Again, you're limited to what you can use because the user isn't actually logged in, which limits your variables.

I always find .htaccess protection much more effective than per-user protection.

MentaL

09-03-2009 05:26 PM

Hi

Yes it would be for myself or any staff that has a static ip, the ip could be manually modified via SQL if needed, or if the ip could be encoded in md5 would be rather good too.

Security is a maximum these days every one is trying to hack me :P

James Birkett

09-03-2009 07:51 PM

The login redirect page uses the following hooks:

Code:

init_startup

cache_permissions

style_fetch

cache_templates

global_start

parse_templates

fetch_musername

notices_check_start

notices_noticebit

global_setup_complete

login_verify_success

fetch_userinfo_query

fetch_userinfo

login_process

login_redirect

redirect_generic

I'ma guess you'd use login_process or fetch_userinfo_query and just do an if statement that executes a query to grab the IP and compare.
If you want maximum security, remember to use .htaccess on mod and admincp dir's, rename the dir's to random strings and never chmod anything 777 (although as an owner of a large MMORPG forum I'd guess you know most of this).

I wouldn't recommend hashing your IP address.. for a few reasons. The main one being it's just added load for your server which is unnecessary.

All times are GMT. The time now is 03:57 PM.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01021 seconds Memory Usage 1,723KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_code_printable (1)bbcode_php_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (8)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: