vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=252)
-   -   AdminCP | PHP password protection using Sha1 hash (https://vborg.vbsupport.ru/showthread.php?t=296720)

ramesh_umk3 03-31-2013 03:22 PM
AdminCP | PHP password protection using Sha1 hash
 
1 Attachment(s)
Hey friends i have been trying to integrate one of the mod called php password protection...

I have done everything correct and tested. But couldn't integrate to admincp/index.php file

if any one could make it work or help that will be a great protection to admincp from unauthorized users :up:


Download project file from attachment

Generate sha1 password here Sha1 Generator

snakes1100 03-31-2013 03:28 PM
Why wouldnt you just use htpasswd/htaccess protection?

I see no reason to store anything in a ini file, which from the looks of the zip, its stored in the same location as everything else, even though the author claims its not readable.

That kinda defeats the purpose of protecting it.

ramesh_umk3 03-31-2013 03:30 PM
yep i am using that too, but this sounds more protected !

snakes1100 03-31-2013 03:59 PM
Not really, why would storing the hash in a public area be better protection?

ramesh_umk3 03-31-2013 04:18 PM
This doesn't stores anything in a server everything is handled in a login.ini.php and it's Secured from SQL Injection and brute force too.. What else protection we need!

snakes1100 03-31-2013 04:20 PM
That file is stored in a public area, thats not secure.

Also, it does store it ON the server, unless you some how think that your going to store that file on your computer.

quote form install:
Step 1: Upload login.php, login.ini.php, and quickprotect.class.php to your server

ramesh_umk3 03-31-2013 05:02 PM
if thats not stored in public area how server will execute them mate ?

i know how to install ! i am seeking for someone who can integrate this module with admincp/index.php

and you might say add below lines in index.php
PHP Code:
require_once ('./quickprotect.class.php');
$quickprotect = new quickprotect();
$quickprotect->checkLoginAndDirect(); 
I have tried it's doing nothing i get return error called "security token missing"

snakes1100 03-31-2013 06:53 PM
Thats the point im making, its storing hash's in a public file, not a secure location or a good security practice.

ramesh_umk3 03-31-2013 07:11 PM
you can read those hash's ? which are in public file of my server ?

If yes then say i can stop this project right away !!!!

Thanks :)


All times are GMT. The time now is 06:50 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01037 seconds
  • Memory Usage 1,726KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (9)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete