vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Modification Requests/Questions (Unpaid) (https://vborg.vbsupport.ru/forumdisplay.php?f=112)
-   -   Allow Certain IP's To Access (or View) AdminCP (https://vborg.vbsupport.ru/showthread.php?t=72070)

Bison 11-23-2004 01:45 AM
Allow Certain IP's To Access (or View) AdminCP
 
Can someone tell me how to stop anyone from viewing the admincp if they don't have an IP in the list? I know I can use a htaccess to stop anyone from accessing it, but is there a way that I can enter an IP address (If the admin user uses a static IP) that is only allowed to see the admincp?

cycopia 11-24-2004 09:46 PM
At the beginning of your index.php file in your admincp folder, add the following:

Code:
if(!preg_match("/^(68\.142\.18\.|68\.143\.19\.)/",$_SERVER['REMOTE_ADDR'])){
        header("HTTP/1.0 403 Forbidden",1);
        echo "<h2>403 Forbidden</h2>";
        exit();
}
The above code only allows ip addresses that begin with 68.142.18. or 68.143.19. Multiple IPs are separated by a | (pipe, above a back-slash on keyboard). You will notice that all periods are back-slash escaped (coding standard for regular expressions). Also be sure to not forget that last period after the 3rd number.

Code:
if(!preg_match("/^68\.142\.1\.143/",$_SERVER['REMOTE_ADDR'])){
        header("HTTP/1.0 403 Forbidden",1);
        echo "<h2>403 Forbidden</h2>";
        exit();
}
The above code allows only the IP 68.142.1.143.
Here is an example of the WRONG way:
Code:
if(!preg_match("/^68\.142\.1/",$_SERVER['REMOTE_ADDR'])){
        header("HTTP/1.0 403 Forbidden",1);
        echo "<h2>403 Forbidden</h2>";
        exit();
}
This code is missing a vital period after the 3rd number! We will allow any ip matching the pattern of 68.142.1*. That means 68.142.1.*, 68.142.10.*, 68.142.11.*, 68.142.12.*, 68.142.100.*, and so on all pass our "test." Don't forget the last period because you can go from letting a few ips to thousands by mistake.

Andreas 11-24-2004 10:09 PM
Do you use Apache?
Then i'd suggest using .htaccess

<Limit GET POST>
order deny,allow
deny from all
allow from 199.166.210.12
</Limit>

This wil only allow access form IP 199.166.210.12.
If you want to allow several IPs, repeat the allow-line.

Isn't that what you want?

cycopia 11-24-2004 10:32 PM
What I posted was a software mod in PHP... the apache version is more desirable and works just as well.

If your ISP doesn't allow .htaccess, do the PHP version.

Andreas 11-24-2004 10:47 PM
Quote:
Originally Posted by cycopia
What I posted was a software mod in PHP... the apache version is more desirable and works just as well.

If your ISP doesn't allow .htaccess, do the PHP version.
Hmm ... your code protects only index.php.
All other scripts would still be accessable?

Bison 11-27-2004 01:38 AM
Quote:
Originally Posted by cycopia
What I posted was a software mod in PHP... the apache version is more desirable and works just as well.

If your ISP doesn't allow .htaccess, do the PHP version.
This works wonders for my Windows servers ... thanks!

I did use htaccess to protect my admin cp, but one day I forgot my password and I had to go into my cpanel to re-create the htaccess. Also, at times where I need quick access, and don't want to enter a password, this fix does it. :ermm:


All times are GMT. The time now is 07:00 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01084 seconds
  • Memory Usage 1,725KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_code_printable
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (6)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete