Thread: Total Admin Security...
View Single Post
  #70  
Old 12-20-2002, 09:52 PM
Bison's Avatar
Bison Bison is offline
 
Join Date: Jun 2002
Location: Virginia Beach, Virginia
Posts: 522
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
From PHP coding perspective, I can't

But from a logical perspective ... I can.

Say that its a given ... that part of your IP address never changes.

[your IP Address]
24.48.xxx.xxx

Store (hard code) that value into a variable: $admin1_ip = 2448
(The Admin_ip is stored into the php code so that it's out of view from the admin CP, and undetected.)

Now you can use these numbers to match the first part of the logged in user's IP address.

Now Capture the IP address of the logged in user:

[logged in user]
198.56.xxx.xxx

Remove everything after the second dot (198.56) and Strip the dots from the IP address (19856).

$temp = $bbuserinfo[ipaddress] (current logged in admin);

$admin2_ip = $temp

$admin_ip2 = 19856

if (userid=1 AND ($Admin2_ip == $Admin1_ip)){

If there's a match, and the other conditions are true,

--- > DO action.
else
----> The action is dis-allowed.

This method is sorta like one of the hacks I saw on this board that disallowed
anyone from accessing the admin CP ... while a certain file was stored on the
server, but this method still allows the "real admin" to make changes to his/her profile.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02538 seconds
  • Memory Usage 1,759KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete