Other admin passw

[PET]

i don't now if this exist...but how will be to do a general admin passw. For exemple when i go to admin i will must to insert 2 passw. My forum passw & a general admin passw. Nice ?

[Logician]

Why do you need such a feature? If you need to secure your password simply use a complex password like "Q5yb53jyh32" which is impossible to crack. If someone is able to pass this password, he can pass two different passwords either..

[PET]

Yes...but maybee i don't want to always paste the pass...i mean...it is dificoult to remember such a passw

[DWZ]

OK, I think you are trying to say you want two levels of protection on your Admin CP.

You want a forum password to do general stuff, ie. open/close posts, move threads etc - And another one to access your Admin CP.

Am I right so far?

OK, well, thats what I have done on my forum, to access my Admin CP, you must give it the Admin CP password and my forum password. If any failed attempt is made to access my Admin CP, an email is sent to me with the person's IP address.

OK, now, this can all be done with .htaccess. But I need more info on your server, you using Windows 2000 or Linux? And do you have access to CPanel or something like that? - If you do it will be a lot easier...

[Chris M]

Sounds cool DWZ...

Would you tell us how to do it?

Satan

[DWZ]

Quote:

Originally posted by hellsatan
Sounds cool DWZ...

Would you tell us how to do it?

Satan

OK, I'll tell you the long way, that way it wont matter if you have CPanel or anything

Open up a text document, name it stuff.htpasswd don't put a .txt or anything at the end...

In that, put in:

Code:

Username:EncryptedPassword
Username2:TheirEncryptedPassword

The password you put in there must be encrypted, if you have no idea what your password is encrypted, this web site will tell you what you need: http://www.euronet.nl/~arnow/htpasswd/

OK, save that file. Now you need to upload it via FTP to your server, but don't put it in a web accessible directory, for example, mine is stored in /home/dwz/.htpasswds/forums/admin make sure you remember where you save it Now, once it is uploaded, rename the file to .htpasswd make sure you do this via FTP. Do not try to rename the file in windows then try and upload it... Windows gets confused on files without filenames...

Now, make another, this time called stuff.htaccess in this file, put this:

Code:

AuthType Basic
AuthName "vB Administrator Control Panel"
AuthUserFile /home/dwz/.htpasswds/forums/admin/passwd

require valid-user

ErrorDocument 401 /error/401.php

Now, you will need to replace /home/dwz/.htpasswds/forums/admin/passwd with the folder you ended up saving your .htpasswd on your web server.

OK, getting close to finished now Upload this file to your vB admin CP directory (i.e. /forum/admin). Once uploaded, rename this file to .htaccess Again, do not try and do this in Windows.

OK, now, you should have password protection on your admin cp. When you try and go to your vB admin CP, you should get a box like this: http://bruce-hamilton.com/tmp/ Here, type in the info you placed in the .htpasswd file unencrypted. You can save the password on your computer too if you like. Click OK and you should be taken to the normal vB admin CP login page if you aren't logged in. Or right to the vB admin CP if you are.

OK, well, password protection is set up. Last few steps... Make a web page that you want displayed to people who type the password in wrong. Feel free to use my one, just don't link the images to my site, save a copy and use your space :

PHP Code:

<html><title>ERROR: 401 - Authorization Required - ACCESS DENIED</title><body bgcolor="#000000"><div align=center>
<img src="http://www.consoleradar.com/error/error.gif"><br><img src="http://www.consoleradar.com/error/401.gif"><br><p align="centre"><font color="7D7979"><h1>Authorization Required - ACCESS DENIED</h1>
<h2>Unauthorized access to ConsoleRadar's administration sections detected.<br>What the [better wash my mouth][better wash my mouth][better wash my mouth][better wash my mouth] do you think you're doing?</h2>
An illegal attempt to access our system has been detected from your IP address (<? echo($REMOTE_ADDR); ?> aka <? echo(gethostbyaddr($REMOTE_ADDR)); ?>). 
This information has been sent to the webmaster and any further attempts to access our system will result in legal action.</html>

<?php

$email = "you@youremail.com.au";
$time = date ( "Y-m-d-r" );

$message = "

-- message starts-----

This sad, sad person: \n " . gethostbyaddr($REMOTE_ADDR) . " \n Has attempted to access \n $HTTP_REFERER \n Now Go and kick his ass

Site: $refer

Date: $time
-- message ends-----

";

mail($email,"ERROR 403!",
     $message, "From:SERVER<server@yourdomain.com>");

?>

OK, replace $email = "you@youremail.com.au"; above with the email address you want the IP address sent to and replace server@yourdomain.com for your web site's domain (it doesn't have to be a real email address, that's just the email's return address. Save this as 401.php and upload it to a folder just outside the root of your site called /error/ You don't need to put it there, but it's where I store all my error documents. If you want to have it somewhere else, make sure you change it in the .htaccess file too. Note that you can't put it in a folder that needs a password (like your vB admin CP, or you will need to have a password to access the "you need a password" file )

And your done.

Enjoy

[freeshares1]

I could really do with some help here, I have followed all the above instructions and created an encrypted password using the link you gave. I get the box asking me for a password i type in the unencrypted password it brings up the box again and after 3 attempts i get the error message. I have removed the 2 files now so i have access again to my CP. any idea's where i am going wrong?

[freeshares1]

i fixed it. Thanks

phil

[Chris M]

How did you fix it?

Satan

[freeshares1]

i reinstalled both files in the same directory /admin and added /.htpasswd to the location in .htaccess

I hope the above helps.

Phil