The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
|||||||
Second Level Login by liamwli Details »»
|
|||||||||||||||||||||||||||||||||||||
THIS MOD IS FOR VBULLETIN 4.1.0+ This modification provides a feature for users of your forum to request a code via email on login, which is then needed to complete the login process. This mod is similar to the Infinity: Dual Authentication LITE modification. This mod differs in a few aspects however:
Like I said, you have the ability to force usergroups to use this mod. If a user is in a usergroup you have forced, then they will get an error when they view the forumhome if they have't enabled this mod on their account. As well as that, there is an option for Admin's to specify their own custom code algorithm. This will allow Admin's to choose how the random second code is generated, if they so wish. Screenshots below. Please mark as installed for more support. Changelog: 1.1.0 Added hooks to allow further development Removed unused plugin 1.0.1 Fixed mutiple SQL Injection vulnerabilities. 1.0 Initial Release Download Now
Screenshots
Show Your Support
|
|||||||||||||||||||||||||||||||||||||
About Developer
DB Changes 
No support by the author.
| Comments |
|
#12
10-21-2012, 05:00 PM
|
|||
|
|||
Quote:
Please could you screenshot. It should take you a plain page with only a text box and some text, asking you to enter the second code sent to your email address. 
|
|
#13
10-21-2012, 05:04 PM
|
|||
|
|||
|
when i login with the main system on the homepage get error page,
vBulletin Message You have entered an invalid username or password.
|
|
#14
10-21-2012, 05:11 PM
|
|||
|
|||
|
Quote:
Please could you delete all your cookies first (could be a browser issue, I got this only once). After that, reinstall the mod.
|
|
#15
10-21-2012, 05:22 PM
|
|||
|
|||
|
Does not fixed this issue , uninstalled this mod , reason it make high server load with use many more RAM memory !
|
|
#16
10-21-2012, 05:24 PM
|
|||
|
|||
|
Quote:
I will attempt to fix all issues and optimize code in a future version
|
|
#17
10-22-2012, 02:46 AM
|
|||
|
|||
|
it has an sql injection in it. (probably more than just one)
Code:
$vbulletin->input->clean_array_gpc('p', array(
'vb_login_username' => TYPE_STR,
'vb_login_password' => TYPE_STR,
'vb_login_md5password' => TYPE_STR,
'vb_login_md5password_utf' => TYPE_STR,
'postvars' => TYPE_BINARY,
'cookieuser' => TYPE_BOOL,
'logintype' => TYPE_STR,
'cssprefs' => TYPE_STR,
'inlineverify' => TYPE_BOOL,
'redirect' => TYPE_NOHTML));
//get userinfo
$userinfo = $vbulletin->db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE username='" . $vbulletin->GPC['vb_login_username'] . "'");
|
|
#18
10-22-2012, 10:55 AM
|
|||
|
|||
|
Quote:
Check the if statement at the top. For this to work, someone would have to have a username that contained the SQLi.
|
|
#19
10-23-2012, 12:39 AM
|
|||
|
|||
|
Quote:
go directly to liam_sll.php if (($_POST['do'] == 'login') && ($vbulletin->options['liam_dualauth_onoff'])) set post 'do' to login
|
|
#20
10-24-2012, 04:54 PM
|
||||
|
||||
|
Mod restored from Quarantine.
|
|
#21
10-26-2012, 04:48 PM
|
|||
|
|||
|
Awesome mod, but for now I've disabled it. For some odd reasons after too many code submissions and testing the plugin, I was unable to log in on my own account saying I've entered an incorrect username/password. by disabling the mod, everything ran fine again and I was able to login normally.
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
|
|
All times are GMT. The time now is 07:32 PM.