Administrative and Maintenance Tools - AdminCP Access

A friend of mine requested this so I made it. By default the plugin is disabled, otherwise you would not be able to access the AdminCP.

If someone tries to access your AdminCP and they are not the IP, User Group, or User ID that you defined, they will automatically be forwarded to the forum home. If you wanted to you could enable the IP, User Group, and User ID at once. Enable as many of the features as you feel a need for.


Features:

• Enable and Disable hack (Disabled by default)
• Define MULTIPLE IPs that are allowed to access the AdminCP
• Able to separate multiple IPs by | (No spaces between the IPs and |)
• Define MULTIPLE User Groups that are allowed to access the AdminCP
• Able to separate multiple User Groups by | (No spaces between the User Groups and |)
• Define MULTIPLE User IDs that are allowed to access the AdminCP
• Able to separate multiple User IDs by | (No spaces between the User IDs and |)

Upgrade:
You MUST uninstall the old product after that just follow the directions of the New Installation.

File Edits:
In admincp/index.php find:

Code:

require_once('./global.php');

Add after:

Code:

if ($vbulletin->options['allowip_enabled']){
$valid_ips = explode("|", $vbulletin->options['allowedips']);
if (!in_array($_SERVER['REMOTE_ADDR'],$valid_ips)) {
    header('Location: ../index.php'); //change according to your site setup
    exit();
}
}
//allowed usergroups
if ($vbulletin->options['allowgroups_enabled']){
$valid_ids = explode("|", $vbulletin->options['allowedgroups']);
if (!in_array($vbulletin->userinfo['usergroupid'], $valid_ids)) {
    header('Location: ../index.php'); //change according to your site setup
    exit();
}
}
//allowed user ids
if ($vbulletin->options['allowids_enabled']){
$valid_ids = explode("|", $vbulletin->options['allowedids']);
if (!in_array($vbulletin->userinfo['userid'], $valid_ids)) {
    header('Location: ../index.php'); //change according to your site setup
    exit();
}
}

New Installation:
1.) Perform the file edits

2.) Go to AdminCP-> Plugins & Products-> Manage Products-> Import the product-admincpaccess.

3.) Go to AdminCP-> VBulletin Options-> VBulletin Options-> AdminCP Access.

4.) Under AdminCP Allowed IPs put your IP and then enable the hack and save. For multiple IPs just follow this example:
1.1.1.1|2.2.2.2|3.3.3.3|

Optional:
1.) Under AdminCP Allowed User Groups put the User Groups you wish to allow access and then enable the hack and save. For multiple User Groups just follow this example:
6|7

2.) Under AdminCP Allowed User IDs put the User IDs you wish to allow access and then enable the hack and save. For multiple User IDs just follow this example:
1|2|3

Screenshots:
Of what? If you are not the defined IP, User Group, or User ID you will be redirected to the forum home.

*If you locked yourself out just reupload your original admincp/index.php file to you admincp root. Go into your AdminCP-> VBulletin Options-> VBulletin Options-> AdminCP Access and fix what ever caused you to get locked out. Once you fix it just reupload the edited admincp/index.php file.

Changelog:
1.0 - Initial release with just IP Access
2.0 - Now you can allow access to the Admin CP by IP Addresses, User Groups, and User IDs.
2.1 - Added instructions to edit the file as VBulletin Staff don't like for VBulletin files to be edited for you. Other than that nothing has changed, so if you have version 2.0 there's no need to update.


Notice: A 3.8.x version can be found HERE.

[apiasto]

Quote:

Originally Posted by TheInsaneManiac

Since you are the owner of the website and have server access you can easily change the IP manually. However if your IP changes too frequently this may be what Daky was reffering to.

So does your IP change complete numbers like XX.XX.XX.XX or would it change like one area like 22.22.22.XX?

If it's the second option I can add in a way for partial IP Address, but otherwise I would not see that feature as to any use.

usually its the second option

[TheInsaneManiac]

Quote:

Originally Posted by helpmehost

How can I set it in a way that just a particular country can login all other countries cant
also not proxies

If you wish I could probably add an option to only allow your country. As for the proxies, why would it matter to block them? They will already be blocked. You are defining the IPs that you wish to ALLOW access to the AdminCP, so if they are using a proxy they won't have access.

Quote:

Originally Posted by fattony69

Why not setup an .htaccess file?

The main reason for me is if I add a new Administrator I don't want to leave the AdminCP to go open up my ftp client to download the file and add their IP. To me this is just a good feature to have.

Another reason is that not all servers support the .htaccess IP denying. I know my old server use to not allow me. I had to call them up to actually get them to allow an IP.

Quote:

Originally Posted by apiasto

looks very helpful,but the same question regarding IP changes.these days most service providers often change IPs.if you can resolve this issue,i am up for it.cause in days like these we do need something like this.thanks
by the way if i disable all hacks via server.will it then allow me to loginto admin panel?thnx

I added a way to disable the modification via ftp. Once disabled change your IP settings and then reupload the files from the modification.

As far as a regular way to do it without uploading anything, would partial IPs work for people who's IP changes? If so I could add an option for this.

[apiasto]

thnx for the fast respond,and for the change i will try it now.and please add that option for ip change cause my ip changes alot.do i have to install both.one thing more.the index.php is for 3.7.2 pl1 and i am running pl2.does it matter? thnx

[TheInsaneManiac]

Quote:

Originally Posted by apiasto

thnx for the fast respond,and for the change i will try it now.and please add that option for ip change cause my ip changes alot.do i have to install both.one thing more.the index.php is for 3.7.2 pl1 and i am running pl2.does it matter? thnx

No it doesn't matter. The index did not change in PL2 so it will work on both. As far as installing both. No ONLY install the "Disable AdminCP Allowed IPs" if you lock yourself out. Cause it will disable the modification.

As far as you having multiple IPs, the script I use to block IPs is not complex enough to detect partial IPs. So what I am going to do is do what VBulletin should have done.

2.0- Now you can allow access to the Admin CP by IP Addresses, User Groups, and User IDs.

[apiasto]

thnx man working great and i will nominate this one.i think this should be an standard in VB.and strict banning rules.good work thnx

[TheInsaneManiac]

Quote:

Originally Posted by apiasto

thnx man working great and i will nominate this one.i think this should be an standard in VB.and strict banning rules.good work thnx

Thanks, glad you like it.

[apiasto]

i checked it today with proxy and its fine.and u were right about by adding usergroup or user id options it will make it uselessfor it to do what it suppose to do.
one suggestion though, two rather if it is possible

1. if you can add an option that if someone tries to access the admin cp it will put that user into a certain usergroup of our choice like ban users or in active so the board owner can track it down with their ip.cause no one wants that user on the board.

2. an extra option to enable the supermod access only with their ip.cause after admin s.mod is the only one with alot of power.
i know its too much to ask,but it will be appreciated if u can make it happen.thnx

[TheInsaneManiac]

Quote:

Originally Posted by apiasto

i checked it today with proxy and its fine.and u were right about by adding usergroup or user id options it will make it uselessfor it to do what it suppose to do.
one suggestion though, two rather if it is possible

1. if you can add an option that if someone tries to access the admin cp it will put that user into a certain usergroup of our choice like ban users or in active so the board owner can track it down with their ip.cause no one wants that user on the board.

2. an extra option to enable the supermod access only with their ip.cause after admin s.mod is the only one with alot of power.
i know its too much to ask,but it will be appreciated if u can make it happen.thnx

1.) I could probably get someway to log the username that tries to access the admincp, but banning them seems a little harsh? Cause what if someone Instant Messages another member with a link to the AdminCP hidden inside another link. Then they are instantly banned for no reason. However if you track who has attempted to get to the AdminCP, you can do what ever action you wish.


2.) Super Mods are not suppose to access the AdminCP, theres a separate folder for moderators called ModCP.

[apiasto]

i think that will work if their info show .thnx man

[TheInsaneManiac]

Quote:

Originally Posted by apiasto

i think that will work if their info show .thnx man

K I am actually doing a project for someone else, so once I finish with it, I will start on the logger.