htaccess Protection for admincp & any dir

this is a very simple hack
its only main function is to add htaccess protection for any dir by adding some small lines in the begining of Dir's index

our application will be on admincp's index (index.php)

Description: This hack will add htaccess protection to any folder by adding small lines in its index.php file & the user name & password for this protection is determined by two varables in the same file & if the data entered was wrong, the page will give a black background with a title (Unauthorized) & a content says (Enter Here Only) when clicking it, it will direct to forum's root (index.php by default), this means douple security (likes Look THIS.

Please Note: The Default User Name & Paaaword for entering through this Protection Is (User: 123 / Pass: 321) See the last two line to know how to change this values

installation:
open the file index.php present in the dir admincp & search for the following code:

PHP Code:

|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
|| #################################################################### ||
\*======================================================================*/ 


& put under it the following code:

PHP Code:

$index['public'] = $index['public'];
$phpkd['username'] = "123";    // Here Is the User Name
$phpkd['password'] = "321";    // Here Is The htaccess Password

if(!$index['public']){
if($_SERVER['PHP_AUTH_USER'] != $phpkd['username'] || $_SERVER['PHP_AUTH_PW'] != $phpkd['password']){
Header("WWW-Authenticate: Basic realm=\"Highly Secured\"");
Header("HTTP/1.0 401 Unauthorized");echo "<head><title>Unauthorized</title></head><body bgcolor='#000000'><center><br>
<a href=\"../index.php\" style=\"text-decoration: none\" target=\"_blank\">
<font face=\"MS Sans Serif\" color=\"#FFFFFF\" size=\"8\"><b><br>Enter Here Only<br></b></a></body></html>";exit;}} 


Note 1: change the values of the two variables $phpkd['username'] / $phpkd['password'] to the username & password needed & note not to change this $index['public'] = $index['public'];

Note 2: This Protection Gives the authority for entering to onnly the username & passord defined in the file (above modification) & after passing through this htaccess protection you will find the Normal vbulletin admincp login screen & then you can go with the normal admin data recorded in the forum itself.

Hope I have explained enough for beginners.

[Omranic]

Quote:

Originally Posted by PixelFx

this is great how hard would it be to add an on / off switch in your admin cp for this? aka, lets say you could turn it off when your working on your site, but then afterwards turn this feature on in the admin, for when your not doing regular work on the fourm? as an example

yes its hard till now (at least for me) may be some one else have a better solution & can improve this.

[Zia]

sounds its nice & help to make acp more secure

kliked install.

[jj]

Quote:

Originally Posted by SolidSnake@GTI

Till now I can't find any way to get data from database but i'm searching & trying for that

To use this with .htaccess is only possible if the apache server has been compiled with mod_auth_mysql or has it as loadable module.

Find out more about .htaccess and mod_auth_mysql here:
http://www.widexl.com/scripts/docume...tml#auth_mysql

[Omranic]

Quote:

Originally Posted by j.jacobsen

To use this with .htaccess is only possible if the apache server has been compiled with mod_auth_mysql or has it as loadable module.

Find out more about .htaccess and mod_auth_mysql here:
http://www.widexl.com/scripts/docume...tml#auth_mysql

Thats Great
But what about Servers That Hasn't mod_auth_mysql Module Istalled & have not SSH Access & not having intense to install any modules ? Is there Any Way ?

[Mudvayne]

is it possible to do it as same as vb.com? plzzzzzzzzzzzzzzzzzzzzzzzzz.. I meant it 'll load a error page named authentication faild.. Like...

You hav failed to authenticate ur identity.. U r now autometically redirect to forum index..

/me clicks install

P.S: I'm using vB 3.5.3.. It seems not working :ermm:

[Aligator21]

nice!!!
installed!

[jj]

Quote:

Originally Posted by SolidSnake@GTI

Thats Great
But what about Servers That Hasn't mod_auth_mysql Module Istalled & have not SSH Access & not having intense to install any modules ? Is there Any Way ?

No, if the module ist not available the apache server cannot connect to a mysql database.

Quote:

Originally Posted by Shuvo

is it possible to do it as same as vb.com? plzzzzzzzzzzzzzzzzzzzzzzzzz.. I meant it 'll load a error page named authentication faild.. Like...

If your provider allows it, you can do that by adding this line

Code:

ErrorDocument 401 /401.html

into your existing .htaccess file in the document_root of your apache server. If no .htaccess file exists, just create one. Afterwards you have to place a self-made 401.html oder 401.php or whatever file in your document_root, to get it work.

If you choose to create a directory for your custom apache errorpages like errorpages in your document_root the line has to look like this

Code:

ErrorDocument 401 /errorpages/401.html

or

Code:

ErrorDocument 401 /errorpages/401.php

depending on what filetype you want to use.

You can create custom errorpages for every http-errorcode like 404 (not found), 500 (script error) and so on...

[Mudvayne]

Dear j.jacobsen..
Thnx for the solution.. As I use Custom HTML Error Page hack I allready hav the error page.. So I just need to change the code..

PHP Code:

 $index['public'] = $index['public']; 
$phpkd['username'] = "123";    // Here Is the User Name 
$phpkd['password'] = "321";    // Here Is The htaccess Password 

if(!$index['public']){ 
if($_SERVER['PHP_AUTH_USER'] != $phpkd['username'] || $_SERVER['PHP_AUTH_PW'] != $phpkd['password']){ 
Header("WWW-Authenticate: Basic realm=\"Highly Secured\""); 
Header("HTTP/1.0 401 Unauthorized");echo "<head><title>Unauthorized</title></head><body bgcolor='#000000'><center><br> 
<a href=\"../index.php\" style=\"text-decoration: none\" target=\"_blank\"> 
<font face=\"MS Sans Serif\" color=\"#FFFFFF\" size=\"8\"><b><br>Enter Here Only<br></b></a></body></html>";exit;}} 


Question is whr to change the code to call the 500 error page?

Hav anybody try it successfully in vB 3.5.3? Coz mine isn't working ..

[Omranic]

Quote:

Originally Posted by Shuvo

Dear j.jacobsen..
Thnx for the solution.. As I use Custom HTML Error Page hack I allready hav the error page.. So I just need to change the code..

PHP Code:

 $index['public'] = $index['public']; 
$phpkd['username'] = "123";    // Here Is the User Name 
$phpkd['password'] = "321";    // Here Is The htaccess Password 

if(!$index['public']){ 
if($_SERVER['PHP_AUTH_USER'] != $phpkd['username'] || $_SERVER['PHP_AUTH_PW'] != $phpkd['password']){ 
Header("WWW-Authenticate: Basic realm=\"Highly Secured\""); 
Header("HTTP/1.0 401 Unauthorized");echo "<head><title>Unauthorized</title></head><body bgcolor='#000000'><center><br> 
<a href=\"../index.php\" style=\"text-decoration: none\" target=\"_blank\"> 
<font face=\"MS Sans Serif\" color=\"#FFFFFF\" size=\"8\"><b><br>Enter Here Only<br></b></a></body></html>";exit;}} 


Question is whr to change the code to call the 500 error page?

Hav anybody try it successfully in vB 3.5.3? Coz mine isn't working ..

Dear Shuvo This Hack isn't Depending On Your vBulletin version or bulletin tybe at all

its a server side work depends on your apache

You Must observe that the Default value (User: 123 / Pass: 321) & Not as recorded in the database & this has been mentioned in the thread's first post

regarding to changing the error page to error 500 you must change the following line
HTTP/1.0 401 Unauthorized
& it will do that for you


any questions I'm here For answers
best wishes

[Mudvayne]

Okiz SolidSnake@GTI I hav a question.. I'm a really dumb abt this coding thing.. So I'll b glad if u help me out.. If I wanna use..
User: Shuvo
Pass: golpo

& call 500/501 error page.. Thn what 'll the xact code? Would u plz write it for me here? Plz..

Note: Sorry my english