The Arcive of Official vBulletin Modifications Site.

htaccess Protection for admincp & any dir · **Released**: 01-12-2006

this is a very simple hack
its only main function is to add htaccess protection for any dir by adding some small lines in the begining of Dir's index

our application will be on admincp's index (index.php)

Description: This hack will add htaccess protection to any folder by adding small lines in its index.php file & the user name & password for this protection is determined by two varables in the same file & if the data entered was wrong, the page will give a black background with a title (Unauthorized) & a content says (Enter Here Only) when clicking it, it will direct to forum's root (index.php by default), this means douple security (likes Look THIS.

Please Note: The Default User Name & Paaaword for entering through this Protection Is (User: 123 / Pass: 321) See the last two line to know how to change this values

installation:
open the file index.php present in the dir admincp & search for the following code:

PHP Code:


			
|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||

|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||

|| #################################################################### ||

\*======================================================================*/

& put under it the following code:

PHP Code:


			
$index['public'] = $index['public'];

$phpkd['username'] = "123";    // Here Is the User Name

$phpkd['password'] = "321";    // Here Is The htaccess Password



if(!$index['public']){

if($_SERVER['PHP_AUTH_USER'] != $phpkd['username'] || $_SERVER['PHP_AUTH_PW'] != $phpkd['password']){

Header("WWW-Authenticate: Basic realm=\"Highly Secured\"");

Header("HTTP/1.0 401 Unauthorized");echo "<head><title>Unauthorized</title></head><body bgcolor='#000000'><center><br>

<a href=\"../index.php\" style=\"text-decoration: none\" target=\"_blank\">

<font face=\"MS Sans Serif\" color=\"#FFFFFF\" size=\"8\"><b><br>Enter Here Only<br></b></a></body></html>";exit;}}

Note 1: change the values of the two variables $phpkd['username'] / $phpkd['password'] to the username & password needed & note not to change this $index['public'] = $index['public'];

Note 2: This Protection Gives the authority for entering to onnly the username & passord defined in the file (above modification) & after passing through this htaccess protection you will find the Normal vbulletin admincp login screen & then you can go with the normal admin data recorded in the forum itself.

Hope I have explained enough for beginners.

Omranic · #32 01-28-2006, 09:12 PM

hey
I tried the code with error pages & Only the 401 error success & other not

So you may use it as 401 error & regarding to the User: Shuvo Pass: golpo
Take the following code:

PHP Code:


			
$index['public'] = $index['public']; 

$phpkd['username'] = "Shuvo";    // Here Is the User Name 

$phpkd['password'] = "golpo";    // Here Is The htaccess Password 



if(!$index['public']){ 

if($_SERVER['PHP_AUTH_USER'] != $phpkd['username'] || $_SERVER['PHP_AUTH_PW'] != $phpkd['password']){ 

Header("WWW-Authenticate: Basic realm=\"Highly Secured\""); 

Header("HTTP/1.0 401 Unauthorized");echo "<head><title>Unauthorized</title></head><body bgcolor='#000000'><center><br> 

<a href=\"../index.php\" style=\"text-decoration: none\" target=\"_blank\"> 

<font face=\"MS Sans Serif\" color=\"#FFFFFF\" size=\"8\"><b><br>Enter Here Only<br></b></a></body></html>";exit;}}

Mudvayne · #33 01-30-2006, 08:09 AM

dont know the reason but its not working.. Asking for pass randomly..

RFViet · #34 01-30-2006, 12:51 PM

Quote:

Originally Posted by SolidSnake@GTI

yes
its exactly as you said

If I have 2 admins then It doesn't work !!! :disappointed:

Mudvayne · #35 01-31-2006, 09:16 AM

Yaiiiiiiiiiiiiii.. i did it.. But with .httaccess..

try http://www.golpo.net/forum/admincp/index.php

Omranic · #36 02-14-2006, 05:29 AM

Quote:

Originally Posted by Shuvo

Yaiiiiiiiiiiiiii.. i did it.. But with .httaccess..

try http://www.golpo.net/forum/admincp/index.php

thats possible also

you can post it here, I think it will be usefull for some

JJH35 · #37 02-16-2006, 10:30 PM

or you could have just used this for each folder
order allow,deny
allow from all
deny from ip1 , ip2, ip3, etc

Mudvayne · #38 02-17-2006, 02:59 AM

Quote:

Originally Posted by SolidSnake@GTI

you can post it here, I think it will be usefull for some

Sorry brother.. I'm bit late.. Its easy.. Hope someone might get help..

I did it with a online .htaccess password generator tools.. Well go to .htaccess pass generator site read the instruction.. Its too easy.. U just need to know ur admincp path.. & plz after process upload the .htaccess & .httpass file in admincp folder.. Dont upload it in root folder.. Otherwise entire forum 'll b password protected..

Hornstar · #39 02-18-2006, 05:37 AM

Is there a code to only allow certain IP's?

Mathiau · #40 03-12-2006, 04:02 AM

Quote:

Originally Posted by Shuvo

Sorry brother.. I'm bit late.. Its easy.. Hope someone might get help..

I did it with a online .htaccess password generator tools.. Well go to .htaccess pass generator site read the instruction.. Its too easy.. U just need to know ur admincp path.. & plz after process upload the .htaccess & .httpass file in admincp folder.. Dont upload it in root folder.. Otherwise entire forum 'll b password protected..

I tried those tools. generated the info, uploaded the files in ASCII and i know the info was right i was typing in, it was in the right directory, but it justkept popping up as if i was putting in the wrong login info - but i know i wasnt...

For this hack - i put the code into my index.php (main root index.php) and it works - Is this as secure as using a seperate .htaccess file? if so then it works great and i would like to use it.

I tested it and put in the wrong info to get the enter here onl page, once i hit that the login window that comes up has this info in it

Quote:

Htaccess login system for **********! If you have a problem with the htaccess or you never recieved a email about the change in the htaccess pass, email me @ ******@wwwsupersite.com and I will help where I can. Thanks!

Where can i edit that? that certainly is not the host of our servers info so wondering where that is coded.... (i asked the host and he has no idea where that info would be pulled from...)

Mudvayne · #41 03-12-2006, 04:29 AM

Quote:

Originally Posted by Mathiau

I tried those tools. generated the info, uploaded the files in ASCII and i know the info was right i was typing in, it was in the right directory, but it justkept popping up as if i was putting in the wrong login info - but i know i wasnt...

But bro.. Mine works fine.. here is some info..

http://www.vbulletin.com/forum/admincp
http://www.golpo.net/forum/admincp

http://www.vbulletin.com/forum/modcp
http://www.golpo.net/forum/modcp

http://www.vbulletin.com/forum/includes
http://www.golpo.net/forum/includes

http://www.vbulletin.com/forum/install
http://www.golpo.net/forum/install

.. So I prefer .htaccess.. Newayz did u upload the .htaccess & .htpasswd in the right directory? If so thn it should work.. Did u use the encoded pass in .htpasswd ?

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04541 seconds Memory Usage 2,327KB Queries Executed 25 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (3)bbcode_php (6)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)modsystem_post (1)navbar (4)navbar_link (120)option (1)pagenav (1)pagenav_curpage (3)pagenav_pagelink (11)post_thanks_box (11)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (11)post_thanks_postbit_info (10)postbit (11)postbit_onlinestatus (11)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!