The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
|||||||
Total Admin Security... Details »»
|
|||||||||||||||||||||||||
Ive always hated the fact that other Admins can delete your account...
Its not that they are untrustworthy, but people could get hold of their password or what have you... So... There is an easy way to ensure that they cannot change your password, demote you, or delete you... Just use this hack below, and then they cant!!! Just remember to change every occurance of X to your userid... Also : I have posted 2 screenshots... Other Related Hacks: More Admin Security - Protect Templates, Templatesets and Styles!!! Satan Show Your Support
|
|||||||||||||||||||||||||
About Developer
Visit Web Site
No support by the author.| Comments |
|
#63
10-19-2002, 06:33 PM
|
||||
|
||||
More Admin Security - Protect Templates, Templatesets and Styles!!!
^ That is the Template & Style Protection hack  Satan 
|
|
#65
12-15-2002, 08:06 PM
|
||||
|
||||
|
Yes there is
 Open admin/forumpermission.php Under the "require global.php" bit, add: Code:
if ($bbuserinfo[userid]!="x") {
echo"<p>You cannot perform this function!</p>";
exit;
}
Satan
|
|
#66
12-19-2002, 06:36 PM
|
||||
|
||||
|
What would make this hack even more secure is if you could make the ip address range of the login user an added *Condition* that disallows the user to remove anyone from the Admin list ... other than the TOP Admin (Who IP Falls inside a Range).
Example: -------DO NOT COPY THIS LINE------- if ($userid==X) and ($bbuserinfo[userid]!=X and ($bbuserinfo[ipaddress]!= [IP RANGE OF THE ADMIN]) { echo "<p>You cannot update this Admin.</p>"; cpfooter(); exit; } -------DO NOT COPY THIS LINE------- Also if you could capture the IP of the logged in user, and make a match of the one that the ADMIN assigned, this would give a lot more security than what's included in this hack. From what I see and what someone already mentioned ... all they need is you password ... this would stop anyone with your password from making changes. Your opinions ...
|
|
#67
12-19-2002, 11:03 PM
|
||||
|
||||
|
Sounds good
The logged in user's IP would be $bbuserinfo[ipaddress] How would you do a range? You can't just put $user[ipaddress] as the IP Range, as you may not have a static Ip  Satan
|
|
#68
12-20-2002, 01:35 AM
|
||||
|
||||
|
Under the user profile, you could enter any IP addy and use that as the number to test against the logged in users IP addy.
Abou the range theory, you can convert the ip address into string, and account for the numbers from the first, and second dot in the ip address. Your isp usually change the last (dot) group of numbers more often. Another solution would be to grab the ADMIN (IP's) from the database and check the logged in user's ip against those numbers... sorta like querying that table from the user table and throwing the numbers into an array and test the logged in users ip against the numbers in that table.
|
|
#69
12-20-2002, 08:16 AM
|
||||
|
||||
|
@Rolodex - But you wouldn't be able to edit the user if your IP wasn't right...
But unfortunately, I forgot to mention that if you had tried to login with the Admin's account, it would update the IP anyway Could you show me what you mean in code form? Quote:
 Satan
|
|
#70
12-20-2002, 09:52 PM
|
||||
|
||||
|
From PHP coding perspective, I can't
But from a logical perspective ... I can. Say that its a given ... that part of your IP address never changes. [your IP Address] 24.48.xxx.xxx Store (hard code) that value into a variable: $admin1_ip = 2448 (The Admin_ip is stored into the php code so that it's out of view from the admin CP, and undetected.) Now you can use these numbers to match the first part of the logged in user's IP address. Now Capture the IP address of the logged in user: [logged in user] 198.56.xxx.xxx Remove everything after the second dot (198.56) and Strip the dots from the IP address (19856). $temp = $bbuserinfo[ipaddress] (current logged in admin); $admin2_ip = $temp $admin_ip2 = 19856 if (userid=1 AND ($Admin2_ip == $Admin1_ip)){ If there's a match, and the other conditions are true, --- > DO action. else ----> The action is dis-allowed. This method is sorta like one of the hacks I saw on this board that disallowed anyone from accessing the admin CP ... while a certain file was stored on the server, but this method still allows the "real admin" to make changes to his/her profile.
|
|
#71
12-21-2002, 05:35 AM
|
||||
|
||||
|
Thats one of my hacks
And if you have both hacks installed, there is no way they can access the Admin CP without access to the Server (When the file is uploaded, your account cannot access the server )^^ Sounds like a good idea How would you strip that data of the dots and restrict it to just the first 2 parts? Other than that, it's doable Satan
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
|
|
All times are GMT. The time now is 10:44 AM.