Admin Protection

I couldent find anything like this, even if it is so simple, anywhere on here so i decided to make it myself..

Description:
Checks IP of moderator or administrator before allowing access to mod/admincp or editing threads.

Requires mods to functions_login.php,postings.php,inlinemod.php, txt file named ippool.txt in forum root directory,apparse.php uploaded to forum root,ipauth.php uploaded to forum root.

Instructions for install:


1.download attachments
2.open adminprotection.php and edit the variables to their correct settings.
3.upload ipauth.php,apparse.php,adminprotection.php,ippool. txt to forum root
4.find..

Code:

		// admin control panel or upgrade script login
	if ($logintype === 'cplogin')
	{

in includes/functions_login.php and add under

Code:

 //admin protection
	include 'adminprotection.php';
	checklogin();
//end admin protection

5. find..

Code:

	if ($logintype === 'modcplogin')
	{

and add below

Code:

//admin protection
	include 'adminprotection.php';
	checklogin();
//end admin protection

6. find..

Code:

switch ($_REQUEST['do'])
{
	case 'openclosethread':
	case 'dodeletethread':
	case 'dodeleteposts':
	case 'domovethread':
	case 'updatethread':
	case 'domergethread':
	case 'dosplitthread':
	case 'stick':
	case 'removeredirect':
	case 'deletethread':
	case 'deleteposts':
	case 'movethread':
	case 'editthread':
	case 'mergethread':
	case 'splitthread':

in posting.php(located in forum root) and add above..

Code:

//admin protection
	include 'adminprotection.php';
	checklogin();
//end admin protection

7. find..

Code:

switch ($_POST['do'])
{
	case 'open':
	case 'close':
	case 'stick':
	case 'unstick':
	case 'deletethread':
	case 'undeletethread':
	case 'approvethread':
	case 'unapprovethread':
	case 'movethread':
	case 'mergethread':

in 'inlinemod.php' in forumroot, add

Code:

//admin protection
	include 'adminprotection.php';
	checklogin();
//end admin protection

in between the

Code:

switch ($_POST['do'])
{

and

Code:

	case 'open':
	case 'close':
	case 'stick':
	case 'unstick':

8. CHMOD apparse and adminprotection.php to 777
9. visit http://yoursite.com/ipauth.php and enter your ip and click submit
10. repeat for all admins/moderators on your forum
11. you're finished!

*note this hack does not work with a dynamic ip yet, i plan to add it later on.

Future Mods:
Switch to MySQL table,Support for DSL/dialup IPs,Save to database on all unauthorized logins

[mholtum]

Quote:

Originally Posted by fcreature

That is common sense and i'm really tired of hearing people complain and moan about the usage of modifications. This is not simply directed towards you mholtum. Time and time again, when someone creates a piece of work someone always has to come out of their hole and try to make a claim as to why the modification "is not good or should not be used". I'm pretty sure if people wanted to use their admincp at other terminals they would make intelligent arragements to do so. It's a code, we shoulden't have to hear debates about why people shoulden't add this or that to their community because of unpractacality or your take on various ethical issuues.

I'm not coming back into this thread so don't waist your time.

Good work cerjam by the way

:banana:

Wow. I was simply trying to point out that there COULD be an issue for some with this installed. There are many people here that are fairly new to vb and install modification after modification without much thought. Trying to save someone a little stress

[Drewish]

Very useful mod, prevents the security of your entire forum from relying on all of your moderator/admin passwords.

Nice work *installed*

[cerjam]

ick, i woke up to a inbox full of 'unauthorized login' emails, i misplaced the code in functions_login.php, check original post for fix.

[Snake]

Good job on that!

/me installs

[PennylessZ28]

prevents you from logging on elsewhere

[cerjam]

No? What do you think ipauth.php is for? lets you add another ip to the ippool. and it doesnt support wildcards yet, i use dialup myself and it really isnt a hassle adding my ip everytime i reconnect, but then again i stay online for 3-4 days at a time >.>

[Shaliza]

I'm using .htaccess for extra protection, but I don't see how this couldn't work.

[Watched]

Parse error: syntax error, unexpected T_INCLUDE, expecting T_CASE or T_DEFAULT or '}' in /home/epirate/public_html/forums/inlinemod.php on line 93

Code:

switch ($_POST['do'])
{
	//admin protection
	include 'adminprotection.php';  <-- line 93.. all files are in place and edited properly.  just somehow managed to kill my inline.
	checklogin();
    //end admin protection
	case 'open':
	case 'close':
	case 'stick':
	case 'unstick':
	case 'deletethread':
	case 'undeletethread':
	case 'approvethread':
	case 'unapprovethread':
	case 'movethread':
	case 'mergethread':

can edit posts and what not.. seems to be working fine in that respect, however with that error being on line 93, it has effectively killed my entire inline mod tool.. uninstalled from the inline mod tool though and my inline works perfect again. so yeah.. call that a bug. sad imo.. i was really looking forward to this hack helping to beef up the security on my board.

[Watched]

8. CHMOD apparse and adminprotection.php to 777

DO NOT DO THIS.. if you have someone THINKING bout or ATTEMPTING to hack your forum.. i recently had a member use the 777 to his own advantage and save blank adminprotection.php and apparse files to my ftp in an attempt to gain access to my admincp..