The Arcive of Official vBulletin Modifications Site.

MentaL · #1 09-03-2009, 06:31 AM

Hi,

Is there any such mod that locks a predefined user account to a single ip?

Thanks.

James Birkett · #2 09-03-2009, 03:19 PM

Lock the account to the IP.. you mean so only that IP can log in to that account?

Lynne · #3 09-03-2009, 03:21 PM

Not that I know of. And why would you do that? Some users, like myself, have dynamic IPs. So, I'd sign up and a couple of days later be locked out because my IP changed.

James Birkett · #4 09-03-2009, 03:23 PM

It could be a hacking prevention technique, although again, it's very risky.
This could probably be added to the login check (do a query to see if IP field matches the current IP)

Lynne · #5 09-03-2009, 03:24 PM

Yeah, I'm sure you can write a plugin to check if the IP you are using currently is the same as the one your registered with. But, as I said, you will lock out a lot of users who have dynamic IPs. I know if that happened to me, I'd just leave the site.

James Birkett · #6 09-03-2009, 03:42 PM

Agreed Lynne. Unless you set a condition in the plug-in (for maybe admins only?).

PHP Code:


			
if($username = 'Admin'){
// execute code
}

Again, you're limited to what you can use because the user isn't actually logged in, which limits your variables.

I always find .htaccess protection much more effective than per-user protection.

MentaL · #7 09-03-2009, 05:26 PM

Hi

Yes it would be for myself or any staff that has a static ip, the ip could be manually modified via SQL if needed, or if the ip could be encoded in md5 would be rather good too.

Security is a maximum these days every one is trying to hack me :P

James Birkett · #8 09-03-2009, 07:51 PM

The login redirect page uses the following hooks:

Code:

init_startup
cache_permissions
style_fetch
cache_templates
global_start
parse_templates
fetch_musername
notices_check_start
notices_noticebit
global_setup_complete
login_verify_success
fetch_userinfo_query
fetch_userinfo
login_process
login_redirect
redirect_generic

I'ma guess you'd use login_process or fetch_userinfo_query and just do an if statement that executes a query to grab the IP and compare.
If you want maximum security, remember to use .htaccess on mod and admincp dir's, rename the dir's to random strings and never chmod anything 777 (although as an owner of a large MMORPG forum I'd guess you know most of this).

I wouldn't recommend hashing your IP address.. for a few reasons. The main one being it's just added load for your server which is unnecessary.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04875 seconds Memory Usage 2,226KB Queries Executed 13 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (1)bbcode_code (1)bbcode_php (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (8)post_thanks_box (8)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (8)post_thanks_postbit_info (8)postbit (8)postbit_onlinestatus (8)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!