Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions
Reload this Page AdminCP | PHP password protection using Sha1 hash
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 03-31-2013, 03:22 PM
ramesh_umk3 ramesh_umk3 is offline
 
Join Date: Jul 2010
Location: Earth
Posts: 194
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default AdminCP | PHP password protection using Sha1 hash
Hey friends i have been trying to integrate one of the mod called php password protection...

I have done everything correct and tested. But couldn't integrate to admincp/index.php file

if any one could make it work or help that will be a great protection to admincp from unauthorized users :up:


Download project file from attachment

Generate sha1 password here Sha1 Generator
Attached Files
File Type: zip php-password-protection-login-system.zip (7.2 KB, 3 views)
Reply With Quote
  #2  
Old 03-31-2013, 03:28 PM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Why wouldnt you just use htpasswd/htaccess protection?

I see no reason to store anything in a ini file, which from the looks of the zip, its stored in the same location as everything else, even though the author claims its not readable.

That kinda defeats the purpose of protecting it.
Reply With Quote
Благодарность от:
Brandon Sheley
  #3  
Old 03-31-2013, 03:30 PM
ramesh_umk3 ramesh_umk3 is offline
 
Join Date: Jul 2010
Location: Earth
Posts: 194
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
yep i am using that too, but this sounds more protected !
Reply With Quote
  #4  
Old 03-31-2013, 03:59 PM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Not really, why would storing the hash in a public area be better protection?
Reply With Quote
  #5  
Old 03-31-2013, 04:18 PM
ramesh_umk3 ramesh_umk3 is offline
 
Join Date: Jul 2010
Location: Earth
Posts: 194
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
This doesn't stores anything in a server everything is handled in a login.ini.php and it's Secured from SQL Injection and brute force too.. What else protection we need!
Reply With Quote
  #6  
Old 03-31-2013, 04:20 PM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
That file is stored in a public area, thats not secure.

Also, it does store it ON the server, unless you some how think that your going to store that file on your computer.

quote form install:
Step 1: Upload login.php, login.ini.php, and quickprotect.class.php to your server
Reply With Quote
  #7  
Old 03-31-2013, 05:02 PM
ramesh_umk3 ramesh_umk3 is offline
 
Join Date: Jul 2010
Location: Earth
Posts: 194
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
if thats not stored in public area how server will execute them mate ?

i know how to install ! i am seeking for someone who can integrate this module with admincp/index.php

and you might say add below lines in index.php
PHP Code:
require_once ('./quickprotect.class.php');
$quickprotect = new quickprotect();
$quickprotect->checkLoginAndDirect(); 
I have tried it's doing nothing i get return error called "security token missing"
Reply With Quote
  #8  
Old 03-31-2013, 06:53 PM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Thats the point im making, its storing hash's in a public file, not a secure location or a good security practice.
Reply With Quote
  #9  
Old 03-31-2013, 07:11 PM
ramesh_umk3 ramesh_umk3 is offline
 
Join Date: Jul 2010
Location: Earth
Posts: 194
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
you can read those hash's ? which are in public file of my server ?

If yes then say i can stop this project right away !!!!

Thanks
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 02:09 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04081 seconds
  • Memory Usage 2,264KB
  • Queries Executed 14 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (9)post_thanks_box
  • (1)post_thanks_box_bit
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (1)postbit_attachment
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete