Go Back   vb.org Archive > Community Discussions > Modification Requests/Questions (Unpaid)
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 11-23-2004, 01:45 AM
Bison's Avatar
Bison Bison is offline
 
Join Date: Jun 2002
Location: Virginia Beach, Virginia
Posts: 522
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Allow Certain IP's To Access (or View) AdminCP

Can someone tell me how to stop anyone from viewing the admincp if they don't have an IP in the list? I know I can use a htaccess to stop anyone from accessing it, but is there a way that I can enter an IP address (If the admin user uses a static IP) that is only allowed to see the admincp?
Reply With Quote
  #2  
Old 11-24-2004, 09:46 PM
cycopia cycopia is offline
 
Join Date: Oct 2004
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

At the beginning of your index.php file in your admincp folder, add the following:

Code:
if(!preg_match("/^(68\.142\.18\.|68\.143\.19\.)/",$_SERVER['REMOTE_ADDR'])){
	header("HTTP/1.0 403 Forbidden",1);
	echo "<h2>403 Forbidden</h2>";
	exit();
}
The above code only allows ip addresses that begin with 68.142.18. or 68.143.19. Multiple IPs are separated by a | (pipe, above a back-slash on keyboard). You will notice that all periods are back-slash escaped (coding standard for regular expressions). Also be sure to not forget that last period after the 3rd number.

Code:
if(!preg_match("/^68\.142\.1\.143/",$_SERVER['REMOTE_ADDR'])){
	header("HTTP/1.0 403 Forbidden",1);
	echo "<h2>403 Forbidden</h2>";
	exit();
}
The above code allows only the IP 68.142.1.143.
Here is an example of the WRONG way:
Code:
if(!preg_match("/^68\.142\.1/",$_SERVER['REMOTE_ADDR'])){
	header("HTTP/1.0 403 Forbidden",1);
	echo "<h2>403 Forbidden</h2>";
	exit();
}
This code is missing a vital period after the 3rd number! We will allow any ip matching the pattern of 68.142.1*. That means 68.142.1.*, 68.142.10.*, 68.142.11.*, 68.142.12.*, 68.142.100.*, and so on all pass our "test." Don't forget the last period because you can go from letting a few ips to thousands by mistake.
Reply With Quote
  #3  
Old 11-24-2004, 10:09 PM
Andreas's Avatar
Andreas Andreas is offline
 
Join Date: Jan 2004
Location: Germany
Posts: 6,863
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Do you use Apache?
Then i'd suggest using .htaccess

<Limit GET POST>
order deny,allow
deny from all
allow from 199.166.210.12
</Limit>

This wil only allow access form IP 199.166.210.12.
If you want to allow several IPs, repeat the allow-line.

Isn't that what you want?
Reply With Quote
  #4  
Old 11-24-2004, 10:32 PM
cycopia cycopia is offline
 
Join Date: Oct 2004
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What I posted was a software mod in PHP... the apache version is more desirable and works just as well.

If your ISP doesn't allow .htaccess, do the PHP version.
Reply With Quote
  #5  
Old 11-24-2004, 10:47 PM
Andreas's Avatar
Andreas Andreas is offline
 
Join Date: Jan 2004
Location: Germany
Posts: 6,863
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by cycopia
What I posted was a software mod in PHP... the apache version is more desirable and works just as well.

If your ISP doesn't allow .htaccess, do the PHP version.
Hmm ... your code protects only index.php.
All other scripts would still be accessable?
Reply With Quote
  #6  
Old 11-27-2004, 01:38 AM
Bison's Avatar
Bison Bison is offline
 
Join Date: Jun 2002
Location: Virginia Beach, Virginia
Posts: 522
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by cycopia
What I posted was a software mod in PHP... the apache version is more desirable and works just as well.

If your ISP doesn't allow .htaccess, do the PHP version.
This works wonders for my Windows servers ... thanks!

I did use htaccess to protect my admin cp, but one day I forgot my password and I had to go into my cpanel to re-create the htaccess. Also, at times where I need quick access, and don't want to enter a password, this fix does it. :ermm:
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 09:26 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05280 seconds
  • Memory Usage 2,213KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_code
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (6)post_thanks_box
  • (6)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (6)post_thanks_postbit_info
  • (6)postbit
  • (6)postbit_onlinestatus
  • (6)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete