Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.0 > vBulletin 3.0 Beta Releases
Reload this Page Security Password for Admincp Hacks
FAQ Community Calendar Today's Posts Search

Reply
Page 2 of 5 1 2 34 Last »
 
Thread Tools
Security Password for Admincp Hacks Details »»
Security Password for Admincp Hacks
Version: 1.00, by AnhTuanCool AnhTuanCool is offline
Developer Last Online: Sep 2006 Show Printable Version Email this Page
Version: 3.0.3 Rating:
Released: 10-09-2004 Last Update: Never Installs: 16
Is in Beta Stage  
No support by the author.

Security Password for Admincp Hacks
by AnhTuanCool

Quick Stats:
Version 1.0.2
Tested full functionally on vBulletin 3.0.3
Time to install: no more than 2 min
File to edit: 4
Template to edit: None
Query to run: None

What this hack does:
Add an additional Password for ACP which is only known by insiders if intentional or unintentional someone could get your current account and do the bad things to your board, this password is assign to all current administrator and only can be changed by the superadministrator*.

Updated:
Upgrade from v1.0.0
Fixed bug that not allow normal member to login

Install:
I had includes the installation file so that you don't have to move much which is always discourage people with long instruction. Included the installation file, download and upload the two files onto your forumroot/admincp/ directory, run the file acppassword_install.php from your admincp and follow it closely.

Disclaimer:
Of course do not forget to back-up your file before uploading it.
Do NOT stop the installation while it isn't finished yet, this can cause you more trouble.

*Be a superadministrator
If you are the webmaster of your site, then you probably can use FTP or another way - edit the source code, you will need to edit the $superadministrators variable in the includes/config.php file to be a superadministrator or you can add some of trusted people, in order to reset this password.

To allow the administrators to access this page, edit the variable to include the user IDs of those administrators should have access, separating each user ID with a comma, like this:

$superadministrators = '1,25,57';

To allow only a single administrator to access this page, simply add that user's ID with no commas, like this:

$superadministrators = '1';

Note: This hack assigns the security password for all current administrators, so if you set someone to administrator, you will have to reset the password in order to allow him to ACP.

Screenshots:
Attachment

NOTE: INSTALL as your OWN risk. This hack has a serious side-effect on the login function. I'll try to fix it as soon as I can.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #12  
Old 10-10-2004, 08:54 PM
yukayumi yukayumi is offline
 
Join Date: May 2004
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Really don't remember if I had made any changes to this file before.It's supposed to be there like in your screenshot but mine is different.Please take a look and tell me what to do.Should I hit the back button and uninstall this script? I'm afraid I won't be able to login my admincp if get stuck in the middle of the installation here.
Reply With Quote
  #13  
Old 10-10-2004, 08:57 PM
PitchouneN64ngc's Avatar
PitchouneN64ngc PitchouneN64ngc is offline
Senior Member
  
Join Date: Aug 2002
Location: France
Posts: 515
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
What is your version of vBulletin you using? For vB 3.0.3, all is good
Reply With Quote
  #14  
Old 10-10-2004, 09:03 PM
AnhTuanCool's Avatar
AnhTuanCool AnhTuanCool is offline
 
Join Date: Jul 2004
Location: Albuquerque
Posts: 263
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
To yukayumi -

Replace your lines from 156 to 158 with:

PHP Code:
    if ($bbuserinfo $DB_site->query_first("SELECT userid, usergroupid, membergroupids, username, password, cpanelpassword, salt FROM " TABLE_PREFIX "user WHERE username = '" addslashes(htmlspecialchars_uni($username)) . "'"))
    {
        if (
            $bbuserinfo['password'] != iif($password AND !$md5passwordmd5(md5($password) . $bbuserinfo['salt']), '') AND
            $bbuserinfo['password'] != md5($md5password $bbuserinfo['salt']) AND
            $bbuserinfo['password'] != iif($md5password_utfmd5($md5password_utf $bbuserinfo['salt']), '') OR
            $bbuserinfo['cpanelpassword'] != md5(md5($password2))
        ) 
Good luck
Reply With Quote
  #15  
Old 10-10-2004, 09:23 PM
yukayumi yukayumi is offline
 
Join Date: May 2004
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Mine is vbb 3.0.1,maybe that's why there's alot of error out there.Could not find the code between those <!-- login fields --> in my adminfunctions.php file.I guess it's not compatible with 3.0.1 though.What should I do?
Reply With Quote
  #16  
Old 10-10-2004, 09:30 PM
AnhTuanCool's Avatar
AnhTuanCool AnhTuanCool is offline
 
Join Date: Jul 2004
Location: Albuquerque
Posts: 263
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
In adminfunctions.php, SELECT BETWEEN the two <!-- login fields --> and <!-- /login fields --> line, and do the replacement, good luck
Reply With Quote
  #17  
Old 10-10-2004, 09:51 PM
yukayumi yukayumi is offline
 
Join Date: May 2004
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Could you please take a look at my functions_login.php file? It's 3.0.1 and I could not find the code mentioned in your hack.Thanks.
Reply With Quote
  #18  
Old 10-10-2004, 09:57 PM
AnhTuanCool's Avatar
AnhTuanCool AnhTuanCool is offline
 
Join Date: Jul 2004
Location: Albuquerque
Posts: 263
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Cross out that modification for functions_login.php and do the first two support that I gave (if you didn't) cause there is no verify_authenticate function .
Reply With Quote
  #19  
Old 10-10-2004, 10:43 PM
yukayumi yukayumi is offline
 
Join Date: May 2004
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Work like charm,AnhTuanCool.Thanks alot.This hack is great!
Reply With Quote
  #20  
Old 10-11-2004, 07:38 AM
Floris Floris is offline
 
Join Date: Jan 2002
Posts: 1,898
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Personally I think this is useless because there is also .htaccess which is better.
The biggest threats are xss where they don't even need to know the passwords. This would be a handy additional security layer for windows servers where .htaccess isn't working. And every additional security layer is better then not having it. So thank you for your hack and sharing it.
Reply With Quote
  #21  
Old 10-11-2004, 07:47 AM
Carter876's Avatar
Carter876 Carter876 is offline
 
Join Date: Mar 2004
Posts: 36
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I'm on Linux server and I prefer to use .Htaccess but this hack is good for Windows server

Regards
Reply With Quote
Reply
Page 2 of 5 1 2 34 Last »

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 03:31 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05086 seconds
  • Memory Usage 2,307KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete