Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.0 > vBulletin 3.0 Full Releases
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
HTTP Authentication by User / pass / ip ranges Details »»
HTTP Authentication by User / pass / ip ranges
Version: 1.00, by miz miz is offline
Developer Last Online: Sep 2005 Show Printable Version Email this Page

Version: 3.0.0 Rating:
Released: 04-15-2004 Last Update: Never Installs: 12
 
No support by the author.

ok , this is the first hack i post around here so i hope im doing it ok
if not mods please fix me :P
ok, this hack is ment for closed comunity of vbulltien forums that want exstra security against unwelcome guests

this hack adds HTTP Authentication which change acording to username / password

to make the security bit higher i added ip ranges part - mean every users got ip range and if his ip is not wellcome then its not let him in
(can help abit against shared account).

ok so lets start

// run this db query
PHP Code:
ALTER TABLE user ADD ipmasks varchar(250NOT NULL default ''
// open the file admincp/user.php

find :
PHP Code:
print_input_row($vbphrase['email'], 'user[email]'$user['email'], 0); 
below it add :
PHP Code:
print_input_row('ip masks''user[ipmasks]'$user['ipmasks'], 0); 
save the file and upload it back to your server

ok, now u got 2 options :
option1 - put it only in root dir
option2 - put itin root and on admincp/modcp dir

ok
if option 1 then
// open root/global.php

find :
PHP Code:
require_once('./includes/init.php'); 
Below it add :
PHP Code:
//HTACCESS Hack + IP restriction
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    
header('WWW-Authenticate: Basic realm="Restricted area"');
    
header("HTTP/1.0 401 Unauthorized");
    echo 
"Unauthorized login attempts are logged.\n";
    echo 
"bla";
    exit;
} else {
    
//checking database
    
$userinf=$DB_site->query_first("SELECT user.password,user.userid,user.salt FROM user WHERE username='$_SERVER[PHP_AUTH_USER]'");
    
$isvalidip=0;
    if(
$userinf['userid']){
        
// if user exists check if ip is valid $REMOTE_ADDR
        
$validip=$DB_site->query_first("SELECT ipmasks FROM user WHERE userid='$userinf[userid]'");
        
$validip=explode(" ",$validip['ipmasks']);
        foreach(
$validip as $testip){
            if (
$testip=='') { continue; }
            if (
strstr($REMOTE_ADDR,$testip)==$REMOTE_ADDR || stristr(gethostbyaddr($REMOTE_ADDR),$testip)==$testip){
                
$isvalidip=1;
                break;
            }
        }
    }
    
//checking if the user login is ok & that he connects from a valid ip
    
        
$salt $userinf['salt'];
        
$pass $userinf['password'];
        
$userp md5(md5($_SERVER['PHP_AUTH_PW']) . $salt);
        
    

        
    if (
$pass != $userp) {
        
//we have a looser:)
        
header('WWW-Authenticate: Basic realm="Restricted area"'); 
        
header('HTTP/1.0 401 Unauthorized'); 
        echo 
"Unauthorized login attempts are logged.\n";
        exit;
    }elseif(!
$isvalidip){
        
header('HTTP/1.0 401 Unauthorized'); 
        echo 
"Your Ip is not allowed here...Unauthorized login attempts are logged.\n";
        exit;
    }
}
//HTACCESS Hack + IP restriction (end) 
save the file and upload it back to your server

now if u want option 2 then :

open includes/init.php

find :
PHP Code:
    $DB_site->connect($servername$dbusername$dbpassword$usepconnect); 
Below it add :

PHP Code:
//HTACCESS Hack + IP restriction
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    
header('WWW-Authenticate: Basic realm="Restricted area"');
    
header("HTTP/1.0 401 Unauthorized");
    echo 
"Unauthorized login attempts are logged.\n";
    echo 
"bla";
    exit;
} else {
    
//checking database
    
$userinf=$DB_site->query_first("SELECT user.password,user.userid,user.salt FROM user WHERE username='$_SERVER[PHP_AUTH_USER]'");
    
$isvalidip=0;
    if(
$userinf['userid']){
        
// if user exists check if ip is valid $REMOTE_ADDR
        
$validip=$DB_site->query_first("SELECT ipmasks FROM user WHERE userid='$userinf[userid]'");
        
$validip=explode(" ",$validip['ipmasks']);
        foreach(
$validip as $testip){
            if (
$testip=='') { continue; }
            if (
strstr($REMOTE_ADDR,$testip)==$REMOTE_ADDR || stristr(gethostbyaddr($REMOTE_ADDR),$testip)==$testip){
                
$isvalidip=1;
                break;
            }
        }
    }
    
//checking if the user login is ok & that he connects from a valid ip
    
        
$salt $userinf['salt'];
        
$pass $userinf['password'];
        
$userp md5(md5($_SERVER['PHP_AUTH_PW']) . $salt);
        
    

        
    if (
$pass != $userp) {
        
//we have a looser:)
        
header('WWW-Authenticate: Basic realm="Restricted area"'); 
        
header('HTTP/1.0 401 Unauthorized'); 
        echo 
"Unauthorized login attempts are logged.\n";
        exit;
    }elseif(!
$isvalidip){
        
header('HTTP/1.0 401 Unauthorized'); 
        echo 
"Your Ip is not allowed here...Unauthorized login attempts are logged.\n";
        exit;
    }
}
//HTACCESS Hack + IP restriction (end) 
thats all

*WARNING - IN ANY WAY DONT USE BOTH OPTIONS
its will cuse to the page ask for several time the user/pass
and its will be very buggy.

note :
if user got dynamic ips for exsample :

143.229.64.58
143.229.78.99
145.88.45.68

just add it like that
143.229 145.88
with 1 space between each ip range
dont user * as wildcard.

thats all :P
if u got some qustions or anything , then im here to suport u guys.

Sorry for my very bad english.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #32  
Old 03-12-2006, 07:01 PM
sybakaos sybakaos is offline
 
Join Date: Mar 2006
Posts: 78
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

To make users redirect after failed logins, put the following in

echo "":;

PHP Code:
<html><head><META HTTP-EQUIV=\"Refresh\" CONTENT=\"0;URL=http://www.disney.com\"></head></html> 
Reply With Quote
  #33  
Old 03-12-2006, 07:02 PM
sybakaos sybakaos is offline
 
Join Date: Mar 2006
Posts: 78
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

However, how do I disable banned users (usergroup) from accessing?
Reply With Quote
  #34  
Old 03-30-2006, 12:54 PM
GrCh_Jeff's Avatar
GrCh_Jeff GrCh_Jeff is offline
 
Join Date: Dec 2005
Posts: 68
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by TripLcixx
Here's the version without IPmasks:


This will put a HTaccess popup box on all your regular forum pages. As for the admincp/modcp, it might be easier to just change the location of those to something else (can be edited in the /includes/config.php).

Make sure you don't have any extra .htaccess files with an additional htaccess/htpasswd, else it's gonna get messy

So how can I get this with the redirect to work with 3.5.3 ???
really need this
Reply With Quote
  #35  
Old 04-02-2006, 06:29 PM
sybakaos sybakaos is offline
 
Join Date: Mar 2006
Posts: 78
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If anyone wonders how to refrain banned users from accessing (bypassing the http auth), change their password. Now they're banned from http auth and the board itself.

Simple but effective.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 09:51 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06094 seconds
  • Memory Usage 2,289KB
  • Queries Executed 19 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (8)bbcode_php
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (5)post_thanks_box
  • (5)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit_info
  • (4)postbit
  • (5)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete