HTTP Authentication by User / pass / ip ranges
Mod Version: 1.00, by miz
This modification is in the archives.
| vB Version: 3.0.0 | Rating:  (1 vote - 5.00 average) |
Installs: 12 |
| Released: 17 Apr 2004 | Last Update: Never | Downloads: 0 |
 Not Supported
|
||
ok , this is the first hack i post around here so i hope im doing it ok
if not mods please fix me :P
ok, this hack is ment for closed comunity of vbulltien forums that want exstra security against unwelcome guests
this hack adds HTTP Authentication which change acording to username / password
to make the security bit higher i added ip ranges part - mean every users got ip range and if his ip is not wellcome then its not let him in
(can help abit against shared account).
ok so lets start
// run this db query
// open the file admincp/user.php
find :
below it add :
save the file and upload it back to your server
ok, now u got 2 options :
option1 - put it only in root dir
option2 - put itin root and on admincp/modcp dir
ok
if option 1 then
// open root/global.php
find :
Below it add :
save the file and upload it back to your server
now if u want option 2 then :
open includes/init.php
find :
Below it add :
thats all
*WARNING - IN ANY WAY DONT USE BOTH OPTIONS
its will cuse to the page ask for several time the user/pass
and its will be very buggy.
note :
if user got dynamic ips for exsample :
143.229.64.58
143.229.78.99
145.88.45.68
just add it like that
143.229 145.88
with 1 space between each ip range
dont user * as wildcard.
thats all :P
if u got some qustions or anything , then im here to suport u guys.
Sorry for my very bad english.
if not mods please fix me :P
ok, this hack is ment for closed comunity of vbulltien forums that want exstra security against unwelcome guests
this hack adds HTTP Authentication which change acording to username / password
to make the security bit higher i added ip ranges part - mean every users got ip range and if his ip is not wellcome then its not let him in
(can help abit against shared account).
ok so lets start
// run this db query
PHP Code:
ALTER TABLE user ADD ipmasks varchar(250) NOT NULL default '';
find :
PHP Code:
print_input_row($vbphrase['email'], 'user[email]', $user['email'], 0);
PHP Code:
print_input_row('ip masks', 'user[ipmasks]', $user['ipmasks'], 0);
ok, now u got 2 options :
option1 - put it only in root dir
option2 - put itin root and on admincp/modcp dir
ok
if option 1 then
// open root/global.php
find :
PHP Code:
require_once('./includes/init.php');
PHP Code:
//HTACCESS Hack + IP restriction
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="Restricted area"');
header("HTTP/1.0 401 Unauthorized");
echo "Unauthorized login attempts are logged.\n";
echo "bla";
exit;
} else {
//checking database
$userinf=$DB_site->query_first("SELECT user.password,user.userid,user.salt FROM user WHERE username='$_SERVER[PHP_AUTH_USER]'");
$isvalidip=0;
if($userinf['userid']){
// if user exists check if ip is valid $REMOTE_ADDR
$validip=$DB_site->query_first("SELECT ipmasks FROM user WHERE userid='$userinf[userid]'");
$validip=explode(" ",$validip['ipmasks']);
foreach($validip as $testip){
if ($testip=='') { continue; }
if (strstr($REMOTE_ADDR,$testip)==$REMOTE_ADDR || stristr(gethostbyaddr($REMOTE_ADDR),$testip)==$testip){
$isvalidip=1;
break;
}
}
}
//checking if the user login is ok & that he connects from a valid ip
$salt = $userinf['salt'];
$pass = $userinf['password'];
$userp = md5(md5($_SERVER['PHP_AUTH_PW']) . $salt);
if ($pass != $userp) {
//we have a looser:)
header('WWW-Authenticate: Basic realm="Restricted area"');
header('HTTP/1.0 401 Unauthorized');
echo "Unauthorized login attempts are logged.\n";
exit;
}elseif(!$isvalidip){
header('HTTP/1.0 401 Unauthorized');
echo "Your Ip is not allowed here...Unauthorized login attempts are logged.\n";
exit;
}
}
//HTACCESS Hack + IP restriction (end)
now if u want option 2 then :
open includes/init.php
find :
PHP Code:
$DB_site->connect($servername, $dbusername, $dbpassword, $usepconnect);
PHP Code:
//HTACCESS Hack + IP restriction
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="Restricted area"');
header("HTTP/1.0 401 Unauthorized");
echo "Unauthorized login attempts are logged.\n";
echo "bla";
exit;
} else {
//checking database
$userinf=$DB_site->query_first("SELECT user.password,user.userid,user.salt FROM user WHERE username='$_SERVER[PHP_AUTH_USER]'");
$isvalidip=0;
if($userinf['userid']){
// if user exists check if ip is valid $REMOTE_ADDR
$validip=$DB_site->query_first("SELECT ipmasks FROM user WHERE userid='$userinf[userid]'");
$validip=explode(" ",$validip['ipmasks']);
foreach($validip as $testip){
if ($testip=='') { continue; }
if (strstr($REMOTE_ADDR,$testip)==$REMOTE_ADDR || stristr(gethostbyaddr($REMOTE_ADDR),$testip)==$testip){
$isvalidip=1;
break;
}
}
}
//checking if the user login is ok & that he connects from a valid ip
$salt = $userinf['salt'];
$pass = $userinf['password'];
$userp = md5(md5($_SERVER['PHP_AUTH_PW']) . $salt);
if ($pass != $userp) {
//we have a looser:)
header('WWW-Authenticate: Basic realm="Restricted area"');
header('HTTP/1.0 401 Unauthorized');
echo "Unauthorized login attempts are logged.\n";
exit;
}elseif(!$isvalidip){
header('HTTP/1.0 401 Unauthorized');
echo "Your Ip is not allowed here...Unauthorized login attempts are logged.\n";
exit;
}
}
//HTACCESS Hack + IP restriction (end)
*WARNING - IN ANY WAY DONT USE BOTH OPTIONS
its will cuse to the page ask for several time the user/pass
and its will be very buggy.
note :
if user got dynamic ips for exsample :
143.229.64.58
143.229.78.99
145.88.45.68
just add it like that
143.229 145.88
with 1 space between each ip range
dont user * as wildcard.
thats all :P
if u got some qustions or anything , then im here to suport u guys.
Sorry for my very bad english.
Download
No files for download.