MyBB Community Forums

MyBB Community Forums > Extensions > Plugins > Plugin Development > Auth2My - Admin 2-step login verification with Android & iPhone
Full Version: Auth2My - Admin 2-step login verification with Android & iPhone
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

kojis

2012-12-08, 05:25 PM
I was bored so i'm developing this plugin/mod. Auth2My use Google's 2-step verification (time based) to login admin panel. 2-step verification adds an extra layer of security to your admin accounts by requiring them to enter a verification code in addition to their username and password.

Here is sample pictures:

[attachment=27960] [attachment=27958] [attachment=27959]

You need to edit core files for this mod. Here is guide how to edit and install.

1. Download plugin (attachment), unzip and upload files from "upload" folder to your forum root folder.

2. Go to your admin panel and install Auth2My -plugin. Then you can see Auth2my link in "Configuration" tab, go there and scan QR-image with your Android Google Authenticator or iPhone Google Authenticator app.

3. Open admin/inc/class_page.php and find these lines (around line 389):
<div class="label"{$login_label_width}><label for="password">{$lang->password}</label></div>
<div class="field"><input type="password" name="password" id="password" class="text_input" /></div>
Add these below:
<div class="label"{$login_label_width}><label for="auth2my">Auth2:</label></div>
<div class="field"><input type="password" name="auth2my" id="auth2my" class="text_input" /></div>

Open admin/index.php and find these lines (around line 129):
	if($user['uid'])
	{
		$query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
		$mybb->user = $db->fetch_array($query);
	}
Add these below:
	require_once MYBB_ROOT."inc/3rdparty/auth2my_class.php";
	$query = $db->simple_select("auth2my", "*", "id='1'");
	$auth2my = $db->fetch_array($query);

	$auth2my_verify = Google2FA::verify_key($auth2my['auth2my_key'], $mybb->input['auth2my']);

	if ($auth2my_verify == false && $auth2my['auth2my_active'] == "yes") {
		$default_page->show_login("Invalid Auth2","error");    
	}

4. Logout and test login to admin panel.

JordanMussi

2012-12-08, 05:51 PM
This looks more like a release to me. Anyway, thanks for sharing this is a great security feature. I'll have a good look at this when it's released.

kojis

2012-12-08, 06:14 PM
I did post this to "Releases" section first. But then i realize, maybe it is better to put it here "developing" first and get some feedback.

kojis

2012-12-19, 09:51 PM
No comments? Must be really interested plugin/mod Smile

harlenjoy

2013-05-26, 06:21 AM
Is this stable? I would like to use this on my forum.

kojis

2013-05-26, 02:47 PM
1.1 is stable. Haven't got any errors when tested.

Dannymh

2013-05-28, 12:31 PM
Interesting, certainly adding more security is good. I was hacked last week so looking at ways to tighten things up, even if a user gets elevated privileges, I still want to trip them up with other unknown pins etc that they can't source

7uyk

2013-05-28, 12:32 PM
Super impressive, I'd love to see this for members too.

Omar G.

2013-07-15, 04:48 AM
Seems to work smoothly, will this work with multiple administrators? I only tested on a forum with one administrator (me).

Congrats and thanks for the plugin. BTW, what is the "Authentication key" below the bar code for?

kojis

2013-07-15, 05:55 PM
It should work with multiple admins. Authentication key is in principle same as "bar code", if you have to enter manually without scanning QR-code, you can use that code.
Pages: 1 2
MyBB Community Forums > Extensions > Plugins > Plugin Development > Auth2My - Admin 2-step login verification with Android & iPhone