MyBB Community Forums

MyBB Community Forums > Resources > Tutorials > Add secret PIN to ACP login
Full Version: Add secret PIN to ACP login
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7 8 9 10

andrewjs18

2014-07-30, 07:50 PM
Paul, in addition to the pin, is it possible to restrict access to the admin cp to certain UIDs?

dragonexpert

2014-07-30, 08:49 PM
Not without a plugin or another core edit.

If you really want to after this line on /admin/index.php : // Load global language phrases
$lang->load("global");

Add the following:
$alloweduids = array("uid1", "uid2", "uid3");
if(!in_array($mybb->user['uid'], $alloweduids))
{
error_no_permission();
}

Whiteneo

2014-08-06, 03:49 AM
Works very fine i add some more secure pin and encription.

Only members who knows this data can use forum and you can add a new pin to users table and config via cpanel. Verifying you are an admin and this on admincp but its a lot of work and the way of dragon expert says is more easy to inplement on forums without problems.

dragonexpert

2014-08-06, 05:38 AM
This is just my opinion, but realistically the pins should not be stored as plain text. There are plenty of hashing functions for this. You store the hash of the pin and use the same hash function against the pin that is input.

Omar G.

2014-08-06, 01:11 PM
^You mean "password"?

dragonexpert

2014-08-06, 01:56 PM
No, I mean pin because this tutorial is about adding a pin. Passwords are not stored as plain text anyway and it'd be grounds for legal trouble.

Whiteneo

2014-08-08, 06:42 AM
On config.php file its a plain text for your pin as this tutorial shows but i change it only code to make it works and if you know ftp password its more hard to know secret pin.

Example:

Its more difficult to know about encrypted pin like

mk-gGJBltmbrxhjk468/16

Than

mysecretpin

Thats what i am try to say only i change the last result ob config file and the way to get the pin only with a php encrypt method Big Grin

Omar G.

2014-08-08, 06:55 AM
(2014-08-06, 01:56 PM)dragonexpert Wrote: [ -> ]No, I mean pin because this tutorial is about adding a pin. Passwords are not stored as plain text anyway and it'd be grounds for legal trouble.

Hashed PINs in files? Not DB involved?

dragonexpert

2014-08-08, 01:21 PM
Yeah. ON a Vbulletin forum I own, I store the hash of it in a file. Effectively it forces a hacker to have both file and database access.

andrewjs18

2014-08-08, 07:44 PM
(2014-08-08, 01:21 PM)dragonexpert Wrote: [ -> ]Yeah. ON a Vbulletin forum I own, I store the hash of it in a file. Effectively it forces a hacker to have both file and database access.

a tutorial on this would be nice..
Pages: 1 2 3 4 5 6 7 8 9 10
MyBB Community Forums > Resources > Tutorials > Add secret PIN to ACP login