MyBB Community Forums

MyBB Community Forums > Resources > Tutorials > Add secret PIN to ACP login
Full Version: Add secret PIN to ACP login
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7 8 9 10

Paul H.

2011-10-09, 05:23 PM
I saw this thread and thought, due to the amount ot core file edits needed, it would work better as a tutorial than a plugin.

So, let's get started.

On ./admin/inc/class_page.php:


Around line 391:

Change

			<div class="label"{$login_label_width}><label for="password">{$lang->password}</label></div>
			<div class="field"><input type="password" name="password" id="password" class="text_input" /></div>

To:

			<div class="label"{$login_label_width}><label for="password">{$lang->password}</label></div>
			<div class="field"><input type="password" name="password" id="password" class="text_input" /></div>

			<div class="label"{$login_label_width}><label for="pin">Secret PIN</label></div>
			<div class="field"><input type="password" name="pin" id="pin" class="text_input" /></div>


In ./admin/index.php

Around line 136:

Change:
	if($user['uid'])
	{
		$query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
		$mybb->user = $db->fetch_array($query);
	}

To:

	if($user['uid'])
	{
		$query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
		$mybb->user = $db->fetch_array($query);
	}
	
	if (isset($config['acp_pin']) && $mybb->input['pin'] != $config['acp_pin']) {
		$default_page->show_login("Invalid PIN","error");
	}


Ok. Then, open ./inc/config.php and add anywhere:

$config['acp_pin'] = 'yourpin';

The PIN does not have to be a number, it can be anything.

If the PIN is not set in .inc/config.php, it will not be checked/verified.

This plugin keeps people who have a DB dump or an admin password from logging into the ACP.


Screenshots:

[attachment=24404]

[attachment=24403]


Hope you guys like it!

This took around a half-hour for me to figure out. If you would like to donate to me via PayPal, PM me for my PayPal email.

Everett777

2011-10-09, 11:03 PM
Thanks!

Solidus

2011-10-09, 11:07 PM
That's useful. I'd use it if I weren't already using folder protection.

crazy4cs

2011-10-10, 05:03 AM
Very nice tutorial, I was wondering how can this be implemented into plugin as it requires file edits, any hooks near by that can by used?

nadlerz

2011-10-10, 05:25 AM
Very nice TUT

Omar G.

2011-10-10, 05:48 AM
Can't donate but really this is useful Big Grin

But what about a different PIN for every admin?

More protection is better, if not, like this is more enough Smile

sunjava1

2011-10-10, 08:07 AM
awesome

Paul H.

2011-10-10, 03:31 PM
@crazy4cs There aren't any convenient hooks, I looked.

@Sama34 Here's how you can do that:

In ./admin/index.php

Around line 136:

Change:
	if($user['uid'])
	{
		$query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
		$mybb->user = $db->fetch_array($query);
	}

To:

	if($user['uid'])
	{
		$query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
		$mybb->user = $db->fetch_array($query);
	}
	
	$acpuid = $mybb->user['uid'];

	if (isset($config['acp_pin'][$acpuid]) && $mybb->input['pin'] != $config['acp_pin'][$acpuid]) {
		$default_page->show_login("Invalid PIN","error");
	}


Open ./inc/config.php and add anywhere:

$config['acp_pin'][uid of the admin without quotes] = 'yourpin';
$config['acp_pin'][uid of the second admin without quotes] = 'yourpin2';

Omar G.

2011-10-10, 03:57 PM
Alright PJGIH, thanks for sharing this useful tutorial, htpassw is not in my skills Toungue

faviouz

2011-10-10, 06:24 PM
Neat.
Pages: 1 2 3 4 5 6 7 8 9 10
MyBB Community Forums > Resources > Tutorials > Add secret PIN to ACP login