2011-10-09, 05:23 PM
I saw this thread and thought, due to the amount ot core file edits needed, it would work better as a tutorial than a plugin.
So, let's get started.
On ./admin/inc/class_page.php:
Around line 391:
Change
To:
In ./admin/index.php
Around line 136:
Change:
To:
Ok. Then, open ./inc/config.php and add anywhere:
The PIN does not have to be a number, it can be anything.
If the PIN is not set in .inc/config.php, it will not be checked/verified.
This plugin keeps people who have a DB dump or an admin password from logging into the ACP.
Screenshots:
[attachment=24404]
[attachment=24403]
Hope you guys like it!
This took around a half-hour for me to figure out. If you would like to donate to me via PayPal, PM me for my PayPal email.
So, let's get started.
On ./admin/inc/class_page.php:
Around line 391:
Change
<div class="label"{$login_label_width}><label for="password">{$lang->password}</label></div>
<div class="field"><input type="password" name="password" id="password" class="text_input" /></div>
To:
<div class="label"{$login_label_width}><label for="password">{$lang->password}</label></div>
<div class="field"><input type="password" name="password" id="password" class="text_input" /></div>
<div class="label"{$login_label_width}><label for="pin">Secret PIN</label></div>
<div class="field"><input type="password" name="pin" id="pin" class="text_input" /></div>
In ./admin/index.php
Around line 136:
Change:
if($user['uid'])
{
$query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
$mybb->user = $db->fetch_array($query);
}
To:
if($user['uid'])
{
$query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
$mybb->user = $db->fetch_array($query);
}
if (isset($config['acp_pin']) && $mybb->input['pin'] != $config['acp_pin']) {
$default_page->show_login("Invalid PIN","error");
}
Ok. Then, open ./inc/config.php and add anywhere:
$config['acp_pin'] = 'yourpin';
The PIN does not have to be a number, it can be anything.
If the PIN is not set in .inc/config.php, it will not be checked/verified.
This plugin keeps people who have a DB dump or an admin password from logging into the ACP.
Screenshots:
[attachment=24404]
[attachment=24403]
Hope you guys like it!
This took around a half-hour for me to figure out. If you would like to donate to me via PayPal, PM me for my PayPal email.