MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Need Security check - Nathan Malcolm
Full Version: Need Security check - Nathan Malcolm
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

marcus123

2013-08-20, 03:36 PM
Hi Nathan Malcolm could you help me please I am trying to restrict login to Administrator and Moderator groups, so that they will only be able to login with the IP address they have created their account or registered.
Can you please check this code for possible security issues, and if it will actually work? I know you helped develop MyBB so you are one of few people that can say if this code is a go or nogo!

This code has been suggested by Cedric

functions_user.php
// REGIP = new param
        $query = $db->simple_select("users", "uid,username,password,salt,loginkey,usergroup,regip", "uid='".intval($uid)."'", array('limit' => 1));
        $user = $db->fetch_array($query);
    }
    if(!$user['salt'])
    {

member.php
elseif($user['usergroup'] == X || $user['usergroup'] == Y)
        {
            $currentip = $_SERVER['REMOTE_ADDR'];
            if ($currentip != $user['regip'])
             {
               $errors[] = "Cannot log you in!";
             }
        }

X and Y is where I put group ID

Arbaz

2013-08-21, 08:25 PM
Why specifically Nathan?

marcus123

2013-08-21, 09:18 PM
Because he's one of the people that developed MYBB so he know more than anyone. Can you help?

User 2877

2013-08-22, 01:06 AM
You should not use core edits to do this. You should be able to do it with a plugin.

marcus123

2013-08-22, 09:06 AM
(2013-08-22, 01:06 AM)labrocca Wrote: [ -> ]You should not use core edits to do this. You should be able to do it with a plugin.

What plugin do you recommend for that that will not compromise security?

User 2877

2013-08-22, 02:28 PM
As if you're ability to search is any less than mine?

Here: http://mods.mybb.com/view/restrict-ip

And if you need to restrict it to only the registration IP you can make the changes in the plugin.

marcus123

2013-08-22, 02:36 PM
(2013-08-22, 02:28 PM)labrocca Wrote: [ -> ]As if you're ability to search is any less than mine?

Here: http://mods.mybb.com/view/restrict-ip

And if you need to restrict it to only the registration IP you can make the changes in the plugin.

Thanks very much but this plugin only works with ./admin directory but I need a plugin that checks the main page login member.php?action=login

User 2877

2013-08-22, 02:49 PM
So add hooks. Sorry but you may need to learn some php to be an admin if you want custom changes to the code or plugins. You should learn some basics anyways.

marcus123

2013-08-22, 02:51 PM
(2013-08-22, 02:49 PM)labrocca Wrote: [ -> ]So add hooks. Sorry but you may need to learn some php to be an admin if you want custom changes to the code or plugins. You should learn some basics anyways.

Could you make a small contribution to this community and create this plugin? Please

Arbaz

2013-08-22, 09:48 PM
(2013-08-22, 02:51 PM)marcus123 Wrote: [ -> ]
(2013-08-22, 02:49 PM)labrocca Wrote: [ -> ]So add hooks. Sorry but you may need to learn some php to be an admin if you want custom changes to the code or plugins. You should learn some basics anyways.

Could you make a small contribution to this community and create this plugin? Please

IMHO I doubt Labrocca has time to code the plugin for you as he runs his own big boards. You can ask some other developers or even hire some developers for this. I would vouch for Yaldaram for custom plugin creations.
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Need Security check - Nathan Malcolm