I need a plugin that will allow Moderators and Admins group to login only with the IP address they have signed up or created their account! I am not talking about ./admin directory, but login thought main page. Any suggestions?
You need plugin or suggestions?
(2013-08-22, 01:25 PM)effone Wrote: [ -> ]You need plugin or suggestions?
I am not sure! I would like to have a plugin but I would also appreciate if you can tell me how to make it work? However plugin would be nice, but it has to improve security not to make it weaker
Plugin: I can try making one, if I can manage some time. Its not too hard.
Suggestion: Though the core edit is not advisable but you can do it editing a little in member.php, modifying the query in line no. 1155 and adding an extra condition to verify current ip with the registration ip.
^^ This is the basic idea and should work. I've not checked though.
(2013-08-22, 01:41 PM)effone Wrote: [ -> ]Plugin: I can try making one, if I can manage some time. Its not too hard.
Suggestion: Though the core edit is not advisable but you can do it editing a little in member.php, modifying the query in line no. 1155 and adding an extra condition to verify current ip with the registration ip.
^^ This is the basic idea and should work. I've not checked though.
Can you make a plugin? Not for me but for MyBB entire community! I think is a must have function!
(2013-08-22, 01:41 PM)effone Wrote: [ -> ]Plugin: I can try making one, if I can manage some time....
Lets hope for the best.
(2013-08-22, 01:47 PM)effone Wrote: [ -> ] (2013-08-22, 01:41 PM)effone Wrote: [ -> ]Plugin: I can try making one, if I can manage some time....
Lets hope for the best.
Thanks man. I think this function will stop 100% all hackers from gaining access to your forum even if they have the password, by checking the IP address the account was created with. It should not check all the users but only these groups:
Admin
Moderator
Super-moderator
It will be a problem though, for those having dynamic IP.
(2013-08-22, 02:00 PM)effone Wrote: [ -> ]It will be a problem though, for those having dynamic IP.
Yes, but don't worry I will tell moderators about this extra security check!
And what about Moderators and Administrators who had a dynamic IP when they registered but switched to a static IP later? Or indeed who don't know how to switch?
What if the hacker gets the dynamic IP the Moderator registered with? Sure there's a miniscule chance, but the chance is greater than 0.