MyBB Community Forums
Add secret PIN to ACP login - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Resources (https://community.mybb.com/forum-8.html)
+--- Forum: Tutorials (https://community.mybb.com/forum-38.html)
+--- Thread: Add secret PIN to ACP login (/thread-105587.html)

Pages: 1 2 3 4 5 6 7 8 9 10


Add secret PIN to ACP login - Paul H. - 2011-10-09

I saw this thread and thought, due to the amount ot core file edits needed, it would work better as a tutorial than a plugin.

So, let's get started.

On ./admin/inc/class_page.php:


Around line 391:

Change

			<div class="label"{$login_label_width}><label for="password">{$lang->password}</label></div>
			<div class="field"><input type="password" name="password" id="password" class="text_input" /></div>

To:

			<div class="label"{$login_label_width}><label for="password">{$lang->password}</label></div>
			<div class="field"><input type="password" name="password" id="password" class="text_input" /></div>

			<div class="label"{$login_label_width}><label for="pin">Secret PIN</label></div>
			<div class="field"><input type="password" name="pin" id="pin" class="text_input" /></div>


In ./admin/index.php

Around line 136:

Change:
	if($user['uid'])
	{
		$query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
		$mybb->user = $db->fetch_array($query);
	}

To:

	if($user['uid'])
	{
		$query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
		$mybb->user = $db->fetch_array($query);
	}
	
	if (isset($config['acp_pin']) && $mybb->input['pin'] != $config['acp_pin']) {
		$default_page->show_login("Invalid PIN","error");
	}


Ok. Then, open ./inc/config.php and add anywhere:

$config['acp_pin'] = 'yourpin';

The PIN does not have to be a number, it can be anything.

If the PIN is not set in .inc/config.php, it will not be checked/verified.

This plugin keeps people who have a DB dump or an admin password from logging into the ACP.


Screenshots:

[attachment=24404]

[attachment=24403]


Hope you guys like it!

This took around a half-hour for me to figure out. If you would like to donate to me via PayPal, PM me for my PayPal email.


RE: Add secret PIN to ACP login - Everett777 - 2011-10-09

Thanks!


RE: Add secret PIN to ACP login - Solidus - 2011-10-09

That's useful. I'd use it if I weren't already using folder protection.


RE: Add secret PIN to ACP login - crazy4cs - 2011-10-10

Very nice tutorial, I was wondering how can this be implemented into plugin as it requires file edits, any hooks near by that can by used?


RE: Add secret PIN to ACP login - nadlerz - 2011-10-10

Very nice TUT


RE: Add secret PIN to ACP login - Omar G. - 2011-10-10

Can't donate but really this is useful Big Grin

But what about a different PIN for every admin?

More protection is better, if not, like this is more enough Smile


RE: Add secret PIN to ACP login - sunjava1 - 2011-10-10

awesome


RE: Add secret PIN to ACP login - Paul H. - 2011-10-10

@crazy4cs There aren't any convenient hooks, I looked.

@Sama34 Here's how you can do that:

In ./admin/index.php

Around line 136:

Change:
	if($user['uid'])
	{
		$query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
		$mybb->user = $db->fetch_array($query);
	}

To:

	if($user['uid'])
	{
		$query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
		$mybb->user = $db->fetch_array($query);
	}
	
	$acpuid = $mybb->user['uid'];

	if (isset($config['acp_pin'][$acpuid]) && $mybb->input['pin'] != $config['acp_pin'][$acpuid]) {
		$default_page->show_login("Invalid PIN","error");
	}


Open ./inc/config.php and add anywhere:

$config['acp_pin'][uid of the admin without quotes] = 'yourpin';
$config['acp_pin'][uid of the second admin without quotes] = 'yourpin2';



RE: Add secret PIN to ACP login - Omar G. - 2011-10-10

Alright PJGIH, thanks for sharing this useful tutorial, htpassw is not in my skills Toungue


RE: Add secret PIN to ACP login - faviouz - 2011-10-10

Neat.