Add secret PIN to ACP login
#71
Paul, in addition to the pin, is it possible to restrict access to the admin cp to certain UIDs?
Reply
#72
Not without a plugin or another core edit.

If you really want to after this line on /admin/index.php : // Load global language phrases
$lang->load("global");

Add the following:
$alloweduids = array("uid1", "uid2", "uid3");
if(!in_array($mybb->user['uid'], $alloweduids))
{
error_no_permission();
}
Reply
#73
Works very fine i add some more secure pin and encription.

Only members who knows this data can use forum and you can add a new pin to users table and config via cpanel. Verifying you are an admin and this on admincp but its a lot of work and the way of dragon expert says is more easy to inplement on forums without problems.
The only infinite thing is the universe and human stupidity, but the universe is not for sure

Plugins 1.6.x

Plugins 1.8.x

Reply
#74
This is just my opinion, but realistically the pins should not be stored as plain text. There are plenty of hashing functions for this. You store the hash of the pin and use the same hash function against the pin that is input.
Reply
#75
^You mean "password"?
Reply
#76
No, I mean pin because this tutorial is about adding a pin. Passwords are not stored as plain text anyway and it'd be grounds for legal trouble.
Reply
#77
On config.php file its a plain text for your pin as this tutorial shows but i change it only code to make it works and if you know ftp password its more hard to know secret pin.

Example:

Its more difficult to know about encrypted pin like

mk-gGJBltmbrxhjk468/16

Than

mysecretpin

Thats what i am try to say only i change the last result ob config file and the way to get the pin only with a php encrypt method Big Grin
The only infinite thing is the universe and human stupidity, but the universe is not for sure

Plugins 1.6.x

Plugins 1.8.x

Reply
#78
(2014-08-06, 01:56 PM)dragonexpert Wrote: No, I mean pin because this tutorial is about adding a pin. Passwords are not stored as plain text anyway and it'd be grounds for legal trouble.

Hashed PINs in files? Not DB involved?
Reply
#79
Yeah. ON a Vbulletin forum I own, I store the hash of it in a file. Effectively it forces a hacker to have both file and database access.
Reply
#80
(2014-08-08, 01:21 PM)dragonexpert Wrote: Yeah. ON a Vbulletin forum I own, I store the hash of it in a file. Effectively it forces a hacker to have both file and database access.

a tutorial on this would be nice..
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)