Thread Rating:
  • 10 Vote(s) - 3.7 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Add secret PIN to ACP login
#1
I saw this thread and thought, due to the amount ot core file edits needed, it would work better as a tutorial than a plugin.

So, let's get started.

On ./admin/inc/class_page.php:


Around line 391:

Change

			<div class="label"{$login_label_width}><label for="password">{$lang->password}</label></div>
			<div class="field"><input type="password" name="password" id="password" class="text_input" /></div>

To:

			<div class="label"{$login_label_width}><label for="password">{$lang->password}</label></div>
			<div class="field"><input type="password" name="password" id="password" class="text_input" /></div>

			<div class="label"{$login_label_width}><label for="pin">Secret PIN</label></div>
			<div class="field"><input type="password" name="pin" id="pin" class="text_input" /></div>


In ./admin/index.php

Around line 136:

Change:
	if($user['uid'])
	{
		$query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
		$mybb->user = $db->fetch_array($query);
	}

To:

	if($user['uid'])
	{
		$query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
		$mybb->user = $db->fetch_array($query);
	}
	
	if (isset($config['acp_pin']) && $mybb->input['pin'] != $config['acp_pin']) {
		$default_page->show_login("Invalid PIN","error");
	}


Ok. Then, open ./inc/config.php and add anywhere:

$config['acp_pin'] = 'yourpin';

The PIN does not have to be a number, it can be anything.

If the PIN is not set in .inc/config.php, it will not be checked/verified.

This plugin keeps people who have a DB dump or an admin password from logging into the ACP.


Screenshots:

   

   


Hope you guys like it!

This took around a half-hour for me to figure out. If you would like to donate to me via PayPal, PM me for my PayPal email.
-Paul H.

Cogisne lingua latina?
Reply
#2
Thanks!
Reply
#3
That's useful. I'd use it if I weren't already using folder protection.
[Image: hdoE.png]
m1ne.net - coming soon
Reply
#4
This user has been denied support. This user has been denied support.
Very nice tutorial, I was wondering how can this be implemented into plugin as it requires file edits, any hooks near by that can by used?
Reply
#5
This user has been denied support. This user has been denied support.
Very nice TUT
Heart

[Image: logo2.png]
Reply
#6
Can't donate but really this is useful Big Grin

But what about a different PIN for every admin?

More protection is better, if not, like this is more enough Smile
Reply
#7
awesome
www.vubscs.com ( A new way of Mybb)
Reply
#8
very nice tut.thnx
Reply
#9
@crazy4cs There aren't any convenient hooks, I looked.

@Sama34 Here's how you can do that:

In ./admin/index.php

Around line 136:

Change:
	if($user['uid'])
	{
		$query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
		$mybb->user = $db->fetch_array($query);
	}

To:

	if($user['uid'])
	{
		$query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
		$mybb->user = $db->fetch_array($query);
	}
	
	$acpuid = $mybb->user['uid'];

	if (isset($config['acp_pin'][$acpuid]) && $mybb->input['pin'] != $config['acp_pin'][$acpuid]) {
		$default_page->show_login("Invalid PIN","error");
	}


Open ./inc/config.php and add anywhere:

$config['acp_pin'][uid of the admin without quotes] = 'yourpin';
$config['acp_pin'][uid of the second admin without quotes] = 'yourpin2';
-Paul H.

Cogisne lingua latina?
Reply
#10
Alright PJGIH, thanks for sharing this useful tutorial, htpassw is not in my skills Toungue
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)