Auth2My - Admin 2-step login verification with Android & iPhone
#1
I was bored so i'm developing this plugin/mod. Auth2My use Google's 2-step verification (time based) to login admin panel. 2-step verification adds an extra layer of security to your admin accounts by requiring them to enter a verification code in addition to their username and password.

Here is sample pictures:

           

You need to edit core files for this mod. Here is guide how to edit and install.

1. Download plugin (attachment), unzip and upload files from "upload" folder to your forum root folder.

2. Go to your admin panel and install Auth2My -plugin. Then you can see Auth2my link in "Configuration" tab, go there and scan QR-image with your Android Google Authenticator or iPhone Google Authenticator app.

3. Open admin/inc/class_page.php and find these lines (around line 389):
<div class="label"{$login_label_width}><label for="password">{$lang->password}</label></div>
<div class="field"><input type="password" name="password" id="password" class="text_input" /></div>
Add these below:
<div class="label"{$login_label_width}><label for="auth2my">Auth2:</label></div>
<div class="field"><input type="password" name="auth2my" id="auth2my" class="text_input" /></div>

Open admin/index.php and find these lines (around line 129):
	if($user['uid'])
	{
		$query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
		$mybb->user = $db->fetch_array($query);
	}
Add these below:
	require_once MYBB_ROOT."inc/3rdparty/auth2my_class.php";
	$query = $db->simple_select("auth2my", "*", "id='1'");
	$auth2my = $db->fetch_array($query);

	$auth2my_verify = Google2FA::verify_key($auth2my['auth2my_key'], $mybb->input['auth2my']);

	if ($auth2my_verify == false && $auth2my['auth2my_active'] == "yes") {
		$default_page->show_login("Invalid Auth2","error");    
	}

4. Logout and test login to admin panel.


Attached Files
.zip   Auth2My-1.0.zip (Size: 4.83 KB / Downloads: 92)
.zip   Auth2My-1.1.zip (Size: 4.62 KB / Downloads: 124)
Reply
#2
This looks more like a release to me. Anyway, thanks for sharing this is a great security feature. I'll have a good look at this when it's released.
Reply
#3
I did post this to "Releases" section first. But then i realize, maybe it is better to put it here "developing" first and get some feedback.
Reply
#4
No comments? Must be really interested plugin/mod Smile
Reply
#5
Is this stable? I would like to use this on my forum.
Reply
#6
1.1 is stable. Haven't got any errors when tested.
Reply
#7
Interesting, certainly adding more security is good. I was hacked last week so looking at ways to tighten things up, even if a user gets elevated privileges, I still want to trip them up with other unknown pins etc that they can't source
Reply
#8
Super impressive, I'd love to see this for members too.

Reply
#9
Seems to work smoothly, will this work with multiple administrators? I only tested on a forum with one administrator (me).

Congrats and thanks for the plugin. BTW, what is the "Authentication key" below the bar code for?
Soporte en Español

[Image: signature.png]

Discord at omar.gonzalez (Omar G.#6117); Telegram at @omarugc;
Reply
#10
It should work with multiple admins. Authentication key is in principle same as "bar code", if you have to enter manually without scanning QR-code, you can use that code.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)