PDA

View Full Version : Administrative and Maintenance Tools - vB3.5 Email notification if someone attempts to access your Admin or Mod CP


Boofo
26 Sep 2005, 09:31
vB3.5 Email notification if someone attempts to access your Admin or Mod CP
Version 1.0.1
(By Boofo)

What does this modification do?
When someone tries to login to your Admin CP or Mod CP, you will get an email that contains the username they tried, the password they tried, their IP address, hostname, number of strikes, referrer, script, and the date & time of the attempt. It also will now distinguish itself in the message subject between a failed Admin CP attempt and a failed Mode CP attempt, so you will know right off which CP they tried to login to.

NOTE: To alleviate anyone getting upset about plain text passwords being transmitted from the server, the ONLY time a plain text password is sent, is when it is a failed login attempt. It is not stored on the server anywhere and no hashed passwords are ever revealed to anyone. I think it's good to know if anyone is getting close to what my CP password is so I can change it if necessary.

Credits:
Thanks to EvilLS1 for making the vB 3.0 version of this modification on which this update is based and released with permission.

Version Information:
Version 1.0.0 --Initial release
Version 1.0.1 --Fixed user name being wrong on a user attempt.


Installation overview:
--------------------------------------
Files to edit: (2)
--incudes/adminfunctions.php
--login.php


What it looks like in the Mod CP when an anonymous users tries to login:

-----------------------------------------------------
Someone is trying to login to your Your Forums Mod CP!
-----------------------------------------------------
Username tried: Ned
Password tried: does this work?
IP Address: 1.123.23.4
Host: 1-123-23-4.some.name.com
Strikes: 4 out of 5
Referer: http://www.yoursite.com/forums/modcp/
Script: http://www.yoursite.com/forums/login.php
Date & Time: Monday, September 26th, 2005 at 8:22:29 am
-----------------------------------------------------

What it looks like in the Mod CP when a user from your site tries to login:

-----------------------------------------------------
Someone is trying to login to your Your Forums Mod CP!
-----------------------------------------------------
Username tried: Boofo
Password tried: does this work?
IP Address: 1.123.23.4
Host: 1-123-23-4.some.name.com
Strikes: 4 out of 5
Referer: http://www.yoursite.com/forums/modcp/
Script: http://www.yoursite.com/forums/login.php
Date & Time: Monday, September 26th, 2005 at 8:22:29 am
-----------------------------------------------------
USER ATTEMPT: Your Forums has identified this registered user as: Boofo

Mith
26 Sep 2005, 13:29
Great hack!

I've tested this, and I do indeed get an E-mail message informing me of a wrongful attempt..

However..

The bottom information is incorrect:

Username tried: Boofo
Password tried: does this work?
IP Address: 1.123.23.4
Host: 1-123-23-4.some.name.com
Strikes: 4 out of 5
Referer: http://www.yoursite.com/forums/modcp/
Script: http://www.yoursite.com/forums/login.php
Date & Time: Monday, September 26th, 2005 at 8:22:29 am
-----------------------------------------------------
USER ATTEMPT: Your Forums has identified this registered user as: Boofo


So on my boards if I try to log in using the username Boofo (and as you and I both know, you aren't an admin of my board)

Then it comes up with the message above BUT

the bottom line SHOULD read:
USER ATTEMPT: Your Forums has identified this registered user as: <my user name>

So I think some small problem there.

Cheers

Boofo
26 Sep 2005, 15:06
Fixed! ;)

And how come I'm not an Admin on your board? ;)

TheComputerGuy
26 Sep 2005, 16:17
Installed

Thanks Boofo :)

Boofo
26 Sep 2005, 16:37
You're very welcome, sir. ;)

Hope to see you on the new site. ;)

icebox12
26 Sep 2005, 17:41
Good hack :)

I'm currently installing this on to my own forum I will post my full feedback on this after the installation has been completed.

Boofo
26 Sep 2005, 17:46
Good hack :)

I'm currently installing this on to my own forum I will post my full feedback on this after the installation has been completed.

Which should take about 2 minutes. ;)

Darkwaltz4
26 Sep 2005, 18:00
hmm, this is an interesting hack, but i assume it sends to the same email for every failed attempt

this could reveal to that email the password of one of the mods, who just accidentally mispelled their USERNAME on the login panel.

i dunno, but mods might not enjoy this, and this might be an idea: if a submitted username matches an existing username, then the email of that username is the one who recieves the email :) that way the user in question knows they were the one targeted. (and perhaps the 'main' email getting the truly perhaps random attempt notices)

edit: hmm, although that wouldnt fix the whole mispelled name + correct password thing hmm...

truly a touchy subject :-p

edit: furthermore, this cant check if a login attempt worked, but wasnt that user (fully understandable), so this could actually serve to further give out your password :-/

nexialys
26 Sep 2005, 18:04
screenshot ?!

mouahhh... i had to ask !!! be the first is always good!

Boofo
26 Sep 2005, 18:10
The first post shows you what it looks like. LOL

Boofo
26 Sep 2005, 18:19
hmm, this is an interesting hack, but i assume it sends to the same email for every failed attempt

this could reveal to that email the password of one of the mods, who just accidentally mispelled their USERNAME on the login panel.

i dunno, but mods might not enjoy this, and this might be an idea: if a submitted username matches an existing username, then the email of that username is the one who recieves the email :) that way the user in question knows they were the one targeted. (and perhaps the 'main' email getting the truly perhaps random attempt notices)

edit: hmm, although that wouldnt fix the whole mispelled name + correct password thing hmm...

truly a touchy subject :-p

edit: furthermore, this cant check if a login attempt worked, but wasnt that user (fully understandable), so this could actually serve to further give out your password :-/

I explained the passsord reason in the first post. If the main Admin of your board cannot be trusted with the information if you make a mistake, then you really shouldn't be a Mod there anyway, right? ;)

I think the main Admin should get an email if someone attempts to log in no matter what account is trying to be used. Your idea of sending an email to the username tried is an intersting idea, but only as long as it would be staff personel that had access to whatever CP was trying to be accessed.

How could it further give out your password if they make a successful login? You wouldn't get an email and no information would be sent. If they make a successful login, they would already know your passord. Duh? ;)

Darkwaltz4
26 Sep 2005, 18:26
well of course, but anywhere where passwords are lying around in plaintext are troublesome if something is compromised (its happened to my email once). and also the untrustworthy admin thing :-p

well, yeah sorry i implied the 'and must be a mod/admin thing as well' :-p

im saying it could further give it out if its coupled with the whole compromised thing above. youd think this would be some sort of safeguard against logins who arent you, whereas its undetectable and yet posts your password in plaintext somewhere :-p hence the possibility of being negative on the whole.

im just helping to examine some vulnerabilities which can (and for me, have) arise

Boofo
26 Sep 2005, 18:34
The plain text password is not stored anywhere. It is only sent in the email. So there is no way for anyone to get it, because it isn't there. ;)

Darkwaltz4
26 Sep 2005, 18:45
yes it is stored somewhere; in the email message, as plaintext :-p thats what i keep talking about. if this message is left in the email client, and the email account is compromised, then the hacker has a host of email messages containing login failures at their disposal, and can probably deduce correct passwords from common mistakes with logins (like mispelled name + correct password)

if they did this quietly, then they could use them to log into the CPs, and nobody would detect that - correct login :-p

Boofo
26 Sep 2005, 18:50
Well, I don't feel that way about it so if someone doesn't want to have the password in the email, they can comment the password line out in the code. Simple as that. Easy fix.

Delphiprogrammi
26 Sep 2005, 20:44
i was waiting for this ...

Boofo
26 Sep 2005, 20:58
The wait is over! ;)

Marco van Herwaarden
26 Sep 2005, 21:19
/me moves Boofo up on his ignore list, oops he already was on top.
/me will from now on stay away from each board that is touched by Boofo

Boofo
26 Sep 2005, 21:29
I wish I had known that was all it took a long time ago. ;)

Delphiprogrammi
26 Sep 2005, 21:40
hi,

I don't receive the warning email ... vbulletins mails function is working fine (i know for sure since i tested it => maintenance =>diagnostics =>email test) and no PHP errors are displayed anywhere so i goto my admincp and i enter wrong login and password but nope .. vbversion i'm using (look at the left side) :D

Boofo
26 Sep 2005, 21:58
EvilLS1 did one for 3.0. Try that one. ;)

Delphiprogrammi
26 Sep 2005, 22:22
EvilLS1 did one for 3.0. Try that one. ;)

eerm i'm wrong i'm using vb 3.5.0(RC3)

Boofo
26 Sep 2005, 22:24
Then upload fresh files and re-edit them. There's no way it should not work. It goes to the webmasteremail.

concepts
26 Sep 2005, 23:53
Great Hack [installed]



**works Great!

utw-Mephisto
27 Sep 2005, 01:47
Is there a way to create a thread also in a certain forum ?

utw-Mephisto
27 Sep 2005, 01:48
A Plugin rather then fileedits would be great too

Boofo
27 Sep 2005, 01:52
Is there a way to create a thread also in a certain forum ?

Wrong forum? ;)

Boofo
27 Sep 2005, 01:53
A Plugin rather then fileedits would be great too

You're right, a plug-in would be beter. But there are no hooks to handle this so we're stuck with file edits for now. I tried, but it couldn't happen. :(

utw-Mephisto
27 Sep 2005, 02:17
Wrong forum? ;)

No, I mean a thread instead an email :)

Boofo
27 Sep 2005, 02:26
I wouldn't do that as there is some personal info (ips, password tried) that really doesn't need to be posted anywhere. I only convereted this because I like to know if someone is messing around with the board. And since the email only comes to me, I feel that it is safeguarded enough for my purpose. I'm catching all sort of flack now over the tried password being sent. Think of the flack I would get over it being sent to a thread. ;)

C_P
27 Sep 2005, 14:28
A word of warning, for shits and giggles, I thought I'd see if this would function on vBulletin Version 3.0.7. This seems to install fine until you log out.... you cannot get back in! ;) So, for those that are gonna ask if it works on older versions.... nope.
Once the General Release of 3.5 non RC is out, I'll be back to get this one.
Thanks Boofo!

Boofo
27 Sep 2005, 14:32
A word of warning, for shits and giggles, I thought I'd see if this would function on vBulletin Version 3.0.7. This seems to install fine until you log out.... you cannot get back in! ;) So, for those that are gonna ask if it works on older versions.... nope.
Once the General Release of 3.5 non RC is out, I'll be back to get this one.
Thanks Boofo!

Well, of course it won't run on earler versions of 3.0. Things have changed. There is a 3.0 version of this out that works fine. This is the 3.5 upgrade to the earlier version. ;)

TyleR
27 Sep 2005, 14:36
Nice Bob..

/me clicks install

Delphiprogrammi
27 Sep 2005, 23:41
Then upload fresh files and re-edit them. There's no way it should not work. It goes to the webmasteremail.

problem solved must of been typo anyway nice one and working like a charm

/me clicks install

Boofo
28 Sep 2005, 00:57
Glad it's working for you. ;)

dreck
28 Sep 2005, 22:06
*INSTALL*

Nice hack... works great!

Thanks Boofo

utw-Mephisto
29 Sep 2005, 00:44
Works on 3.5 finall too :) Thanks

utw-Mephisto
29 Sep 2005, 00:45
Works on 3.5 finall too :) Thanks

utw-Mephisto
29 Sep 2005, 00:45
Works on 3.5 gold too :) Thanks

Alien
29 Sep 2005, 01:50
Woah, triple whammy post! :) Now that's appreciation, Boofo!

...works great, thanks so much for this!

Boofo
29 Sep 2005, 06:25
Then make sure you click the install button in case there are any updates in the future.

Alien
29 Sep 2005, 06:28
Damnit, missed that click. Done!

dreck
30 Sep 2005, 00:14
upgraded to gold.. re-edited templates.. np!

Thanks.

Ncturnal
30 Sep 2005, 03:06
Awesome. Is there anyway to set something similar up for specific usernames trying to access the forum area, particularly any accounts that have access to hidden admin forums?

Delphiprogrammi
30 Sep 2005, 19:56
hi,

updated to 3.5.0 reedited the code (working fine) i also modified it a bit sow if you get a warning e-mail somebody is trying to access your /admincp or /modcp you will get that e-mail with a high priority (if you use outlook express to read your mail you'll see a red exclamation image nexto the email)

since this hack isn't mine i can't post any code ...

Boofo
30 Sep 2005, 20:18
hi,

updated to 3.5.0 reedited the code (working fine) i also modified it a bit sow if you get a warning e-mail somebody is trying to access your /admincp or /modcp you will get that e-mail with a high priority (if you use outlook express to read your mail you'll see a red exclamation image nexto the email)

since this hack isn't mine i can't post any code ...

PM me the changes and let me see what you've done. If I add then, I will credit you in the first post. ;)

silurius
01 Oct 2005, 05:51
Awesome hack - has this been validated in 3.5 Gold?

Boofo
01 Oct 2005, 15:22
Awesome hack - has this been validated in 3.5 Gold?

http://www.vbulletin.org/forum/showpost.php?p=782125&postcount=43

silurius
01 Oct 2005, 17:17
Worked beautifully! Clicking Install.

Delphiprogrammi
03 Oct 2005, 11:50
Boofo,

Do you have any idea why it stopped working with the changes i pm'ed to you it doesn't send an email at all since the upgrade to 3.5.0 gold not even when i comment my modifications out and leave it to the original hmmmm

/me reading php manual about email headers

Boofo
03 Oct 2005, 12:38
Boofo,

Do you have any idea why it stopped working with the changes i pm'ed to you it doesn't send an email at all since the upgrade to 3.5.0 gold not even when i comment my modifications out and leave it to the original hmmmm

* Delphiprogrammi reading php manual about email headers

It seems to be working fine for everyone else on Gold so it must be something you either changed or added causing the problem.

Milesian
03 Oct 2005, 15:24
Working fine for me on Gold too. Installed :)

NuclioN
03 Oct 2005, 20:20
After install there's an error when someone wants to get the password mailed!

http://www.url.com/forums/$vboptions[bburl]/login.php?$session[sessionurl]do=lostpw

Boofo
04 Oct 2005, 02:10
After install there's an error when someone wants to get the password mailed!

http://www.url.com/forums/$vboptions[bburl]/login.php?$session[sessionurl]do=lostpw

This hack shouldn't affect that at all.

NuclioN
04 Oct 2005, 10:16
Hm..maybe it's a bug then, i've asked for this on vbulletin.com

Boofo
04 Oct 2005, 10:28
Hm..maybe it's a bug then, i've asked for this on vbulletin.com

No one else has reported it and I have never seen it happen. ;)

wolfyman
08 Oct 2005, 19:48
Thanks Boofo :)

vibe
10 Oct 2005, 00:46
this is one great mod

Rover416
10 Oct 2005, 09:44
Just what i was looking for.

Thank you.

lefteris
12 Oct 2005, 14:16
http://www.url.com/forums/$vboptions[bburl]/login.php?$session[sessionurl]do=lostpw

Iave the same problem and in the wrong password (login.php) i see an error.
$strikes...of 5

wolfyman
12 Oct 2005, 15:01
can this work for mods too?

Boofo
12 Oct 2005, 16:03
http://www.url.com/forums/$vboptions[bburl]/login.php?$session[sessionurl]do=lostpw

Iave the same problem and in the wrong password (login.php) i see an error.
$strikes...of 5

Make sure you are using the 1.0.1 version of this hack.

Boofo
12 Oct 2005, 16:04
can this work for mods too?

It works on both the Admin CP and the Mod CP so yes, it will work for Mods, too. ;)

hillbilly_jim
14 Oct 2005, 05:58
After installing, if I enter an incorrect password I now get the "page can not be displayed error" instead of redirecting. I do receive the email notification.

Kihon Kata
14 Oct 2005, 06:29
After install there's an error when someone wants to get the password mailed!

http://www.url.com/forums/$vboptions[bburl]/login.php?$session[sessionurl]do=lostpw

Will this work on 3.5 full? I have installed this. When I try to login to my admcp with another username/pswd, I am NOT receiving email notifs.

Kihon Kata
14 Oct 2005, 06:29
Will this work on 3.5 full? I have installed this. When I try to login to my admcp with another username/pswd, I am NOT receiving email notifs.

Boofo
14 Oct 2005, 09:32
After installing, if I enter an incorrect password I now get the "page can not be displayed error" instead of redirecting. I do receive the email notification.

Re-do the file edits. You must have made a mistake installing the hack. ;)

Will this work on 3.5 full? I have installed this. When I try to login to my admcp with another username/pswd, I am NOT receiving email notifs.

The email is sent to the webmaster email of the site. Make sure that is your email. ;)

And yes, it is fully compatible with 3.5 Final.

lefteris
14 Oct 2005, 10:43
i have the 1.0.1 version. but i have that problem.If i go to logout then the url is http://www.gsmforum.gr/forum/$siteurl

Boofo
14 Oct 2005, 10:44
i have the 1.0.1 version. but i have that problem.If i go to logout then the url is http://www.gsmforum.gr/forum/$siteurl

You need to recheck your files edits. ;)

Andyrew
17 Oct 2005, 22:33
Installed and working great

hillbilly_jim
18 Oct 2005, 05:10
Re-do the file edits. You must have made a mistake installing the hack. ;)
After re-editing the files 3 times I still get the erorr. I used the original files and have no other edits to them.

Kihon Kata
18 Oct 2005, 05:53
After re-editing the files 3 times I still get the erorr. I used the original files and have no other edits to them.

Mine also doesn't work. I have edited my files twice. I have PM'ed you Boofoo also so you can look at my code. Have you received them?

Boofo
18 Oct 2005, 13:16
Mine also doesn't work. I have edited my files twice. I have PM'ed you Boofoo also so you can look at my code. Have you received them?

First of all it's Boofo. ;)

And yes I recieved your PMs but I am right in the middle of a personal situation that demands my time for another few days so I will be scarce here and not be able to look at anything until then, sorry.

All I can say for now is to upload fresh copies of your files and re-edit them. And make sure the webmaster email on your site is your email. That is where the email is sent to.

When I get done with what is going on, I will look into it.

Kihon Kata
18 Oct 2005, 14:10
First of all it's Boofo. ;)

And yes I recieved your PMs but I am right in the middle of a personal situation that demands my time for another few days so I will be scarce here and not be able to look at anything until then, sorry.

All I can say for now is to upload fresh copies of your files and re-edit them. And make sure the webmaster email on your site is your email. That is where the email is sent to.

When I get done with what is going on, I will look into it.

Oh ok. Sorry. I'll try to edit them one more time. (Yes the webmaster email is mio)

THanks

Salazar
19 Oct 2005, 12:25
Hey Boofo, thanks for sharing this hack! I already used it on 2.3.x

I have one question though: Is it possible to hardcode the e-mail address? My webmaster e-mail is a redirection to my and my co-admin's address and I don't want to bother her by recieving those mails.

Thanks in advance!

Boofo
19 Oct 2005, 12:38
Hey Boofo, thanks for sharing this hack! I already used it on 2.3.x

I have one question though: Is it possible to hardcode the e-mail address? My webmaster e-mail is a redirection to my and my co-admin's address and I don't want to bother her by recieving those mails.

Thanks in advance!

Remind me on the weekend and I will look at it and see if it can be done. I am on my way out of state in about 2 hours and still have what seems like 3 hours worth of getting ready to go. ;)

Salazar
19 Oct 2005, 18:41
Maybe someone else has a clue.

I read the code and wondered if the following could work.

Instead of:

vbmail($vbulletin->options['webmasteremail'], $subject, $message, true);

This:

vbmail(blubb@blubba.blu, $subject, $message, true);

GT2.0
19 Oct 2005, 22:53
Woohoo! nice :)

fn9mm
22 Oct 2005, 12:30
Works like a charm on my 3.5 Gold, Thx !!!
Nice Feature

hydrostatic
25 Oct 2005, 06:47
I would love it if this can be plugin. Is this not possible at all?

lefteris
25 Oct 2005, 14:10
i have redit my files Adminfunction.php - login.php but i have the same problem.
my login.php code is
*** File removed, no posting of full vB files (MarcoH64) ***

RaceJunkie
26 Oct 2005, 03:02
Works great only one problem.

It does not display the password tried in the email.

Boofo
26 Oct 2005, 08:47
Works great only one problem.

It does not display the password tried in the email.

The only way that could happen is if they tried to login with a blank password.

RaceJunkie
26 Oct 2005, 12:50
The only way that could happen is if they tried to login with a blank password.


Retried it and everything working great..

Thanks!!

lefteris
27 Oct 2005, 08:47
what can i do to fix my problem?
If i press logout then all links inside the login.php it's $url , $strike etc etc

What can i do for that?
I have redit my files and it's everything ok.

Boofo
27 Oct 2005, 17:02
what can i do to fix my problem?
If i press logout then all links inside the login.php it's $url , $strike etc etc

What can i do for that?
I have redit my files and it's everything ok.

Try re-editing the files but start with clean fresh files. You must have missed something somewhere. ;)

Salazar
27 Oct 2005, 18:02
err Boofo, you owe me a comment on hardcoding the e-mail adress :D

Boofo
27 Oct 2005, 18:11
err Boofo, you owe me a comment on hardcoding the e-mail adress :D

Try:

vbmail("blubb@blubba.blu", $subject, $message, true);

Salazar
28 Oct 2005, 19:29
That worked perfectly. Thank you!

phonexpo
06 Nov 2005, 18:32
I get this error after putting in wrong password, any ideas how to fix it?;

Parse error: parse error, unexpected T_CLASS, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or '}' in /home/www/phonexpo.net/includes/class_mail.php on line 409

Delphiprogrammi
06 Nov 2005, 18:55
I get this error after putting in wrong password, any ideas how to fix it?;

that's a PHP syntax error make sure you closed all { } ; " ' etc etc most likely the error is in login .php

Boofo
06 Nov 2005, 23:41
I get this error after putting in wrong password, any ideas how to fix it?;

I would say to re-edit the files as I have no idea what is causing that but it shouldn't have anything to do with this hack. ;)

Paul_d_g
13 Nov 2005, 13:56
Will this work for 3.5.1?

Boofo
13 Nov 2005, 14:29
Will this work for 3.5.1?

Yes, it should. There are others using it on 3.5.1 and it seems to be working ok for them. ;)

fn9mm
13 Nov 2005, 15:23
Will this work for 3.5.1?

works fine on my board 351

knigwhil
24 Nov 2005, 06:19
Works perfectly, thanks.

Andyrew
10 Dec 2005, 09:51
Should this work on 3.5.2 i have tried and cannot get it to work, i had it working on 3.5.0 and 3.5.1 :disappointed:

Delphiprogrammi
10 Dec 2005, 10:34
Should this work on 3.5.2 i have tried and cannot get it to work, i had it working on 3.5.0 and 3.5.1 :disappointed:

works fine on 3.5.2

klaush
10 Dec 2005, 13:31
Thanks, Boofo!

Great and very useful!

*installed*

fn9mm
10 Dec 2005, 15:42
Should this work on 3.5.2 i have tried and cannot get it to work, i had it working on 3.5.0 and 3.5.1 :disappointed:
U have to reapply the changes to :
--incudes/adminfunctions.php
--login.php
after upgrading to 3.5.2

if you did, recheck the changes to see if they are correct

klaush
10 Dec 2005, 15:46
Should this work on 3.5.2 i have tried and cannot get it to work, i had it working on 3.5.0 and 3.5.1 :disappointed:

Yep, no problem at all! Do the installation as described and everything´s working like a charm.

Andyrew
10 Dec 2005, 16:11
Yep, no problem at all! Do the installation as described and everything´s working like a charm.

It was working all the time, it was USER error, i was logging into my forums with a wrong password instead off trying to log into my Admincp :o :speechless: :p

bobad
09 Jan 2006, 03:35
Works great... a useful tool. Thanks
*installed*

kassem
11 Jan 2006, 09:16
Thanks for this hack, I've under 3.5.3 I hope it's works.

IrPr
11 Jan 2006, 23:32
works fine on 3.5.3 ;) nice !

Posof
14 Jan 2006, 12:00
:squareeyed:


Where do i need make the changes so that my other admin receiv a e-mail to when they try with his Password..

Ore is it possible to add somany members groups that i want with this..


Thanks

:ermm:

Megareus Rex
22 Jan 2006, 23:14
Nice hack, and it actually displays the password this time (I remember on the 3.0 version, I couldn't get it to show the password that was tried).

Hostboard
05 Feb 2006, 16:38
I want to just log failed attempts to the ACP. If I just edit the incudes/adminfunctions.php will this be all I need to do?

davis31b
14 Feb 2006, 18:19
i noticed that on this hack it doesn't like putting in comments ie: <!-- hack here --> other than that it works great so if you have failed login attempts just delete the comments

Hornstar
18 Feb 2006, 10:50
I want to also know if someone is trying to login to a certain user, example (userid 1,2,3)

How would I change this so it can also find out if someone is trying to login to those users.

Thanks

DementedMindz
23 Feb 2006, 13:05
question just wanted to make sure this will still work for 3.5.4

phonexpo
23 Feb 2006, 13:08
question just wanted to make sure this will still work for 3.5.4

I'm sure it will be ok, I've been using it on the 3/4 updates with no problems. I'll be upgrading l8r I'll put it in and let you know.

Freak0204
26 Feb 2006, 06:59
Great hack! Thanks so much!

Nathan2006
14 Mar 2006, 15:30
Hi I was just wondering if this hack will work with

htaccess Protection for admincp & any dir
http://www.vbulletin.org/forum/showthread.php?t=105179


Thanks :)

EDIT: Yes it works lol ;)

Treak
16 Mar 2006, 10:18
you should officially make this little guy your avtar.. https://www.vbulletin.org/forum/external/2006/03/21.gifcause you are jus that! https://www.vbulletin.org/forum/external/2006/03/22.gif

best hack out there.. is this one by far!!!

also YES THIS DOES WORK ON 3.5.4 !! AND IT WORKS TOO GOOD.. GREAT HACK!!!

cudaxtreme
06 Apr 2006, 17:36
Hi,

I did all the necessary changes but I have some code appearing on the admin login screen

md5password_utf); js_do_options(this)">

would appear on the top left corner of the admin login screen

zweefer
06 Apr 2006, 23:34
Thanks! This is just what i needed!

rareclownfish
12 Apr 2006, 04:31
I installed it on 3.5.4 it's been about an hour and I still haven't recieved an email how long dies it take?

rareclownfish
12 Apr 2006, 04:44
I just got the email nice hack.

Pamela
16 Jun 2006, 07:51
*clicks install*

Works great! Thanks!!! :banana:

Ncturnal
18 Aug 2006, 08:41
It works in vB 3.6.0 as well. There was only a minor change in the instructions. In the 3.6.0 code they added ?do=login after login.php. Simply change the instructions for modifying adminfunctions.php as follows:


In incudes/adminfunctions.php

Find:
--------------------------------------

<form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">


--------------------------------------
REPLACE it with:
--------------------------------------

<?php
if ($logintype=='cplogin' OR $logintype=='modcplogin')
{
echo '<form action="../login.php?do=login" method="post" name="loginform" onsubmit="document.forms.loginform.vbpassword.value=document.forms.loginform.vb_login_pass word.value; md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">';
}
else
{
echo '<form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">';
}
?>

--------------------------------------
Find:
--------------------------------------

<input type="hidden" name="vb_login_md5password_utf" value="" />

--------------------------------------
BELOW it add:
--------------------------------------

<input type="hidden" name="vbpassword" value="" />

All of the instructions for the login.php edits did not change. Great hack!

wolfyman
18 Aug 2006, 11:44
thanks for the above information, I was just getting around to editing my previous hacks and that was one of my top questions!

the code to search for in the first edit is wrong, though.

first edit, find this:

<form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">

phonexpo
18 Aug 2006, 13:58
Thanks guys I have this working on vB360 now, although I had to put a "," at the end of this code on the login.php on line 83;


'postvars' => TYPE_STR,

RaceJunkie
19 Aug 2006, 03:04
Working fine in 3.6

AngusMacGyver
26 Aug 2006, 00:58
It works on 3.6.0

blind-eddie
27 Aug 2006, 19:17
Will this work in 3.5.3?

blind-eddie
28 Aug 2006, 18:49
*bump*

Ncturnal
29 Aug 2006, 01:36
Yes. I used it in 3.5.2, 3.5.3, 3.5.4, and now 3.6.0.

blind-eddie
29 Aug 2006, 02:56
rgr,Thank You

brvheart
30 Aug 2006, 15:32
works great in 3.6 without having to make any adjustments to directions :) thanks boofo

curriertech
29 Sep 2006, 04:17
Working for me in 3.6.1 but it always says 'undefined' for the password (which is fine with me). :)

LostOne
29 Sep 2006, 04:25
On my old phpbb board someone tried and succeeded and messed up my whole board. This is quite the perfect hack for protection, I'll try the 3.6 version available and hope I won't mess the installation.

Thanks

PoetJA-1975
08 Oct 2006, 10:31
Thanx for this extra security - Much appreciation!

Jacquii.

adwade
31 Oct 2006, 15:48
I have never tried editing a PHP file before, and I must admit the structure of one was a bit foreign to me as I'm not a coder. However, following the instructions above for vB v3.6 (Thanxx Ncturnal & wolfyman) as carefully as I could...IT WORKED! So I now have this running on my install of vB v3.6.2

MANY THANXX Boofo for having developed this! :banana:

PoetJA-1975
21 Jan 2007, 17:24
It works in vB 3.6.0 as well. There was only a minor change in the instructions. In the 3.6.0 code they added ?do=login after login.php. Simply change the instructions for modifying adminfunctions.php as follows:


In incudes/adminfunctions.php

Find:
--------------------------------------

<form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">


--------------------------------------
REPLACE it with:
--------------------------------------

<?php
if ($logintype=='cplogin' OR $logintype=='modcplogin')
{
echo '<form action="../login.php?do=login" method="post" name="loginform" onsubmit="document.forms.loginform.vbpassword.value=document.forms.loginform.vb_login_pass word.value; md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">';
}
else
{
echo '<form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">';
}
?>

--------------------------------------
Find:
--------------------------------------

<input type="hidden" name="vb_login_md5password_utf" value="" />

--------------------------------------
BELOW it add:
--------------------------------------

<input type="hidden" name="vbpassword" value="" />

All of the instructions for the login.php edits did not change. Great hack!

Thanx for the info - Works fantastically!:up:

Jacquii.

blind-eddie
22 Jan 2007, 02:57
You guys know this is in vb already in 3.6.4

Terminatoronly
22 Jan 2007, 09:01
great mod thanks boofo i will use it

PoetJA-1975
22 Jan 2007, 10:13
You guys know this is in vb already in 3.6.4

nope - sure didn't

JAcquii.

dcpaq2xx
14 Mar 2007, 15:39
You guys know this is in vb already in 3.6.4

Where do I find that at? How is it enabled or used?

Thanks

Doug

dcpaq2xx
14 Mar 2007, 19:12
You guys know this is in vb already in 3.6.4

Yes but from what I see this mod is completely different from the default Vb version your referring to.

http://www.vbulletin.com/forum/showthread.php?p=1322160#post1322160

Doug

blind-eddie
14 Mar 2007, 22:42
Exactly the same...Make sure your settings are correct...log in to your admincp, with wrong password.....then go check your email. You will have email of who it was & there ip.

dcpaq2xx
14 Mar 2007, 22:43
Yeah, but what I like about this here hack is that its restricted to just the admin seeing it, which I beleive is how it should be done. The members dont need to know this, this should be sent to the admin.

Doug

blind-eddie
15 Mar 2007, 04:51
dcpaq2, you would still be the only one who sees the email informing you that someone attemped to access your admincp.....You get emails regarding site info?

dcpaq2xx
15 Mar 2007, 05:02
Maybe Im thinking of the login strike system, 5 bad logins locks you out for 15 minutes and an email is sent to that user id. Myabe im getting the two confused.

Doug

dcpaq2xx
15 Mar 2007, 15:05
Blind-Eddie,

I did a test trying to login to the admin cp with a bad password and the system does log the attempt, but I dont receive any email letting me know about it and it doesnt even tell me what the password was that was trying to be use.

As far as I am concerned I think I am going to try this hack, it seems to be more thourough and more what I am looking for.

Seems as though the Vbulletin staff always leave out the most important stuff. :rolleyes:

Doug

benjaminbih
20 May 2007, 19:43
Installation Instructions:
--------------------------------------
In includes/adminfunctions.php

Find:
--------------------------------------

<form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">

--------------------------------------
REPLACE it with:
--------------------------------------

<?php
if ($logintype=='cplogin' OR $logintype=='modcplogin')
{
echo '<form action="../login.php?do=login" method="post" name="loginform" onsubmit="document.forms.loginform.vbpassword.value=document.forms.loginform.vb_login_pass word.value; md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">';
}
else
{
echo '<form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">';
}
?>

--------------------------------------
Find:
--------------------------------------

<input type="hidden" name="vb_login_md5password_utf" value="" />

--------------------------------------
BELOW it add:
--------------------------------------

<input type="hidden" name="vbpassword" value="" />

--------------------------------------

The Code changes in this mod for login.php don´t need to be changed! Its the same for vB 3.6.7

dcpaq2xx
20 May 2007, 20:09
Thank you for the heads up benjaminbih.

If you wouldnt have said anything I would not have even noticed that the code got wiped out in login.php by the 3.6.7 upgrade as well as having to add in extra code in the adminfunctions file as it is something that doesnt get used everyday.

A big thank you to you, and a big thank you to Boofo for offering this hack to us and keeping it up to date.

Doug

benjaminbih
21 May 2007, 00:59
Thank you for the heads up benjaminbih.

If you wouldnt have said anything I would not have even noticed that the code got wiped out in login.php by the 3.6.7 upgrade as well as having to add in extra code in the adminfunctions file as it is something that doesnt get used everyday.

A big thank you to you, and a big thank you to Boofo for offering this hack to us and keeping it up to date.

Doug

Oh i forget it :o


The Code changes in this mod for login.php don´t need to be changed! Its the same for vB 3.6.7

dcpaq2xx
21 May 2007, 01:20
The Code changes in this mod for login.php don´t need to be changed! Its the same for vB 3.6.7

I did not say anything about code being 'changed' in login.php. I said the code got wiped out, big difference. :)

Doug

rjmjr69
21 May 2007, 02:09
Works just perfectly with 3.6.7 Thanks

Boofo
24 May 2007, 19:36
Since I am still running 3.5.4, I'm not sure what has changed in 3.6. If someone could let me know what instructions I need to upgrade, I will add the 3.6 version to this post, too. ;)

Nathan2006
12 Aug 2007, 06:49
Since I am still running 3.5.4, I'm not sure what has changed in 3.6. If someone could let me know what instructions I need to upgrade, I will add the 3.6 version to this post, too. ;)


This is still working great for 3.68

I totally forgot about this :D

Email is still sending too.

PoetJA-1975
03 Sep 2007, 05:07
Yeppers - still works for 3.6.8 brilliantly!
Thanx again for sharing - should be a default feature!

Jacquii.

MB-Soft
10 Sep 2007, 17:22
Works great in vB 3.6.8 :)

Thanks!

brvheart
16 Sep 2007, 16:09
not working on 3.6.8 :(, MB what edits did you use?

Vman
03 Jan 2008, 06:06
DITTO!!! I just installed it in 3.6.8 and its not working, there are no error messages, but when attempted to make false login attempts, there were not email notifications sent!!!!!

Can someone PLEASE fix this minor issue since this a good hack/plug to have!!!!

Thanks

Boofo
31 Jan 2008, 22:04
This is working on 3.7.0 beta 4. I have posted the vb 3.7.0 beta 4 version in the 3.7 modifications area.

segwayon
24 May 2008, 01:43
One difference I noticed when installing in 3.6.8 was one of the lines I was supposed to find:

<form action="../login.php" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">

And this was what I found in 3.6.8:

<form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">

I didn't alter any of the replacement code:

... etc ... <form action="../login.php" method="post" ... etc ...

Should I have kept the same pattern in the form tag?

Boofo
24 May 2008, 01:55
Maybe you ought to go all out and install the 3.7 version of this hack which has the line you are looking for. ;)