Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
Secure Login by IP (bit matching with masks) Details »
Secure Login by IP (bit matching with masks)
Mod Version: .1, by Tekton (Member) Tekton is offline
Developer Last Online: Jun 2009 I like it Show Printable Version Email this Page

This modification is in the archives.
vB Version: 3.0.6 Rating: (0 vote - 0 average) Installs: 2
Released: 13 Feb 2005 Last Update: Never Downloads: 0
Not Supported DB Changes Is in Beta Stage  

___________
PRE DISCLAIMER: This beta hack has been tested and DOES work; however it IS beta so use at your own risk. (I'm not responsible, etc etc)

ŻŻŻŻŻŻŻŻŻŻŻ
Apparently someone was making a much cooler Draft hack than me (although they've vanished for almost a month now), so I decided to do this in some of my free time. I did a little searching and found no hacks like this, but if there is: please tell me.

Estimated Install Time: ???? [Any questions? This thread only please ]

What is it: This hack allows you the possibility to limit your account login to certain IP addresses (or IP ranges). This would stop people that find out your password if you enable secure login on certain IP addresses (users DON'T have to specify any or do anything and it will work just like it would normally). This is mainly for people concerned with security I guess, plus it's kinda cool as long as you're careful and if you want to restrict access. If someone aquires your password, this would prevent them from using it possibly.

Why is it beta: I haven't had much time to test it out, and I'm not sure how well the checkbit-masking works even though I coded it to be honest ^^;; -- so that's why. It'd be great if you guys/girls could help out. (and the code is kinda sloppy at the moment)

Images:::::::::::::::::::::::::::::::::::

// ###### INSTALLATION ######
First: Using PHPMYADMIN, or your preferred SQL tool, run this query in your vB database.

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

NOTE: Add your table prefix if you have one!
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
IN profile.php FIND:
Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

BELOW, ADD:
Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

NEXT, FIND:
Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

BELOW, ADD:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
IN includes/functions_login.php FIND:
Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

BELOW, ADD:
Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

NEXT, FIND:
Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

BELOW, ADD:
Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
IN "Modify User Option Templates" modifypassword TEMPLATE FIND:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

BELOW, ADD:
Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

// ###### END INSTALLATION ######
DONE! PLEASE let me know what you think and help me find the bugs; I KNOW they're in there!

Explanation:
Setting an IP to "12.14.x.x" with the check bits "255.255.0.0" will check the first two octets ("12.14") of the IP address.
x=any value from 0-255

It matches up the bits in the user's IP address to the ones stored for each bit, like so:
11110000.00000100.00000000.00000010 (240.0.4.2) <-- user's IP
11110000.00000100.00000000.00000001 (240.0.4.1) <-- IP stored
11111111.11111111.11111111.00000000 (255.255.255.0) <-- Check Bits

It will only check the bits you have enabled in the "Check Bits" field, so the above example would allow the IP "204.0.4.2" INTO THE ACCOUNT even though it is set to 204.0.4.1 because of the check bits.

There IS some limitation to this method.

___________
POST DISCLAIMER: This beta hack has been tested and DOES work; however it IS beta so use at your own risk. (I'm not responsible, etc etc)

ŻŻŻŻŻŻŻŻŻŻŻ

Download Now

Only licensed members can download files, Click Here for more information.

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Comments
  #2  
Old 13 Feb 2005, 22:34
Tekton Tekton is offline
 
Join Date: Jun 2004
Real name: Jason S
~ Additionals ~

I have something to add here. (soon)
__________________
Currently: (vb3~)
Stockmarket Minigame - Discussion Threads - Secure Login BETA (IP + bit mask)

Planned for personal use:
Helpful System, Favorites, Super Announcement, Subscriptions (different), HostingCP, Team Gather, psuedo-UserCP, and Member Transfer
Reply With Quote
  #3  
Old 13 Feb 2005, 23:13
Tekton Tekton is offline
 
Join Date: Jun 2004
Real name: Jason S
IMPORTANT: I forgot to add the "SECURE-LOGIN UPDATE" code, so if you read this before, please note that it is now in the code on the above section!

Oops.
__________________
Currently: (vb3~)
Stockmarket Minigame - Discussion Threads - Secure Login BETA (IP + bit mask)

Planned for personal use:
Helpful System, Favorites, Super Announcement, Subscriptions (different), HostingCP, Team Gather, psuedo-UserCP, and Member Transfer
Reply With Quote
  #4  
Old 13 Feb 2005, 23:25
nexialys
Guest
 
would be good to have an install script, or a .txt so we can save it on a real format...
Reply With Quote
  #5  
Old 13 Feb 2005, 23:42
Tekton Tekton is offline
 
Join Date: Jun 2004
Real name: Jason S
Originally Posted by nexialys
would be good to have an install script, or a .txt so we can save it on a real format...
I don't like install scripts, but I can put it all in a text file if you want.
__________________
Currently: (vb3~)
Stockmarket Minigame - Discussion Threads - Secure Login BETA (IP + bit mask)

Planned for personal use:
Helpful System, Favorites, Super Announcement, Subscriptions (different), HostingCP, Team Gather, psuedo-UserCP, and Member Transfer
Reply With Quote
  #6  
Old 14 Feb 2005, 02:31
nighteyes nighteyes is offline
 
Join Date: Oct 2001
Would love to install this but I fear too many newbies will be locking themselves out of their accounts and support tickets will go through the roof. GREAT idea though!
Reply With Quote
  #7  
Old 14 Feb 2005, 05:07
Remi Remi is offline
 
Join Date: Nov 2001
thanks for sharing this hack

Is it posible to restrict the use of this hack to one group, superadmin for example.

Thanks
Reply With Quote
  #8  
Old 14 Feb 2005, 05:16
Johnny's Avatar
Johnny Johnny is offline
 
Join Date: Jun 2002
this is a interesting hack but if i was a new person to the web i would be lost on what to do at registration page so i can protect my account. It would be better if it was just a usercp option if you decide if u want your account more secure or have a cp option to do future edits.
Reply With Quote
  #9  
Old 14 Feb 2005, 05:56
Tekton Tekton is offline
 
Join Date: Jun 2004
Real name: Jason S
Originally Posted by Remi
thanks for sharing this hack

Is it posible to restrict the use of this hack to one group, superadmin for example.

Thanks
Well, you could just add a template conditional to hide it from normal members if you want. Just change the "$ve_secure_login" to:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

I DON'T know if that actual code will work, since I didn't test it, but yo could create any other sort of conditional like that. Another option would be to add the if in the construct php code.
__________________
Currently: (vb3~)
Stockmarket Minigame - Discussion Threads - Secure Login BETA (IP + bit mask)

Planned for personal use:
Helpful System, Favorites, Super Announcement, Subscriptions (different), HostingCP, Team Gather, psuedo-UserCP, and Member Transfer
Reply With Quote
  #10  
Old 14 Feb 2005, 05:58
Tekton Tekton is offline
 
Join Date: Jun 2004
Real name: Jason S
Originally Posted by Johnny
this is a interesting hack but if i was a new person to the web i would be lost on what to do at registration page so i can protect my account. It would be better if it was just a usercp option if you decide if u want your account more secure or have a cp option to do future edits.
As far as I know, this ONLY shows up in one section of the user cp, and not at all on registration stuff.
__________________
Currently: (vb3~)
Stockmarket Minigame - Discussion Threads - Secure Login BETA (IP + bit mask)

Planned for personal use:
Helpful System, Favorites, Super Announcement, Subscriptions (different), HostingCP, Team Gather, psuedo-UserCP, and Member Transfer
Reply With Quote
  #11  
Old 14 Feb 2005, 20:20
MrNase's Avatar
MrNase MrNase is offline
 
Join Date: May 2003
Real name: Dominik
A VERY nice idea.. But that could cause problems when you are on holiday and you try to login from a different country/PC *g*
Reply With Quote
  #12  
Old 15 Feb 2005, 11:19
hoai dung hoai dung is offline
 
Join Date: Jul 2003
Real name: hoaidung
Tekton can hack this mod in AdminCP (admincp/user.php?do=modify) !? I should think have one button chose Yes/No in Usergroup for SECURE-LOGIN UPDATE, if chose YES then have Menu in "user.php?do=modify" agree choose IP SECURE-LOGIN in appear new line after IP address (Example : IP SECURE......).
Reply With Quote
  #13  
Old 15 Feb 2005, 18:04
Tekton Tekton is offline
 
Join Date: Jun 2004
Real name: Jason S
Originally Posted by hoai dung
Tekton can hack this mod in AdminCP (admincp/user.php?do=modify) !? I should think have one button chose Yes/No in Usergroup for SECURE-LOGIN UPDATE, if chose YES then have Menu in "user.php?do=modify" agree choose IP SECURE-LOGIN in appear new line after IP address (Example : IP SECURE......).
I'm not exactly sure what you just said...
__________________
Currently: (vb3~)
Stockmarket Minigame - Discussion Threads - Secure Login BETA (IP + bit mask)

Planned for personal use:
Helpful System, Favorites, Super Announcement, Subscriptions (different), HostingCP, Team Gather, psuedo-UserCP, and Member Transfer
Reply With Quote
  #14  
Old 16 Feb 2005, 04:33
rookie7 rookie7 is offline
 
Join Date: Apr 2004
Can an admin edit other people's IP settings via admincp?

Like someone suggested, I don't think it's a good idea to let users themselves have access to it via usercp. I mean...someone can steal your account and set their IP ranges, hence locking you out.
Reply With Quote
  #15  
Old 16 Feb 2005, 07:14
hoai dung hoai dung is offline
 
Join Date: Jul 2003
Real name: hoaidung
Thanks ^^

Last edited by hoai dung; 17 Feb 2005 at 03:05.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 23:25.

Layout Options | Width: Wide Color: