[MOD]Different ACP Password v1/farklı yönetim paneli şifresi

[pikachu]

bu modla yönetim paneline girmek için ayrı bir şifre belirleyebiliyorsunuz, böylece, birşekilde üye şifreniz ele geçirilmiş olsada ele geçiren kişi yönetim panelinin nimetlerinden faydalanamaz...

Kod: Tümünü seç

##############################################################
## MOD Title:		Different ACP Password
## MOD Author: OXPUS < webmaster@oxpus.de > (Karsten Ude) http://www.oxpus.de
## MOD Description:	Implements a second password for administrators to login into the admin panel.
##			This password can only be changed in the admin panel.
## MOD Version:		1.0.0
##
## Installation Level:	Easy
## Installation Time:	5-10 Minutes
## Files To Edit:	8
##			login.php
##			admin/admin_board.php
##			admin/admin_up_auth.php
##			admin/admin_users.php
##			language/lang_english/lang_admin.php
##			language/lang_english/lang_main.php
##			templates/subSilver/admin/board_config_body.tpl
##			templates/subSilver/admin/user_edit_body.tpl
##
## Included Files:	N/A
##
############################################################## 
## For security purposes, please check: http://www.phpbb.com/mods/ 
## for the latest version of this MOD. Although MODs are checked 
## before being allowed in the MODs Database there is no guarantee 
## that there are no security problems within the MOD. No support 
## will be given for MODs not found within the MODs Database which 
## can be found at http://www.phpbb.com/mods/ 
############################################################## 
## Author Notes:
##
## Languages
## ---------
## Additional language packs can be found in the folder translations/
##
## Super Moderator / Orion 2x
## --------------------------
## Look into the folder contrib/ for the needed Add-On.
##
##############################################################
## MOD History:
##
##   2006-12-09 - Version 1.0.0
##      - First release
##
##############################################################
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD
##############################################################

#
#-----[ SQL ]------------------------------------------
#
ALTER TABLE phpbb_users ADD COLUMN user_acp_password VARCHAR(32) NOT NULL DEFAULT '' AFTER user_password;

UPDATE phpbb_users SET user_acp_password = user_password WHERE user_level IN (1, 3);

INSERT INTO phpbb_config (config_name, config_value) VALUES ('complex_acp_pw', '1');

#
#-----[ OPEN ]------------------------------------------
#
login.php

#
#-----[ FIND ]------------------------------------------
#
		$sql = "SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try
			FROM " . USERS_TABLE . "
			WHERE username = '" . str_replace("\\'", "''", $username) . "'";

#
#-----[ IN-LINE FIND ]------------------------------------------
#
user_password

#
#-----[ IN-LINE AFTER, ADD ]------------------------------------------
#
, user_acp_password

#
#-----[ FIND ]------------------------------------------
#
				if( md5($password) == $row['user_password'] && $row['user_active'] )

#
#-----[ REPLACE WITH ]------------------------------------------
#
				if (isset($HTTP_POST_VARS['admin']))
				{
					if (!$row['user_acp_password'])
					{
						message_die(GENERAL_MESSAGE, $lang['No_ACP_Password']);
					}

					$user_password = $row['user_acp_password'];
				}
				else
				{
					$user_password = $row['user_password'];
				}

				if( md5($password) == $user_password && $row['user_active'] )

#
#-----[ FIND ]------------------------------------------
#
		$template->set_filenames(array(
			'body' => 'login_body.tpl')
		);

#
#-----[ BEFORE, ADD ]------------------------------------------
#
		if (isset($HTTP_GET_VARS['admin']) && $userdata['user_acp_password'] == '')
		{
			message_die(GENERAL_MESSAGE, $lang['No_ACP_Password']);
		}

#
#-----[ OPEN ]------------------------------------------
#
admin/admin_board.php

#
#-----[ FIND ]------------------------------------------
#
$smtp_yes = ( $new['smtp_delivery'] ) ? "checked=\"checked\"" : "";
$smtp_no = ( !$new['smtp_delivery'] ) ? "checked=\"checked\"" : "";

#
#-----[ AFTER, ADD ]------------------------------------------
#
$complex_acp_pw_yes = ( $new['complex_acp_pw'] ) ? "checked=\"checked\"" : "";
$complex_acp_pw_no = ( !$new['complex_acp_pw'] ) ? "checked=\"checked\"" : "";

#
#-----[ FIND ]------------------------------------------
#
	"L_SEARCH_FLOOD_INTERVAL_EXPLAIN" => $lang['Search_Flood_Interval_explain'], 

#
#-----[ AFTER, ADD ]------------------------------------------
#
	"L_COMPLEX_ACP_PW" => $lang['Complex_ACP_PW'],
	"COMPLEX_ACP_PW_YES" => $complex_acp_pw_yes,
	"COMPLEX_ACP_PW_NO" => $complex_acp_pw_no,

#
#-----[ OPEN ]------------------------------------------
#
admin/admin_up_auth.php

#
#-----[ FIND ]------------------------------------------
#
			$sql = "UPDATE " . USERS_TABLE . "
				SET user_level = " . ADMIN . "
				WHERE user_id = $user_id";

#
#-----[ IN-LINE FIND ]------------------------------------------
#
user_level = " . ADMIN . "

#
#-----[ IN-LINE AFTER, ADD ]------------------------------------------
#
, user_acp_password = user_password

#
#-----[ FIND ]------------------------------------------
#
				$sql = "UPDATE " . USERS_TABLE . "
					SET user_level = " . USER . "
					WHERE user_id = $user_id";

#
#-----[ IN-LINE FIND ]------------------------------------------
#
user_level = " . USER . "

#
#-----[ IN-LINE AFTER, ADD ]------------------------------------------
#
, user_acp_password = ''

#
#-----[ OPEN ]------------------------------------------
#
admin/admin_users.php

#
#-----[ FIND ]------------------------------------------
#
		$password_confirm = ( !empty($HTTP_POST_VARS['password_confirm']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password_confirm'] ) )) : '';

#
#-----[ AFTER, ADD ]------------------------------------------
#
		$acp_password = ( !empty($HTTP_POST_VARS['acp_password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['acp_password'] ) )) : '';
		$acp_password_confirm = ( !empty($HTTP_POST_VARS['acp_password_confirm']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['acp_password_confirm'] ) )) : '';

#
#-----[ FIND ]------------------------------------------
#
			$password = '';
			$password_confirm = '';

#
#-----[ AFTER, ADD ]------------------------------------------
#
			$acp_password = '';
			$acp_password_confirm = '';

#
#-----[ FIND ]------------------------------------------
#
		$passwd_sql = '';

#
#-----[ AFTER, ADD ]------------------------------------------
#
		if ($board_config['complex_acp_pw'] && !empty($acp_password))
		{
			if (!empty($password) && $password == $acp_password)
			{
				$error = TRUE;
				$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['ACP_Password_match_pw'];
			}
			else
			{
				$sql = "SELECT user_password FROM " . USERS_TABLE . "
					WHERE user_id = $user_id";
				if (!($result = $db->sql_query($sql)))
				{
					message_die(GENERAL_ERROR, 'Could not read current password', '', __LINE__, __FILE__, $sql);
				}

				$row = $db->sql_fetchrow($result);
				$db->sql_freeresult($result);

				if ($row['user_password'] == md5($acp_password))
				{
					$error = TRUE;
					$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['ACP_Password_match_pw'];
				}
			}
		}

		if( !empty($acp_password) && !empty($acp_password_confirm) )
		{
			if($acp_password != $acp_password_confirm)
			{
				$error = TRUE;
				$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['ACP_Password_mismatch'];
			}
			else
			{
				$acp_password = md5($acp_password);
				$passwd_sql .= "user_acp_password = '$acp_password', ";
			}
		}
		else if( $acp_password && !$acp_password_confirm )
		{
			$error = TRUE;
			$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['ACP_Password_mismatch'];
		}
		else if( !$acp_password && $acp_password_confirm )
		{
			$error = TRUE;
			$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['ACP_Password_mismatch'];
		}

#
#-----[ FIND ]------------------------------------------
#
			$password = '';
			$password_confirm = '';

#
#-----[ AFTER, ADD ]------------------------------------------
#
			$acp_password = '';
			$acp_password_confirm = '';

#
#-----[ FIND ]------------------------------------------
#
		$password = '';
		$password_confirm = '';

#
#-----[ AFTER, ADD ]------------------------------------------
#
		$acp_password = '';
		$acp_password_confirm = '';

#
#-----[ FIND ]------------------------------------------
#
			'L_PASSWORD_CONFIRM_IF_CHANGED' => $lang['password_confirm_if_changed'],

#
#-----[ AFTER, ADD ]------------------------------------------
#
			'L_ACP_PASSWORD' => $lang['ACP_password'],
			'L_ACP_PASSWORD_CONFIRM' => $lang['ACP_password_confirm'],
			'L_ACP_PASSWORD_EXPLAIN' => $lang['ACP_password_explain'],
			'L_ACP_PASSWORD_COMPLEX' => ($board_config['complex_acp_pw']) ? $lang['ACP_password_complex'] : '',

#
#-----[ OPEN ]------------------------------------------
#
language/lang_english/lang_admin.php

#
#-----[ FIND ]------------------------------------------
#
?>

#
#-----[ BEFORE, ADD ]------------------------------------------
#
$lang['Complex_ACP_PW'] = 'Password for ACP login must be different to normal password';
$lang['ACP_Password_mismatch'] = 'The ACP password does not match the confirmation!';
$lang['ACP_Password_match_pw'] = 'The ACP password matches the normal password, but you must enter a different one!';
$lang['ACP_password'] = 'Password for the Admin Panel';
$lang['ACP_password_confirm'] = 'Confirm the ACP Password';
$lang['ACP_password_explain'] = 'This password will be used to login into the Admin Panel. From now the normal password can not longer used to login the ACP.';
$lang['ACP_password_complex'] = '<br />Be sure, to enter a different password as your normal one!';

#
#-----[ OPEN ]------------------------------------------
#
language/lang_english/lang_main.php

#
#-----[ FIND ]------------------------------------------
#
?>

#
#-----[ BEFORE, ADD ]------------------------------------------
#
$lang['No_ACP_Password'] = '<b>You have no valid password to login the Admin Panel!</b><br /><br />Please contact the board admin to get one.';

#
#-----[ OPEN ]------------------------------------------
#
templates/subSilver/admin/board_config_body.tpl

#
#-----[ FIND ]------------------------------------------
#
	<tr>
		<td class="row1">{L_AUTOLOGIN_TIME} <br /><span class="gensmall">{L_AUTOLOGIN_TIME_EXPLAIN}</span></td>
		<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="max_autologin_time" value="{AUTOLOGIN_TIME}" /></td>
	</tr>

#
#-----[ AFTER, ADD ]------------------------------------------
#
	<tr>
		<td class="row1">{L_COMPLEX_ACP_PW}</td>
		<td class="row2"><input type="radio" name="complex_acp_pw" value="1" {COMPLEX_ACP_PW_YES} /> {L_YES}&nbsp;&nbsp;<input type="radio" name="complex_acp_pw" value="0" {COMPLEX_ACP_PW_NO} /> {L_NO}</td>
	</tr>

#
#-----[ OPEN ]------------------------------------------
#
templates/subSilver/admin/user_edit_body.tpl

#
#-----[ FIND ]------------------------------------------
#
		<input class="post" type="password" name="password_confirm" size="35" maxlength="32" value="" />
	  </td>
	</tr>

#
#-----[ AFTER, ADD ]------------------------------------------
#
	<tr>
	  <td class="row1"><span class="gen">{L_ACP_PASSWORD}:</span><br /><span class="gensmall">{L_ACP_PASSWORD_EXPLAIN}{L_ACP_PASSWORD_COMPLEX}</span></td>
	  <td class="row2">
		<input class="post" type="password" name="acp_password" size="35" maxlength="32" value="" />
	  </td>
	</tr>
	<tr>
	  <td class="row1"><span class="gen">{L_ACP_PASSWORD_CONFIRM}:</span></td>
	  <td class="row2">
		<input class="post" type="password" name="acp_password_confirm" size="35" maxlength="32" value="" />
	  </td>
	</tr>


#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM

[BLooD]

Helal sana ! vallaha helal ! ben bunu deniyordum önce Nukede denedim ama uyum sağlamadı üstünde editlleme yaptım tam olacak ki sen çıkardın helal olsun vallaha ellerine sağlık

[BLooD]

ben bundan bişi anlamadım nerden şifreleyecez panelimizi

[BLooD]

yok mu cevap arkadaşlar

[temhaya]

evet arkadasım ya bu nıu nereden ayrıyoruz sifreleri ben panelin altını ustune getirdim aam yok neredeyse

[Dn_35]

.ok kullanışlı bir moddur, admin şifrenizi çalsalar bile yönetime giremezler.

yönetim/ayarlarda otomatik girişlere izin verilsinmi satırının altında çıkar.

evet dedikten sonra yöetimden kurucu adminin özelliklerini açın orada göreceksiniz ve şifrenizi yazıp kaydettiksen sonra yönetime yanlızca verdiğiniz şifre ile girilebilir.

[phpBB-TR]

Bu OXPUS da güvenliğe merak salmış galiba şu ana kadar bildiğim tüm modları güvenlik amacı..

[Dn_35]

Bu OXPUS da güvenliğe merak salmış galiba şu ana kadar bildiğim tüm modları güvenlik amacı..

olabilir ama güvenlik herşeyden önemlidir, sağlam yedeğin yoksa emeğe yazık değilmi.

[bugrabaskaya]

Arkadaşlar bu mod giriş güvenliği md5 modu ile çakışıyor ne yapabilirm..

[hunkaray]

Ellerin dert görmesin sağolasın

[phpmod]

halledildi

[Windowsxp]

arkadaslar turkce dil dosyasi eklemeniz mumkun mu ?

[pikachu]

al tepe tepe kullan hata falan bulursan bildir düzeltelim

http://www.phpbbturkey.com/viewtopic.php?p=51923#51923

[bugrabaskaya]

Arkadaşlar bu mod giriş güvenliği md5 modu ile çakışıyor ne yapabilirm..

ya bi cevap veebilcek yok mu ???

[Dn_35]

bugrabaskaya hiç birşeyle çakışmıyor, kurarken yanlış yapmışsındır. Mod sorunsuz çalışıyor.