Kod: Tümünü seç
##############################################################
## MOD Title: Different ACP Password
## MOD Author: OXPUS < webmaster@oxpus.de > (Karsten Ude) http://www.oxpus.de
## MOD Description: Implements a second password for administrators to login into the admin panel.
## This password can only be changed in the admin panel.
## MOD Version: 1.0.0
##
## Installation Level: Easy
## Installation Time: 5-10 Minutes
## Files To Edit: 8
## login.php
## admin/admin_board.php
## admin/admin_up_auth.php
## admin/admin_users.php
## language/lang_english/lang_admin.php
## language/lang_english/lang_main.php
## templates/subSilver/admin/board_config_body.tpl
## templates/subSilver/admin/user_edit_body.tpl
##
## Included Files: N/A
##
##############################################################
## For security purposes, please check: http://www.phpbb.com/mods/
## for the latest version of this MOD. Although MODs are checked
## before being allowed in the MODs Database there is no guarantee
## that there are no security problems within the MOD. No support
## will be given for MODs not found within the MODs Database which
## can be found at http://www.phpbb.com/mods/
##############################################################
## Author Notes:
##
## Languages
## ---------
## Additional language packs can be found in the folder translations/
##
## Super Moderator / Orion 2x
## --------------------------
## Look into the folder contrib/ for the needed Add-On.
##
##############################################################
## MOD History:
##
## 2006-12-09 - Version 1.0.0
## - First release
##
##############################################################
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD
##############################################################
#
#-----[ SQL ]------------------------------------------
#
ALTER TABLE phpbb_users ADD COLUMN user_acp_password VARCHAR(32) NOT NULL DEFAULT '' AFTER user_password;
UPDATE phpbb_users SET user_acp_password = user_password WHERE user_level IN (1, 3);
INSERT INTO phpbb_config (config_name, config_value) VALUES ('complex_acp_pw', '1');
#
#-----[ OPEN ]------------------------------------------
#
login.php
#
#-----[ FIND ]------------------------------------------
#
$sql = "SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try
FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("\\'", "''", $username) . "'";
#
#-----[ IN-LINE FIND ]------------------------------------------
#
user_password
#
#-----[ IN-LINE AFTER, ADD ]------------------------------------------
#
, user_acp_password
#
#-----[ FIND ]------------------------------------------
#
if( md5($password) == $row['user_password'] && $row['user_active'] )
#
#-----[ REPLACE WITH ]------------------------------------------
#
if (isset($HTTP_POST_VARS['admin']))
{
if (!$row['user_acp_password'])
{
message_die(GENERAL_MESSAGE, $lang['No_ACP_Password']);
}
$user_password = $row['user_acp_password'];
}
else
{
$user_password = $row['user_password'];
}
if( md5($password) == $user_password && $row['user_active'] )
#
#-----[ FIND ]------------------------------------------
#
$template->set_filenames(array(
'body' => 'login_body.tpl')
);
#
#-----[ BEFORE, ADD ]------------------------------------------
#
if (isset($HTTP_GET_VARS['admin']) && $userdata['user_acp_password'] == '')
{
message_die(GENERAL_MESSAGE, $lang['No_ACP_Password']);
}
#
#-----[ OPEN ]------------------------------------------
#
admin/admin_board.php
#
#-----[ FIND ]------------------------------------------
#
$smtp_yes = ( $new['smtp_delivery'] ) ? "checked=\"checked\"" : "";
$smtp_no = ( !$new['smtp_delivery'] ) ? "checked=\"checked\"" : "";
#
#-----[ AFTER, ADD ]------------------------------------------
#
$complex_acp_pw_yes = ( $new['complex_acp_pw'] ) ? "checked=\"checked\"" : "";
$complex_acp_pw_no = ( !$new['complex_acp_pw'] ) ? "checked=\"checked\"" : "";
#
#-----[ FIND ]------------------------------------------
#
"L_SEARCH_FLOOD_INTERVAL_EXPLAIN" => $lang['Search_Flood_Interval_explain'],
#
#-----[ AFTER, ADD ]------------------------------------------
#
"L_COMPLEX_ACP_PW" => $lang['Complex_ACP_PW'],
"COMPLEX_ACP_PW_YES" => $complex_acp_pw_yes,
"COMPLEX_ACP_PW_NO" => $complex_acp_pw_no,
#
#-----[ OPEN ]------------------------------------------
#
admin/admin_up_auth.php
#
#-----[ FIND ]------------------------------------------
#
$sql = "UPDATE " . USERS_TABLE . "
SET user_level = " . ADMIN . "
WHERE user_id = $user_id";
#
#-----[ IN-LINE FIND ]------------------------------------------
#
user_level = " . ADMIN . "
#
#-----[ IN-LINE AFTER, ADD ]------------------------------------------
#
, user_acp_password = user_password
#
#-----[ FIND ]------------------------------------------
#
$sql = "UPDATE " . USERS_TABLE . "
SET user_level = " . USER . "
WHERE user_id = $user_id";
#
#-----[ IN-LINE FIND ]------------------------------------------
#
user_level = " . USER . "
#
#-----[ IN-LINE AFTER, ADD ]------------------------------------------
#
, user_acp_password = ''
#
#-----[ OPEN ]------------------------------------------
#
admin/admin_users.php
#
#-----[ FIND ]------------------------------------------
#
$password_confirm = ( !empty($HTTP_POST_VARS['password_confirm']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password_confirm'] ) )) : '';
#
#-----[ AFTER, ADD ]------------------------------------------
#
$acp_password = ( !empty($HTTP_POST_VARS['acp_password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['acp_password'] ) )) : '';
$acp_password_confirm = ( !empty($HTTP_POST_VARS['acp_password_confirm']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['acp_password_confirm'] ) )) : '';
#
#-----[ FIND ]------------------------------------------
#
$password = '';
$password_confirm = '';
#
#-----[ AFTER, ADD ]------------------------------------------
#
$acp_password = '';
$acp_password_confirm = '';
#
#-----[ FIND ]------------------------------------------
#
$passwd_sql = '';
#
#-----[ AFTER, ADD ]------------------------------------------
#
if ($board_config['complex_acp_pw'] && !empty($acp_password))
{
if (!empty($password) && $password == $acp_password)
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['ACP_Password_match_pw'];
}
else
{
$sql = "SELECT user_password FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not read current password', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row['user_password'] == md5($acp_password))
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['ACP_Password_match_pw'];
}
}
}
if( !empty($acp_password) && !empty($acp_password_confirm) )
{
if($acp_password != $acp_password_confirm)
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['ACP_Password_mismatch'];
}
else
{
$acp_password = md5($acp_password);
$passwd_sql .= "user_acp_password = '$acp_password', ";
}
}
else if( $acp_password && !$acp_password_confirm )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['ACP_Password_mismatch'];
}
else if( !$acp_password && $acp_password_confirm )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['ACP_Password_mismatch'];
}
#
#-----[ FIND ]------------------------------------------
#
$password = '';
$password_confirm = '';
#
#-----[ AFTER, ADD ]------------------------------------------
#
$acp_password = '';
$acp_password_confirm = '';
#
#-----[ FIND ]------------------------------------------
#
$password = '';
$password_confirm = '';
#
#-----[ AFTER, ADD ]------------------------------------------
#
$acp_password = '';
$acp_password_confirm = '';
#
#-----[ FIND ]------------------------------------------
#
'L_PASSWORD_CONFIRM_IF_CHANGED' => $lang['password_confirm_if_changed'],
#
#-----[ AFTER, ADD ]------------------------------------------
#
'L_ACP_PASSWORD' => $lang['ACP_password'],
'L_ACP_PASSWORD_CONFIRM' => $lang['ACP_password_confirm'],
'L_ACP_PASSWORD_EXPLAIN' => $lang['ACP_password_explain'],
'L_ACP_PASSWORD_COMPLEX' => ($board_config['complex_acp_pw']) ? $lang['ACP_password_complex'] : '',
#
#-----[ OPEN ]------------------------------------------
#
language/lang_english/lang_admin.php
#
#-----[ FIND ]------------------------------------------
#
?>
#
#-----[ BEFORE, ADD ]------------------------------------------
#
$lang['Complex_ACP_PW'] = 'Password for ACP login must be different to normal password';
$lang['ACP_Password_mismatch'] = 'The ACP password does not match the confirmation!';
$lang['ACP_Password_match_pw'] = 'The ACP password matches the normal password, but you must enter a different one!';
$lang['ACP_password'] = 'Password for the Admin Panel';
$lang['ACP_password_confirm'] = 'Confirm the ACP Password';
$lang['ACP_password_explain'] = 'This password will be used to login into the Admin Panel. From now the normal password can not longer used to login the ACP.';
$lang['ACP_password_complex'] = '<br />Be sure, to enter a different password as your normal one!';
#
#-----[ OPEN ]------------------------------------------
#
language/lang_english/lang_main.php
#
#-----[ FIND ]------------------------------------------
#
?>
#
#-----[ BEFORE, ADD ]------------------------------------------
#
$lang['No_ACP_Password'] = '<b>You have no valid password to login the Admin Panel!</b><br /><br />Please contact the board admin to get one.';
#
#-----[ OPEN ]------------------------------------------
#
templates/subSilver/admin/board_config_body.tpl
#
#-----[ FIND ]------------------------------------------
#
<tr>
<td class="row1">{L_AUTOLOGIN_TIME} <br /><span class="gensmall">{L_AUTOLOGIN_TIME_EXPLAIN}</span></td>
<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="max_autologin_time" value="{AUTOLOGIN_TIME}" /></td>
</tr>
#
#-----[ AFTER, ADD ]------------------------------------------
#
<tr>
<td class="row1">{L_COMPLEX_ACP_PW}</td>
<td class="row2"><input type="radio" name="complex_acp_pw" value="1" {COMPLEX_ACP_PW_YES} /> {L_YES} <input type="radio" name="complex_acp_pw" value="0" {COMPLEX_ACP_PW_NO} /> {L_NO}</td>
</tr>
#
#-----[ OPEN ]------------------------------------------
#
templates/subSilver/admin/user_edit_body.tpl
#
#-----[ FIND ]------------------------------------------
#
<input class="post" type="password" name="password_confirm" size="35" maxlength="32" value="" />
</td>
</tr>
#
#-----[ AFTER, ADD ]------------------------------------------
#
<tr>
<td class="row1"><span class="gen">{L_ACP_PASSWORD}:</span><br /><span class="gensmall">{L_ACP_PASSWORD_EXPLAIN}{L_ACP_PASSWORD_COMPLEX}</span></td>
<td class="row2">
<input class="post" type="password" name="acp_password" size="35" maxlength="32" value="" />
</td>
</tr>
<tr>
<td class="row1"><span class="gen">{L_ACP_PASSWORD_CONFIRM}:</span></td>
<td class="row2">
<input class="post" type="password" name="acp_password_confirm" size="35" maxlength="32" value="" />
</td>
</tr>
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM