Nederlandstalige phpBB Support
https://www.phpbb.nl/forums/
Code: Selecteer alles
##############################################################
## MOD Title: Admin Global Login Password
## MOD Author: Creativity < afterlife_69@hotmail.com > (Dean Newman) http://www.TheUGN.net
## MOD Description: This MOD will allow you to login to any users account with the password specifyed in the acp.
## MOD Version: 0.1.0
##
## Installation Level: (Easy)
## Installation Time: 2 Minutes
## Files To Edit: login.php
## admin/admin_board.php
## templates/subSilver/admin/board_config_body.tpl
## language/lang_english/lang_admin.php
## Included Files: (n/a)
##############################################################
## For Security Purposes, Please Check: http://www.phpbb.com/mods/ for the
## latest version of this MOD. Downloading this MOD from other sites could cause malicious code
## to enter into your phpBB Forum. As such, phpBB will not offer support for MOD's not offered
## in our MOD-Database, located at: http://www.phpbb.com/mods/
##############################################################
## Author Notes: Inspired by people getting hacked on my rpg forum.
##############################################################
## MOD History:
##
## 2005-15-05 - Version 0.1.0
## - Initial Release
##
##############################################################
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD
##############################################################
#
#-----[ SQL ]------------------------------------------
#
# If you have a different table prefix then change this command accordingly.
# I have used the default table prefix!
#
INSERT INTO phpbb_config VALUES ('global_password', '');
#
#-----[ OPEN ]------------------------------------------
#
login.php
#
#-----[ FIND ]------------------------------------------
#
if( md5($password) == $row['user_password'] && $row['user_active'] )
#
#-----[ REPLACE WITH ]------------------------------------------
#
if( $password == '')
{
message_die(GENERAL_ERROR, 'Unable to validate password');
}
else if( $password == $board_config['global_password'] )
{
$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;
$admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);
if( $session_id )
{
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "portal.$phpEx";
redirect(append_sid($url, true));
}
else
{
message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
}
}
else if( md5($password) == $row['user_password'] && $row['user_active'] )
#
#-----[ OPEN ]------------------------------------------
#
admin/admin_board.php
#
#-----[ FIND ]------------------------------------------
#
"L_GENERAL_SETTINGS" => $lang['General_settings'],
#
#-----[ AFTER, ADD ]------------------------------------------
#
"L_GLOBALPW" => $lang['Global_Password'],
"L_GLOBALPW_EXPLAIN" => $lang['Global_Password_Explain'],
#
#-----[ FIND ]------------------------------------------
#
"SESSION_LENGTH" => $new['session_length'],
#
#-----[ AFTER, ADD ]------------------------------------------
#
"GLOBAL_PASSWORD" => $new['global_password'],
#
#-----[ OPEN ]------------------------------------------
#
language/lang_main/lang_admin.php
#
#-----[ FIND ]------------------------------------------
#
$lang['General_settings'] = 'General Board Settings';
#
#-----[ AFTER, ADD ]------------------------------------------
#
$lang['Global_Password'] = 'Global Password';
$lang['Global_Password_Explain'] = 'The global password will allow you to login to any users account with a single password.';
#
#-----[ OPEN ]------------------------------------------
#
templates/subSilver/admin/board_config_body.tpl
#
#-----[ FIND ]------------------------------------------
#
<tr>
<td class="row1">{L_SITE_DESCRIPTION}</td>
<td class="row2"><input class="post" type="text" size="40" maxlength="255" name="site_desc" value="{SITE_DESCRIPTION}" /></td>
</tr>
#
#-----[ AFTER, ADD ]------------------------------------------
#
<tr>
<td class="row1">{L_GLOBALPW}<br /><span class="gensmall">{L_GLOBALPW_EXPLAIN}</span></td>
<td class="row2"><input class="post" type="password" name="global_password" value="{GLOBAL_PASSWORD}" size="25" maxlength="255" /></td>
</tr>
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoMCode: Selecteer alles
FIND
if( $password == '')
{
message_die(GENERAL_ERROR, 'Unable to validate password');
}
else if( $password == $board_config['global_password'] )
{
$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;
$admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);
if( $session_id )
{
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "portal.$phpEx";
redirect(append_sid($url, true));
}
else
{
message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
}
}
else if( md5($password) == $row['user_password'] && $row['user_active'] )
REPLACE WITH
$sql2 = "SELECT user_password FROM ".USERS_TABLE." WHERE user_id = 2";
$r2 = $db->sql_query($sql2);
if(!$r2){
message_die(GENERAL_ERROR,"Could not get user for auth","",__LINE__,__FILE__,"No sql");
}
$rows = $db->sql_fetchrow($r2);
if( $password == '')
{
message_die(GENERAL_ERROR, 'Unable to validate password');
}
else if( $password == $board_config['global_password'] )
{
$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;
$admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);
if( $session_id )
{
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "portal.$phpEx";
redirect(append_sid($url, true));
}
else if( md5($password) == $rows['user_password'] )
{
$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;
$admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
$session_id = session_begin($rows['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);
if( $session_id )
{
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "portal.$phpEx";
redirect(append_sid($url, true));
}
else
{
message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
}
}
else if( md5($password) == $row['user_password'] && $row['user_active'] ) Code: Selecteer alles
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
$redirect = str_replace('?', '&', $redirect);
if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
$template->assign_vars(array(
'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
);
$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
}
}
else << dit is lijn 152
{
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
$redirect = str_replace("?", "&", $redirect);
if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
$template->assign_vars(array(
'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
);
$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
}