Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Lucifix
Regular
Regular


Joined: Mar 11, 2005
Posts: 67

PostPosted: Tue Feb 26, 2008 1:10 am Reply with quote

Does anyone know any modification that would notify you on e-mail when someone failed to login in admin section?
 
View user's profile Send private message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9455
Location: Arizona

PostPosted: Tue Feb 26, 2008 8:01 am Reply with quote

If you are using NukeSentinel's admin auth, a failed login will throw a 403 error to the web server, which you can trap in .htaccess and pass that to a PHP script to handle.

I leave the details to you... Wink

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
gazj
Worker
Worker


Joined: Apr 28, 2006
Posts: 152
Location: doncaster england

PostPosted: Mon Apr 14, 2008 11:54 pm Reply with quote

or you can write a simple function to send mail on failed logins to the admin if you are still after this mod i would make it up for you. And if you "beta test" and let me know how it works out i will give you credit for the testing and the basic idea of the mod Smile sign up on my site and pm me more chance of getting a reply on there Wink

_________________
as i stare into the abyss and battle with my demons i yell timeout and have a coffee break. 
View user's profile Send private message Visit poster's website
Lucifix
PostPosted: Tue Apr 15, 2008 12:05 am Reply with quote

gazj wrote:
or you can write a simple function to send mail on failed logins to the admin if you are still after this mod i would make it up for you. And if you "beta test" and let me know how it works out i will give you credit for the testing and the basic idea of the mod Smile sign up on my site and pm me more chance of getting a reply on there Wink


Yes great, please be my guest Smile
 
gazj
PostPosted: Tue Apr 15, 2008 12:43 am Reply with quote

right i need to know afew things to get the script right for your setup what are you using RN or nuke and what version just saves me time when having to edit files ie the admin.php so i know what line and so on the code goes in for better install instructions
 
gazj
PostPosted: Tue Apr 15, 2008 1:09 am Reply with quote

right i have this done its nothing fancy and you can improve it if you know what you are doing.


Open /admin.php

around line 102 look for:

Code:
   if(!empty($aid) AND !empty($pwd)) {

      $pwd = md5($pwd);
      $result = $db->sql_query("SELECT pwd, admlanguage FROM ".$prefix."_authors WHERE aid='$aid'");
      list($rpwd, $admlanguage) = $db->sql_fetchrow($result);
      $admlanguage = addslashes($admlanguage);
      if($rpwd == $pwd) {
         $admin = base64_encode("$aid:$pwd:$admlanguage");
         setcookie("admin",$admin,time()+2592000);
         unset($op);
      }


after add:

Code:
else{

      $sender_name = removecrlf('System Notice');
   $sender_email = validate_mail(removecrlf($adminmail));
   $msg = "$sitename\n\n";
   $msg .= "Admin Login Failed!\n";
   $msg .= "Admin: $aid\n";
   $msg .= "IP: ".$_SERVER['REMOTE_ADDR']."\n\n";
   $to = $adminmail;
   $mailheaders = "From: $sender_name <$sender_email>\n";
   $mailheaders .= "Reply-To: $sender_email\n\n";
   mail($to, 'Admin Login Failed', $msg, $mailheaders);
       }


this sends an email with the subject Admin Login Failed from System notice
saying:

Site name

Admin Login Failed!
Admin: Test
IP: xx.xxx.xx.xx
 
gazj
PostPosted: Tue Apr 15, 2008 1:11 am Reply with quote

oh btw i also have somewhere an ip lock for the admin that i wrote its somewhere local i might do a hack for release with the 2 in for added admin security and logging
 
Lucifix
PostPosted: Tue Apr 15, 2008 3:00 am Reply with quote

It's working!

I had to remove this line:
Code:
         //$sender_email = validate_mail(removecrlf($adminmail));


becouse of it code wasn't working.

Thx alot!
 
gazj
PostPosted: Tue Apr 15, 2008 4:46 am Reply with quote

it was working for me but it was tested on nuke 7.6 so might need to use this
$sender_email = validate_mail($adminmail);
 
jakec
Site Admin


Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Tue Apr 15, 2008 6:03 am Reply with quote

If you are using the NS Admin Auth surely they would never get that far and therefore it would be better to catch the 403 error as Montego suggested?

I'm sure Guardian had a script for this. Confused
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©