XenLoginSecurity [Paid] [Deleted]


Well-known member
tenants submitted a new resource:

XenLoginSecurity (version 1.0.0) - IP Address Account Login Protection

XenLoginSecurity - IP Address Account Login Protection

  • Protect your account from access / brute force attempts by only allowing specified IP ranges to Login for that account
  • XenLoginSecuity is permissions based, so any account can be granted this option (Admins / Moderators / Usergroups / Individuals)
  • Once granted the permissions, users can turn this on / off from their account >> Personal Details >> Login Security
  • User can define a list...
Read more about this resource...


Well-known member
To Do List

1) Expose the logging information in the ACP (currently attempts are logged in the database, this just needs to be exposed)


Well-known member
another great add-on the only cons I see from this is that you may want to access your forum from someone else computer or maybe from a library :unsure:


Well-known member
and then it will automatic send you an email with a link to log in from, it will also send you the IP address... you can then choose to add this IP address to your secure locations


Well-known member
For some, it could be a bit irritating if you have a variable IP address.. but you only need to check your email to login from a "safe" link

The thing I use it for is to just protect my important accounts (the admin accounts), these are accounts I do not use that often anyway, but it does give me a piece of mind knowing they are a lot safer.


Active member
For some, it could be a bit irritating if you have a variable IP address.. but you only need to check your email to login from a "safe" link

The thing I use it for is to just protect my important accounts (the admin accounts), these are accounts I do not use that often anyway, but it does give me a piece of mind knowing they are a lot safer.
100% Right :)


Well-known member
Probably an obvious question, but could a MAC address be used for a similar thing? Since I tend to always have my laptop with me, this might be preferable to IP.


Well-known member
Hmm.. not easily.

The MAC address isn't sent in the header (I belive this is overwitten by the client router before it gets to the server), so we can't obtain it directly with the server side PHP

If it was to be obtained from the computer, it would need some sort of trust authenitcation / client side language
In a sense, the MAC address is only avaiable to the client machine

I've seen some scripts that obtain this with ActiveX (but thats an old techniqute and limits your self to only work with one browser... we never want to go down that route)
It's also possible to do this with an applet (but once again, we start going down a messy route)

So no, at least I can't currently see a way, MAC addresses can't really be used here

(If I could find a way, I could add it as an option for those that really wanted it)

Core Freedom

Well-known member
Tenants, I do have a question about this add on. Most of my members are traveling the globe, including me. So this would mean that people would not be able to login from their travels, which would be a huge deal killer because that is in big part what our forum is about (being free to live anywhere we want while being about purpose).

So ranges of IPs is not going to fix this because one day I may be in San Francisco and the next week in Switzerland.

What do you think?


Well-known member
You only need to apply it the the accounts you want thoroughly protect

For instance, I use it on my super admin (I too have a variable IP address)

That user is the user I login to the ACP with (I rarely use it on the forum)

If my IP changes, and I try to login with that user I cant. However, if I try to log in to the form with that user (I still cant), but it then sends me an email with a "safe" link that I can login with.
I can then login and add my new IP address to the list of allowed IP address, I'll then be able to log in/log out of the forum and ACP


Well-known member
You can allow to install a secure cookie at an authorized machine and allow bypass for a machine with that cookie.
Then we have a possibility that cookie theft could bypass this... as it stands, only knowing and using the correct IP address will allow you to log in (and you would still need to know the correct password)

... I see your trail of thought and I like it, but I don't want to give any alternative pathways of abuse

Core Freedom

Well-known member
Mike, I'm having trouble at the step where I'm supposed to install the file from server in the admin panel. I extracted the files and uploaded that folder into the library folder in the public_html folder (using Filezilla). But when I try to install library/XenLoginSecurity/addon-XenLoginSecurity.xml it gives me an error message (invalid file name). I have this problem frequently because I can't quite figure out what the exact url is. When I click on the filezilla directory to see where the file is, it gives me this url, /public_html/library/LoginUserLocks_v1_0_1. I tried entering that in the 'install from server' area but that gives me an error message too. Then I tried with this http://corefreedom.com/public_html/library/LoginUserLocks_v1_0_1 but it still gives me an error message. Can you help?


Well-known member
it's okay, this sounds like a location or a file name issue,

If you look at my front page, I always add steps to install

Make sure you have the file strucutre
http:// www. yourforum.com/library/XenLoginSecurity/addon-XenLoginSecurity.xml

This is what my folder structure looks like:

Then you can use
  • Go to ACP -> Add-ons -> Install Add-on -> Install from file on server
  • Install from file on server: " library/XenLoginSecurity/addon-XenLoginSecurity.xml"
Make sure there are no spaces, also make sure that the path looks the same and the file name is correct "addon-XenLoginSecurity.xml"
There is an addon that makes installing easier (Chris Deeming's Addon Installer), I will have to make sure all my future are compatible with it.

Core Freedom

Well-known member
My structure looks totally different. I seem to be missing this folder: XenLoginSecurity

Is t his a folder I have to create within the library folder?


Well-known member
That's my fault ...grrrr to myself

Create the folder "XenLoginSecurity" inside the library folder, then add the content of the zip to the folder (so it has the same structure as the image above).
I'm going to make sure plugins are always compatible with the Chiss's plugin in future

Core Freedom

Well-known member
Okay, I thought I was going nuts. :)

I created a folder and then dragged your folder into that and it shows this link:


When I go to the "install through server' area and enter either /public_html/library/XenLoginSecurity/LoginUserLocks_v1_0_1 or with the http in front of it, it still gives me an error message. :-(