1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XenLoginSecurity [Paid] [Deleted]

Discussion in 'Add-on Releases' started by tenants, Nov 2, 2012.

  1. tenants

    tenants Well-Known Member

    tenants submitted a new resource:

    XenLoginSecurity (version 1.0.0) - IP Address Account Login Protection

    Read more about this resource...
  2. tenants

    tenants Well-Known Member

    To Do List

    1) Expose the logging information in the ACP (currently attempts are logged in the database, this just needs to be exposed)
  3. kkm323

    kkm323 Well-Known Member

    another great add-on the only cons I see from this is that you may want to access your forum from someone else computer or maybe from a library :unsure:
  4. tenants

    tenants Well-Known Member

    and then it will automatic send you an email with a link to log in from, it will also send you the IP address... you can then choose to add this IP address to your secure locations
  5. tenants

    tenants Well-Known Member

  6. ip0dhacker

    ip0dhacker Active Member

    Nice and helpful add-on but I think it may cause some difficult
  7. tenants

    tenants Well-Known Member

    For some, it could be a bit irritating if you have a variable IP address.. but you only need to check your email to login from a "safe" link

    The thing I use it for is to just protect my important accounts (the admin accounts), these are accounts I do not use that often anyway, but it does give me a piece of mind knowing they are a lot safer.
    ip0dhacker likes this.
  8. ip0dhacker

    ip0dhacker Active Member

    100% Right :)
  9. craigiri

    craigiri Well-Known Member

    Probably an obvious question, but could a MAC address be used for a similar thing? Since I tend to always have my laptop with me, this might be preferable to IP.
  10. tenants

    tenants Well-Known Member

    Hmm.. not easily.

    The MAC address isn't sent in the header (I belive this is overwitten by the client router before it gets to the server), so we can't obtain it directly with the server side PHP

    If it was to be obtained from the computer, it would need some sort of trust authenitcation / client side language
    In a sense, the MAC address is only avaiable to the client machine

    I've seen some scripts that obtain this with ActiveX (but thats an old techniqute and limits your self to only work with one browser... we never want to go down that route)
    It's also possible to do this with an applet (but once again, we start going down a messy route)

    So no, at least I can't currently see a way, MAC addresses can't really be used here

    (If I could find a way, I could add it as an option for those that really wanted it)
  11. HWS

    HWS Well-Known Member

    You can allow to install a secure cookie at an authorized machine and allow bypass for a machine with that cookie.
  12. Core Freedom

    Core Freedom Well-Known Member

    Tenants, I do have a question about this add on. Most of my members are traveling the globe, including me. So this would mean that people would not be able to login from their travels, which would be a huge deal killer because that is in big part what our forum is about (being free to live anywhere we want while being about purpose).

    So ranges of IPs is not going to fix this because one day I may be in San Francisco and the next week in Switzerland.

    What do you think?
  13. tenants

    tenants Well-Known Member

    You only need to apply it the the accounts you want thoroughly protect

    For instance, I use it on my super admin (I too have a variable IP address)

    That user is the user I login to the ACP with (I rarely use it on the forum)

    If my IP changes, and I try to login with that user I cant. However, if I try to log in to the form with that user (I still cant), but it then sends me an email with a "safe" link that I can login with.
    I can then login and add my new IP address to the list of allowed IP address, I'll then be able to log in/log out of the forum and ACP
    Core Freedom likes this.
  14. Core Freedom

    Core Freedom Well-Known Member

    Awesome, that's what I needed to know! Thank you!
  15. tenants

    tenants Well-Known Member

    Then we have a possibility that cookie theft could bypass this... as it stands, only knowing and using the correct IP address will allow you to log in (and you would still need to know the correct password)

    ... I see your trail of thought and I like it, but I don't want to give any alternative pathways of abuse
  16. Core Freedom

    Core Freedom Well-Known Member

    Mike, I'm having trouble at the step where I'm supposed to install the file from server in the admin panel. I extracted the files and uploaded that folder into the library folder in the public_html folder (using Filezilla). But when I try to install library/XenLoginSecurity/addon-XenLoginSecurity.xml it gives me an error message (invalid file name). I have this problem frequently because I can't quite figure out what the exact url is. When I click on the filezilla directory to see where the file is, it gives me this url, /public_html/library/LoginUserLocks_v1_0_1. I tried entering that in the 'install from server' area but that gives me an error message too. Then I tried with this http://corefreedom.com/public_html/library/LoginUserLocks_v1_0_1 but it still gives me an error message. Can you help?
  17. tenants

    tenants Well-Known Member

    it's okay, this sounds like a location or a file name issue,

    If you look at my front page, I always add steps to install

    Make sure you have the file strucutre
    http:// www. yourforum.com/library/XenLoginSecurity/addon-XenLoginSecurity.xml

    This is what my folder structure looks like:

    Then you can use
    • Go to ACP -> Add-ons -> Install Add-on -> Install from file on server
    • Install from file on server: " library/XenLoginSecurity/addon-XenLoginSecurity.xml"
    Make sure there are no spaces, also make sure that the path looks the same and the file name is correct "addon-XenLoginSecurity.xml"
    There is an addon that makes installing easier (Chris Deeming's Addon Installer), I will have to make sure all my future are compatible with it.
  18. Core Freedom

    Core Freedom Well-Known Member

    My structure looks totally different. I seem to be missing this folder: XenLoginSecurity

    Is t his a folder I have to create within the library folder?
  19. tenants

    tenants Well-Known Member

    That's my fault ...grrrr to myself

    Create the folder "XenLoginSecurity" inside the library folder, then add the content of the zip to the folder (so it has the same structure as the image above).
    I'm going to make sure plugins are always compatible with the Chiss's plugin in future
  20. Core Freedom

    Core Freedom Well-Known Member

    Okay, I thought I was going nuts. :)

    I created a folder and then dragged your folder into that and it shows this link:


    When I go to the "install through server' area and enter either /public_html/library/XenLoginSecurity/LoginUserLocks_v1_0_1 or with the http in front of it, it still gives me an error message. :-(

Share This Page