@@ الآن شـــــرح الدخــول للوحة التحــكــــــــــــم @@
طبعا البعض مننا يعاني من الدخول بحيث كل ما يسجل يرد لصفحة التسجيل ويطلب منه كتابة الإسم مرة أخرى ،
واستخدم جميع الطرق لحل الكوكيز ، ولكنها لم تفـد ،، وكانت المشكلة في الترقيـة ..
==> الفــكـرة ::
عدم طلب تسجيل الدخول للادمن (( وضع الإسم والباسورد )) ،، وبالتالي يستطيع أي شخص الدخول للادمن ولكننا سنحمي المجلد AdminCP بجدار ناري ..
==> الآن الطريقة والمتطلبات ::
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""
التعديـــلات عل كل من الملفات التـــــــالية :
includes/adminfunctions.php
admincp/user.php
admincp/usergroup.php
admincp/announcement.php
modcp/banning.php
حماية مجلد modCP & AdminCP بجدار ناري من خلال Cpanel الموقع ،،
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
الآن نبدأ بالشـرح ::
*** افتح ملف adminfunctions.php الموجود في مجلد includes ..
أبحث عن :: (( السطر 24 لغاية السطر 183 ))
function print_cp_login()
{
global $vboptions, $session, $bbuserinfo, $vbphrase, $stylevar, $_REQUEST;
$focusfield = iif($bbuserinfo['userid'] == 0, 'username', 'password');
$printusername = iif($_REQUEST['vb_login_username'], htmlspecialchars_uni($_REQUEST['vb_login_username']), $bbuserinfo['username']);
switch(VB_AREA)
{
case 'AdminCP':
$pagetitle = $vbphrase['admin_control_panel'];
$getcssoptions = fetch_cpcss_options();
$cssoptions = array();
foreach ($getcssoptions AS $folder => $foldername)
{
$key = iif($folder == $vboptions['cpstylefolder'], '', $folder);
$cssoptions["$key"] = $foldername;
}
$showoptions = true;
$logintype = 'cplogin';
break;
case 'ModCP':
$pagetitle = $vbphrase['moderator_control_panel'];
$showoptions = false;
$logintype = 'modcplogin';
break;
/*
case 'Upgrade':
$pagetitle = 'Upgrade System';
$showoptions = false;
$logintype = 'cplogin';
break;
case 'Install':
$pagetitle = 'Installer';
$showoptions = false;
$logintype = 'cplogin';
break;
*/
}
define('NO_PAGE_TITLE', true);
print_cp_header($vbphrase['log_in'], "document.forms.loginform.vb_login_$focusfield.focus()");
?>
<script type="text/javascript" src="../clientscript/vbulletin_md5.js"></script>
<script type="text/javascript">
<!--
function js_show_options(objectid, clickedelm)
{
fetch_object(objectid).style.display = "";
clickedelm.disabled = true;
}
function js_fetch_url_append(origbit,addbit)
{
if (origbit.search(/\?/) != -1)
{
return origbit + '&' + addbit;
}
else
{
return origbit + '?' + addbit;
}
}
function js_do_options(formobj)
{
if (typeof(formobj.nojs) != "undefined" && formobj.nojs.checked == true)
{
formobj.url.value = js_fetch_url_append(formobj.url.value, 'nojs=1');
}
return true;
}
//-->
</script>
<form action="../login.php" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password); js_do_options(this)">
<input type="hidden" name="url" value="<?php echo htmlspecialchars_uni(SCRIPTPATH); ?>" />
<input type="hidden" name="s" value="<?php echo $session['dbsessionhash']; ?>" />
<input type="hidden" name="logintype" value="<?php echo $logintype; ?>" />
<input type="hidden" name="do" value="login" />
<input type="hidden" name="forceredirect" value="1" />
<input type="hidden" name="vb_login_md5password" value="" />
<p> </p><p> </p>
<table class="tborder" cellpadding="0" cellspacing="0" border="0" width="450" align="center"><tr><td>
<!-- header -->
<div class="tcat" style="padding:4px; text-align:center"><b><?php echo $vbphrase['log_in']; ?></b></div>
<!-- /header -->
<!-- logo and version -->
<table cellpadding="4" cellspacing="0" border="0" width="100%" class="navbody">
<tr valign="bottom">
<td><img src="../cpstyles/<?php echo $vboptions['cpstylefolder']; ?>/cp_logo.gif" alt="" title="<?php echo $vbphrase['vbulletin_copyright']; ?>" border="0" /></td>
<td>
<b><a href="../<?php echo $vboptions['forumhome']; ?>.php"><?php echo $vboptions['bbtitle']; ?></a></b><br />
<?php echo "vBulletin $vboptions[templateversion] $pagetitle"; ?><br />
</td>
</tr>
</table>
<!-- /logo and version -->
<table cellpadding="4" cellspacing="0" border="0" width="100%" class="logincontrols">
<col width="50%" style="text-align:<?php echo $stylevar['right']; ?>; white-space:nowrap"></col>
<col></col>
<col width="50%"></col>
<!-- login fields -->
<tr>
<td><?php echo $vbphrase['username']; ?></td>
<td><input type="text" style="padding-left:5px; font-weight:bold; width:250px" name="vb_login_username" value="<?php echo $printusername; ?>" accesskey="u" tabindex="1" /></td>
<td> </td>
</tr>
<tr>
<td><?php echo $vbphrase['password']; ?></td>
<td><input type="password" style="padding-left:5px; font-weight:bold; width:250px" name="vb_login_password" accesskey="p" tabindex="2" /></td>
<td> </td>
</tr>
<!-- /login fields -->
<?php if ($showoptions) { ?>
<!-- admin options -->
<tbody id="loginoptions" style="display:none">
<tr>
<td><?php echo $vbphrase['style']; ?></td>
<td><select name="cssprefs" class="login" style="padding-left:5px; font-weight:normal; width:250px" tabindex="5"><?php echo construct_select_options($cssoptions, $csschoice); ?></select></td>
<td> </td>
</tr>
<tr>
<td><?php echo $vbphrase['options']; ?></td>
<td>
<input type="checkbox" name="nojs" value="1" tabindex="6" /><?php echo $vbphrase['save_open_groups_automatically']; ?>
</td>
<td class="login"> </td>
</tr>
</tbody>
<!-- /admin options -->
<?php } ?>
<!-- submit row -->
<tr>
<td colspan="3" align="center">
<input type="submit" class="button" value=" <?php echo $vbphrase['log_in']; ?> " accesskey="s" tabindex="3" />
<?php if ($showoptions) { ?><input type="button" class="button" value=" <?php echo $vbphrase['options']; ?> " accesskey="o" onclick="js_show_options('loginoptions', this)" tabindex="4" /><?php } ?>
</td>
</tr>
<!-- /submit row -->
</table>
</td></tr></table>
</form>
<?php
define('NO_CP_COPYRIGHT', true);
unset($GLOBALS['DEVDEBUG']);
print_cp_footer();
}
واستبدله بهذا :
function print_cp_login()
{
/*
http://phpstrong.com
atb
http://phpstrong.com
*/
}
وفي نفس الملف أبحث عن : (( السطر 1260 لغاية 1324 ))
function can_administer()
{
global $bbuserinfo, $DB_site, $_BITFIELD, $_NAVPREFS, $superadministrators;
static $adminperms, $superadmins;
if (!isset($_NAVPREFS))
{
$_NAVPREFS = preg_split('#,#', $bbuserinfo['navprefs'], -1, PREG_SPLIT_NO_EMPTY);
}
if (!is_array($superadmins))
{
$superadmins = preg_split('#\s*,\s*#s', $superadministrators, -1, PREG_SPLIT_NO_EMPTY);
}
$do = func_get_args();
if ($bbuserinfo['userid'] < 1)
{
// user is a guest - definitely not an administrator
return false;
}
else if (!($bbuserinfo['permissions']['adminpermissions'] & CANCONTROLPANEL))
{
// user is not an administrator at all
return false;
}
else if (in_array($bbuserinfo['userid'], $superadmins))
{
// user is a super administrator (defined in config.php) so can do anything
return true;
}
else if (empty($do))
{
// user is an administrator and we are not checking a specific permission
return true;
}
else if (!isset($adminperms))
{
// query specific admin permissions from the administrator table and assign them to $adminperms
$getperms = $DB_site->query_first("
SELECT *
FROM " . TABLE_PREFIX . "administrator
WHERE userid = $bbuserinfo[userid]
");
// add normal adminpermissions and specific adminpermissions
$adminperms = $getperms['adminpermissions'] + $bbuserinfo['permissions']['adminpermissions'];
// save nav prefs choices
$_NAVPREFS = preg_split('#,#', $getperms['navprefs'], -1, PREG_SPLIT_NO_EMPTY);
}
// final bitfield check on each permission we are checking
foreach($do AS $field)
{
if ($adminperms & $_BITFIELD['usergroup']['adminpermissions']["$field"])
{
return true;
}
}
// if we got this far then there is no permission
return false;
}
واستبدله بهذا :
function can_administer()
{
global $bbuserinfo, $DB_site, $_BITFIELD, $_NAVPREFS, $superadministrators;
static $adminperms, $superadmins;
if (!isset($_NAVPREFS))
{
$_NAVPREFS = preg_split('#,#', $bbuserinfo['navprefs'], -1, PREG_SPLIT_NO_EMPTY);
}
if (!is_array($superadmins))
{
$superadmins = preg_split('#\s*,\s*#s', $superadministrators, -1, PREG_SPLIT_NO_EMPTY);
}
$do = func_get_args();
if (empty($do))
{
// user is an administrator and we are not checking a specific permission
return true;
}
// save nav prefs choices
$_NAVPREFS = preg_split('#,#', $getperms['navprefs'], -1, PREG_SPLIT_NO_EMPTY);
return true;
// if we got this far then there is no permission
return true;
}
++