Basicly this repo, but I've added XenForo authentication which check the user/pass from server-side and returns rank on succesful login e.g. Admin/VIP/other rank name from XenForo. This essentially is made for authenticating subscriptions by checking the rank of the forum-user. If the correct rank is returned, then access to load cheat is given.
It works with default installation of XenForo.
- You need to put "login.php" file in your web-hotel (put it in standard XenForo folder) and update the database settings.
- Update a few lines of code and that should be all.
- I've added prepared statements in the login.php file for basic protection against SQL injection - please update ".htaccess" with these lines of code:
SetEnv DB_SERVERNAME your_servername // change it to your database settings
SetEnv DB_USERNAME your_username
SetEnv DB_PASSWORD your_password
SetEnv DB_NAME your_db_name
- You need to add this to the xf_user table in phpMyAdmin to make the sub-counter work. Run this SQL code:
ALTER TABLE xf_user
ADD COLUMN vip_end_time DATETIME DEFAULT NULL;
// and then this after to update a single user's vip to 1 month, pretty simple to make a script that does this automaticly
UPDATE xf_user
SET user_group_id = <VIP_group_id>, vip_end_time = DATE_ADD(NOW(), INTERVAL 1 MONTH)
WHERE user_id = <user_id>;
// and also add this for extra sql injection protection
USE your_database_name; // insert your database name
CREATE TABLE xf_login_attempts (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(255) NOT NULL,
login_attempts INT NOT NULL DEFAULT 0,
last_login_attempt TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
UNIQUE (username)
);
✅ Added nice colorways (Cinder + 6 custom ones)
✅ Add "days left" to rank VIP to track subscriptions. (currently has to manually add it to each VIP - next I'll create .php script for doing it automaticly.)
✅ Added TLS/SSL encryption
✅ Medium protection against SQL injection
❌ PHP script that is scheduled to run every 5 minutes for example to update every user of rank VIP with vip_end_time value of NULL to 1 month subscription (will probably also make it able to handle longer subscriptions)
❌ Add more customizations to the UI
Use a secure database password (it can be up to 128 characters - maybe even change it regularly)
Use a reliable/secure web-hosting
Add/make a script that notifies you with a mail to your personel/work mail-address when something fishy is going on in the database, so you can react quickly.
If you really want to go all-in, then look up Cloudflare WAF
I don't know why, but instead of going to sleep I produced this.... :P