[BETA] PassProtect Encryption System - New Addon Available

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment! No new topics are allowed in this forum.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: MOD Development Forum rules

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
Tenson
Registered User
Posts: 105
Joined: Sat Aug 07, 2004 3:53 am
Contact:

[BETA] PassProtect Encryption System - New Addon Available

Post by Tenson » Thu Aug 19, 2004 10:15 pm

This MOD alters phpBB so that any passwords submitted are encrypted prior to sending to the server. This protects against security vulnerabilities such as packet sniffing and some viruses that record POST data. Note: This does not protect against keyloggers.

The process first takes the MD5 of the password the user typed in. Then, it appends a value that is dependent upon the time the page is viewed. Then, it takes another MD5 of the password to irreversibly encrypt the password in such a way that it changes every time the password is entered.

This also blocks internet browsers that store passwords, which sometimes can lead to unauthorized access of accounts. If the user wants, the auto-login option is still available to store the password.

Remember to install the mod manually on any other templates you may have!

Current Version: 0.1.0
Known Bugs:
  • This MOD does not adapt to any custom (nonstandard) login forms you may have (such as those created from IM portal). This is not a bug per se, but this mod will be altered in version 0.2.0 to allow for adaptation on those forms. Note that passwords will NOT be encrypted on those forms. See author's notes on version 0.2.0 for how to make the mod adapt AND encrypt to any nonstandard forms you have.


Let me know of any features or suggestions you might have, and of course, of any bugs you find. If no bugs are found, this will be soon submitted to the mod database as version 1.0.

Add-Ons:
  • Shof515 has been kind enough to create an add-on for this MOD so that it will work with the IM Portal MOD. You can view a demo of it working here, and download it here. Thanks, Shof515!
The following file is a ZIP archive. Two files are needed to install the mod -- the mod script and a javascript file that handles encryption of the passwords.

NOTE: This modification has been properly set up so that any incompatible browsers or browsers that are blocking javascript can still log in. A backup has been programmed in so that phpBB can determine if the password was successfully encrypted through the use of javascript. If it wasn't, phpBB still handles the login normally.

Click Here to download the PassProtect ZIP file
Last edited by Tenson on Mon Aug 23, 2004 12:25 am, edited 6 times in total.

iloserman
Registered User
Posts: 1147
Joined: Wed Aug 20, 2003 7:45 pm
Location: My Closet Mode: Working
Contact:

Post by iloserman » Thu Aug 19, 2004 11:00 pm

Wow.


ILM
- Have a problem? I would love to help you out.
[ AIM ] [ MSN ] [ PM ] [ E-MAIL ] [ Website ] <- Contact info below.

Over 2,550+ users assisted, outside of phpBB. 37 Hosted.

Tenson
Registered User
Posts: 105
Joined: Sat Aug 07, 2004 3:53 am
Contact:

Post by Tenson » Fri Aug 20, 2004 12:13 am

iloserman wrote: Wow.


ILM

I hope that's a good wow :D

iloserman
Registered User
Posts: 1147
Joined: Wed Aug 20, 2003 7:45 pm
Location: My Closet Mode: Working
Contact:

Post by iloserman » Fri Aug 20, 2004 12:26 am

Tenson wrote:
iloserman wrote:Wow.


ILM

I hope that's a good wow :D


Its an interesting MOD. So basicly it just makes you phpBB Forums even more Secure :?


ILM
- Have a problem? I would love to help you out.
[ AIM ] [ MSN ] [ PM ] [ E-MAIL ] [ Website ] <- Contact info below.

Over 2,550+ users assisted, outside of phpBB. 37 Hosted.

Tenson
Registered User
Posts: 105
Joined: Sat Aug 07, 2004 3:53 am
Contact:

Post by Tenson » Fri Aug 20, 2004 12:39 am

iloserman wrote:
Tenson wrote:
iloserman wrote:Wow.


ILM

I hope that's a good wow :D


Its an interesting MOD. So basicly it just makes you phpBB Forums even more Secure :?


ILM

The biggest problem I find in phpBB forum-based sites (from experience) is that passwords are leaked out somehow. Sometimes it's through virus files that caputure the POST data, sometimes it's through browsers having cached passwords, but game designers that use phpBB as a base really have trouble patching up these problems. I aim to fix that with this mod, which ensures that the POST is different every time the password is submitted.

-- Matt

iloserman
Registered User
Posts: 1147
Joined: Wed Aug 20, 2003 7:45 pm
Location: My Closet Mode: Working
Contact:

Post by iloserman » Fri Aug 20, 2004 12:43 am

Good Work Then!


ILM
- Have a problem? I would love to help you out.
[ AIM ] [ MSN ] [ PM ] [ E-MAIL ] [ Website ] <- Contact info below.

Over 2,550+ users assisted, outside of phpBB. 37 Hosted.

User avatar
Rookie7
Registered User
Posts: 189
Joined: Mon Mar 10, 2003 3:32 pm
Contact:

Post by Rookie7 » Fri Aug 20, 2004 7:17 am

Link's down.

Will this mod affect the forum's performance (speed, server load, etc.) ?

User avatar
TERMINATRIX
Registered User
Posts: 154
Joined: Sat Jun 12, 2004 11:34 am
Contact:

Post by TERMINATRIX » Fri Aug 20, 2004 9:55 am

Would to test it myself, but as said the download seems not working anymore -
- TERRA OCEANICA -

- Multiple AI-BOT Mod / Attachment Points V1.70 Mod / Seasons Mod 0.2 -

Tenson
Registered User
Posts: 105
Joined: Sat Aug 07, 2004 3:53 am
Contact:

Post by Tenson » Fri Aug 20, 2004 3:09 pm

Sorry about that... my ISP went down today. I'm working on uploading it to a more suitable location so that you can have it downloaded more stabily.

As for the forum's performance drop: Little to none. Only about four lines are added to the login page, and that's where the performance change would come. phpBB would have to run through an extra IF statement, and may have to take one or two md5 hashes. That's an extremely minimal -- probably unnoticible even by a computer timing.

As soon as you can download it from another location I'll let you know!
-- Matt

EDIT: For the record, the biggest changes are to the template files. This is just plain text that includes a bit more HTML that the server will have to output, as well as a bit of javascript. It's only going to affect the index page and the login page's templates, so not every page is affected. The changes to the templates are also rather minor and should make little to no noticable difference in speed.

Tenson
Registered User
Posts: 105
Joined: Sat Aug 07, 2004 3:53 am
Contact:

Post by Tenson » Fri Aug 20, 2004 3:13 pm

Okay the file is now available at a new link

http://abofdis.com/forum/admin/mods/PassProtect_010.zip

Let me know if that doesn't work either...
-- Tenson

User avatar
Kalipo
Registered User
Posts: 551
Joined: Mon Dec 08, 2003 1:47 pm

Post by Kalipo » Fri Aug 20, 2004 6:37 pm

I couldn't. :(

Wyr!H@x!mu$
Registered User
Posts: 802
Joined: Fri Jan 24, 2003 12:06 pm
Location: Koedijk, Alkmaar, The Netherlands
Name: Cees-Jan
Contact:

Post by Wyr!H@x!mu$ » Fri Aug 20, 2004 11:38 pm

It works for me :) gonne test it tomorrow :D

Grtz,

WyriHaximus

User avatar
Kalipo
Registered User
Posts: 551
Joined: Mon Dec 08, 2003 1:47 pm

Post by Kalipo » Sat Aug 21, 2004 6:26 pm

Got it :)

No difference at all (that at least I noticed) & added it in ezPortal as well :!:
Last edited by Kalipo on Sat Aug 21, 2004 6:55 pm, edited 1 time in total.

Shof515
Registered User
Posts: 1169
Joined: Wed Mar 19, 2003 4:36 am

Post by Shof515 » Sat Aug 21, 2004 6:42 pm

I just installed mod,and when i enter in my password,i notce that like 5-10 of those stars,*,came into the password box...is this a sign of he mod working?
Whos missing up my sig?

Tenson
Registered User
Posts: 105
Joined: Sat Aug 07, 2004 3:53 am
Contact:

Post by Tenson » Sat Aug 21, 2004 6:47 pm

Shof515 wrote: I just installed mod,and when i enter in my password,i notce that like 5-10 of those stars,*,came into the password box...is this a sign of he mod working?

Yeah, if you notice the password change as soon as you submit the forum (thus typically changing the number of *s displayed), that's the mod doing its encryption. Then you know it's working correctly if you don't get the error "password incorrect"

-- Tenson

Post Reply

Return to “[2.0.x] MODs in Development”