Welcome to Our Community

Registration on our forums are now open for some days! Feel free to sign up today.

[A] Template Security 1.1.0

Enhance the security on your site for yourself and for your members.

  1. XenForo Rocks
    Compatible XF Versions:
    • 1.0
    • 1.1
    • 1.2
    • 1.3
    • 1.4
    • 1.5
    Visible Branding:
    No
    Enhance the security on your site using this very basic add-on. There has been a surprising increase in malicious attacks to XenForo sites through injection of malicious code into your templates. Limiting the access of all templates to yourself and a small handful may not always be a possibility, so this add-on allows you to limit certain templates to certain users, reducing vulnerability to key templates like login handlers, page_container, change password pages, etc. in case a staff account is compromised.

    This add-on is free - we believe in promoting security and hopefully this assists with that. There is also no branding associated with this add-on.

    Features:
    • Limit access to certain templates
    • Be able to give normal template access to administrators, and only be able to block certain templates rather than revoke all access
    • Securely limit templates through your library/config.php file, which means this cannot be affected by any web user - this must be done through the files
    • Ensure that normal administrators cannot disable this add-on - you must be a super admin (as defined in config.php) to disable this add-on
    • Send alerts to super admins on attempt of modifying a protected template (possibly be able to see account compromise/suspicious activity)
    • Prevent circumvention of this system - the add-on also checks template modifications

    Installation

    1. Unzip aTemplateSecurity-{version}.zip
    2. Upload the contents of the upload directory to your XenForo installation
    3. Install the add-on by the following method:
      Admin CP -> Add-ons -> Install Add-on ->
      Install from uploaded file:
      Upload addon-aUserProfileProgress.xml
      OR
      Install from file on server:
      install/data/addon-aTemplateSecurity.xml
    4. The add-on should now install, and a short rebuilding process should occur. Once done, the installation has been successful!

    Usage
    By default, any administrator with normal template editing permissions will be able to edit templates. Templates must be restricted, if you wish to restrict them. To do this, add this line to xf_root/library/config.php:

    Code:
    $config['template_security']['template_name'] = '1';
    E.g.

    Code:
    $config['template_security']['helper_login_form'] = '1';
    $config['template_security']['PAGE_CONTAINER'] = '1';
    $config['template_security']['account_security'] = '1';
    $config['template_security']['login_bar_form'] = '1';
    (you may use this code if you wish, it restricts the templates were raw passwords are embedded).

    Change '1' to the user IDs of the users you want to be able to edit this template.

    Please enter all template names in the case they are, so page_container will not work, as it is PAGE_CONTAINER (it is capitalised), whilst helper_login_form is all lowercase, so a mixed case or uppercase will not work. Please ensure the capitalisation of the template is correct.

    In the features we mention that only super admins can disable this add-on. There is little purpose if a normal administrator can disable this add-on and circumvent the restriction. So, to disable this add-on, you must be a super admin. This isn't a super admin exclusive to this add-on, we just use XenForo's default super admin system for this, defined by:

    Code:
    $config['superAdmins'] = '1';
    in the same file.

    Database
    No changes to the database!

    Branding Information

    This add-on does not contain any visible branding.

    License

    This add-on is distributed under the terms of Apantic's product license. You can view it here:https://www.apantic.com/community/products/license-agreement