Hi guys

I was really hoping someone could help me, I have a forum which is private and deals with a very personal topic which members do not want their husbands or wives finding out about (depression etc)

At the moment it seems like if I set the password for Forum A once the user inputs the password and closes the browser and reopens it, it does not ask for the password to be entered in. I would prefer it ASK to re enter the password each time the browser is reopened heck I wouldn't even mind having to enter it every time someone wanted to view the forum.

Secondly a way to prevent browsers from saving the password?

Tahnks so much!

It looks like forum passwords are saved in cookies with long expiration times, and the cookie name is COOKIE_PREFIX . 'forumpwd'. So you might be able to make a plugin that deletes that value from $_COOKIES early on, like in global_start or something. But I think that might result in a user having to enter a password every time they click on anything in a password-protected forum, which might be too much.

I think if you had the cookie saved with an expiration time of 0 then it would only last until the browser was closed, which sounds more like what you want. In forumdisplay.php around line 140 there's this code:

// set a temp cookie for guests
if (!$vbulletin->userinfo['userid'])
{
set_bbarray_cookie('forumpwd', $foruminfo['forumid'], md5($vbulletin->userinfo['userid'] . $vbulletin->GPC['newforumpwd']));
}
else
{
set_bbarray_cookie('forumpwd', $foruminfo['forumid'], md5($vbulletin->userinfo['userid'] . $vbulletin->GPC['newforumpwd']), 1);
}

and that '1' as the last parameter in the else means that the cookie will not be temporary. So you could edit that file and take out the 1 (or really just comment out everything except the first call to set_bbarray_cookie()) and that might do what you want. (There may or may not be some way to get the same result though plugins, I don't know).

BTW, I haven't actually tried any of this.

Tried changing the 1 to 0 nothing changed.

I had a look at the Cookie bbforumpwd is what set in the Cookie

Thanks so much for your reply kh99!

On second thought, I think my first idea about deleting the cookie might result in not being able to use the forum at all.

Changing the 1 to 0 I thought should have made it so that if you closed the browser and opened a new one, you had to enter the password again. Did you try that? Maybe I'm wrong...

But I didn't really understand your last post - did you solve your problem?

When you change it from 1 to 0, you will then need to clear your own cookies initially to see if it works.

When you change it from 1 to 0, you will then need to clear your own cookies initially to see if it works.
Hey guys thanks so damn much it seems to be asking for a password each time the browser is restarted, love it!

I just forgot to clear ALL cookies :P

One final question, how can I make sure the password field doesn't get prompted to be saved on entry by the browsers? Just like for entering your bank password it never promts for the password to be saved.


Again thanks so much!

I don't know that you can do that. There are so many addons out there to save information you input into textareas - not just username/password fields.

I know vbulletin.com has the members area so that the password can't be saved (at least on my browser it won't LOL)...the only thing I can find on it is to add autocomplete="off" to the input code like so:

<input type="password" name="password" id="password" autocomplete="off" />

I don't know if this is the only part that disables the password being saved, but worth a try :)

Hope it helps anyway lol

Lissa

Interesting mate! Which template do I find that string I did a search via Search in Templates for keyword 'password' all of it doesn't seem relevant, thanks!

Lynne: I noticed that as the Admin/Super Admin I am not forced to enter the password, ever. Is there anyway to make it so that Admins, Mods and Super admins are forced to enter the password each session?

Thanks so much! :)

You would need to edit the actual php code to make it so everyone, including admins/mods, would have to enter a password. Check the function verify_forum_password and you should find the code.

Hi Lynne,

I found

// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);

From that description that code checks the forum to make sure it has password and not being a coder myself makes me a little wary of changing that as it might break the password prompt would you be kind enough to provide and example of course, when you have the time.

Thanks !

I said to look at the actual function, not just the function call. The function itself is in functions.php

Oh I'm sorry I understand found it I will play with the code and see if I can find what is causing it, thanks Lynne!

--------------- Added 25 Feb 2011 at 07:43 ---------------

Sadly I have not been able to get this to work so it promts admins and mods a forum password on each session because I am dumb when it comes to php (know very little) if anyone who has an understanding of what part of this function I should edit it would be great. So far I've just been breaking it and spitting errors at me all morning :(

function verify_forum_password($forumid, $password, $showerror = true)
{
global $vbulletin, $stylevar;

if (!$password OR ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) OR ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator']) OR can_moderate($forumid))
{
return true;
}

$foruminfo = fetch_foruminfo($forumid);
$parents = explode(',', $foruminfo['parentlist']);
foreach ($parents AS $fid)
{ // get the pwd from any parent forums -- allows pwd cookies to cascade down
if ($temp = fetch_bbarray_cookie('forumpwd', $fid) AND $temp === md5($vbulletin->userinfo['userid'] . $password))
{
return true;
}
}

// didn't match the password in any cookie
if ($showerror)
{
require_once(DIR . '/includes/functions_misc.php');

$security_token_html = '<input type="hidden" name="securitytoken" value="' . $vbulletin->userinfo['securitytoken'] . '" />';

// forum password is bad - show error
eval(standard_error(fetch_error('forumpasswordmiss ing',
$vbulletin->session->vars['sessionhash'],
$vbulletin->scriptpath,
$forumid,
construct_post_vars_html() . $security_token_html,
$stylevar['cellpadding'],
$stylevar['cellspacing']
)));
}
else
{
// forum password is bad - return false
return false;
}
}

If you want it to prompt everyone for a password, then I believe you just want to change this line to say if no password, then true.
From:
if (!$password OR ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) OR ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator']) OR can_moderate($forumid))


To:
if (!$password)
Test it on your test site - I think it should work.

If you want it to prompt everyone for a password, then I believe you just want to change this line to say if no password, then true.
From:
if (!$password OR ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) OR ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator']) OR can_moderate($forumid))


To:
if (!$password)
Test it on your test site - I think it should work.
Wow that was easy!

Thanks so much Lynne you're a great asset to vBulletin.org for always being here lending a hand to everyone (not the first time you've helped me!)