PDA

View Full Version : vbulletin auth external page - is this enough for admin area?


forcerm
06-19-2011, 07:15 PM
I have built my website around vbulletin, i use the include globals.php hack so that i can work with vb on external pages.

I also have an admin area to go with this, now rather than create a separate login to secure this i decided to limit admin area access to the vbulletin admin usergroup.


if($this->vbulletin->getUserGroupId()!="6")
redirect(base_url());

//admin code here...


So this is saying, if usergroup isn't 6, then redirect to the base_url (home) or continue...

This does work, but since it's not actually checking if the user is logged in, rather it's just looking for a usergroup id... is it secure enough?

If the user is not logged in, what will it return? NULL? 0?

Eric
06-19-2011, 07:18 PM
The Unregistered/Not Logged In usergroup is 0. So if a user is not logged in, then 0 should be returned.

dionak
06-25-2011, 11:40 AM
I tried the quoted example, but I think I'm not using it in the right context, because PHP doesn't know what "$this" is referring to. Also, it is not recognizing the "redirect()" function.

(I have created an external page based on the instructions in this article:


https://vborg.vbsupport.ru/showthread.php?t=228112&highlight=make+own+page+Lynne

-and it was working correctly without this modification.)

I tried modifying the conditional to this:

$vbulletin->userinfo->usergroupid

and that doesn't give an errror, but it also doesn't return anything.

I also tested just the redirect function, and that doesn't work either. I think I need something like "print_standard_redirect", but could someone point me to an article or tutorial for that, as I've never done one on my own before.

Thanks for any help.

dionak
06-27-2011, 11:39 AM
...I tried modifying the conditional to this:

$vbulletin->userinfo->usergroupid

and that doesn't give an errror, but it also doesn't return anything.

I also tested just the redirect function, and that doesn't work either. I think I need something like "print_standard_redirect", but could someone point me to an article or tutorial for that, as I've never done one on my own before...

I figured it out--just needed some time away from the problem.

The usergroupid is in:

$vbulletin->userinfo['usergroupid']

(userinfo is just an array inside the object, not a whole other object.)

And I found a good, concise tutorial that included redirection here:

https://vborg.vbsupport.ru/showthread.php?t=98009