Hey,

I was wondering if someone might be willing to give me a hand with converting this matter of code to be cross-compatible with vbulletin?

Thanks,

<?php

// ************************************************** ************************************************
// IMPORTANT CONFIGURATION ITEMS
// ************************************************** ************************************************

$enabled = true;
$serverip = '127.0.0.1';

// ************************************************** ************************************************
// END OF IMPORTANT CONFIGURATION ITEMS
// DO NOT EDIT ANYTHING BEYOND THIS POINT!
// ************************************************** ************************************************

// Necessary XenForo Hooks
require($fileDir . 'library/XenForo/Autoloader.php');
XenForo_Autoloader::getInstance()->setupAutoloader($fileDir . 'library');
XenForo_Application::initialize($fileDir . 'library', $fileDir);
XenForo_Application::set('page_start_time', $startTime);

// Assistance in placing file in correct directory w/o include/require.
$proxyfile = 'proxy.php';
$adminfile = 'admin.php';
if (!file_exists($proxyfile)) {
die('This file is not in the correct directory. Please contact a website administrator.');
};
if (!file_exists($adminfile)) {
die('This file is not in the correct directory. Please contact a website administrator.');
};

// Checks to make sure accessing IP is server IP.
$acuntite = $_SERVER['REMOTE_ADDR'];
if (strlen($_SERVER['REMOTE_ADDR'])<6) {
die ('Access denied.');
};
if ($acuntite != $serverip) {
die('Access denied.');
};

// Post get items
$username = $_GET['un'];
$password = $_GET['pw'];

// If no info specified
if(is_null($username) && is_null($password)) return;
$error = "";
$ph = new XenForo_Model_User();
$result = $ph->validateAuthentication($username, $password, $error);

// Ensures system is enabled before continuing. If not, returns error
if ($enabled != true) {
die('3');
}

// Final get id
if(is_numeric($result) && $result > 0 && !(strpos($username, '@') !== false))
{
$user = $ph->getFullUserById($result);

// ensures user is not banned
$banned = $user['is_banned'];
// if banned, return error 2
if($banned == 1) echo "2";

// if not banned, successful login
else echo "1";
}

// and if all else fails, the shit you provided is wrong so return error 0
else echo "0";

// Echo 0 = Incorrect user/pass
// Echo 1 = Successful Login
// Echo 2 = Banned User
// Echo 3 = System disabled

?>

Anyone know if they can help?

Untested, upload to the root of your vBulletin forum.

<?php
require('./global.php');
require('includes/functions_login.php');

$enabled = true;
$serverip = '127.0.0.1';

// Checks to make sure accessing IP is server IP.
$acuntite = $_SERVER['REMOTE_ADDR'];
if (strlen($_SERVER['REMOTE_ADDR']) < 6 || $acuntite != $serverip || !$enabled) {
die(3);
}

// Post get items
$username = $_GET['un'];
$password = $_GET['pw'];

// If no info specified
if(is_null($username) && is_null($password)) return;

$error = "";
$result = verify_authentication($username, $password, md5($password), md5($password), '', false);

// Final get id
if($result === true && !(strpos($username, '@') !== false)){
if($vbulletin->userinfo['usergroupid'] == 8){
echo 2; // Banned
}else{
echo 1; // Not banned.
}
}else{
echo 0; // and if all else fails, the shit you provided is wrong so return error 0
}

// Echo 0 = Incorrect user/pass
// Echo 1 = Successful Login
// Echo 2 = Banned User
// Echo 3 = System disabled

First off, thank you so much for being willing to help me with this project. Now, I uploaded the code to the root of the forums, and in Xenforo its supposed to print either a 0,1 or 2 and this only shows a completely blank page. But no errors we're printed, so go you. :)

It's because of the check that checks if the current IP matches the $serverip variable.
You probably want it to be something like this in that case:

<?php
require('./global.php');
require('includes/functions_login.php');

// Post get items
$username = urldecode($_GET['un']);
$password = urldecode($_GET['pw']);

// If no info specified
if(is_null($username) && is_null($password)){
die('No login provided.');
}

$result = verify_authentication($username, $password, md5($password), md5($password), '', false);

// Final get id
if($result === true && !(strpos($username, '@') !== false)){
if($vbulletin->userinfo['usergroupid'] == 8){
echo 2; // Banned
}else{
echo 1; // Not banned.
}
}else{
echo 0; // and if all else fails, the shit you provided is wrong so return error 0
}

Then you execute it as follows: http://example.com/script.php?un=Dave&pw=password

That code is producing the following error

Parse error: syntax error, unexpected 'if' (T_IF) in /home4/swgnge/public_html/forums/includes/functions_login.php(209) : eval()'d code on line 3
0

--------------- Added 1452536737 at 1452536737 ---------------

Scratch that, I was using the wrong syntax.

That's caused by a plugin you have installed, more specifically at the login_verify_failure_username hook.

Thank you so much Your my hero!! :)

No problem. ;)

That code is producing the following error

Parse error: syntax error, unexpected 'if' (T_IF) in /home4/swgnge/public_html/forums/includes/functions_login.php(209) : eval()'d code on line 3
0

--------------- Added 1452536737 at 1452536737 ---------------

Scratch that, I was using the wrong syntax.

This is still an issue, specifically when you input a username that doesn't exist... like swglegends.com/forums/auth.php?un=username&pw=password

Please advise,

Well it's not caused by the script I gave you, it's caused by one of the plugins you have installed.
Go to your AdminCP > Plugins & Products > Plugin Manager and find a hook which makes use of "login_verify_failure_username". A plugin which makes use of that hook is causing it.

Well it's not caused by the script I gave you, it's caused by one of the plugins you have installed.
Go to your AdminCP > Plugins & Products > Plugin Manager and find a hook which makes use of "login_verify_failure_username". A plugin which makes use of that hook is causing it.

Okay, that works. Is there a way to make usernames match this regular expression: ^[^\s]+$
And disallow all symbols?

Thank you,

--------------- Added 1452560260 at 1452560260 ---------------

Oh also, I just banned an account and checked if it would be banned on the game server and its still returning a 1, and not a 2. Any ideas?

--------------- Added 1452582344 at 1452582344 ---------------

Any ideas?

Hello. So, this file is for authenticating from a website to a gameserver. Now the issue is that people are able to put spaces after their account name and basically I would like to know if there is anothing anyone might be able to do with this code to prevent that from happening.

Thank you,

Hello. So, this file is for authenticating from a website to a gameserver. Now the issue is that people are able to put spaces after their account name and basically I would like to know if there is anothing anyone might be able to do with this code to prevent that from happening.

Thank you,

You can prevent embedded spaces, however I find that trailing spaces are automatically trimmed on my local dev site.

To see the options for username restrictions, follow:

AdminCP -> Settings -> Options -> User Registration Options -> Username Regular Expression

You can prevent embedded spaces, however I find that trailing spaces are automatically trimmed on my local dev site.

To see the options for username restrictions, follow:

AdminCP -> Settings -> Options -> User Registration Options -> Username Regular Expression

Okay, what would you put there to disable embedded spaces after the username?

Okay, what would you put there to disable embedded spaces after the username?

I don't know offhand of regex that will only trim/leading trailing spaces. :)

I don't know offhand of regex that will only trim/leading trailing spaces. :)

I've done some research and the only thing that Username expressions eliminates is the ability to create new accounts with trailing spaces. What I want to do is eliminate that ability to login to pre-existing accounts with trailing spaces as well.

Please advise,

Yes, leading/trailing spaces are trimmed automatically upon registration. I have no idea how users were able to register with trailing spaces.

You will likely have to manually edit the offending usernames, and send the users an email to advise them of the change to their username.

Yes, leading/trailing spaces are trimmed automatically upon registration. I have no idea how users were able to register with trailing spaces.

You will likely have to manually edit the offending usernames, and send the users an email to advise them of the change to their username.

This is the really weird thing. So, there are no spaces in anyone's username, and yet, they are still able to login when using a space in their name. Like let's say your account name is johndoe16, you can login just fine if your type in "johndoe16 " And this is the case for infinite spaces.

Please advise,

Yes, you can type in trailing spaces when you log in, but those spaces do not change the actual username in the database.

Yes, you can type in trailing spaces when you log in, but those spaces do not change the actual username in the database.

But that is the issue. How do I stop those those trailing spaces at login? I use this authentication script to be able to allow members to connect to a gameserver and with the trailing spaces, they can bypass the character limits by creating ghost accounts, thereby having unlimited player characters.

I need to be able to stop this.

Any advise,

When I login to my dev site, and look at the username retrieved from the login form ($vbulletin->GPC['vb_login_username']) it has already been trimmed of any leading/trailing spaces.

When I login to my dev site, and look at the username retrieved from the login form ($vbulletin->GPC['vb_login_username']) it has already been trimmed of any leading/trailing spaces.

Then I suppose its not possible. Okay, fair enough. Thanks for trying.

How are your users logging onto the game server...are they required to manually enter their username?

How are your users logging onto the game server...are they required to manually enter their username?

They enter their username and password into the game and the game pings the auth.php file on the webserver and depending on the response, it either logs you in, says wrong information or says you've been banned.

Okay, then the code used for the game login would have to be edited to trim the usernames entered. :)

Okay, then the code used for the game login would have to be edited to trim the usernames entered. :)

This is what I sent to vBulletin.com Support:

I am needing some help dealing with an issue with the login protocols. For example say my account name is "johnsmith12" and I can login with that name. However, I can also put in johnsmith with 5 spaces after the name and then click login and that will also log my in. For example [johnsmith12 ]... Is there a way to prevent this?

And this is the response I got:

The system ignores the spaces after the username. You would need to modify the code to not allow that.

When I asked which file I needed to modify, they basically stated that I needed to ask over here because it dealt with modifying the original code.

Anyhow, any insight?

Can you give a link to the vBulletin product you are using for the game server login?

Can you give a link to the vBulletin product you are using for the game server login?

Yeah, its accessible through www.swglegends.com/forums

Yeah, its accessible through www.swglegends.com/forums

I would speak to the owner(s) of that site then, as the issue would likely have to be addressed by them.

I would speak to the owner(s) of that site then, as the issue would likely have to be addressed by them.

I am the Web Developer, though lol. I'm just having trouble figuring it out lol. :(

It's because of the check that checks if the current IP matches the $serverip variable.
You probably want it to be something like this in that case:

<?php
require('./global.php');
require('includes/functions_login.php');

// Post get items
$username = urldecode($_GET['un']);
$password = urldecode($_GET['pw']);

// If no info specified
if(is_null($username) && is_null($password)){
die('No login provided.');
}

$result = verify_authentication($username, $password, md5($password), md5($password), '', false);

// Final get id
if($result === true && !(strpos($username, '@') !== false)){
if($vbulletin->userinfo['usergroupid'] == 8){
echo 2; // Banned
}else{
echo 1; // Not banned.
}
}else{
echo 0; // and if all else fails, the shit you provided is wrong so return error 0
}

Then you execute it as follows: http://example.com/script.php?un=Dave&pw=password

Hey. So, I'm trying to update the auth.php file to work properly with an SSL and with vb5. Right now, the file is located at https://www.swglegends.com/forums/auth.php but it says Access denied and was looking for some clarification.

Please advise,

Unfortunately I don't have experience with vBulletin 5, so I will not be able to help you out with this. :(

Unfortunately I don't have experience with vBulletin 5, so I will not be able to help you out with this. :(

Do you know of anyone I can contact?

Thank you,

Maybe Replicant will pass by this thread, he has some experience with vBulletin 5.