Hey there,

This is a very tiny (and very easy to install) hack but I like to use it and found it useful:

I have a certain user group for trouble users in my board which I disabled all access to my board and this group can not even search or display the board itself or anything, so they are lower than guests. So I need to trap them in their username so that they wouldnt log out and "gain" guest access. This tiny hack exactly does this. You can use it with "banned users" or any user group you need to trap. ;) Here we go:

Edit member.php and find
-- cut ---
// ############################### start logout ###############################
if ($action=="logout") {
include("./global.php");
-- cut ---

AFTER THAT add:
-- cut --
// Banned users cant logout hack
if ($bbuserinfo[usergroupid]==XX) {show_nopermission(); exit;}
// Banned users cant logout hack
-- cut --

Replace XX with any usergroup id. (Banned by Moderators group is 12 in my board). If you put your mouse icon on "Edit" in http://www.url.com/yourboardadmin/usergroup.php?action=modify&s= , you can learn the usergroupid of any groups. If you need to trap more than 1 usergroups use this line:

if ($bbuserinfo[usergroupid]==XX OR $bbuserinfo[usergroupid]==YY) {show_nopermission(); exit;}

After applying the hack, trapped users will get "You dont have access" page if they try to logout from anywhere. Of course these members can still clear the cookies by deleting them manually, but you'll stop 95% of members who dont know the trick anyway! :)

Enjoy!

Logician //=^))

]looks very good if it's working, I'll try to install it today! :)

Wouldnt it be better to just IP ban them?

Originally posted by neo
Wouldnt it be better to just IP ban them?

Which takes all of 2 minutes to get round...

Originally posted by neo
Wouldnt it be better to just IP ban them?
Most of the members have dynamic IPs, at least in my country.

IP ban does not work for most cases..

I like your idea, a nice approach!

Originally posted by JohnWarwick


Which takes all of 2 minutes to get round...
As it does with banning. Even with this installed I could get through it with in 2 mins :)

The banning functions only usefull agaisnt stupid people on the net.

Originally posted by neo

The banning functions only usefull agaisnt stupid people on the net.
Dont agree: Unless you administer a site dedicated to internet or web technologies, most of your members are ignorant about vbulletin cookie system or dont know how to delete cookies manually. This has nothing to do with stupidity, it's just a knowledge most avarage internet users would not know. For example my site is for law professionals and you would not believe how many of them cant manage to activate their memberships, let alone go around their banned accounts.

This hack does not intend to stop a web admin who also knows the vbulletin, uses the vbulletin, write hacks to vbulletin, I am just trying to stop avarage board members. Banning does stop them..:cool:

Anyway, I like the hack, use it and find it useful.. Anyone who thinks like me can install it, so I shared..

Regards,
Logician

Aren't you supposed to put the code BEFORE the new cookies are set? I can't look at the full code right now, but showing no_permission() AFTER the cookies are deleted (set to "") isn't right I think.

Originally posted by FireFly
Aren't you supposed to put the code BEFORE the new cookies are set? I can't look at the full code right now, but showing no_permission() AFTER the cookies are deleted (set to "") isn't right I think.
of course.. this is why we should all use vbhacker for publishing the hacks, it wont let you have copy paster errors! :glasses: Edited the original, thx..

most people know about cookies, i made a little hack for my board that gave the banned people the message that the site was down for maintenance :) they wont supect anything and think that its down, well atleast until they try to access it from a diffrent comp.

@DjSap - Sounds like a good hack...

We could do with something like that at ThePhora...

Fancy publishing it?

@Logican - Nice hack m8...

No use installing it for our banned members though, cos they are the annoying nerdy runts who spend half their life plugged into the machine...

Satan

they could easly delete there cookies

]format c: will always help :p (just joking)

Cool.

Originally posted by Logician
Hey there,

This is a very tiny (and very easy to install) hack but I like to use it and found it useful:

I have a certain user group for trouble users in my board which I disabled all access to my board and this group can not even search or display the board itself or anything, so they are lower than guests. So I need to trap them in their username so that they wouldnt log out and "gain" guest access. This tiny hack exactly does this. You can use it with "banned users" or any user group you need to trap. ;) Here we go:

Logician //=^))

Very nice (or BAD! :rambo: ) idea!
I think a browser cookie should have a predefined expiration time. Well, could it be possible to extend that value as late as possible ?
:cheeky:
Thanks

Originally posted by Jawelin


Very nice (or BAD! :rambo: ) idea!
I think a browser cookie should have a predefined expiration time. Well, could it be possible to extend that value as late as possible ?
:cheeky:
Thanks
well it's not my idea, it's how vbulletin banned user system works ;)

But no need to worry about cookie expiration time, you can set it to 500 years if you like and ban your banned users grand children as well.. :classic:

I believe this time is already long enough in vbulletin system anyway.

Regards,
Logician

I believe the cookies for bbuserid and bbpassword don't expire... that is, until you delete them yourself.

Agree. Infact the $cookietimeout value (900 secs=15 mins default) applies only to the session duration.
Not to the stored cookie too.

Thanks.

It also applies to other stuff I think, lastvisit or whatever else is stored in the cookies...

Ok this is the first hack I tried to install. I was testing it with one of my mods, I changed his status to my banned profile. but when he tried to log out he just got an internal server error message. Now granted I am very new to this. I just edited the file in notepad, and then FTP'd the new member.php file in place of the old one, is there something I should be doing different.

Easily defeatable:

use a different browser (opera, netscape) and one can still "see the board"

And the notion that the average person doens't know about cookies is long outdated. Due to media, they do know about cookies and have programs that can manage them. Easy to delete cookies that are causing problems or heartaches, or prevents you from accessing a board.

My new computer came with a cookie manager program installed, so its kinda pointless these days.

not saying that this isn't a good hack, I just think it outlived its useage.

Originally posted by WizyWyg
My new computer came with a cookie manager program installed, so its kinda pointless these days.
lol, Cookie manager? People these days are just too lazy to delete / plant them themselves.

Why not instead of a show_nopermission use a fake 404 error that way they think the site is down? another idea could be to make a certain usergroup just see 404 errors, just like the ban. the nthey think the site is down or something

Just a 'parallel' question about VB cookies... :cool:
If an user has set on his browser a cookie like, for instance:
bbuserid=1234
bbpassword=.... md5 hash ....
and that userid doesn't exist any more on that board, what does it happen when he tries to login VB ?
I mean, if I don't leave someone to logout from the board and his user is deleted some reason, all cookies will be lost as soon he tries to log again ... Is it true ?
Actually, he is first recognized as user 1234, then after the SELECT $bbuserinfo is empty and user is prompted to register (or set as guest) ... This time he looses all cookies, doesn't he ?

Thanks a lot

If your cookies are wrong a guest session (anonymous) will be created and the cookies will be deleted.

Originally posted by FireFly
If your cookies are wrong a guest session (anonymous) will be created and the cookies will be deleted.
Thanks. Perfectly clear.

Originally posted by GsxrTony
Ok this is the first hack I tried to install. I was testing it with one of my mods, I changed his status to my banned profile. but when he tried to log out he just got an internal server error message. Now granted I am very new to this. I just edited the file in notepad, and then FTP'd the new member.php file in place of the old one, is there something I should be doing different.
@GsxrTony: your problem is VERY LIKELY because of one of these reasons:

1- You FTP'd the file as "bin" instead of ascii. FTP programs have two mods, choose to upload as a ASCII file not, BIN.

2- After uploading the file, CHMOD it to 755.

Regards,

Originally posted by voogru
Why not instead of a show_nopermission use a fake 404 error that way they think the site is down? another idea could be to make a certain usergroup just see 404 errors, just like the ban. the nthey think the site is down or something
This hack already exits (ie HELLBAN and its twins) and yes I found it (them) very useful too.

Originally posted by WizyWyg
Easily defeatable:

not saying that this isn't a good hack, I just think it outlived its useage.
I think you guys are missing something:

It's not this hack which introduced the cookie security system for banned users, it's the default vbulletin system. ;)

I've written that in my first message either: yes it's not 100% secure and people who know about vbulletin system or internet technologies can get around but I think we cant blame vbulletin either, because effective or not, it's the only security system for users who have dynamic ip.

So you may found this system ineffective but this has nothing to do with the hack itself, it's just the system vbulletin has. The hack only strengthens this system just a little bit, at least for ones who dont know how to pass it.

My 0.2 cents..

Regards,
Logician

Logician, good hack! Help me please. I need "cant logout" to 2 groups. How change code for this?

Sorry for my bad english :(

Originally posted by inetd
Logician, good hack! Help me please. I need "cant logout" to 2 groups. How change code for this?

inetd: it's already written in the original thread:
-- cut --
If you need to trap more than 1 usergroups use this line:

if ($bbuserinfo[usergroupid]==XX OR $bbuserinfo[usergroupid]==YY) {show_nopermission(); exit;}
-- cut --

So just replace XX and YY with your 2 usergroup ids..

Regards,
Logician

Just installed then and test banned one of my mods, worked just the way it should :)

Installed on 2.2.5

Originally posted by DWZ
Just installed then and test banned one of my mods, worked just the way it should :)

Installed on 2.2.5
DWZ Thx! I wish everybody would give feedback when they installed a hack especially if the author asked for it or if it's beta. This is a small hack and I knew that this was working but in the past I had released some beta hacks to get feedback about how the hack is doing in other people's board and I got none! So thx again for the feedback, it's appreciated! :)

Regards,
Logician

Logician, big thanks for this hack! You one of the best hackers!

Originally posted by Logician

DWZ Thx! I wish everybody would give feedback when they installed a hack especially if the author asked for it or if it's beta. This is a small hack and I knew that this was working but in the past I had released some beta hacks to get feedback about how the hack is doing in other people's board and I got none! So thx again for the feedback, it's appreciated! :)

Regards,
Logician

well i just installed this and its not working at all, i made a new accoutn and banned it, and had no trouble logging out and then viewing the board

dj- please post that hack u made, that would be great, or PM it to me, my board has been down alot latly for maintenece so they would suspect nothing :P

Originally posted by IceMalee

well i just installed this and its not working at all, i made a new accoutn and banned it, and had no trouble logging out and then viewing the board

There are some hacks that can have bugs or can have problems in some boards etc, but this is not one of them.. It's a very simple line of change and there cant be something wrong with the code because of its simplicity. I use it with no problems at all..

I would suggest you double check if you applied the hack carefully and correctly. For example are you sure you changed "XX" in the hack with the usergroupid and are you sure your banned users' usergroup id is exactly what you wrote for XX? Please double check..

Regards,
Logician

check that out, thats how i got it, its not exactly like yours, but in my member.php thats how that first part is, and i couldnt find any others that were just how yours is, so what should i do?

if ($action=="logout") {
$templatesused = 'error_cookieclear';
include("./global.php");
// Banned users cant logout hack if ($bbuserinfo[usergroupid]==09) {show_nopermission(); exit;}
// Banned users cant logout hack

Originally posted by IceMalee
check that out, thats how i got it, its not exactly like yours, but in my member.php thats how that first part is, and i couldnt find any others that were just how yours is, so what should i do?

if ($action=="logout") {
$templatesused = 'error_cookieclear';
include("./global.php");
// Banned users cant logout hack if ($bbuserinfo[usergroupid]==09) {show_nopermission(); exit;}
// Banned users cant logout hack
it's now obvious why it didnt work for you:

Between "hack" and "if" press ENTER, and make the line begining with "if" a new line. It should look like this:

// Banned users cant logout hack
if ($bbuserinfo[usergroupid]==09) {show_nopermission(); exit;}
// Banned users cant logout hack


It will work if you apply the hack as you see it in my code..

Originally posted by Logician

it's now obvious why it didnt work for you:

Between "hack" and "if" press ENTER, and make the line begining with "if" a new line. It should look like this:

// Banned users cant logout hack
if ($bbuserinfo[usergroupid]==09) {show_nopermission(); exit;}
// Banned users cant logout hack


It will work if you apply the hack as you see it in my code..

thats just how it looked after copy/paste, everything i did was just how u had it in the instructions

Originally posted by IceMalee

thats just how it looked after copy/paste, everything i did was just how u had it in the instructions
IceMalee, there are 3 lines in my original code, 2 in your code.

Technical Info: Lines begining with // are Remark/Comment lines in PHP and they are disregarded while the code is parsed. So line 1 and 3 are just comment lines which has nothing to do with the hack. The line that does the trick is line 2 and if you dont make it a new line (as in my code), it will be a part of comment line and will be skipped. This is what happened to you.

Anyway, does it work now?

Regards,
Logician

working now, i changed the 09 to just 9, and that made it work fine

thanks

Well I tried this hack and got to use it today. It took the user about an hour to figure out a way around it. All you have to do is register a new account when you get the error message...

Originally posted by PlurPlanet
Well I tried this hack and got to use it today. It took the user about an hour to figure out a way around it. All you have to do is register a new account when you get the error message...
You can:
1- Disable "new registrations if user has an account" setting in vb settings.
2- Use the hack that disables Register link if user is logged in. (dont remember the exact name)
3- Use this hack (https://vborg.vbsupport.ru/showthread.php?s=&threadid=38909) to track them..

As I said in the original message this hack cant stop expert users anyway but for a newbie it works well..

I seriously don't understand the people that complain that "it isn't working, my users can get around it in a matter of minutes!"...
First of all, Logician has already stated (quite a few times, might i add) that it's for n00bs etc. who don't have a clue as to how the system works.

YES, it's possible to go around it by using another browser
YES, it's possible to go around it by deleting your cookies

so? there will always be clueless people who don't know what struck them

You complain that 60% of your users know how to get around it?
Are you sure you wouldn't just want the other 40% back on your forums as well?

Logician: nice hack.
Simple, clean & pretty effective.
Keep it up :)

does this work without problems on 2.2.6 ?

Originally posted by Schorsch
does this work without problems on 2.2.6 ?
yep it works with 2.2.6 too..

anyone tried it with 2.2.7 ???? Code looks different than whats in the find field

if ($action=="logout") {
$templatesused = 'error_cookieclear';
include("./global.php");
vbsetcookie("bbuserid","",1);
vbsetcookie("bbpassword","",1);
vbsetcookie("bbstyleid","",1);

Anyone know if this hacks code needs to be altered to work in 2.2.7????

Thanks
DM

Originally posted by dm02
anyone tried it with 2.2.7 ???? Code looks different than whats in the find field. Anyone know if this hacks code needs to be altered to work in 2.2.7????

It works with 2.2.7 too.. Just add the hack code right after

include("./global.php");

damn......so even if they clear cookies and all references to my site they still cant log out?

If they clear the cookies, then they will be logged out. :) You can't prevent members from clearing their cookies.

Originally posted by ZiRu$
damn......so even if they clear cookies and all references to my site they still cant log out?
This would be impossible, wouldn't it? :) In fact I have an idea to still recognize them even they manually clear the cookies but well I haven't coded that hack yet, bear with me and my long to-do list.. ;)

Anyway it's as Erwin stated: This hack only stops users who havent manually deleted the cookies, from logging out so that they wont get guests right by logging out.. In other words it doesnt stop users who manually cleared the cookies but it at least prevents the vb to clear their cookies if they are banned..

Originally posted by okidoki
I seriously don't understand the people that complain that "it isn't working, my users can get around it in a matter of minutes!"...
Sorry if it sounded like I was complaining. I was just saying how easy it was to get around it, even for someone that doesn't know anything about clearing their cookies and such. It's a great idea and I've still got it installed today. I usually use it and a couple of the other banning methods whenever we have a problem user. Oh, and I did install the hack to remove the register link for users so it's not quite as easy to get around. :)

I think this hack is great! Plus this entire converstation reminds me about the news. The more you talk about it and how to do it, the more info you give to the bad guy! he he

Great job done m8. Can realy use this :0)

i wonder since .NET is going to be doing away w/ cookies will this make vbb more secure. if vbb started using .NET technology, and you have to use a "passport". cookies would be obsolete. hmmm....

Thanks, works great.

Craig

=/ I also have a temporary ban installed. How can I make sure they can't log out as well?

Hack:
http://www.vbulletin.org/hacks/index.php?s=&action=showhack&hackid=410

Today at 12:02 AM Koutaru said this in Post #58 (https://vborg.vbsupport.ru/showthread.php?postid=389599#post389599)
=/ I also have a temporary ban installed. How can I make sure they can't log out as well?

Hack:
http://www.vbulletin.org/hacks/index.php?s=&action=showhack&hackid=410
Right after my hack line add:

if ($bbuserinfo['banuntil'] > time()) {show_nopermission(); exit;}

:) Thanks Logican -- working here! Thanks

Today at 10:21 AM Koutaru said this in Post #61 (https://vborg.vbsupport.ru/showthread.php?postid=390749#post390749)
Error page for Page not found isn't working. The code seems to be okay:

if ($requested_template=="") {eval("standarderror(\"".gettemplate("error_notfound")."\");"); exit;}

It works for the // no page specified error. Just not the page not found error
wrong thread? If not, how did you come up with that code, it does not belong to my hack, does it? :glasses:

:ogre: I have no idea how I posted that here. I must have been half asleep ._.; posting at 2 am

Sorry Logican -- it was towards your webtemplates hack

nice

I really need this great hack for VB 3.

Is this possible?

MFG datainternet

I really need this great hack for VB 3.

Is this possible?

MFG datainternet
ok give me a day or two and I'll release it. This is a simple hack anyway. (Remind me if I forget!)

Remind, remind ^^...

MFG datainternet

VB3 version -> https://vborg.vbsupport.ru/showthread.php?p=490948#post490948