OK, my first "hack"!

I created this because I want to have security and logins for my sites non VB pages but don't want two logins, one for the site and one for the forums.

There are other hacks that do the same thing, but this one is different.

1. It creates a PHP session, which means when the user closes the browser they will have to login to the site again later. It doesn't access the VBulletin cookie at all.

2. The user is prompted to login on any page you include this on, once logged in they are taken to that page minus the security.

3. No modification to the VBulletin code.

4. Uses the VBulletin user table so any information in there can be used, like welcoming them on all pages with their login name or telling the user who they are loggin in as.

5. You can block poeple based on their VBulletin user group! That way only certain user groups can see the rest of your site.

6. RUNS ON WINDOWS 2000 AND IIS!!!!!!

Let me know how you like it!

I haven't installed it yet but I am looking to, thanks!

Screenshots, demo's, anything to show us why this hack is different than so many of the other security hacks?

:banana:

Originally posted by Velocd
Screenshots, demo's, anything to show us why this hack is different than so many of the other security hacks?


Not to seem antagonistic here, but why should the burden of proof fall squarely on the shoulders of MT_100 ? I see this sort of post here all the time -- someone makes a hack and releases it and invariably someone else comes along and "challenges the legitimacy" of that hack.

Variety is the spice of life. Maybe MT_100's code is just cleaner than the rest ... maybe his/hers is the one that works best with Microsoft web servers ... maybe it was created without harming any laboratory animals. Who knows! :D

Nice:)

Satan

I doubt it is cleaner, I'm certainly not a pro, but it works.

I saw a great hack for Apache on Unix/Linux with .htaccess that did the same thing and loved it, use it on one of my servers.

I just wanted one that would work the same on IIS, so I made it and wanted to share it.

I did forget that you need to put a file called connect.php in the same folder with membercheck.php with your server connection varioables in it, or hardcode them into membercheck.php.

Later folks, enjoy.

Originally posted by mt_100
I doubt it is cleaner, I'm certainly not a pro, but it works.

I just wanted one that would work the same on IIS, so I made it and wanted to share it.


Thanks for releasing it. As an IIS person myself, I can assure you that it will come in handy for several of us in the VBulletin community.

The thing that irks me is how some people essentially spit in the face of generosity by expecting a coder to justify the worthiness of his contribution. People are here sharing their code, tricks and tips -- for free. Why look a gift horse in the mouth? ;)

Thanks:D

Sorry for the comment earlier, until I actually looked at the code I didn't realize it was so simple enough it didn't need screenshots. I have a dull imagination when it comes to hacks that I'm usually not sure what they do before I install, so I tend to need some visuals.

Well, to install it.

1. Create a file called connect.php and define the connection variables. Here is an example:

<?
// Variables that are used are the following
// $DB_SERVER : Name of MySql server by default "localhost"
// $DB_USER : User name taht is used to connect to MySql
// $DB_PASS : User password for MySQL conenction
// $DB_NAME : Name of database to use

$DBSERVER = "yourserver here";
$DBUSER = "DB User Name Here";
$DBPASS = "DB Password Here";

?>

2. Put the membercheck.php file in the folder with connect.php

3. Put an include for membercheck.php at the top of each page you want to secure.

4. Done!

Originally posted by mt_100
I saw a great hack for Apache on Unix/Linux with .htaccess that did the same thing and loved it, use it on one of my servers.

I just wanted one that would work the same on IIS, so I made it and wanted to share it.

Hi mt_100

This may not be a good question but i have to ask!
Will this hack work on Apache or is it strictly IIS???

If not, can you point me into the the other hack that inspired you to create this one!

This hack is server independant, I use it on my IIS and Apache servers and it works fine.

thanks mt_100, i will give it a go soon!

looking forward to it! will click install when i get around to it!

Also, will it work on 2.2.8???

This doesn't work for me =\

Yes there is a problem for some. The solution is to change all the lines that read ECHO that are HTML to just HTML and put the stop PHP and Start PHP parkers before and after them. I will send the new file as well.

Here is the new version, should work for you.

Where should an include to membercheck.php go and is the the correct code we are adding to our html pages:

<? php include('membercheck.php'); ?>

We are not having any luck getting this hack to work and you please advise.

That is the correct code to work, so no problem there.

What version oh PHP are you using?

Also, is the register_globals setting turned on in the php.ini file?

Try to rename the file you are including it into .php instead of .html.

Also, make sure you have a file called connect.php in the same folder as the membercheck.php file defining the $DBSERVER, $DBUSER, and $DBPASS variables or change them in the membercheck file.

Also be sure you have the second version of the file listed in the post, the first didn't work for everyone. Let me know if this works.

Thanks.

After logging in, I get this message:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /var/wwwroot/websites/www/admin/memchk/membercheck.php on line 47

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/wwwroot/websites/www/admin/memchk/membercheck.php on line 52

The rows:
47: $row = mysql_fetch_array($result);
52: if (mysql_num_rows($result) > 0)

Need some serious help here, because off php/mysql n00bnes :)

Take a look at my post just before yours and make sure those items are satisfied. It looks like you don't have a connection to the DB so be sure to check your connect.php.

Yeah, I checked it all, and I do have a connection to the data base, because if I enter wrong information I get an 'Access Denied'.
One thing I'm wondering about is that you don't use $DBNAME in membercheck.php. Why is that? I need it, I guess because I have more then 1 database running on the server...
Could you please give me the code that uses $DBNAME? Or is that not the problem??


EDIT: I found mysql_select_db("vbulletin", $db_conn);
Replacing "vbulletin" with my databasename does the trick! Yeah! :)

Hey buddy,

A friend edited your version for me and I think you might like this, so I post it for you;

// Additions: //
// - Allow only users from specific groups //
// - Return to the wanted page after successfull logon (redirect) //
// - Set the databasename using $DBNAME //
// - connect.php is no longer needed! //Also, he wrote a short installation instruction.

Bytheway: It works great now! ;)

The database is selected in line 41 of the file, so that shouldn't be the issue.

This is the error I get

Warning: Cannot send session cookie - headers already sent by (output started at /home2/mmdclab/mmdclab-www/phptests/index5.php:4) in /home2/mmdclab/mmdclab-www/phptests/membercheck2.php on line 58

Warning: Cannot send session cache limiter - headers already sent (output started at /home2/mmdclab/mmdclab-www/phptests/index5.php:4) in /home2/mmdclab/mmdclab-www/phptests/membercheck2.php on line 58

I am not sure what to fix to get this going?

we got the script working now we just have one little problem to overcome. The script takes them to the wrong page. Here is the senario:
Page A > Page B

We have a link on page a to go to page b which we want to protect. So of course the form comes up and says login- (works great so far) Then when you log in it takes you to Page A in stead of showing you Page B.

The think is when you click back on the link to go to page B it all works great. So for some reason it isn't taking us to the right place.

Any ideas?

That is odd that is is going to the wrong page. Let me run through a few things and see what I can come up with.

Hey, thatnks for the additions, glad to know my code is liked and I appreciate the additions to it.

Let me know if anyone is still having problems. I have been on the road a lot like a traveling fool and have lost track of a few things and do not want to leave anyone hanging.

Thanks everyone.

I have a question about this. You state certain user groups can be allowed to view it only. I'd like admins to be the only people able to enter through this membercheck portal thingy password thingmajigger ;) How can I do that? I see a code line in it that is obvious but.. could you toss an example please? Say only allowing admins to enter?

04-24-03 at 07:41 AM Jujimufu said this in Post #27 (https://vborg.vbsupport.ru/showthread.php?postid=386295#post386295)
I have a question about this. You state certain user groups can be allowed to view it only. I'd like admins to be the only people able to enter through this membercheck portal thingy password thingmajigger ;) How can I do that? I see a code line in it that is obvious but.. could you toss an example please? Say only allowing admins to enter?

Change this:
if ($usergroupid!=1 and $usergroupid!=3 and $usergroupid!=4 and $usergroupid!=9 and $usergroupid!=11)
to this:
if ($usergroupid!=1)

Assuming 1 is the admin group id.

Great hack MT_100 and great mod WouterW (using yours :) ).

This is a great hack, and I am gonna make a non vb (just using the user table) members area login page with this :D

By the way, anyone interested adding a logout? I know it could be done, and I am trying to come up with something.

Here is my logout file.

awesome man! Thanks a ton!

and I am running into some problems here, I cant display any info about the logged in user, like their name or anything. I tried in some method ut none of them worked....any help? thanks.

Edit: After logging in, when I click on the logout link, the logout page says it couldnt log me out because I am not logged in :(

Make sure you have sessions turned on in your PHP file as well as register globals and I think you may need short tags to unless you change them.

That could be why you can't display the user info. To display the username I just echo the $valid_user variable.

Everyone, use WouterW's edit to the hack. It works great :D Thanks MT_100 and WouterW