View Full Version : Password protect non vb pages (e.g. for admin pages)
This is not really a hack just a handy piece of code. You can use this to password protect individual pages. The username and passwords are taken from the vBulletin database.
Currently this is set to allow only usergroupsid 5 and 6 (admin and super moderators) through [example use as admin area protection]. This could be changed though to allow anyone through if registered, or for specific usergroups etc.
The code is in authvb.php
An example is give in authtest.php
Hope this is of use to some people. If there's some interest I'll tidy it up a bit.
!!!cyr0n_k0r
05-09-2004, 05:38 PM
suppose I have a directory of my site with videos in it.
would putting this hack on the page to download the videos prevent people from direct linking to them or downloading them in any other way?
suppose I have a directory of my site with videos in it.
would putting this hack on the page to download the videos prevent people from direct linking to them or downloading them in any other way?
No it wouldn't prevent that. This really only protects individual pages.
Zachariah
05-10-2004, 01:08 AM
thank you ! Great idea to make static pages w/ content seen by usergroups.
:banana:
/me Installs ..
dcevoclub
05-10-2004, 12:15 PM
i'm using it for this now... if i could only integrate all this stuff into vb
http://video.dcevoclub.com
maximux1
05-13-2004, 02:32 AM
This is beautiful in its simplicity.
I have integrated your vbauth hack into my Automated vBNews Programming Interface (AvPI) to allow only front page Administrators to be able to access the programmed articles administration page.
I was delightfully surprised to find that I was able to populate most of my fields based on the HTTP auth entry. Changed those text fields to hidden fields and greeted the user by name upon entry.
Great administrative tool - I can see lots more uses for this!
Thanks!
The Watcher
05-16-2004, 10:49 AM
Hi there
If a user logs into the HTTP auth protected area, is there a way to make them appear in the Online users list in vb?
Perhaps adding a superscript E at the end of their name to signfy that they are logged into an external page/area?
!!!cyr0n_k0r
05-20-2004, 12:13 AM
i'm using it for this now... if i could only integrate all this stuff into vb
http://video.dcevoclub.com
so it seems you have adapted this to do exactly what I want to.
The only problem is.. what is the people know the exact path on the server?
Will the htaccess STILL prevent them from accessing the directory?
!!!cyr0n_k0r
05-20-2004, 12:38 AM
rafe, Im not a php guru.. give some better instructions on how to install this hack.
evilTone
05-20-2004, 09:08 AM
// Check whether user belongs to certain usergroup 5 for supermoderators 6 for admins
$sql = "SELECT * FROM user WHERE username = '$PHP_AUTH_USER' AND (usergroupid = '6' or usergroupid = '5') "; $result = mysql_query( $sql ) or die ( 'Unable to execute query.' ); $num = mysql_numrows( $result ); if ( $num != 0 ) { $auth = true; }
anyone have a way to make this check for secondary groups like
(membergroupids = '5' or membergroupids ='16')
the above seems to work ONLY if the user is in 5 or 16 as their only secondary group, ie, if users secondary groups are = 5,11,13 then it fails
Oldfart
05-26-2004, 12:00 AM
Ok I am trying this hack on my site but I seem to be getting a Sql error. The password logon comes up on the screen but when you hit the ok button after putting your logins in I get this Sql error message.
Warning: mysql_connect(): Unknown MySQL Server Host 'u' (1) in /home/xxxxxx/public_html/vwar/includes/classes/class_db.php on line 95
-> Database Error: Link-ID == false, connect failed
-> MySQL Error:
-> MySQL Error Number: 0
-> Date: 25.05.2004 @ 20:56
-> Script: /vwar/war.php
-> Referer:
Any help would be appreciated.
Are we supposed to run any Sql querries installing this?
if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {
mysql_connect( $checkservername, $dbcheckusername, $dbcheckpassword )
or die ( 'Unable to connect to server.' );
mysql_select_db( $dbcheckbase )
or die ( 'Unable to select database.' );
maximux1
05-26-2004, 12:56 AM
Ok I am trying this hack on my site but I seem to be getting a Sql error. The password logon comes up on the screen but when you hit the ok button after putting your logins in I get this Sql error message.
Warning: mysql_connect(): Unknown MySQL Server Host 'u' (1) in /home/xxxxxx/public_html/vwar/includes/classes/class_db.php on line 95
-> Database Error: Link-ID == false, connect failed
-> MySQL Error:
-> MySQL Error Number: 0
-> Date: 25.05.2004 @ 20:56
-> Script: /vwar/war.php
-> Referer:
Any help would be appreciated.
Are we supposed to run any Sql querries installing this? It looks like you have the server set to "u" when more likely you want to set it to localhost.
if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {
mysql_connect( $checkservername, $dbcheckusername, $dbcheckpassword )
or die ( 'Unable to connect to server.' );
mysql_select_db( $dbcheckbase )
or die ( 'Unable to select database.' );
Whats the hostname of your mySQL server? Looks like it is currently set to "u" when you more likely want this to be "localhost".
Oldfart
05-26-2004, 01:27 AM
My db is set to "localhost"
I have no idea why this happens. I must be doing something wrong.
I put my db settings in the authvb.php and put the require('./authvb.php');
in the page I want to secure but whenever I try and access that page I keep getting the same MySql error.
Oldfart
05-26-2004, 06:03 PM
anyone have any ideas... I would like to get this to work on my site. ANy help would be appreciated. :)
// Check whether user belongs to certain usergroup 5 for supermoderators 6 for admins
$sql = "SELECT * FROM user WHERE username = '$PHP_AUTH_USER' AND (usergroupid = '6' or usergroupid = '5') "; $result = mysql_query( $sql ) or die ( 'Unable to execute query.' ); $num = mysql_numrows( $result ); if ( $num != 0 ) { $auth = true; }
anyone have a way to make this check for secondary groups like
(membergroupids = '5' or membergroupids ='16')
the above seems to work ONLY if the user is in 5 or 16 as their only secondary group, ie, if users secondary groups are = 5,11,13 then it fails
I'll look into this for the next version (sorry a bit busy right now), but I haven't forgotten this.
TheRayden
05-29-2004, 07:40 PM
Installed it, but I can't even access the page I protected. I've set to it allow 2 usergroups to enter, admins being one of them.
When i try to access the page, I get the username/password popup, but it doesn't reconise me.
ogetbilo
05-29-2004, 11:05 PM
what advantage does this hack have over an .htaccess password?
xeonkiller711
07-23-2004, 03:05 PM
Make sure on the authtest.php you change the authvb3 to authvb.php just in case you guys didnt change that. Thats the only thing I saw wrong with the hack :D Thanks for the hack!
misterfade
08-13-2004, 11:14 AM
I can't believe how easy this hack looks! I just installed it and it looks fantastic. I did add a few extra usergroups (for my purposes), so it would be like this:
usergroupid = '2' or usergroupid = '5' or usergroupid = '6' or usergroupid = '7'
Just in case anyone wanted to know how to add extra usergroups.
*clicks install
Code Monkey
08-15-2004, 11:56 PM
If you have a newer version of PHP which disables global var tracking (a good thing) then replace $PHP_AUTH_USER with $_SERVER['PHP_AUTH_USER'] and $PHP_AUTH_PW with $_SERVER['PHP_AUTH_PW'] and you should be good to go.
Code Monkey
08-16-2004, 12:19 AM
Also, it would be easier to change user groups if you had something like this.
$usergroups = '2,6';
$sql = "SELECT * FROM vb_user WHERE username = '".$_SERVER['PHP_AUTH_USER']."' AND usergroupid IN ($usergroups)";
jblackburn
08-22-2004, 11:44 PM
I was happy to get this working, but then found that if you come in via a forum login and then move to the page protected with the script, it prompts you for username and pw. Shouldn't it know that you are already logged in?
Mr. HillBilly
08-22-2004, 11:48 PM
Anychance of making the script require login to download stuff?
sketchy
10-22-2004, 08:17 PM
Hi,
i have downloaded this hack & when i go to log in it just reappears with the log in box.
My MySQL info is correct & i am linking to the correct file & im entering the correct details...
Help :(
Rick
freeshares1
10-28-2004, 04:13 PM
works great thanks:)
freeshares1
10-28-2004, 04:51 PM
the only problem is that i can not get it to work with secondary usergroups only primary is this possible?
I'm trying out a program - Webscriber (http://www.namesuppressed.com/products/webscriber/) which creates an easy subscribe/unsubscribe page for email-lists.(list with check-boxes)
I'm using this with ezmlm,.(by entering ezmlm announcement list addys in the Forum Manager - rcv all new posts) for memers of our forum who want the ability to subscribe/unsubscribe to `Receive all Posts per Forum'
Basically I need the Webscriber page accessible only to members...
Will this do it?
Thanks,
Mark
mikeycuk
01-19-2005, 10:51 PM
Hello,
I have a problem with the script. I had it working fine with VB2 but when I upgraded to VB3 it doesn't seem to work. It keeps on asking for my login details and after 3 attempts tells me that Authorization is required lol.
Can anyone shed any light on what I am doing wrong?
I have also tried the suggestion by JumpD but that made no difference
Thanks in advance
Chrisqo
05-29-2005, 01:41 AM
I might of made an idiot of myself but I don't know much about this kind of thing... I get this.
Warning: main(./authvb3.php): failed to open stream: No such file or directory in /**/local/home/**/**/authtest.php on line 1
Warning: main(./authvb3.php): failed to open stream: No such file or directory in /**/local/home/**/**/authtest.php on line 1
Fatal error: main(): Failed opening required './authvb3.php' (include_path='.:/usr/local/lib/php') in /**/local/home/**/**/authtest.php on line 1
ZGeek
08-25-2005, 12:10 AM
Does anyone have this working on 3.0.7?
rcull
08-28-2005, 03:16 PM
This is along the line of what I wanted, although I didn't quite get it to work. I got as far as:
The information you entered does not match our records.
I guess it isn't quite contacting the correct table, but I can't quite figure it. I tried the change suggested by JumpD in post #20, it brought up errors on the lines changed.
It seems to only give you one chance at giving the correct information and then you must open a new window to attempt to access the directory again.
abalto
03-02-2006, 01:41 AM
Very nice! Thanks!
s.blair
06-14-2006, 10:06 PM
Does this work with 3.5.4? How hard to get it working with secondary usergroups instead of primary?
Avalon111
09-16-2006, 04:11 PM
tested with vbulletin 3.6.1
not working.
i enter username and password and always get back the login popup.
vBulletin® v3.8.12 by vBS, Copyright ©2000-2024, vBulletin Solutions Inc.