It checks what you enter directly with the password in the database.

To hack in, you'd need to have access to the database.

so what's the major glitch, access to my database is restricted to localhost

Here's a little more info on how this works.

Whenever $forumid (and often $forum[forumid]) has a value, it runs a query which checks to see if security is enabled for that particular forum. (The security field in the "forum" table.)

If security is enabled, it will check to see if a cookie exists for that forum containing the password. If there's no cookie with a correct password, the user will be directed to a page where they can enter the password.

The password they enter is then checked, and if it matches the one in the database a cookie will be deployed. (And the whole process will start again, but this time the user will be forwarded to the forumdisplay page.)

The same applies for the code in showthread.php. :)

The glitch I left in was this line of code (in two places) which gives access to the forum on the second incorrect attempt.

I've deleted it and updated the instructions.

The security is pretty rock solid.

OK, removed those lines,

it works like a dream, thanks Shao :)

but, what is the difference between the security levels?

Regular is normal, just like a regular forum. (Not password protected).

Password protected is password protected.

:)

that's pretty easy :) Thanks for the help :)

WOW this is a nice hack.
/me installs.
If there was a Hack of the Month, I'd definately vote this hack for it!
Well done!
*Tests it and stuff O.o*

Dave.

wow very cool hack ;) ;) ;)

Excellent hack - i hope this one works because a similar hack was released by one of the vbulletin-germany team with a bug that allows people on online.php to view a thread in a password protected forum... might want to see if that bug is present here?

Regards and nice hack!

- miSt