|
Quote:
A few problems here I have applied the modifications that were kindly supplied by xiphoid (cheers for those) Now when I go to view a thread, I am getting : Code:
Database error in vBulletin 2.3.0:Code:
Password protection enabled, yet no password was submitted. |
i have install the hack but dont work 100% beusoe if you test any work 8488 and real password was vb200325 and the user can com in the Protected Forums and can test any t and they can oben how ican fixe it and why dont work 100%
Thankes for helpp it is real cool hack if they work in the my from i need to the hacks very much |
Has anyone come up with a complete 100% working version of this hack yet ?
|
Quote:
and everyone else getting mysqp errors. put them in one at a time i was putting them in at the same time and getting the same error. but sucess every time putting 1 in at time |
Very very nice hack.
|
i have 2 problems with this
first is i can't change the password once its set or anyting else for that matter it just won't update those feilds Password protection enabled, yet no password was submitted. (Forum access can be gained by leaving the password field blank on entry.) Record updated! thats what it says when i try to update for some reason the password var is not being set and the second it would appear the once a user has a cookie you can access the forum without entering the pass and after the time out period i had mine set for 60 mins i waited 2 days and was able to get access any ideas for a fix?? |
Sorry everyone, I've been away for the past couple of months - now I'm back, and I've got a bit of time to fix any issues there are with my current hacks.
Is the modified version that xiphoid posted working fine? If so, should I update the original? |
i'd like to click install but i can't get it to work:)
|
Quote:
Cheers amp2000 |
For everyone getting errors similar to the following from xiphoid's update
Code:
Database error in vBulletin 2.3.0:Code:
The only difference is '$forumid' now has quotes around it. Hope that helps yas ;) Code:
But then again I've only installed the hack from xiphoid's 1.2 version so I dont know what the bug was with Shaolyen's 1.1 version. If someone can tell me how to reproduce the flaw I'll test it out & let yas know if it works. If anyone is reluctant to tell me how to reproduce the flaw will you pleeeez see does it work on the new updated instructions, ie v1.2, I need to know whether this is secure or not before I use it. This is a great hack Shaolyen, I'll be definitely clicking install if this works, thanks! |
Quote:
And the exact same here and if its register_globals on/off how do i turn them on/off ? |
Installed Xiphoid's fix with amp2000's changes and it still doesn't work.
I am still able to enter a bogus password, hit the back button and then refresh and you can get in... Any clues on how to fix this? |
Cheers for the fix amp2000
:) |
I have installed the 'fixes' but I can still get in without a password.
If you enter a wrong password you get a second chance to enter one, OK so far, but if you now hit the back button and then the refresh, bingo you are in ... |
same prob here. i did notice that no cookie was sent. so i'm guessing a null check might be needed???
anyone have an idea?? :disappointed: |
Quote:
|
Well that sucks, I was going to install this today :(
|
gonna test on 2.9..
|
works
|
has anyone managed to figure out a solution to the refresh to enter forum problem. I want to install this hack but cant if this problem exists as it wont take users long to find out the bypass :(
|
Indeed sounds like a nice hack, but no way if they can bypass it.
|
Thanks very much.
/me hits install |
if i click on the "go to last post" link next to the username who last posted, i get into the forum without a password.... my fault?
|
anyone having the same problem? please, this is kinda urgent :\
|
Quote:
those lines are actually still in the changes the txt file asks for ... once in showthread and once in forumdisplay ... I removed them and whatever I tried (backbutton etc) I couldnt get in at all without the proper password ;) and I dont know if those changes did it - but I get the password prompt when clicking last post button on forum index as well [high]* Frozen Dreams clicks install[/high] |
I applied this hack and updated it after I heard people were getting in without a password, and it still has the same problem...
One of the guys who is getting in says it hows it setting his cookies... Any ideas? |
well, i wouldn't recommend this hack, due to it's major security holes... i've uninstalled it.
|
Well, this sure doesnt work in 2.3.2 :disappointed: Does anyone know of something clse to this that will work with 2.3.2?
|
I think it will work with 2.3.0 some what. I'm not switching over to 2.3.2 =/ Only to 3.0.0 and up.
|
I am sticking with it, only a couple of users have worked out the bypass and the password is given out to members who ask for it (it is a slightly lame adultish forum) and it is really there to stop casual lurkers.
Hopefully 3 will be out soon enough and then it shouldn't be a problem anymore... |
Is there anything one could do to modify this hack so that it isn't possible to bypass the password ?
Regards. |
ok, i added
PHP Code:
PHP Code:
|
I installed this hack and i do not see anything in the admin cp. Any ideas as to what i did wrong?
|
^^the option to set a password is only avalible when you make a new forum, so when u make a new forum right where u set the name and permissions at the very bottom if u followed the instrucstions right it should be there
|
I just installed it on 2.3.2 and it works fine. Any forums that I really really need to keep people out of I use access masks for or make the forum hidden. Like someone else said, it works great to just keep out the casual lurkers.
* clicks install |
i installed this hack and it worked fine until we tried to add another forum. We're getting an sql error. Here's what we're getting.
Database error in vBulletin Control Panel 2.3.0: Invalid SQL: INSERT INTO forum (forumid,styleid,title,description,active,displayo rder,parentid, parentlist,allowposting,cancontainthreads,sponsorn ame,sponsorimg, sponsorurl,daysprune,newpostemail,newthreademail, moderatenew,allowhtml,allowbbcode,allowimages,allo wsmilies,allowicons, styleoverride,allowratings,countposts,moderateatta ch,security,forumpass,pastimeout) VALUES (NULL,'1','Temporary MOB','','1','4','41', '','0','1','','', '','30','','', '0','0','1','0',' s','1', '0','1','1','0','1','','60') mysql error: Unknown column 'pastimeout' in 'field list' mysql error number: 1054 Any ideas as to how i can fix this so we can add more forums? |
Uh did anyone fix the password exploit yet where you can input any password and you can still get in!? :confused:
|
Seems to be working with no problems on 2.3.3 using the file posted in #76 and the fix posted in #90.. I'm not able to bypass the forum password using the method discussed in this thread, and the forum password updates fine when entering a new one.
Could anyone point me in the right direction to make this mod work with this.? Currently the forum password protection can be bypassed by clicking on the title of the last thread shown on the forum summary. |
I would like to use this hack to keep an Asst. Admin from accessing a certain forum on a site I admin. Unfortunately since he has Admin CP access he could read the password. You mentioned in your first post about setting it up so the password have asterisks or another symbol to replace the password so it couldnt be read in the AdminCP.
How do I go about making this happen? |
ok can someone help me a little i am kinda new to this and was wondering how to run the queries
|
| All times are GMT. The time now is 04:20 AM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|