vb.org Archive
Page 4 of 4 « First 23 4
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.0 Beta Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=34)
-   -   HTTP Basic Authentication against vB-Accounts (https://vborg.vbsupport.ru/showthread.php?t=61507)

Bison 11-23-2004 03:47 AM
Quote:
Originally Posted by AN-net
wow great hack!!! wish i had root access :(
There is a hack like this that doesn't require root access and written in php. I think I have it somewhere on my PC.

EDDIE! 11-29-2004 03:19 AM
I really need help ASAP. I uploaded this to my server and when I go to my site, I got the following error:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>

<head>
<style>
a:link {font:8pt/11pt verdana; color:red}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<meta HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
<title>HTTP 500 Internal server error</title>
</head>
<script>

function Related(){
userURL=document.location.href;

//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.

BeginURL=userURL.indexOf("#",1) + 1;
CurrentURL=userURL.substring(BeginURL,DocURL.lengt h);

//Build the query
RelatedServiceURL="http://related.msn.com/related.asp?url=";

//Perform simple check for Intranet URLs
//this is where the http or https will be, as found by searching for :// but skip res:
protocolIndex=userURL.indexOf("://",4);
serverIndex=userURL.indexOf("/",protocolIndex + 3);
urlresult=userURL.substring(0,serverIndex);
if (protocolIndex - BeginURL > 7)
urlresult=""

//Check if Intranet URL - then open search bar

if (urlresult.indexOf(".",0) < 1) userURL="Intranet URL";
finalURL = RelatedServiceURL + encodeURIComponent(userURL);
window.open(finalURL, "_search");

}

function Homepage(){

// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm

//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.location.href;

//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);

//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);

//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);

//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);

// Security precaution: must filter out "urlResult" and "displayresult"
forbiddenChars = new RegExp("[<>\'\"]", "g"); // Global search/replace
urlresult = urlresult.replace(forbiddenChars, "");
displayresult = displayresult.replace(forbiddenChars, "");

document.write('<A target=_top HREF="' + urlresult + '">' + displayresult + "</a>");
}
function doSearch()
{
saOC.NavigateToDefaultSearch();
}

function initPage()
{
document.body.insertAdjacentHTML("afterBegin","<ob ject id=saOC CLASSID='clsid:B45FF030-4447-11D2-85DE-00C04FA35C89' HEIGHT=0 width=0></object>");
}

</script>


<body bgcolor="white" onload="initPage()">

<table width="400" cellpadding="3" cellspacing="5">
<tr>
<td id="tableProps" valign="top" align="left"><img id="pagerrorImg" SRC="pagerror.gif"
width="25" height="33"></td>
<td id="tableProps2" align="left" valign="middle" width="360"><h1 id="errortype"
style="COLOR: black; FONT: 13pt/15pt verdana"><span id="errorText">The page cannot be displayed</span></h1>
</td>
</tr>
<tr>
<td id="tablePropsWidth" width="400" colspan="2"><font
style="COLOR: black; FONT: 8pt/11pt verdana">There is a problem with the page you are
trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td id="tablePropsWidth" width="400" colspan="2"><font id="LID1"
style="COLOR: black; FONT: 8pt/11pt verdana"><hr color="#C0C0C0" noshade>
<p id="LID2">Please try the following:</p><ul>
<li id="instructionsText1">Open the <script> Homepage();</script> home page, and then look for links to
the information you want. </li>
<li id="instructionsText2">Click the
<a xhref="javascript:location.reload()" target="_self">
<img border=0 src="refresh.gif" width="13" height="16"
alt="refresh.gif (82 bytes)" align="middle"></a> <a xhref="javascript:location.reload()" target="_self">Refresh</a> button, or try again later.<br>
</li>
<li ID="instructionsText3">Click <a href="javascript:doSearch()"><img border=0 src="search.gif" width="16" height="16" alt="search.gif (114 bytes)" align="center"> Search</a> to look for information on the Internet. </li>
<li id="instructionsText4">You can also see <a onclick="Related();event.returnValue=false" href="">a list of related sites.</a>
</ul>
</p>

<p><br>
</p>
<h2 id="ietext" style="font:8pt/11pt verdana; color:black">HTTP 500 - Internal server
error <br>
Internet Explorer </h2>
</font></td>
</tr>
</table>
</body>
</html>

I tried editting the .PM file, but that doesn't work. If anyone can help me, please let me know ASAP.

Andreas 01-24-2005 12:28 AM
Quote:
Originally Posted by my username
HTTP basic auth. (http://www.ietf.org/rfc/rfc2617.txt) sends the password in clear text for every HTTP-request made to the server (when using cookies you're at least able transfer a hashed version of the password for each request)...this is why the W3C tell you NOT to use HTTP basic auth.
I know that.
But unfortunately, using digest authentication is not an option, because then we will get md5('Username:Real:Password').
But in the user table there is only md5(md5'Password') . $salt).

Quote:
Why not just include/require global.php in the scripts that are "off-forum"?
If you want to protect files there is no script.
The only way to do so would be to keep files out ot document root and use a script to read them.

What I am currently thinking of is a new Apache authentication module which checks the sessionhash (or bbuserid bbpassword) cookies, and if the are not valid redirects to login.php.

Carnage 01-26-2005 10:38 AM
Quote:
I know that.
But unfortunately, using digest authentication is not an option, because then we will get md5('Username:Real:Password').
But in the user table there is only md5(md5'Password') . $salt).
well... could you not store using another script MD5(username:realm:password) ?

If you had a link somewhere so that users can request access to secure areas and you asked them to put in their username and password into a form then used the MD5 javascript from vb3 to send:

username
MD5(password) //for checking its the same as their forum password and is the same user...
MD5(Username:realm:password)

Crazy Serb 05-24-2005 04:24 AM
any update on this? I don't have root access, and I'm looking for a way to protect directory full of non-html/php files, and make it accessible only to certain usergroups... damn, how hard can that be?

sensimilla 03-29-2007 02:24 PM
Im bumping this thread because I am in need of this hack.

Is there any chance to release it for vbulletin 3.6 ?

Thanks in advance.

mhmd1983 04-13-2007 07:39 AM
Quote:
Originally Posted by sensimilla (Post 1215309)
Im bumping this thread because I am in need of this hack.

Is there any chance to release it for vbulletin 3.6 ?

Thanks in advance.
Yes me too , let me say its a very important hack to all paid forum owners ..


All times are GMT. The time now is 06:21 AM.
Page 4 of 4 « First 23 4
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01167 seconds
  • Memory Usage 1,753KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (7)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete