Simple vB User login and access control on non vB pages
 

Hack Description

This is a cutdown version of the user authentication and access control system I use on the non vB pages on my website.

This uses the vB 3.5 login system to log you in and out. It allows you to move between your forums and other pages on your site while remaining logged in.

It allows you to do things such as restrict pages by usergroup, display different content depending on a user being logged in or not.
For example, you can have banner Adds displying to non members only, and/or let members access to specific content.

Ive cut it down to the bare minimum that it needs to work, no fancy stuff such as avatars, PM's, or even formating.

I will try and offer support, but work and family commitments mean I dont have much free time.

This code is a mix of my own, and pieces I have used from other hacks that are floating around.

This script has been confirmed as working on

• vB 3.5.x - All Versions

Changelog

Version 1.30 (24th April 2007)

• Fixed - // in paths bug
• Fixed - Javascript warning in some browsers
• Fixed - Tidied up some code

Version 1.20 (2nd December 2006)

• Fixed Logout incorrect path bug
• Made change to reduce compatibility problems with foreign scripts

Version 1.10 (4th Feb 2006)

• Changed login_inc.php so you only need to edit path in one place now.
• Added more commenting to login_inc.php
• Added usage instructions to instructions file
• Added troubleshooting guide with all common problems and fixes to instructions file.

Note: It is NOT necessary to update from 1.0 to 1.10.
There is no functionality changes or bug fixes between these 2 releases.

Version 1.0 (17th November 2005)

• Initial Release

Deluxe Version of this hack is now available
Has Avatars, PM's, Number of Posts etc.

Click Here


Click on Install
If you have this script installed then please click on the install link because;

• You will get notified if any security issues are reported.
• You will get notified when there are any upgrades to this script
• It gives me a warm fuzzy feeling and motivates me to develop more :)

Donations
First of all, to be clear. This script is 100% free.

However if you feel an urge to donate I'm not going to say no. :)
Donations can be made at http://www.billspaintball.com/vb3/bd_donate.php

Edit: This usage and trouble shooting guide has been updated as of 24th of April 2007


Usage

The hack is pretty useless without some usage instructions so here they are.

We can use conditionals to hide or display depending on a number of things such as
Logged in or out status,
or restrict to members of a specific usergroup.

We do this by using conditionals in php tags where the normal content of a webpage would go.


If you want something only accessable to a certain usergroup, use this code in your webpage. This example is only visible to members of usergroup 6.
You can use a simple variation of this to restrict entire pages to a certain usergroup.
For example,
You can of course use multiple usergroups by just modifiying the if statement a little.
For example:

Another use is to display different content to users depending on if they are logged in or not. For example
Another use is to restrict advertising to people who are not logged in.
For example
Of course you can play around with conditionals to do a whole range of things, these are just brief example snippets.



Troubleshooting

If your reading this chances are you are having problems.

Here are some common causes and fixes.

1. Headers already sent or cookies already sent errors. Chances are that there is something, even just a space before the 4 lines of code in part 1. Edit this and ensure that there are no spaces before it.
   
   
   
2. Path problems are the next biggest problem. Your paths must be exact else it will not work. Double check that all paths are correct.
   If you are unsure what the path is place the following code in a page all by itself.
   
   PHP Code:

   ---

   <?php 
echo getcwd(); 
?>

   ---

   Name this file something like path.php then upload it to your website, browse to it and it will show you the exact path to your sites root.
   
   
   
3. Appears to login ok, but wont show you as logged in
   Often caused by the vB cookie path setting.
   To fix log into you vB admin area;
   
   Code:

   ---

   AdminCP -> vBulletin Options -> Cookies and HTTP Header Options -> Path to Save Cookies

Change

'Suggested Settings' dropdown from '/forums/' to '/' or 'yourdomain.com'

   ---

   
   
4. Subdomains and cross site logins
   This is a known issue with many scripts (not just this one), sometimes fixable sometimes not. Its caused by vB, PHP and your hosts security measures.
   
   First change your "cookie domain" settings.
   vB Admin > Control Panel > Cookies and HTTP Header Options > Cookie Domain
   Change it from being blank to
   
   PHP Code:

   ---

   .yourdomain.com 


   ---

   You may need to set a post referrer in your whitelist.
   vB Admin > Control Panel > General Settings > Post Referrer Whitelist
   Instructions on what to enter are listed where you change this setting.
   
   That should fix it if your forum is a subdomain.
   
   If that fails then,
   Open your /forum/login.php file and look for this code:
   
   PHP Code:

   ---

   error_reporting(E_ALL & ~E_NOTICE); 


   ---

   Below that add
   
   PHP Code:

   ---

   define('SKIP_REFERRER_CHECK', true); 


   ---

   Now save this and overwrite the file on the server with this one.
   
   A further reported work around is to make a copy of the required Forum Forum files on your second Server. Then you must set in the config.php on the second server to use the ip of the server with which the VB-Database is running.
   
   
   
5. 404 Error on expiring passwords
   Cause - When redirected for expired password you are redirected to the directory that your login script is located in, not your forums root.
   
   Fix - Edit phrase called
   Code:

   ---

   passwordexpired

   ---

   Your current phrase should be
   
   Code:

   ---

   Your password is {1} days old, and has therefore expired.<br />
<br />
Please change your password using <a href="profile.php?{2}do=editpassword">this page</a>.

   ---

   change it to
   
   
   Code:

   ---

   Your password is {1} days old, and has therefore expired.<br />
<br />
Please change your password using <a href="../forums/profile.php?{2}do=editpassword">this page</a>.

   ---

   where ../forums/ is your forums directory.
   
   
   
6. Still got problems?
   It may be a conflict with somthing already in your site.
   To check this we can just make a simple page.
   Call it test.php and use just this code in it.
   (Make sure there is no whitespace before the 1st line)
   
   PHP Code:

   ---

   <?php
$curdir = getcwd ();
chdir('/path/to/your/forums');
require_once('/path/to/your/forums/global.php');
chdir ($curdir);
?>
<html> 
<body> 
This is a heading<br /> 
This is some more stuff <br /> 
And another line<br /> 
You get the idea<br /> 
Just place stuff as you normally would with HTML<br /> 
I use CSS to style and position on my site fwiw<br /> 
<br /> 
How about we put the login box right under here?<br /> 
<br /> 
<?php 
    require_once('/path/to/your/login_inc.php'); 
?> 
</body> 
</html>

   ---

   Naturally, change paths to fit your forums, then upload it.
   Browse to it and run it.

Thanks, I'll test it out!

I know this is proabably a dumb question, but I am not technical. Does the basic web page have to be set up as a .php page or can this be used in an html page?

Yes the webpage must be a php page else it wont work.

You can of course have HTML and PHP mixed on the same .php page, PHP is only parsed if its inside the <?php ?> tags. Outside of these, normal HTML will work as normal.

Great work!

Great work, thanks you.

hmmm why do i get

Warning: chdir(): No such file or directory (errno 2) in /home/site/public_html/site/index.php on line 2

i've entered the path to the forums, full url and just /forums/ but still same error

Edited:

Thats the same error message I get if I change the path to my forums so that its incorrect.

Double check the path to your forums.

Edited again:

I've added information to the opening post on how to find the correct path to your forums.

ok after i login it brings me back to the login page with the form. isn't it supposed to recognize you're logged in?

Yes it is supposed to recognise when your logged in or out.

See these 2 pics to see what it should show when you are logged in or out.

I would suspect it may be a cookie / cached files / browser security issue.
In you browser settings, try deleting temp internet files and cookies.

i think it's because i use my domain for my site, and a sub domain for my forums, that's the feedback everyone keeps telling me, any way around this problem? besides and iframe.

got a little java-error in there... any ideas? script runs fine so there is missing a "(" on line 9 (read via right-mouse-click) while showing login-form... yellow sign left bottom... error... page shows up correctly but an java-error occured in the background...

Ive read about other scripts having this issue if one of them was in a diffrent subdomain.
Im not sure if they ever found a solution, but I will look.

If you want PHP to work in your .html pages, and if you are on apache server you can make your server to parse php scripts in your html files. Insert this code in your .htaccess file, to make php work in .html files:

A demo of this parsing is here: http://www.photoshopcity.com/content...ml?parent_id=7. See those ?parent_id vars... :).

no java-errors? anyone? mmh... :(

Im not geting that error in either IE or Opera.
Anyone else getting it?

thx. i will try to do the whole thing again, perhaps i crushed some code, as i changed the paths.....

I am getting the error

Line: 469
Char: 1
Error: Expected '('
Code: 0

And I think I narrowed it down to this line:
It has to be this though
onfocus=if (this.value == '$vbphrase[username]') this.value = '';

Does anyone know what that does?

Well, I have removed the line, and no problems. I would like to know what it does though.

I cant see how the script causes that error.

I think that there is something else on your page, that in combination with the script produces that error.

Note for people having problems with Paths.

Put the following code on a page all by its self.

Name the page something like findpath.php and place in your forums root directory.
browse to the page and it will display the exact path to your forums root.

If I do the above, I get the following: /home/racett56/public_html/forums

I think I'm having path problems. Can you post up a little tutorial on directorys and the chdir command?

I can get the page to load without any errors but it never shows me as "logged in". It always presents the login prompts as if I'm not logged in. If I use the prompts to login, the vB welcome screen briefly displays then shows the login prompts again.

1st, in the file login_inc.php ensure that you have changed the 4 paths so that "www.yoursite.com" refers to your domain.

Then on the page you want to include the login use this code:
Note: This assumes on the 4th line that you have placed the file login_inc.php in your websites root directory (that is where you would have index.html or index.php)

Hope this helps.

The file with the access control code in it is located in '/home/racett56/public_html/rtdb'. I simply added the three lines to the begining of an existing non-forum related .php file.

The login_inc.php is located in '/home/racett56/public_html'.

The forums are located in '/home/racett56/public_html/forums'.

I changed everything to what you suggested and I still get the same thing as before. The login prompts appear at the top of the screen when accessing the .php file. If I fill in the prompts and hit 'Log in', the vBulletin welcome screen appears for a second or two. Then it takes me back to the exact same screen with the login prompts at the top. It seems like this $vbulletin->userinfo['userid']!=0 is false even after I login.

BTW... thanks for the fast response!

If I move the access controled file to the forums directory, it works fine. What do I need to change to get it to work from another directory?

I fixed it. Here's how:

AdminCP -> vBulletin Options -> Cookies and HTTP Header Options -> Path to Save Cookies

I changed the 'Suggested Settings' dropdown from '/forums/' to '/'

I keep getting

Unable to add cookies, header already sent.
File: /home/shadowl/public_html/v3/index.php
Line: 17

I've tried clearing cookies, cache etc, nothing changed, any ideas?

You need to remove all lines or spaces before these block of code.
It must go at the very top of the page.

Thanks alot! That fixed it, but how do I display the form wherever I want on the page? It's now above the banner :S

EDIT: Nvm got it

Thank you thank you thank you! This mod was exactly what I was looking for!

BTW, does the login_inc.php need to be at the top of the page? It might cause problems ("headers already sent errors") for some since it echos output to the browser before the opening <html> tag.

Doh!
Your right.
Login_inc.php is the actual login box and should be placed on the page where you want the box, not in the header.

Ive been going to revise it with a simpler version (only one line to edit in the include so I will change the instructions then as well.

Nice one ;)

Does it actually work across domains?
I tried to implement it on my site www.sw-eaw.de in order to restrict users which are not registered on the forums on www.cncforen.de from commenting news and using the shoutbox.

So I made a test with a simple php which only calls the include_inc.php.
After editing the vB Setting for the referer white list I was able to send POST data from one to the other domain.
And after filling in my login details the script redirects me to my forum homepage. (I assume I will have to edit login.php around line 120 (redirect) and ask for the referer before redirect is called so I can switch between forum login and site login redirect?)

When I call my loginscript again it will keep on telling me I'm not logged in and presents the login form.

Any ideas?

It is due to some new security precautions added in vBulletin to prevent POST requests from other domain names from being sent to your forums.

Ive only seen this fix elsewhere and havent tried it out myself yet.
Let me know if it works so I can add it to the instructions.

Open your /forum/login.php file and look for this code:
Below this add;
Save and upload the file.

Thx for the answer... ;)
...but the problem is vice versa....
I can actually send POST data to vBulletin.

Here's what's happening when i call the modification from sw-eaw.de:
The form appars and after I click 'Login' it redirects me to the forum and I'm logged in.
But calling the .php again (on sw-eaw.de) will show the form instead of stating that I'm now logged in.

Directory structure on the server is like this:
/var/www/[domainname]/
and there's the document root for apache for each domain.

Try this fix from here:
https://vborg.vbsupport.ru/showpost....1&postcount=27

That won't help as the forums are in / already and sw-eaw.de is not part of the DocumentRoot of that particular VirtualHost but an own one.

So I would need to set the cookie path to a directory above which then would be /www - and that's not a part the Apache can work in....

I got a problem i did what you said in the instructions.txt file right and what happens is when i check my file and it only shows at the top so do i put the code below to where i want it on the page or will i use the code from login_inc.php in the page?

For all those with the problem i had(not sure if posted up in here) but remove the line that points to login_inc.php and then paste your login_inc.php code into the pages. Only have one problem. I hit logout and it doesnt log out

I have a CSS Document for the login box but how would i use it for the login boxes with this code?

EDIT Another Problem: I tried to see if it would work if i deleted cookies but i try logging in it logs me in but it shows the login box so im sorta back where i started.

My Problems helping for support
Doesnt log me out when i hit logout
When delete cookies it logs me in on forums but doesnt say welcome back nrlleague.
CSS Form Change

Yeah if you do it like that you will have problems logging out because the headers have already been sent.

Ive done something wrong when I cut my login down to this simple version, I will have to look at my code and see where that is.

That may not be for a day or two though.

Edit: Doh!! Nothing very wrong with this, I just included whitespace by mistake. :cross-eyed: