vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Anyway to force a logout of all users? (https://vborg.vbsupport.ru/showthread.php?t=200606)

SnapOff Racing 01-04-2009 12:51 AM
Anyway to force a logout of all users?
 
I am having problems with a current mod and the only way to cure it at this point is to FORCE a user to logout and then have them relog back in. Rather than explain this to EVERY user there has gotta be an easier way of FORCING all users to logout or clear their cookies for the forum so that if they had the "REMEMBER ME" box checked they would still be required to login. Is there an SQL query or a template edit that I can run or change to make this happen?

OR even better if there is a way to change the actual TIME a user can stay logged in via the REMEMBER ME box. Like make it so that they can only stay logged in for 24 hours or however long I specify.

Rene Kriest 01-04-2009 01:11 AM
<a href="https://vborg.vbsupport.ru/showthread.php?t=163327" target="_blank">https://vborg.vbsupport.ru/showthread.php?t=163327</a>

SnapOff Racing 01-04-2009 01:25 AM
Quote:
Originally Posted by Rene Kriest (Post 1700854)
Nice one thanks, I would like to have something to do ALL users at once. Just a complete logout of every user. So that way next time they visit the forum they are forced to login. Like I said I don't care if I gotta run a database query that's fine, someone just point me in the right direction :)

Lynne 01-04-2009 02:21 AM
Empty (truncate) the session table maybe?

Kirk Y 01-04-2009 02:29 AM
Quote:
Originally Posted by Lynne (Post 1700888)
Empty (truncate) the session table maybe?
That would only kick users who haven't checked "Remember me" when they logged in.

Lynne 01-04-2009 02:38 AM
Ah yes, you are right.

Change the cookie path or domain to something invalid? Of course, this is assuming you can then change it back via the database so you can get back in (or reset it with tools.php). I'm sure there must be a better way though.

SnapOff Racing 01-04-2009 03:59 AM
Quote:
Originally Posted by Lynne (Post 1700909)
Ah yes, you are right.

Change the cookie path or domain to something invalid? Of course, this is assuming you can then change it back via the database so you can get back in (or reset it with tools.php). I'm sure there must be a better way though.
I was thinking this too but it doesn't work because when the user tries to login they automatically get logged back out as soon as they login.

SEOvB 01-04-2009 04:00 AM
Restarting mysql and apache seem to do the trick pretty good for me :D

Dismounted 01-04-2009 04:24 AM
Clear the cookies. You just set empty values to the "userid" and "password" cookies. However, I'm not sure how you would control this to only once without some messy workarounds (another cookie maybe?).

SnapOff Racing 01-04-2009 04:28 PM
Quote:
Originally Posted by FRDS (Post 1700988)
Restarting mysql and apache seem to do the trick pretty good for me :D
Tried this and it doesn't work.

Quote:
Originally Posted by Dismounted (Post 1701011)
Clear the cookies. You just set empty values to the "userid" and "password" cookies. However, I'm not sure how you would control this to only once without some messy workarounds (another cookie maybe?).
How would I be able to do this for every user without actually having access to their computer? Cookies are stored in their web browser.

Bellardia 01-04-2009 06:22 PM
Quote:
Originally Posted by SnapOff Racing (Post 1701476)
Tried this and it doesn't work.



How would I be able to do this for every user without actually having access to their computer? Cookies are stored in their web browser.
Since you're in control of the sever, you would make it write a new cookie to all users who try and connect to your site. Using the same variables as vbulletin you could overwrite the saved information, but he included the drawbacks as well.

This method would have to stay active until each logged in user has viewed the forums, and until then without additional coding no users could log in.

If you know about cookies you might be able to reset vbulletin's cookie and then use one to save the info when they try and log-in again.

SnapOff Racing 01-04-2009 08:32 PM
Hmm is there possibly a piece of code that I could add to my index.php file so that when the user browses to that page the system will reset their cookies causing them to logout? Then along with that piece of code I could specify how long the user is allowed to stay logged in until they get logged out and have to log in agian... For example something like ...

PHP Code:
$countLogout $_COOKIE["countLogout"];
    echo "Cookie's value: " $countLogout
   
   if($countLogout == 0)
     {
      setcookie("countLogout",1,time()+604800); // save cookie for one week!
      $vbulletin->input->clean_gpc('r''logouthash'TYPE_STR);
      process_logout();
     } 

Medtech 01-04-2009 09:10 PM
i restart my vps server, that clears everyone out

Bellardia 01-04-2009 10:03 PM
Quote:
Originally Posted by SnapOff Racing (Post 1701682)
Hmm is there possibly a piece of code that I could add to my index.php file so that when the user browses to that page the system will reset their cookies causing them to logout? Then along with that piece of code I could specify how long the user is allowed to stay logged in until they get logged out and have to log in agian... For example something like ...

PHP Code:
$countLogout $_COOKIE["countLogout"];
    echo "Cookie's value: " $countLogout
   
   if($countLogout == 0)
     {
      setcookie("countLogout",1,time()+604800); // save cookie for one week!
      $vbulletin->input->clean_gpc('r''logouthash'TYPE_STR);
      process_logout();
     } 
The problem with this is that every time a user views the page they will be forcefully logged out again. This is why a second cookie was suggested. You could change the countLogout time to some small period of time to ensure that they expire after a few hours, that way users could still use the forums, they'd just have to relogin every few hours until you're sure everyone has logged out.

If you have access to your whole sever, you could reset its stored sessions, which should log out all users.

SnapOff Racing 01-04-2009 10:20 PM
Quote:
Originally Posted by Bellardia (Post 1701772)
The problem with this is that every time a user views the page they will be forcefully logged out again. This is why a second cookie was suggested. You could change the countLogout time to some small period of time to ensure that they expire after a few hours, that way users could still use the forums, they'd just have to relogin every few hours until you're sure everyone has logged out.

If you have access to your whole sever, you could reset its stored sessions, which should log out all users.
I do have access to the entire server, it's sitting in the other room lol :D So how would I reset the stored sessions? I'm running Abyss Webserver and I don't recall seeing an option that your talking about in the Configuration Menu. Do I need to do this via MySQL or somewhere else?

Bellardia 01-05-2009 12:17 AM
I may have spoken too quickly on that last comment. I was under the impression that you could clear sessions since they are (at least partly) sever sided, however I'm not sure exactly where they are saved or how to clear them.

Better suggestion - use a php script that writes a session such as $_SESSION['flush'] = 1; to mark the user has already seen the script, if they haven't viewed the script yet redirect them to the logout page.

Code:
<?
session_start();
if ($_SESSION['flush'] != 1)
{
        $_SESSION['flush']= 1;
        header( 'Location: /login.php?do=loguserout&u='.$bbuserinfo[userid] ) ;
}
?>
Try imbedding this in the php of your index file, make sure it executes before any output since it uses a header.

Dismounted 01-05-2009 02:31 AM
PHP Code:
$logout_time $vbulletin->input->clean_gpc('c'COOKIE_PREFIX 'nextlogout'TYPE_UINT);

if (TIMENOW $logout_time)
{
    // clear authentication cookies
    vbsetcookie('sessionhash''');
    vbsetcookie('userid''');
    vbsetcookie('password''');

    // set next clear time
    vbsetcookie('nextlogout'TIMENOW 604800);

SnapOff Racing 01-05-2009 03:30 AM
Quote:
Originally Posted by Bellardia (Post 1701889)
I may have spoken too quickly on that last comment. I was under the impression that you could clear sessions since they are (at least partly) sever sided, however I'm not sure exactly where they are saved or how to clear them.

Better suggestion - use a php script that writes a session such as $_SESSION['flush'] = 1; to mark the user has already seen the script, if they haven't viewed the script yet redirect them to the logout page.

Code:
<?
session_start();
if ($_SESSION['flush'] != 1)
{
        $_SESSION['flush']= 1;
        header( 'Location: /login.php?do=loguserout&u='.$bbuserinfo[userid] ) ;
}
?>
Try imbedding this in the php of your index file, make sure it executes before any output since it uses a header.
Interesting, I will have to play around with that one. Thanks man :)

Quote:
Originally Posted by Dismounted (Post 1701965)
PHP Code:
$logout_time $vbulletin->input->clean_gpc('c'COOKIE_PREFIX 'nextlogout'TYPE_UINT);

if (TIMENOW $logout_time)
{
    // clear authentication cookies
    vbsetcookie('sessionhash''');
    vbsetcookie('userid''');
    vbsetcookie('password''');

    // set next clear time
    vbsetcookie('nextlogout'TIMENOW 604800);
Ohh nice, I tried this one and it seems to work exactly like the one I posted.. Any idea what the pros and cons to using this one over the one I posted?

Marco van Herwaarden 01-05-2009 08:05 AM
If you only need to firce logout once (or not often) then clearing the session table and changing the cookie prefix in your config.php should do the trick.

SnapOff Racing 01-05-2009 05:52 PM
Quote:
Originally Posted by Marco van Herwaarden (Post 1702131)
If you only need to firce logout once (or not often) then clearing the session table and changing the cookie prefix in your config.php should do the trick.
Ohhh that's a good one too. Would I need to do both or could I just clear the session table?

Bellardia 01-05-2009 07:09 PM
Quote:
Originally Posted by SnapOff Racing (Post 1702507)
Ohhh that's a good one too. Would I need to do both or could I just clear the session table?
You'll need to do both

Marco van Herwaarden 01-06-2009 07:26 AM
Actually only changing the cookie prefix might already be enough but it is easy to clear the session table.


All times are GMT. The time now is 05:23 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01269 seconds
  • Memory Usage 1,812KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (4)bbcode_php_printable
  • (12)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (22)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete