|
Multi Domain Login
1 Attachment(s)
If you are using seperate domains for subforums (e.g. forumX.com and forumXsubforum.com), you will have encountered the problem that it isn't possible to share cookies over multiple domains.
This mod will enable the user to login on subforum domains using a javascript check on the main domain that will return a login key to sign the user in automaticly. To see how it works you can check out www.scooterhulp.com and for example the subforum http://www.scooterwetgeving.nl/ |
Thank you, installed, but don't work if the user has disabled Java!
|
Yes, that is correct. It is just an extra service for users that have javascript enabled (almost all users).
Other users are able to login using the form themselfs and would need to do so for every subforum if they want to post a reply. |
before you use this hake please check this
http://www.vbulletin.com/forum/showthread.php?p=1786188 thanx |
So why hasn't this hack been pulled?
|
This hack is being used on www.papegaaienforum.nl and www.scooterhulp.com for 3+ years.
So I am pretty sertain this mod can't be the reason that users are able to login with any password. |
Quote:
|
I'm cool with that.
|
I installed this on a 3.7.5 VB, but the configuration options doesn't show up on my admin panel.
|
3.8
Warnung: parse_url() expects exactly 1 parameter, 2 given in [path]/includes/init.php(298) no access to AdminPanel... removed it... sad.. thats what i need for my forum :( |
Be careful, this mod allowed to enter any forum account without knowing the password, even logged in to the account of one of my managers and some members banned, so that the damage was not greater.
|
If you can demonstrate this then please PM details to the staff here so we can check it, Thanks.
|
Nice mod, but waiting until proven if it is exploitable or not.
That said, the phrase has a small typo: automaticly automatically <- corrected. :p VROEM! |
i have this problem when i install the product:
Warning: parse_url() expects exactly 1 parameter, 2 given in [path]/includes/init.php(298) : eval()'d code on line 3 |
@ Setokaiba (SW)
Can you please let me know how you were able to login to any account with this mod? The temporary login key that is generated is unique for every user. It should be at least as secure as any normal password. |
Quote:
Now it's disinstalled... i wait an answer... ;) |
I now see the second parameter of parse_url() was added in PHP 5.1.2.
http://www.php.net/manual/en/function.parse-url.php I will revise this script probably tomorrow for use on one of my own forums, and update this mod with a version that should be compatible with PHP 4. |
I need this feature
I was hoping approved "white space" would allow logging in from different domains |
A shame, people jump to false accusations with no data to back their claim up.
C'mon, show that it's exploitable, or apologize for being wrong. |
Quote:
|
Good, then we can move on :)
|
FYI I just installed this mod and had the same problems as described. I could log in as any user simply by typing in a random password, I was using '12345'.
vB v3.8.0 PHP v5.2.10 MySQL v5.0.81 PM me if you want more specifics. I had to uninstall this mod due to the security threat. |
Can one of the vBulletin.org staff please review this - public or graveyard.
This is a very very serious security issue if indeed valid and confirmation would be nice. |
| All times are GMT. The time now is 01:01 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|