vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Modification Requests/Questions (Unpaid) (https://vborg.vbsupport.ru/forumdisplay.php?f=112)
-   -   Converting from Xenforo to vBulletin (https://vborg.vbsupport.ru/showthread.php?t=321469)

Alice 01-11-2016 07:09 AM
Converting from Xenforo to vBulletin
 
Hey,

I was wondering if someone might be willing to give me a hand with converting this matter of code to be cross-compatible with vbulletin?

Thanks,

Code:
<?php
 
// **************************************************************************************************
//      IMPORTANT CONFIGURATION ITEMS
// **************************************************************************************************
 
$enabled = true;
$serverip = '127.0.0.1';
 
// **************************************************************************************************
//      END OF IMPORTANT CONFIGURATION ITEMS
//      DO NOT EDIT ANYTHING BEYOND THIS POINT!
// **************************************************************************************************
 
// Necessary XenForo Hooks
require($fileDir . 'library/XenForo/Autoloader.php');
XenForo_Autoloader::getInstance()->setupAutoloader($fileDir . 'library');
XenForo_Application::initialize($fileDir . 'library', $fileDir);
XenForo_Application::set('page_start_time', $startTime);
 
// Assistance in placing file in correct directory w/o include/require.
$proxyfile = 'proxy.php';
$adminfile = 'admin.php';
if (!file_exists($proxyfile)) {
    die('This file is not in the correct directory. Please contact a website administrator.');
};
if (!file_exists($adminfile)) {
    die('This file is not in the correct directory. Please contact a website administrator.');
};
 
// Checks to make sure accessing IP is server IP.
$acuntite = $_SERVER['REMOTE_ADDR'];
if (strlen($_SERVER['REMOTE_ADDR'])<6) {
die ('Access denied.');
};
if ($acuntite != $serverip) {
die('Access denied.');
};
 
// Post get items
$username = $_GET['un'];
$password = $_GET['pw'];
 
// If no info specified
if(is_null($username) && is_null($password)) return;
$error = "";
$ph = new XenForo_Model_User();
$result = $ph->validateAuthentication($username, $password, $error);
 
// Ensures system is enabled before continuing. If not, returns error
if ($enabled != true) {
    die('3');
}
 
// Final get id
if(is_numeric($result) && $result > 0 && !(strpos($username, '@') !== false))
{
    $user = $ph->getFullUserById($result);
 
    // ensures user is not banned
    $banned = $user['is_banned'];
    // if banned, return error 2
    if($banned == 1) echo "2";
 
    // if not banned, successful login
    else echo "1";
}
 
// and if all else fails, the shit you provided is wrong so return error 0
else echo "0";
 
// Echo 0 = Incorrect user/pass
// Echo 1 = Successful Login
// Echo 2 = Banned User
// Echo 3 = System disabled
 
?>

Alice 01-11-2016 03:31 PM
Anyone know if they can help?

Dave 01-11-2016 03:55 PM
Untested, upload to the root of your vBulletin forum.

PHP Code:
<?php
require('./global.php');
require('includes/functions_login.php');

$enabled true;
$serverip '127.0.0.1';
  
// Checks to make sure accessing IP is server IP.
$acuntite $_SERVER['REMOTE_ADDR'];
if (strlen($_SERVER['REMOTE_ADDR']) < || $acuntite != $serverip || !$enabled) {
    die(3);
}
 
// Post get items
$username $_GET['un'];
$password $_GET['pw'];
 
// If no info specified
if(is_null($username) && is_null($password)) return;

$error "";
$result verify_authentication($username$passwordmd5($password), md5($password), ''false);
 
// Final get id
if($result === true && !(strpos($username'@') !== false)){
    if($vbulletin->userinfo['usergroupid'] == 8){
        echo 2// Banned
    }else{
        echo 1// Not banned.
    }
}else{
    echo 0// and if all else fails, the shit you provided is wrong so return error 0
}
 
// Echo 0 = Incorrect user/pass
// Echo 1 = Successful Login
// Echo 2 = Banned User
// Echo 3 = System disabled

Alice 01-11-2016 04:12 PM
First off, thank you so much for being willing to help me with this project. Now, I uploaded the code to the root of the forums, and in Xenforo its supposed to print either a 0,1 or 2 and this only shows a completely blank page. But no errors we're printed, so go you. :)

Dave 01-11-2016 04:17 PM
It's because of the check that checks if the current IP matches the $serverip variable.
You probably want it to be something like this in that case:

PHP Code:
<?php 
require('./global.php'); 
require('includes/functions_login.php'); 
   
// Post get items 
$username urldecode($_GET['un']); 
$password urldecode($_GET['pw']); 
  
// If no info specified 
if(is_null($username) && is_null($password)){
    die('No login provided.');


$result verify_authentication($username$passwordmd5($password), md5($password), ''false);
  
// Final get id 
if($result === true && !(strpos($username'@') !== false)){ 
    if($vbulletin->userinfo['usergroupid'] == 8){ 
        echo 2// Banned 
    }else{ 
        echo 1// Not banned. 
    
}else{ 
    echo 0// and if all else fails, the shit you provided is wrong so return error 0
}
Then you execute it as follows: http://example.com/script.php?un=Dave&pw=password

Alice 01-11-2016 04:21 PM
That code is producing the following error

Code:
Parse error: syntax error, unexpected 'if' (T_IF) in /home4/swgnge/public_html/forums/includes/functions_login.php(209) : eval()'d code on line 3
0
--------------- Added [DATE]1452536737[/DATE] at [TIME]1452536737[/TIME] ---------------

Scratch that, I was using the wrong syntax.

Dave 01-11-2016 04:26 PM
That's caused by a plugin you have installed, more specifically at the login_verify_failure_username hook.

Alice 01-11-2016 04:26 PM
Thank you so much Your my hero!! :)

Dave 01-11-2016 04:26 PM
No problem. ;)

Alice 01-11-2016 07:48 PM
Quote:
Originally Posted by Seraphyn (Post 2562469)
That code is producing the following error

Code:
Parse error: syntax error, unexpected 'if' (T_IF) in /home4/swgnge/public_html/forums/includes/functions_login.php(209) : eval()'d code on line 3
0
--------------- Added [DATE]1452536737[/DATE] at [TIME]1452536737[/TIME] ---------------

Scratch that, I was using the wrong syntax.
This is still an issue, specifically when you input a username that doesn't exist... like swglegends.com/forums/auth.php?un=username&pw=password

Please advise,

Dave 01-11-2016 08:30 PM
Well it's not caused by the script I gave you, it's caused by one of the plugins you have installed.
Go to your AdminCP > Plugins & Products > Plugin Manager and find a hook which makes use of "login_verify_failure_username". A plugin which makes use of that hook is causing it.

Alice 01-11-2016 10:42 PM
Quote:
Originally Posted by Dave (Post 2562494)
Well it's not caused by the script I gave you, it's caused by one of the plugins you have installed.
Go to your AdminCP > Plugins & Products > Plugin Manager and find a hook which makes use of "login_verify_failure_username". A plugin which makes use of that hook is causing it.
Okay, that works. Is there a way to make usernames match this regular expression: ^[^\s]+$
And disallow all symbols?

Thank you,

--------------- Added [DATE]1452560260[/DATE] at [TIME]1452560260[/TIME] ---------------

Oh also, I just banned an account and checked if it would be banned on the game server and its still returning a 1, and not a 2. Any ideas?

--------------- Added [DATE]1452582344[/DATE] at [TIME]1452582344[/TIME] ---------------

Any ideas?

Alice 02-09-2016 07:28 AM
Hello. So, this file is for authenticating from a website to a gameserver. Now the issue is that people are able to put spaces after their account name and basically I would like to know if there is anothing anyone might be able to do with this code to prevent that from happening.

Thank you,

MarkFL 02-09-2016 06:27 PM
Quote:
Originally Posted by Seraphyn (Post 2564506)
Hello. So, this file is for authenticating from a website to a gameserver. Now the issue is that people are able to put spaces after their account name and basically I would like to know if there is anothing anyone might be able to do with this code to prevent that from happening.

Thank you,
You can prevent embedded spaces, however I find that trailing spaces are automatically trimmed on my local dev site.

To see the options for username restrictions, follow:

AdminCP -> Settings -> Options -> User Registration Options -> Username Regular Expression

Alice 02-09-2016 11:25 PM
Quote:
Originally Posted by MarkFL (Post 2564545)
You can prevent embedded spaces, however I find that trailing spaces are automatically trimmed on my local dev site.

To see the options for username restrictions, follow:

AdminCP -> Settings -> Options -> User Registration Options -> Username Regular Expression
Okay, what would you put there to disable embedded spaces after the username?

MarkFL 02-10-2016 01:15 AM
Quote:
Originally Posted by Seraphyn (Post 2564564)
Okay, what would you put there to disable embedded spaces after the username?
I don't know offhand of regex that will only trim/leading trailing spaces. :)

Alice 02-10-2016 11:36 AM
Quote:
Originally Posted by MarkFL (Post 2564573)
I don't know offhand of regex that will only trim/leading trailing spaces. :)
I've done some research and the only thing that Username expressions eliminates is the ability to create new accounts with trailing spaces. What I want to do is eliminate that ability to login to pre-existing accounts with trailing spaces as well.

Please advise,

MarkFL 02-10-2016 02:06 PM
Yes, leading/trailing spaces are trimmed automatically upon registration. I have no idea how users were able to register with trailing spaces.

You will likely have to manually edit the offending usernames, and send the users an email to advise them of the change to their username.

Alice 02-10-2016 03:03 PM
Quote:
Originally Posted by MarkFL (Post 2564600)
Yes, leading/trailing spaces are trimmed automatically upon registration. I have no idea how users were able to register with trailing spaces.

You will likely have to manually edit the offending usernames, and send the users an email to advise them of the change to their username.
This is the really weird thing. So, there are no spaces in anyone's username, and yet, they are still able to login when using a space in their name. Like let's say your account name is johndoe16, you can login just fine if your type in "johndoe16 " And this is the case for infinite spaces.

Please advise,

MarkFL 02-10-2016 03:12 PM
Yes, you can type in trailing spaces when you log in, but those spaces do not change the actual username in the database.

Alice 02-10-2016 03:20 PM
Quote:
Originally Posted by MarkFL (Post 2564605)
Yes, you can type in trailing spaces when you log in, but those spaces do not change the actual username in the database.
But that is the issue. How do I stop those those trailing spaces at login? I use this authentication script to be able to allow members to connect to a gameserver and with the trailing spaces, they can bypass the character limits by creating ghost accounts, thereby having unlimited player characters.

I need to be able to stop this.

Any advise,

MarkFL 02-10-2016 03:45 PM
When I login to my dev site, and look at the username retrieved from the login form ($vbulletin->GPC['vb_login_username']) it has already been trimmed of any leading/trailing spaces.

Alice 02-10-2016 03:47 PM
Quote:
Originally Posted by MarkFL (Post 2564610)
When I login to my dev site, and look at the username retrieved from the login form ($vbulletin->GPC['vb_login_username']) it has already been trimmed of any leading/trailing spaces.
Then I suppose its not possible. Okay, fair enough. Thanks for trying.

MarkFL 02-10-2016 03:53 PM
How are your users logging onto the game server...are they required to manually enter their username?

Alice 02-10-2016 04:28 PM
Quote:
Originally Posted by MarkFL (Post 2564613)
How are your users logging onto the game server...are they required to manually enter their username?
They enter their username and password into the game and the game pings the auth.php file on the webserver and depending on the response, it either logs you in, says wrong information or says you've been banned.

MarkFL 02-10-2016 05:31 PM
Okay, then the code used for the game login would have to be edited to trim the usernames entered. :)

Alice 02-10-2016 06:38 PM
Quote:
Originally Posted by MarkFL (Post 2564622)
Okay, then the code used for the game login would have to be edited to trim the usernames entered. :)
This is what I sent to vBulletin.com Support:

Quote:
Originally Posted by Seraphyn
I am needing some help dealing with an issue with the login protocols. For example say my account name is "johnsmith12" and I can login with that name. However, I can also put in johnsmith with 5 spaces after the name and then click login and that will also log my in. For example [johnsmith12 ]... Is there a way to prevent this?
And this is the response I got:

Quote:
Originally Posted by vBulletin Support
The system ignores the spaces after the username. You would need to modify the code to not allow that.
When I asked which file I needed to modify, they basically stated that I needed to ask over here because it dealt with modifying the original code.

Anyhow, any insight?

MarkFL 02-10-2016 06:45 PM
Can you give a link to the vBulletin product you are using for the game server login?

Alice 02-10-2016 08:56 PM
Quote:
Originally Posted by MarkFL (Post 2564627)
Can you give a link to the vBulletin product you are using for the game server login?
Yeah, its accessible through www.swglegends.com/forums

MarkFL 02-10-2016 10:27 PM
Quote:
Originally Posted by Seraphyn (Post 2564635)
Yeah, its accessible through www.swglegends.com/forums
I would speak to the owner(s) of that site then, as the issue would likely have to be addressed by them.

Alice 02-10-2016 10:34 PM
Quote:
Originally Posted by MarkFL (Post 2564643)
I would speak to the owner(s) of that site then, as the issue would likely have to be addressed by them.
I am the Web Developer, though lol. I'm just having trouble figuring it out lol. :(

Alice 03-12-2016 01:11 AM
Quote:
Originally Posted by Dave (Post 2562468)
It's because of the check that checks if the current IP matches the $serverip variable.
You probably want it to be something like this in that case:

PHP Code:
<?php 
require('./global.php'); 
require('includes/functions_login.php'); 
   
// Post get items 
$username urldecode($_GET['un']); 
$password urldecode($_GET['pw']); 
  
// If no info specified 
if(is_null($username) && is_null($password)){
    die('No login provided.');


$result verify_authentication($username$passwordmd5($password), md5($password), ''false);
  
// Final get id 
if($result === true && !(strpos($username'@') !== false)){ 
    if($vbulletin->userinfo['usergroupid'] == 8){ 
        echo 2// Banned 
    }else{ 
        echo 1// Not banned. 
    
}else{ 
    echo 0// and if all else fails, the shit you provided is wrong so return error 0
}
Then you execute it as follows: http://example.com/script.php?un=Dave&pw=password
Hey. So, I'm trying to update the auth.php file to work properly with an SSL and with vb5. Right now, the file is located at https://www.swglegends.com/forums/auth.php but it says Access denied and was looking for some clarification.

Please advise,

Dave 03-12-2016 07:56 AM
Unfortunately I don't have experience with vBulletin 5, so I will not be able to help you out with this. :(

Alice 03-12-2016 06:34 PM
Quote:
Originally Posted by Dave (Post 2567055)
Unfortunately I don't have experience with vBulletin 5, so I will not be able to help you out with this. :(
Do you know of anyone I can contact?

Thank you,

Dave 03-12-2016 06:40 PM
Maybe Replicant will pass by this thread, he has some experience with vBulletin 5.


All times are GMT. The time now is 10:02 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03708 seconds
  • Memory Usage 1,860KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_code_printable
  • (3)bbcode_php_printable
  • (18)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (35)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete