|
Trap Banned Members: They cant logout.
Hey there,
This is a very tiny (and very easy to install) hack but I like to use it and found it useful: I have a certain user group for trouble users in my board which I disabled all access to my board and this group can not even search or display the board itself or anything, so they are lower than guests. So I need to trap them in their username so that they wouldnt log out and "gain" guest access. This tiny hack exactly does this. You can use it with "banned users" or any user group you need to trap. ;) Here we go: Edit member.php and find -- cut --- // ############################### start logout ############################### if ($action=="logout") { include("./global.php"); -- cut --- AFTER THAT add: -- cut -- // Banned users cant logout hack if ($bbuserinfo[usergroupid]==XX) {show_nopermission(); exit;} // Banned users cant logout hack -- cut -- Replace XX with any usergroup id. (Banned by Moderators group is 12 in my board). If you put your mouse icon on "Edit" in http://www.url.com/yourboardadmin/us...tion=modify&s= , you can learn the usergroupid of any groups. If you need to trap more than 1 usergroups use this line: if ($bbuserinfo[usergroupid]==XX OR $bbuserinfo[usergroupid]==YY) {show_nopermission(); exit;} After applying the hack, trapped users will get "You dont have access" page if they try to logout from anywhere. Of course these members can still clear the cookies by deleting them manually, but you'll stop 95% of members who dont know the trick anyway! :) Enjoy! Logician //=^)) |
]looks very good if it's working, I'll try to install it today! :)
|
Wouldnt it be better to just IP ban them?
|
Quote:
|
Quote:
IP ban does not work for most cases.. |
I like your idea, a nice approach!
|
Quote:
The banning functions only usefull agaisnt stupid people on the net. |
Quote:
This hack does not intend to stop a web admin who also knows the vbulletin, uses the vbulletin, write hacks to vbulletin, I am just trying to stop avarage board members. Banning does stop them..:cool: Anyway, I like the hack, use it and find it useful.. Anyone who thinks like me can install it, so I shared.. Regards, Logician |
Aren't you supposed to put the code BEFORE the new cookies are set? I can't look at the full code right now, but showing no_permission() AFTER the cookies are deleted (set to "") isn't right I think.
|
Quote:
|
most people know about cookies, i made a little hack for my board that gave the banned people the message that the site was down for maintenance :) they wont supect anything and think that its down, well atleast until they try to access it from a diffrent comp.
|
@DjSap - Sounds like a good hack...
We could do with something like that at ThePhora... Fancy publishing it? @Logican - Nice hack m8... No use installing it for our banned members though, cos they are the annoying nerdy runts who spend half their life plugged into the machine... Satan |
they could easly delete there cookies
|
]format c: will always help :p (just joking)
|
Cool.
|
Quote:
I think a browser cookie should have a predefined expiration time. Well, could it be possible to extend that value as late as possible ? :cheeky: Thanks |
Quote:
But no need to worry about cookie expiration time, you can set it to 500 years if you like and ban your banned users grand children as well.. :classic: I believe this time is already long enough in vbulletin system anyway. Regards, Logician |
I believe the cookies for bbuserid and bbpassword don't expire... that is, until you delete them yourself.
|
Agree. Infact the $cookietimeout value (900 secs=15 mins default) applies only to the session duration.
Not to the stored cookie too. Thanks. |
It also applies to other stuff I think, lastvisit or whatever else is stored in the cookies...
|
Ok this is the first hack I tried to install. I was testing it with one of my mods, I changed his status to my banned profile. but when he tried to log out he just got an internal server error message. Now granted I am very new to this. I just edited the file in notepad, and then FTP'd the new member.php file in place of the old one, is there something I should be doing different.
|
Easily defeatable:
use a different browser (opera, netscape) and one can still "see the board" And the notion that the average person doens't know about cookies is long outdated. Due to media, they do know about cookies and have programs that can manage them. Easy to delete cookies that are causing problems or heartaches, or prevents you from accessing a board. My new computer came with a cookie manager program installed, so its kinda pointless these days. not saying that this isn't a good hack, I just think it outlived its useage. |
Quote:
|
Why not instead of a show_nopermission use a fake 404 error that way they think the site is down? another idea could be to make a certain usergroup just see 404 errors, just like the ban. the nthey think the site is down or something
|
Just a 'parallel' question about VB cookies... :cool:
If an user has set on his browser a cookie like, for instance:
I mean, if I don't leave someone to logout from the board and his user is deleted some reason, all cookies will be lost as soon he tries to log again ... Is it true ? Actually, he is first recognized as user 1234, then after the SELECT $bbuserinfo is empty and user is prompted to register (or set as guest) ... This time he looses all cookies, doesn't he ? Thanks a lot |
If your cookies are wrong a guest session (anonymous) will be created and the cookies will be deleted.
|
Quote:
|
Quote:
1- You FTP'd the file as "bin" instead of ascii. FTP programs have two mods, choose to upload as a ASCII file not, BIN. 2- After uploading the file, CHMOD it to 755. Regards, |
Quote:
|
Quote:
It's not this hack which introduced the cookie security system for banned users, it's the default vbulletin system. ;) I've written that in my first message either: yes it's not 100% secure and people who know about vbulletin system or internet technologies can get around but I think we cant blame vbulletin either, because effective or not, it's the only security system for users who have dynamic ip. So you may found this system ineffective but this has nothing to do with the hack itself, it's just the system vbulletin has. The hack only strengthens this system just a little bit, at least for ones who dont know how to pass it. My 0.2 cents.. Regards, Logician |
Logician, good hack! Help me please. I need "cant logout" to 2 groups. How change code for this?
Sorry for my bad english :( |
Quote:
-- cut -- If you need to trap more than 1 usergroups use this line: if ($bbuserinfo[usergroupid]==XX OR $bbuserinfo[usergroupid]==YY) {show_nopermission(); exit;} -- cut -- So just replace XX and YY with your 2 usergroup ids.. Regards, Logician |
Just installed then and test banned one of my mods, worked just the way it should :)
Installed on 2.2.5 |
Quote:
Regards, Logician |
Logician, big thanks for this hack! You one of the best hackers!
|
Quote:
dj- please post that hack u made, that would be great, or PM it to me, my board has been down alot latly for maintenece so they would suspect nothing :P |
Quote:
I would suggest you double check if you applied the hack carefully and correctly. For example are you sure you changed "XX" in the hack with the usergroupid and are you sure your banned users' usergroup id is exactly what you wrote for XX? Please double check.. Regards, Logician |
check that out, thats how i got it, its not exactly like yours, but in my member.php thats how that first part is, and i couldnt find any others that were just how yours is, so what should i do?
PHP Code:
|
Quote:
Between "hack" and "if" press ENTER, and make the line begining with "if" a new line. It should look like this: PHP Code:
|
Quote:
|
| All times are GMT. The time now is 04:06 AM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|