vb.org Archive - Logout globally

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vBulletin 2.x Beta Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=5)

- - Logout globally - Beta (https://vborg.vbsupport.ru/showthread.php?t=45804)

Stadler

11-16-2002 10:00 PM

Logout globally - Beta

Well, what I'm trying to reach with this hack, is, that you can logout globally with it, no matter on how many browsers/computers you have your cookies saved.

This hack saves the time of creation of your user and password-cookies and if you logout, it updates the new lastlogout-field. If you try to login with a cookie, that has a creation time older than lastlogout, the cookie will be deleted. Thats it.

Pfew, I hope, you unterstood what I'm trying to tell you. :knockedout:

Now I need some people, that help me testing and sorting out bugs for that hack.

I haven't tested it on a live forum, yet, but maybe I do some testing, later today.

Erwin

11-17-2002 05:18 AM

Good idea.

To clarify this hack -

Normally, if you logout, you only log out for the computer you're on. If you go to the forums with another computer, you have to log out of that computer as well.

With this hack, when you logout, you automatically log out of every computer you have logged into the forum with.

I don't have a use for it, but it's a great idea. Especially if you logged in on a public computer and forgot to log out... and you can't get back to that computer to log out.

Darth Cow

11-17-2002 06:14 AM

Good idea, but your method isn't very secure - one can simply edit the time in the cookie. I think that encoding the time into the password part of the cookie (used for authentication) would be the most effective solution, but that would require storing each of the valid login times for each user in the database (you couldn't do a simple numerical comparison because the password/date would be MD5'd).

Dean C

11-17-2002 08:39 AM

Awesome...

I'll definately use this once a few people have confirmed it works :)

Regards

- miSt

Stadler

11-17-2002 09:03 AM

Quote:

Originally posted by Darth Cow
Good idea, but your method isn't very secure - one can simply edit the time in the cookie. I think that encoding the time into the password part of the cookie (used for authentication) would be the most effective solution, but that would require storing each of the valid login times for each user in the database (you couldn't do a simple numerical comparison because the password/date would be MD5'd).

Well, you're right, but the encryption, that would be used, has to be two-way, because it needs to be checked, if the cookie is older or newer, than lastlogout.

Stadler

11-17-2002 11:16 AM

I've applied some changes and fixes, so please recheck the attachment.

Changes and fixes are as follows:

I now use $ourtimenow instead of time()
I've updated member.php?action=login, because I forgot to apply some changes there.
As for Darth Cow's idea: I've added the md5-hash of $ourtimenow to the cookie "bbcookietime"

Xenon

11-17-2002 02:55 PM

The hack seems to be a very good idea, as erwin said, this can be very helpful if you forgot to logout on a public pc...

Brad	11-17-2002 06:46 PM

very good idea :), im also releasing a global login point in the next few days.

Julio

11-18-2002 12:18 AM

1 - I think this is one of the most important hacks ever made.

2 - I installed the hack, but now I can't login with any username. Even admin, or any other account. Any idea?

- Lucky I always install hacks to one of my 2 local testboards! -

ManagerJosh

11-18-2002 03:27 AM

Definitely got my installation! Anyone from the vB3 dev team want to add this in? :D

Stadler

11-18-2002 08:05 AM

Quote:

Originally posted by Julio
2 - I installed the hack, but now I can't login with any username. Even admin, or any other account. Any idea?

The hack uses an extra cookie: bbcookietime. Maybe your browser blocks it?

If not, then recheck, if you didn't forgot to apply something.

And then, could you please try, if you can post, even, if you have to login over and over.

Stadler

11-18-2002 09:59 AM

I did some testing on our public board. And it seems to work without problems "for users!"

But I couldn't login to the admin-cp, if I haven't logged in to the forums homepage. I've had to be logged in to the forums homepage, before I could login to the adminpanel.

Sorry, but right now I have no idea, how to fix this. :o

Any help, sorting that out, would be welcome.

Julio

11-19-2002 04:12 PM

Stadler: One detail I forgot to mention....

My main page is not a PHP/VB page. It's an html page, in which I simply integrated the login code. Thus, I removed the "forums" icon from the navbar, and Im not allowing any access to un-registered users.

This means... You get into my page... must register if you're a new user, or just login if you're already registered. As soon as you login, you're taken to the forums page. If you click on Logout icon on the navbar, your taken back to the main page, where you must sign if you want to get back into the forums. BUT if for some reason, a user enters http://mydomain.com/forums in his/her browser, it will be taken back to the forums...and logged-in, since the LOGOUT icon it's not really login-out.

Here's the what I have in the logout icon.. which I know is NOT correct..

Code:

"<a href="member.php?s=$session[sessionhash]&action=logout"><a href="http://www.mydomain.com/index.html">

Therefore, the need for your hack... BUT as you already noticed, I can't login even as Admin, since I have to be logged in in the forums first...

Julio

11-29-2002 02:15 PM

Any news on this?

Anyone knows if I can use a Javascript to do what I need? I mean a script that will "call" the llogout function and then re-direct to my main page?

Darth Cow

12-10-2002 12:03 AM

Quote:

Originally posted by Stadler
As for Darth Cow's idea: I've added the md5-hash of $ourtimenow to the cookie "bbcookietime"

Cool :). However, the hack still isn't very secure - the MD5 algorithm is known, so someone could change the date and then md5 the changes as well. Now that I think about, you're right that you don't need to save all login time. But I would rather use a variant of md5 to store the date. Checking it to make sure the date still equals the md5($date . "randomstringtochangemd5") would make the system secure, as long as everyone can come up with a constant random string to append to the date for the md5.

Chris M

12-17-2002 01:25 PM

Sounds like a cool idea...

Can anyone confirm that it works?:)

Satan

Boofo

12-17-2002 03:03 PM

Quote:

Originally posted by hellsatan
Sounds like a cool idea...

Can anyone confirm that it works?:)

Satan

Can you install it and set up a test account on your board and have someone log in and out and you do that right after them and see if it allows you on? Will that work?

All times are GMT. The time now is 04:52 PM.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01059 seconds Memory Usage 1,753KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_code_printable (4)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (17)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: