|
Password Protected Forums (vB3 Style)
-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
Password Protected Forums (vB3) By Shaolyen email: John@eovie.com msn: John@eovie.com TESTED ON A FRESH vB 2.3.0 -\/-\/-\/-\/-\/-\/-\/-\/-\/-\/-\/- Introduction ----------------------------------------------------------- This hack is fairly simple in what it does. If a user tries to access a password protected forum, they will be prompted for the password. Once entered correctly they'll be able to browse the forum as normal. It's as simple as that! There are a few extras in this. When a user enters a password and it's verified as being correct, a cookie is sent to their PC containing the password. This will ensure that they don't need to log in every time they access the protected area, until the cookie expires. The cookie timeout time for each protected forum can be set in the AdminCP. (You can choose anything from 1 minute to 1 year.) Password protected forums are denoted by the text "[Password Protected]" tagged on the end of the forum description. If you don't have a forum description for your password protected area, "[Password Protected]" will take its place. Please bear in mind: ? Threads will appear in searches, but the title, author, etc. are all set to "Restricted". A password is needed to access these threads. ? The password in the cookie IS NOT ENCRYPTED. This is for a reason, so the password can be viewable in the AdminCP. If anyone would prefer MD5 encryption in their cookies, let me know. ? In the very near future I will be adding on options to enable MD5 encryption. ? When you specify "Regular Forum Security" in the AdminCP and a password has been entered, that password will not be recorded. Security level, password, and timeout times can be specified when creating or editing a forum. (AdminCP > Forums & Moderators > Add | Modify) Warning ----------------------------------------------------------- BACKUP YOUR DATABASE AND FORUM FILES BEFORE YOU EVEN THINK ABOUT APPLYING THIS HACK! ----------------------------------------------------------- Shameless Plug ----------------------------------------------------------- This hack was written for the fine people at xAviaHosting - www.xaviahosting.com. Pay them a visit (Or I'm a dead man!) ----------------------------------------------------------- Shameful Plea ----------------------------------------------------------- I'm poor as always, I'd be seriously grateful for any donations..! If you have a few spare pennies in that Paypal account, my address is "John@eovie.com" - share the wealth! ;) ----------------------------------------------------------- Screenshots: ----------------------------------------------------------- Password protected indicator Password prompt AdminCP Settings Search results 1 Search results 2 ----------------------------------------------------------- Update 1.0 > 1.1 ----------------------------------------------------------- ? Search blocking enabled. Screenshots: Search results 1 Search results 2 Available here ----------------------------------------------------------- |
Password protected forum indicator
|
Nice, I'm going to check this one out :)
|
Password prompt
|
Very cool Hack!!
Thank you John. :) |
Good job, John.
I'll install this one when I get home today. :) |
Just fixed a major glitch, if you've already downloaded the instructions you might want to download them again. ;)
|
Settings
|
Quote:
|
Anyone tested this? I'd like to know how well it works security wise. I used a password hack before that proved easy to bypass.
|
It checks what you enter directly with the password in the database.
To hack in, you'd need to have access to the database. |
Quote:
|
Here's a little more info on how this works.
Whenever $forumid (and often $forum[forumid]) has a value, it runs a query which checks to see if security is enabled for that particular forum. (The security field in the "forum" table.) If security is enabled, it will check to see if a cookie exists for that forum containing the password. If there's no cookie with a correct password, the user will be directed to a page where they can enter the password. The password they enter is then checked, and if it matches the one in the database a cookie will be deployed. (And the whole process will start again, but this time the user will be forwarded to the forumdisplay page.) The same applies for the code in showthread.php. :) |
The glitch I left in was this line of code (in two places) which gives access to the forum on the second incorrect attempt.
PHP Code:
The security is pretty rock solid. |
OK, removed those lines,
it works like a dream, thanks Shao :) but, what is the difference between the security levels? |
Regular is normal, just like a regular forum. (Not password protected).
Password protected is password protected. :) |
that's pretty easy :) Thanks for the help :)
|
WOW this is a nice hack.
/me installs. If there was a Hack of the Month, I'd definately vote this hack for it! Well done! *Tests it and stuff O.o* Dave. |
wow very cool hack ;) ;) ;)
|
Excellent hack - i hope this one works because a similar hack was released by one of the vbulletin-germany team with a bug that allows people on online.php to view a thread in a password protected forum... might want to see if that bug is present here?
Regards and nice hack! - miSt |
This hack covers threads by applying the same security code in showthread.php and finding the parent forum. So even if someone gets into a private thread, they'll still be prompted for a password.
:) |
Wow, very cool hack, I am gonna install this...
|
Search results example 1
|
Search results example 2
|
Nice hack... installed.
Please let us know as soon as you have the change ready that will enable search blocking. Thanks!! |
Added some code to stop people from seeing info about protected threads when searching.
If you're upgrading, use the attached file. Screenshots are above ^^ Original instructions updated. :) |
Well, that was quick! Thanks. :)
|
Woa very good i'm surely gonna install this one :)
*Licks Install* |
Well done John - its looking good :)
- miSt |
Work on 2.2.9?
|
Don't think it's been tested on 2.2.9 yet. :\
|
Very cool hack. I'll test this out :)
|
Quote:
|
Ok I've tested this hack on 2.3.0 and it seems to work like a charm.
Thanks for the wonderful hack Shaolyen! :D. Dave. |
Great Hack, I'll install this one. :)
Mark |
Nice Hack!
|
tested and working on 2.2.9
|
does this also cover the profile view where the last post is also listed and within the who's online?
|
nice hack...
[high]* squawell installed.... ;) [/high] another question if i set timeout 1 week and after 1 week i forget set new one.so that will let everyone access or the forum still use the old password?? |
Hi
Nice hack but I think I have found a problem. If I set a forum password and the timeout to say 1 week, then go in and change the password to something else, it doesn't match the cookie and denies access - all is well. If I then enter the new password it still says access is denied. Seems like the cookie is not being updated with the new password I entered. |
| All times are GMT. The time now is 04:52 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|