vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Members area popup (https://vborg.vbsupport.ru/showthread.php?t=53902)

TECK 06-05-2003 09:54 PM
Members area popup
 
Every time you access the members area, a popup window will show, asking you to enter the license number and pass:
"vBulletin Members Area: Please enter your customer number (username) and password:"

I would like to know what is the code used. Thanks.

Regs 06-05-2003 10:14 PM
Isn't that just a plain .htaccess popup?

~Regs.

Serge 06-05-2003 10:22 PM
PHP has a function for this as well. You use the header() thing hold on I think I saw a function to do this.

Here is what you could put at the top of your webpage:
PHP Code:
if (empty($PHP_AUTH_USER))
{
    authenticate($realm,$errmsg,"header");
}
else
{
    $query "SELECT username FROM author WHERE password = md5(lower('$PHP_AUTH_PW')) and username = lower('$PHP_AUTH_USER')";
    $result mysql_query($query);
    if ($result)
    {
        list($valid_user) = mysql_fetch_row($result);
    }
    if (!$result || empty($valid_user))
    {
        authenticate($realm$errmsg"query");
    }

The authenticate function would look something like this:
PHP Code:
function authenticate ($realm="Secure Area"
    ,$errmsg="Please enter a username and password"
)
{
    Header("WWW-Authenticate: Basic realm=\"$realm\"");
    Header("HTTP/1.0 401 Unauthorized");
    die($errmsg);


TECK 06-07-2003 01:20 AM
Thanks. That's what I needed. :)

Dean C 06-07-2003 11:42 AM
Where does it get the username and password from?

Boofo 06-07-2003 12:29 PM
You have to manually enter it.

Dean C 06-07-2003 06:21 PM
Hmmm. But i mean how does it compare the password entered in this pop-up to another one to see if its correct?

- miSt

filburt1 06-07-2003 06:27 PM
Search around on php.net for HTTP authentication. They give an example there. I also used it a year ago in a project at work where it used a MySQL database and it worked nicely (no cookies, too).

MUG 06-07-2003 07:34 PM
Quote:
Today at 03:21 PM Mist said this in Post #7
Hmmm. But i mean how does it compare the password entered in this pop-up to another one to see if its correct?

- miSt
$_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']

Serge 06-08-2003 01:50 AM
Quote:
Yesterday at 08:21 PM Mist said this in Post #7
Hmmm. But i mean how does it compare the password entered in this pop-up to another one to see if its correct?

- miSt
Yes I was going to stay look at the query again it has the password listed in there. Also I don't know if I did it up there but you could md5 the password as well if you have md5 protection on your passwords.

filburt1 06-08-2003 01:59 AM
Quote:
Today at 04:34 PM MUG said this in Post #9
$_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']
Important to note that $_SERVER['PHP_AUTH_PW'] is the unhashed/unencrypted/plain text version of the password, so obviously never display it on a page. ;)

Dean C 06-08-2003 09:08 AM
HTTP authentication eh ;)...

Dean C 06-08-2003 10:23 AM
Ok i did a little research into this earlier today using the functions given on php.net...

It's very odd i must say...

For starters you're not comparing usernames from anywhere and seeing if the login is correct. I simply put anything in the box and it works...

Am i missing something here ;)?

- miSt

MUG 06-08-2003 10:59 AM
Here is a very simple example that doesn't check anything against a database.

PHP Code:
if(ini_get('register_globals') == false) {
  extract($HTTP_SERVER_VARS);
}

if(!isset($PHP_AUTH_USER$PHP_AUTH_PW) or $PHP_AUTH_USER != 'username' or $PHP_AUTH_PW != 'seekrit') {
  header("HTTP/1.0 401 Authorization Required");
  header('WWW-Authenticate: Basic realm="please login"');
  die('You entered an incorrect username/password combination.');

Username/User ID is 'username'
Password is 'seekrit'

Dean C 06-08-2003 11:08 AM
Ok that works pretty well.. i'm pretty sure i can modify that myself to work with a user database... however where do i change the code so for example it does something when its logged in...

I.e. displays a message "You are logged in" if the authentication works :)

- miSt

MUG 06-08-2003 11:11 AM
Quote:
Today at 08:08 AM Mist said this in Post #15
Ok that works pretty well.. i'm pretty sure i can modify that myself to work with a user database... however where do i change the code so for example it does something when its logged in...

I.e. displays a message "You are logged in" if the authentication works :)

- miSt
PHP Code:
if(ini_get('register_globals') == false) {
  extract($HTTP_SERVER_VARS);
}

if(!isset($PHP_AUTH_USER$PHP_AUTH_PW) or $PHP_AUTH_USER != 'username' or $PHP_AUTH_PW != 'seekrit') {
  header("HTTP/1.0 401 Authorization Required");
  header('WWW-Authenticate: Basic realm="please login"');
  die('You entered an incorrect username/password combination.');
}

echo "You are logged in."


All times are GMT. The time now is 01:05 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01346 seconds
  • Memory Usage 1,761KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_php_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (16)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete