Simple vB User login and access control on non vB pages
 

Hack Description

This is a cut down version of the user authentication and access control system I use on the non vB pages on my website.

This uses the vB 4.0 login system to log you in and out. It allows you to move between your forums and other pages on your site while remaining logged in.

It allows you to do things such as restrict pages by usergroup, display different content depending on a user being logged in or not.
For example, you can have banner Adds displaying to non members only, and/or let members access to specific content.

I've cut it down to the bare minimum that it needs to work, no fancy stuff such as avatars, PM's, or even formating. (That is in the Deluxe version - not yet released)

This is not supported, but if any questions / issues are posted here (not PM'ed or emailed) I will try and answer them if I have time.

This code is a mix of my own, and pieces I have used from other hacks that are floating around.

This script has been confirmed as working on

• vB 4.0 beta3

Change log

Version 4.00 (15th November 2009)

• Initial vB 4.0.x release

Click on Install
If you have this script installed then please click on the install link because;

• You will get notified if any security issues are reported.
• You will get notified when there are any upgrades to this script
• It gives me a warm fuzzy feeling and motivates me to develop more :)

Note - The following troubleshooting tips work on vB 3.7 & 3.8, they have not yet been proven on vB 4.0

Usage

The hack is pretty useless without some usage instructions so here they are.

We can use conditionals to hide or display depending on a number of things such as
Logged in or out status,
or restrict to members of a specific usergroup.

We do this by using conditionals in php tags where the normal content of a webpage would go.


If you want something only accessable to a certain usergroup, use this code in your webpage. This example is only visible to members of usergroup 6.
You can use a simple variation of this to restrict entire pages to a certain usergroup.
For example,
You can of course use multiple usergroups by just modifiying the if statement a little.
For example:

Another use is to display different content to users depending on if they are logged in or not. For example
Another use is to restrict advertising to people who are not logged in.
For example
Of course you can play around with conditionals to do a whole range of things, these are just brief example snippets.



Troubleshooting

If your reading this chances are you are having problems.

Here are some common causes and fixes.

1. Headers already sent or cookies already sent errors. Chances are that there is something, even just a space before the 4 lines of code in part 1. Edit this and ensure that there are no spaces before it.
   
   
   
2. Path problems are the next biggest problem. Your paths must be exact else it will not work. Double check that all paths are correct.
   If you are unsure what the path is place the following code in a page all by itself.
   
   PHP Code:

   ---

   <?php 
echo getcwd(); 
?>

   ---

   Name this file something like path.php then upload it to your website, browse to it and it will show you the exact path to your sites root.
   
   
   
3. Appears to login ok, but wont show you as logged in
   Often caused by the vB cookie path setting.
   To fix log into you vB admin area;
   
   Code:

   ---

   AdminCP -> vBulletin Options -> Cookies and HTTP Header Options -> Path to Save Cookies

Change

'Suggested Settings' dropdown from '/forums/' to '/' or 'yourdomain.com'

   ---

   
   
4. Subdomains and cross site logins
   This is a known issue with many scripts (not just this one), sometimes fixable sometimes not. Its caused by vB, PHP and your hosts security measures.
   
   First change your "cookie domain" settings.
   vB Admin > Control Panel > Cookies and HTTP Header Options > Cookie Domain
   Change it from being blank to
   
   PHP Code:

   ---

   .yourdomain.com 


   ---

   You may need to set a post referrer in your whitelist.
   vB Admin > Control Panel > General Settings > Post Referrer Whitelist
   Instructions on what to enter are listed where you change this setting.
   
   That should fix it if your forum is a subdomain.
   
   If that fails then,
   Open your /forum/login.php file and look for this code:
   
   PHP Code:

   ---

   error_reporting(E_ALL & ~E_NOTICE); 


   ---

   Below that add
   
   PHP Code:

   ---

   define('SKIP_REFERRER_CHECK', true); 


   ---

   Now save this and overwrite the file on the server with this one.
   
   A further reported work around is to make a copy of the required Forum Forum files on your second Server. Then you must set in the config.php on the second server to use the ip of the server with which the VB-Database is running.
   
   
   
5. 404 Error on expiring passwords
   Cause - When redirected for expired password you are redirected to the directory that your login script is located in, not your forums root.
   
   Fix - Edit phrase called
   Code:

   ---

   passwordexpired

   ---

   Your current phrase should be
   
   Code:

   ---

   Your password is {1} days old, and has therefore expired.<br />
<br />
Please change your password using <a href="profile.php?{2}do=editpassword">this page</a>.

   ---

   change it to
   
   
   Code:

   ---

   Your password is {1} days old, and has therefore expired.<br />
<br />
Please change your password using <a href="../forums/profile.php?{2}do=editpassword">this page</a>.

   ---

   where ../forums/ is your forums directory.
   
   
   
6. Still got problems?
   It may be a conflict with somthing already in your site.
   To check this we can just make a simple page.
   Call it test.php and use just this code in it.
   (Make sure there is no whitespace before the 1st line)
   
   PHP Code:

   ---

   <?php
$curdir = getcwd ();
chdir('/path/to/your/forums');
require_once('/path/to/your/forums/global.php');
chdir ($curdir);
?>
<html> 
<body> 
This is a heading<br /> 
This is some more stuff <br /> 
And another line<br /> 
You get the idea<br /> 
Just place stuff as you normally would with HTML<br /> 
I use CSS to style and position on my site fwiw<br /> 
<br /> 
How about we put the login box right under here?<br /> 
<br /> 
<?php 
    require_once('/path/to/your/login_inc.php'); 
?> 
</body> 
</html>

   ---

   Naturally, change paths to fit your forums, then upload it.
   Browse to it and run it.

thaanks
reserved

Reserved till i get my site up. I have been waiting for this. Glad it wasnt long! :)

Is this correct or a typo -
Do you mean login_inc.php?

Where do we put the login_inc file included with this hack? Any special directory, or whichever directory we are running the script?

Thanks. :)

*Edit -

Also, do these statements work with the new VB code?

The first is a typo, login_inc.php is what it is named (unless you change it)

And the statements do work.

However I do have an issue. I can't use the statements twice. Not sure what is going on but if I used the statement once, it doesn't work to use it again.

Whoopsie :o
Sorry about that, its just a typo.
login_inc.php is correct.
I will fix it.

Just put it wherever you want, as long as you change the path to suit it should be fine.
I normally just put it under something like mywebside.com/includes/

Your example code:In case a site has 14 or 51 usergroups they want to control, I think it might be an idea to use the array and check against it?

untested:

If you want to allow a number of groups that would probably be a better way of doing it.
Ive only ever used it to allow extra stuff for Admins and Mods so I never really had a need to optimise it for a large number of groups.

Im getting this error -

My file paths are correct and there is no white space. Any idea's?