vb.org Archive - View Single Post - Integration with vBulletin

Mark Tomlinson · #57 04-10-2008, 04:15 AM

Quote:

Originally Posted by oasi

Ops!
It was my fault

But there's an other problem...
Now my administrators/moderators can't login to the admin interface/moderation interface, because the DISABLE_PASSWORD_CLEARING thing doesn't work with these validation forms.

I tried to set this definition in admin/global.php and modcp/global.php but the passwords continue to pass MD5 codified (and empty value in the vb_login_password var).

I know that i can put these login in the ldapconfig.php field to skip the LDAP validation, but there could be other way to perform this??

Thanks

Crap. I didn't post all of the code. I will correct post #47, above. But here is the piece I missed.

PHP Code:


			
/**********
      *  DO NOT execute if one of the users is in VB and LDAP (list in
config file)
      ***********/
//    ----  Modified by Mark Tomlinson - 12/04/2007 ----
//    if($_POST[vb_login_username] != "$nosearch")
      if (($_POST[logintype] != 'cplogin')
      AND ($_POST[logintype] != 'modcplogin')
      AND ($_POST[vb_login_username] != '$nosearch'))
//    ----  End Modifications ----
      {

What this does is avoid going through LDAP authentication for the admin and moderator control panels.

Why, you ask? What Zemic's plug-in does is put an MD5 hash of your password into the vBulletin database if you pass LDAP authentication, or garbage if you don't pass LDAP authentication. Then it returns control to vBulletin, who goes through the usual authentication process and MD5 hashes the password and compares it to the hash on file. Therefore, assuming that the moderators and admins sign into the forum first and the correct LDAP password hash is in the database, the admin and moderator sign-in pages don't have to go through this process again.

The only time this doesn't work is if the admin or moderator changes their LDAP password and then goes to the control panel without signing onto the forum. And that can happen if they check the "Remember Me" box for the forums. I haven't worked out a solution to that yet.

Suggestions welcome.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01104 seconds Memory Usage 1,779KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD_SHOWPOST (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_php (1)bbcode_quote (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_box (1)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit_info (1)postbit (1)postbit_onlinestatus (1)postbit_wrapper (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit reputationlevel showthread	Included Files: ./showpost.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showpost_start bbcode_fetch_tags bbcode_create postbit_factory showpost_post postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start showpost_complete
Messages: