Thread: How to force user to log in again when he/she enters user cp?
View Single Post
  #1  
Old 09-30-2010, 04:27 PM
ART's Avatar
ART ART is offline
 
Join Date: Feb 2002
Location: Opole, Poland
Posts: 20
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default How to force user to log in again when he/she enters user cp?
I have some sensitive private data userfields in my user profiles.

I want to force a user to log in again to access at least his/her profile edit page (or force log out and show again log in form before accessing this page).

When somebody has the "remember me" option set it is very likely that he/she leaves an opened session in a public place and somebody can view this data, read his/hers PMs and so on.

How can I accomplish that on vb38x?

deleting user session in DB alone does not work - I have to reset user's cookies, too I believe. This snippet put into init_startup hook does not work:

PHP Code:
$logout_time $vbulletin->input->clean_gpc('c'COOKIE_PREFIX 'nextlogout'TYPE_UINT);

if (TIMENOW $logout_time)
{

    // clear authentication cookies
    vbsetcookie('sessionhash''');
    vbsetcookie('userid''');
    vbsetcookie('password''');

    // set next clear time
    vbsetcookie('nextlogout'TIMENOW 900); // 900 = 15 min

Maybe I'm missing something... any hints appreciated
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01468 seconds
  • Memory Usage 1,767KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete