Thread: User and Password synchronization
View Single Post
  #2  
Old 04-05-2012, 05:11 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by nullified View Post
However: is it a bother to block changing the password and email address inside of vBulletin?
I don't think so. I think you can edit template USERCP_SHELL and take out the link to "Edit Email and Password", which looks like this:

Code:
<li class="{vb:raw navclass.password}"><a href="profile.php?{vb:raw session.sessionurl}do=editpassword">{vb:rawphrase edit_email_and_password}</a></li>

or I suppose if you wanted to you could change it to link to somewhere else. Also, you'll want a plugin using hook location profile_start that checks for $_REQUEST['do'] == 'editpassword' or $_POST['do'] == 'updatepassword' and does something like print_no_permission().



Quote:
...if that is the case, would it be possible to simply write the md5 hashs with every synchronization and rely on that fallback to make it smooth for the users
I'm not sure I understand this, but the password stored in the vb database is md5(md5(password) . salt). verify_authentication() is written to accept plain text passwords or md5(password), I think because if a user doesn't have js enabled there's no choice but to send the plain password. You can also define the value DISABLE_PASSWORD_CLEARING (like in the config.php file) so that the plain text password will be sent even if the md5password is also sent (otherwise only one or the other will be filled in).

Also, in case this matters to you - if the user has checked "remember me", the password is saved in a cookie and I don't believe verify_authentication() is called in that case.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01426 seconds
  • Memory Usage 1,766KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code
  • (2)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete