Thread: Hack like the vB members area forum access section?
View Single Post
  #7  
Old 11-07-2002, 10:27 PM
Logician's Avatar
Logician Logician is offline
 
Join Date: Nov 2001
Location: inside vb code
Posts: 4,449
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally posted by rochen
http://yoursite.com/forum/misc.php?action=iamacustomer&user=username ? So they don't need to login or whatever after...
it wouldnt be a good idea since you can put others username there..

Most people has already set cookies on in the forum settings and if this is the case, they wont need to login when they visit that page. (I assume the username you refer is vb username?)

Quote:
also is there anyway I can check the refer of the "iamacustomer" to stop anyone just putting the link in their browser? For example if refer = xyz.com OK if not then NOT OK... ?
I was expecting this question.. :glasses:

Referrer is not a secure enough mainstay as it can easily be manipulated. If you want to secure the dir you have to check another criteria of the visitor which you can count more. I dont know what this would be for your site.

But if you still want the referrer check anyway, here is how:
edit global.php (in forum dir, not admin dir)

right after <?php add:
PHP Code:
$log_referrer=getenv('HTTP_REFERER'); 
Then in the hack code you can check it like:
PHP Code:
if ($log_referrer!="your url here") {show_nopermission();} 
This is not tested and I dont know how good it will work but this is the general algorithm for referer page check..

Regard my suggestion above..

Enjoy..

@mist: yw but IMO following an URL for usergroup change is not the best solution for you.. Check this solution for making it password/special user profile field based.. Should fit better to your needs..
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01156 seconds
  • Memory Usage 1,768KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete