Deluxe vB User login and access control on non vB pages

Hack Description

This is the deluxe version of the user authentication and access control system I use on the non vB pages on my website.
For the simple no frills version look here.

This uses the vB 3.5 login system to log you in and out. It allows you to move between your forums and other pages on your site while remaining logged in.

It allows you to do things such as restrict pages by usergroup, display different content depending on a user being logged in or not.
For example, you can have banner Adds displying to non members only, and/or let members access to specific content.

It also displays the logged in users Avatar, number of unread PM's, New posts since last visit, total posts and total threads.
It also allows you to specify a maximum Avatar size, and resize any avatars larger than that, while keeping their height/width ratios in proportion!
Its very handy if you allow large avatars, but want a small format display on your non forum pages.

If the user is not logged in, a login box is displayed, along with total posts and total threads in the forums.

I will try and offer support, but work and family commitments mean I dont have much free time.

This code is a mix of my own, and pieces I have used from other hacks that are floating around.

This is a work in progress and currently a beta version. It was a little rushed as a few people were pushing for it Its missing a couple of planned things like newest member etc, but they will be added in a later version.

This script has been confirmed as working on

• vB 3.5.x - All Versions
• vB 3.6.x - All Versions

Known Bugs
Will not display Avatars correctly if they are kept in the file system (database avatars are fine)

Changelog

Version 2.20 (24th April 2007)

• Fixed - // in paths bug
• Fixed - Javascript warning in some browsers
• Fixed - Tidied up some code
• Fixed - Avatar display code bug

Version 2.10 (4th June 2006)

• Fixed - "MySQL Error : Invalid SQL " when using Database thread/forum marking.
• Fixed - Javascrip error in some versions of IE.

Version 2.00 (16th April 2006)

• Fixed - "MySQL Error : Unknown column 'newposts' in 'field list' "
• Fixed - Number of PM's not displaying in all installs.
• Added - Displays date and time of last login.
• Added - Total number of saved PM's.

To upgrade just overwrite the existing login_inc.php file with the new one.
You will need to re-edit the path on line 3 and also redo any formatting changes you may have done for the last version.

Version 1.0 (15th Feb 2006)

• Initial Release

Click on Install
If you have this script installed then please click on the install link because;

• You will get notified if any security issues are reported.
• You will get notified when there are any upgrades to this script
• It gives me a warm fuzzy feeling and motivates me to develop more

Donations
First of all, to be clear. This script is 100% free.

However if you feel an urge to donate I'm not going to say no.
Donations can be made at http://www.billspaintball.com/vb3/bd_donate.php

[Billspaintball]

Edit: This usage and trouble shooting guide has been updated as of 24th of April 2007


Usage

The hack is pretty useless without some usage instructions so here they are.

You can resize avatars, keeping them to their origional proportions to make them fit your prefered layout.
For instance, if you are using a fixed width column layout.
Do this by editing lines 5 and 6 in login_inc.php
These values are in pixels.

We can use conditionals to hide or display depending on a number of things such as
Logged in or out status,
or restrict to members of a specific usergroup.

We do this by using conditionals in php tags where the normal content of a webpage would go.


If you want something only accessable to a certain usergroup, use this code in your webpage. This example is only visible to members of usergroup 6.

PHP Code:

<?php
if ($vbulletin->userinfo['usergroupid'] == '6' )
    {
    echo "This is only visible to people in usergroup 6";}
    ?>

You can use a simple variation of this to restrict entire pages to a certain usergroup.
For example,

PHP Code:

<?php
if ($vbulletin->userinfo['usergroupid'] == '6' )
    {
    echo "Have stuff for here";
             } else {
             echo "You do not have permission for this page"; }
    ?>

Another use is to display different content to users depending on if they are logged in or not. For example

PHP Code:

<?php
If ($vbulletin->userinfo['userid']!=0)
    {    
    echo "Your logged in so we can display this";
    } else {
    echo "Your not logged in so we display this";
    }
?>

Another use is to restrict advertising to people who are not logged in.
For example

PHP Code:

<?php 
if ($vbulletin->userinfo['userid'] <1) { echo"add code stuff goes here"; } 
?>

Of course you can play around with conditionals to do a whole range of things, these are just brief example snippets.



Troubleshooting

If your reading this chances are you are having problems.

Here are some common causes and fixes.

1. Headers already sent or cookies already sent errors. Chances are that there is something, even just a space before the 4 lines of code in part 1. Edit this and ensure that there are no spaces before it.
   
   
   
2. Path problems are the next biggest problem. Your paths must be exact else it will not work. Double check that all paths are correct.
   If you are unsure what the path is place the following code in a page all by itself.
   
   PHP Code:

   <?php 
echo getcwd(); 
?>
   Name this file something like path.php then upload it to your website, browse to it and it will show you the exact path to your sites root.
   
   
   
3. Appears to login ok, but wont show you as logged in
   Often caused by the vB cookie path setting.
   To fix log into you vB admin area;
   
   Code:

   AdminCP -> vBulletin Options -> Cookies and HTTP Header Options -> Path to Save Cookies
   
   Change
   
   'Suggested Settings' dropdown from '/forums/' to '/' or 'yourdomain.com'

   
   
4. Subdomains and cross site logins
   This is a known issue with many scripts (not just this one), sometimes fixable sometimes not. Its caused by vB, PHP and your hosts security measures.
   
   First change your "cookie domain" settings.
   vB Admin > Control Panel > Cookies and HTTP Header Options > Cookie Domain
   Change it from being blank to
   
   PHP Code:

   .yourdomain.com 

   You may need to set a post referrer in your whitelist.
   vB Admin > Control Panel > General Settings > Post Referrer Whitelist
   Instructions on what to enter are listed where you change this setting.
   
   That should fix it if your forum is a subdomain.
   
   If that fails then,
   Open your /forum/login.php file and look for this code:
   
   PHP Code:

   error_reporting(E_ALL & ~E_NOTICE); 

   Below that add
   
   PHP Code:

   define('SKIP_REFERRER_CHECK', true); 

   Now save this and overwrite the file on the server with this one.
   
   A further reported work around is to make a copy of the required Forum Forum files on your second Server. Then you must set in the config.php on the second server to use the ip of the server with which the VB-Database is running.
   
   
   
5. 404 Error on expiring passwords
   Cause - When redirected for expired password you are redirected to the directory that your login script is located in, not your forums root.
   
   Fix - Edit phrase called
   Code:

   passwordexpired

   Your current phrase should be
   
   Code:

   Your password is {1} days old, and has therefore expired.<br />
   <br />
   Please change your password using <a href="profile.php?{2}do=editpassword">this page</a>.

   change it to
   
   
   Code:

   Your password is {1} days old, and has therefore expired.<br />
   <br />
   Please change your password using <a href="../forums/profile.php?{2}do=editpassword">this page</a>.

   where ../forums/ is your forums directory.
   
   
   
6. Still got problems?
   It may be a conflict with somthing already in your site.
   To check this we can just make a simple page.
   Call it test.php and use just this code in it.
   (Make sure there is no whitespace before the 1st line)
   
   PHP Code:

   <?php
$curdir = getcwd ();
chdir('/path/to/your/forums');
require_once('/path/to/your/forums/global.php');
chdir ($curdir);
?>
<html> 
<body> 
This is a heading<br /> 
This is some more stuff <br /> 
And another line<br /> 
You get the idea<br /> 
Just place stuff as you normally would with HTML<br /> 
I use CSS to style and position on my site fwiw<br /> 
<br /> 
How about we put the login box right under here?<br /> 
<br /> 
<?php 
    require_once('/path/to/your/login_inc.php'); 
?> 
</body> 
</html>
   Naturally, change paths to fit your forums, then upload it.
   Browse to it and run it.

[Snake]

Awesome! Just awesome!

[AraServ]

Goood

[chimaira]

Hah amazing.. Going to try it now

[Hornstar]

does it have to be on the same server or can you make it read off the database from another site?

[Billspaintball]

Quote:

Originally Posted by hornstar1337

does it have to be on the same server or can you make it read off the database from another site?

Needs to be on same domain.

[White_Snake]

i got this error when i run the script:
[sql]
Database error in vBulletin 3.5.3:

Invalid SQL:
UPDATE session SET newposts = '' WHERE userid = '1';

MySQL Error : Unknown column 'newposts' in 'field list'
Error Number : 1054
Date : Sunday, February 19th 2006 @ 06:56:38 PM
[/sql]

maybe a bug

[kr580]

Quote:

Originally Posted by White_Snake

i got this error when i run the script:
[sql]
Database error in vBulletin 3.5.3:

Invalid SQL:
UPDATE session SET newposts = '' WHERE userid = '1';

MySQL Error : Unknown column 'newposts' in 'field list'
Error Number : 1054
Date : Sunday, February 19th 2006 @ 06:56:38 PM
[/sql]

maybe a bug

I get the same exact message. Any ideas?

[nicedreams]

Quote:

Originally Posted by kr580

I get the same exact message. Any ideas?

There is no newposts field in the session table.

Jim