Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Reload this Page How to force user to log in again when he/she enters user cp?
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 09-30-2010, 04:27 PM
ART's Avatar
ART ART is offline
 
Join Date: Feb 2002
Location: Opole, Poland
Posts: 20
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default How to force user to log in again when he/she enters user cp?
I have some sensitive private data userfields in my user profiles.

I want to force a user to log in again to access at least his/her profile edit page (or force log out and show again log in form before accessing this page).

When somebody has the "remember me" option set it is very likely that he/she leaves an opened session in a public place and somebody can view this data, read his/hers PMs and so on.

How can I accomplish that on vb38x?

deleting user session in DB alone does not work - I have to reset user's cookies, too I believe. This snippet put into init_startup hook does not work:

PHP Code:
$logout_time $vbulletin->input->clean_gpc('c'COOKIE_PREFIX 'nextlogout'TYPE_UINT);

if (TIMENOW $logout_time)
{

    // clear authentication cookies
    vbsetcookie('sessionhash''');
    vbsetcookie('userid''');
    vbsetcookie('password''');

    // set next clear time
    vbsetcookie('nextlogout'TIMENOW 900); // 900 = 15 min

Maybe I'm missing something... any hints appreciated
Reply With Quote
  #2  
Old 09-30-2010, 11:18 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I'm not sure I completely understand what you're trying to do, but I think vbsetcoookie sets the cookies to be returned, which won't be seen until the next page load. Maybe what you want to do is also clear $vbulletin->GPC[COOKIE_PREFIX . 'sessionhash'].
Reply With Quote
  #3  
Old 10-01-2010, 11:01 AM
ART's Avatar
ART ART is offline
 
Join Date: Feb 2002
Location: Opole, Poland
Posts: 20
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Thanks kh99,

lets say I have here:

https://vborg.vbsupport.ru/profile.php?do=editprofile

a private profile user field with a user's home address or whatever sensitive data.

I would like to make this area more secure, as I said, when a user logs in on a public computer and forgets to log out, somebody else can easy access https://vborg.vbsupport.ru/profile.php?do=editprofile and see the data which is supposed to be private.

In other words - i'd like to make the usercp area secure as modcp or admincp area which requires logging in after certain inactivity time ignoring the ticked "Remember me" option.
Reply With Quote
  #4  
Old 10-01-2010, 12:15 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Sorry - I did get what you were trying to do, I guess what I meant was that I'm not sure exactly how you were planning to do it.
Reply With Quote
  #5  
Old 10-01-2010, 12:46 PM
ART's Avatar
ART ART is offline
 
Join Date: Feb 2002
Location: Opole, Poland
Posts: 20
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Ah, sorry, my English is not that good as I thought. I did some (I believe) extensive search to find something helpful, but failed. Thanks for help.

Maybe there is a modification that uses the vbulletin core (include global.php) and for its purposes resets a user's session and requires him to log in again for security reasons to access its pages - then i suppose i would find an answer within that mod/hack.
Reply With Quote
  #6  
Old 10-01-2010, 01:30 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
No, it's my English - I didn't say what I meant.

I know there's one place in vBulletin where it asks you to log in again - that's when you try to use "delete as spam" on a post (around line 137 in inlinemod.php). It seems to use show_inline_mod_login() and inlinemod_authenticated() which are in includes/modfunctions.php. These can't be used directly (because they check for moderating permissions) but maybe you can figure out how they work and adapt them.
Reply With Quote
  #7  
Old 10-01-2010, 01:36 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
vB forces moderators to log in again during their session to do inline moderating (if the admins have that option on), so why not check out that code?
Reply With Quote
  #8  
Old 10-01-2010, 03:01 PM
ART's Avatar
ART ART is offline
 
Join Date: Feb 2002
Location: Opole, Poland
Posts: 20
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
hA! thanks, good trace I suppose, I'll check that out.
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 01:30 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04780 seconds
  • Memory Usage 2,231KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete