Integration with vBulletin - Flashchat Integration for vB 3.5

This modification is no longer available or supported.

Flashchat integration with vBulletin 3.5

Note:
The latest versions of Flashchat include my integration as part of the standard Tufat supplied files - including the vBulletin 3.5 CMS file.


vB 3.5 integration allows ;

* Authorised members to be automatically logged in.
* All non authorised members are locked out (both are based on usergroup membership).
* If enabled, the users location is now displayed in WOL (use the plugin to avoid "Unknown Location").
* The CMS file no longer requires your vb licence code to be entered.
* Automatic login now works even if a member has not ticked "remember me".

Also ;

* Real ip detection when a proxy server is used (only if the proxy server passes on the details).
* Permanant, Private Rooms are loaded by Admins (and moderators in 4.5.0) (allows for Staff Rooms).


More notes:

* This integration is for Flashchat versions 4.7.0 upwards, support for versions prior to this has been withdrawn.
* If you use non standard usergroups you will need to edit the CMS file to give them permission to enter the chat.

[high]The CMS file assumes that you are installing Flashchat in your forum root folder - this is the same folder as your usercp.php file and includes folder. Installation will fail if you do not do this.[/high]

Support: Please check any file edits carefully, and make sure you have uploaded any edited files to the correct location - the vast majority of problems reported are due to an error made in editing [or uploading] a file. If you are still stuck and want me to take a look then feel free to PM me your site address, an admin user, and ftp access details, without these I cannot help you. I will then look as soon as I have time.

Finally, I am not Tufat.com nor anything to do with the Flashchat product - if you have questions about Flashchat in general, their forums are here.


History:

2.53 - Support for customer role added.
2.54 - GetUser caching added.
2.55 - Lastactivity update added, caching altered to match main flashchat code.
2.56 - Support for 4.5.x photo feature added with choice of avatar or profile picture.
2.57 - Changes for local language translations. Session cookie cleared on logout.
2.58 - Security fix: Integrated login code altered to cut out the use of insecure userid cookie.
2.59 - GetUser caching re-enabled, Port fix added for pre 3.5 RC3 versions of config.php
2.60 - Added the ability to login direct to a room using ../chat/flashchat.php?username=_int_&room=n
2.61 - Changes to User and Role Caching.
2.62 - Minor fix to Get User for membergroupids.
2.63 - Security (anti-hacking) code added (as supplied by Darren).
2.64 - Usergroup settings moved to top of CMS file.
2.65 - Fixed error message when accessing chat admin area.
2.66 - Default role changed.
2.67 - Minor bug fix to Avatar detection, login code changes, tidy up.

[TunerNetwork]

Im lookin at it now paul, do you know what part I edit, and what do you recommend for a setting, thanks again

[JAYEMULE]

I have the Flashchat installed for a while now and forum members really enjoy it. Thanks kindly for putting this 'hack' together for us.
I have one question now though. When I installed it I set it up on only one forum style. I would like to add the flashchat link to the header of the other style in my forum but I can not seem to find the instructions on how to do this. Do I have to install it all over again for the other style or is there a way to add the flashchat link to the second style header ?
Thanks kindly for your time in helping with this as well.

Jaye
The Mule Skinners Forum

[JAYEMULE]

OK you can disregard my last post. I got it figured out

Jaye

[TunerNetwork]

Quote:

Originally Posted by Paul M

Check the settings in the flashchat config file.

what part do i edit? im checking now

[RFViet]

I found this from Tufat.com: http://www.tufat.com/docs/flashchat/integration.html
is it the same to your hack ??
If it's not, do i have to intergrate flashchat to vB before using your hack ???

[RFViet]

Where should I upload the add-ons to ???

[Paul M]

Did you read the note in the main post.

[RFViet]

Quote:

Originally Posted by Paul M

Did you read the note in the main post.

I did, but the WOL function doesn't work, so I try to upload the Add-ons :surprised:
Do I need to modify template ??

[Railen]

Anyone have an issue where the javascript dropdown menu divs (such as quick links) are hidden behind the iframe / flash object? I've been looking for a solution for some time now. I've tried setting the div z-index style to 2:

Quote:

<!-- user cp tools menu -->
<div class="vbmenu_popup" id="usercptools_menu" style="display:none; z-index:2">

and the iframe z-index to 1:

Quote:

<iframe style="z-index:1" src="http://.../forum/chat/flashchat.php" ...

This doesn't seem to fix it.

I've also tried adding the following to the object tag in flashChatTag.php:

Quote:

<param name="wmode" value="transparent">

This doesn't work either. I'm getting kinda annoyed here...

[6impy]

What is being done to improve FlashChat's integration security?

Just look at how easy it is to fake a login as an administrator:

http://www.tufat.com/forum/showthread.php?t=14166

Quote:

Hi,

i use a vBulletin 3.5.3 with FlashChat 4.4.2.

In this combination i have the following problem:

- I login in vb
- I enter the chat and leave them => a cookies "chat xxflashchatid" was set, the content of this cookie is my userid (i.e. 1)
- then I change the userid to another value, i.e. 33 (33 is the vb userid of another existing user)
- after this i can enter the chat as user 33 without a password !

So I can fake any user in the chat. I need a valid login only.

How can I eliminate this security vulnerability?
Reply With Quote

---

You actually were able to gain moderator powers having initially logged in as a normal user?

Edit:

Everything he said is true. I was able to log in as a regular user, change the user id in the cookie "bbflashuserid" to an admin's user id, and have access to all the admin powers.

This is a joke!

I don't care if this issue is fixed in new version. I will never use FlashChat again.

If the individual(s) who programmed FlashChat are clueless enough to include a hole like this, then I don't want any of their code running on my server.