The Arcive of Official vBulletin Modifications Site.

Logician · #7 11-07-2002, 10:27 PM

Quote:

Originally posted by rochen
http://yoursite.com/forum/misc.php?action=iamacustomer&user=username ? So they don't need to login or whatever after...

it wouldnt be a good idea since you can put others username there..

Most people has already set cookies on in the forum settings and if this is the case, they wont need to login when they visit that page. (I assume the username you refer is vb username?)

Quote:

also is there anyway I can check the refer of the "iamacustomer" to stop anyone just putting the link in their browser? For example if refer = xyz.com OK if not then NOT OK... ?

I was expecting this question.. :glasses:

Referrer is not a secure enough mainstay as it can easily be manipulated. If you want to secure the dir you have to check another criteria of the visitor which you can count more. I dont know what this would be for your site.

But if you still want the referrer check anyway, here is how:
edit global.php (in forum dir, not admin dir)

right after <?php add:

PHP Code:


			
$log_referrer=getenv('HTTP_REFERER');

Then in the hack code you can check it like:

PHP Code:


			
if ($log_referrer!="your url here") {show_nopermission();}

This is not tested and I dont know how good it will work but this is the general algorithm for referer page check..

Regard my suggestion above..

Enjoy..

@mist: yw but IMO following an URL for usergroup change is not the best solution for you.. Check this solution for making it password/special user profile field based.. Should fit better to your needs..

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.03816 seconds Memory Usage 2,428KB Queries Executed 12 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (4)bbcode_php (3)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (7)post_thanks_box (7)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (7)post_thanks_postbit_info (7)postbit (7)postbit_onlinestatus (7)postbit_wrapper (1)showthread_list (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_threadedmode.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids_threaded showthread_threaded_construct_link showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!