Quick Account Switch v1.2

Quick Account Switch v1.2.
by Ianomed

Uses of this hack:

This account will let you string together several accounts owned by the same person. Of course it will also let you string together accounts owned by different people, but that's a dangerous thing to do.

What then is the use of stringing accounts together? Well, this hack will let you switch from one to the other account without having to log out, then log in again. Those interested in the technical aspect I refer to the addition made to login.php, it's all quite simple. You'll see now why it's dangerous to string together your account with someone else's, they'd be able to switch to your account.

I wrote this for two play-by-board RPGs that I frequent, at each of which I have several accounts, an account for each character. This lets me assume another account in moments.

It's also used by admins to switch between test accounts quickly.

Maybe you'll find other uses, eh?

Changes required:

1. Adding of 1 field to user table (installer will try to do this)
2. Adding of 18 phrases (installer does this)
3. An addition to admincp/user.php
4. An addition to global.php
5. An addition to login.php
6. A modification to the navbar template (for each style)
   
   Time needed: 20-30 minutes
   Difficulty rating: moderate

Known issues with v1.2:

Changing the username of an account that's either a slave or master, it does not update these cached usernames. This will be taken care of in v1.3.
Work-around: If you rename a user, unlink it first, and relink after the renaming.
Since I don't see this happening very often on any board I'm releasing v1.2 with this caveat.

Item of note:

For some obscure reason vBportal does NOT play nice with this hack. It'll introduce cookie/header errors. Either do not install this hack if vBportal is installed, or vice versa. Since I don't plan on spending $20 to buy software I'll never use, there's no intention on my part to work out that problem. You're good to go with vbadvanced CPMS, however, this has been tested.

Warranties:

None, in the instructions you'll notice I tell you to backup before applying the hack. I've tested it on 4 boards, each of which have additional hacks installed, and it runs on many more. If it doesn't for you then, well... roll back the changes you've just made and blame yourself.

Tested (and works) on:

• vB 3.0.3. - vanilla
• vB 3.0.1. - vanilla
• vB 3.0.3. - With vbAdvanced Homepage / CPMS (out of the box)
• vB 3.0.1. - With vbAdvanced Homepage / CPMS (out of the box)
• vB 3.0.3. - With vBindex v3.0.0 RC5 (Instructions by bondjetta)
• vB 3.0.3. - Nexialys - ACP cookie hack. <- Recommended combination
• vB 3.0.1. - Nexialys - ACP cookie hack. <- Recommended combination
• vB 3.0.3. - Assorted mods

Future plans:

• v 1.3 - Optionally displaying the linked accounts on the public profile. (i.e. 'I am also ....')
• v 1.3 - Fix user rename issue (see known issues, above).
• v 1.3 - Under Users in the ACP add a Manage Linked Accounts option, listing all linked accounts and their slaves.
• v x.x - Very maybe: allow sharing of a secondary account between two users. This is the trickiest of all, since when on that account, who should you allow switching back to in a way that can't be circumvented.

Future non-plans (I will probably never implement these):

• A 'let users link accounts themselves' mode.

Thanks to Oblivion Knight for the updated dropdown look.

Enjoy

--- History ---
v1.2 - 17th November 2004

• Removed username colouring, it's not really necessary and only adds extra queries.
• No longer uses a custom profile field, instead an extra field in the usertable is made
• Fully phrased, installer written to add phrases
• The usernames for the linked accounts are cached, this means that running the hack now takes no extra queries at all for those logged on as master, or who have no linked accounts. Being logged on as a slave account adds only 1 query per page view, this used to be more too.

v1.1.1 - 27th October

Fixes session expiration problem occuring after switch. Users are encouraged to upgrade. To upgrade follow the instructions in switch_11_to_111.txt. For new installs the corrected code is in switch_111.txt, the installation instructions.

v1.1 - 26th October

Fixes a flaw where on some MySQL versions IDs were matched improperly, also the new session is now permanent. Users are encouraged to upgrade.
To upgrade roll back and redo the changes to global.php and login.php, no changes were made to the template or custom field.

v1.0 - 25th October 2004

initial release

[Ianomed]

Not exactly, bondjetta.

Bitg, this is run on the two RPG forums I initially cobbled it together for. And as such lets a dozen or so people switch between their various accounts.

With the hack as it is at the moment the admin will have to define the slave accounts on the main user's profile (from the ACP). In v1.2 this selection will be easier still, not requiring to enter the UserID number.

As for allowing users to string together their various accounts themselves: this I listed as 'future non-options (things I'm likely not to implement)'.

So while it works for several accounts to have slave accounts perfectly, the admin will have to set these up.

And I know I can create a user-mode, with a validation procedure a user can go through to prove the 2ndary account is theirs as well. I have so far chosen not to implement this, is all.

Being involved in RPG forums I know it's not much of a trouble for an admin to string accounts together like this, plus it'll let you keep tabs on users as well.

If it's ever going to be implemented this will be v1.3 or after. First I mean to have less of a performance overhead, the new admin interface, and the option to show the 2ndary accounts on one's profile.

[bondjetta]

Quote:

Originally Posted by ianomed

As for allowing users to string together their various accounts themselves: this I listed as 'future non-options (things I'm likely not to implement)'.

ah, an option likely NOT to have that's important

[bondjetta]

***pssst***

13mins inactivity = logged out. no admincp, still logged in as botanist.

[Ianomed]

I think it's important to list as a coder releasing a hack, so I did from the first day

It's possible I'll let myself be persuaded to implement it in v1.3+, if lots of people ask for it. This as long as it doesn't interfere at all with the working of the slim-line part of it, of course.

Letting users string accounts together I know some admins will not want to allow for. I'm one of them, I rather link accounts for members so I'm aware of their aliases without checking an overview page.

As it stands I don't think making the option available in v1.3+ would be much of a problem, but I remain reserved on this.

The way I would implement it, if it comes to that will be something along these lines:

1) User A in his UserCP selects the option (if given permission based on usergroup) to link accounts.

2) User A tells the hack he'd like to see User B and C become a slave account, where being logged in on either will show the other accounts.

3) Users B & C both get a PM from the hack with a link to verify this. An acknowledge and deny link.

3.1) The acknowledge link would string the two accounts together, optionally sending a PM to the admin.

3.2) The deny link would strike User A (like the login strike system). On a 2nd try it would revoke the right to string accounts together, as well as PM the admin.

(saying they accidentally clicked Deny while they were in fact User B as well, this would allow them to try again, once.)

Meanwhile the admin, from the ACP section of the hack could bring up a report on linked accounts. Showing all master accounts with slaves indented (like subfora).

[Ianomed]

Quote:

Originally Posted by bondjetta

***pssst***

13mins inactivity = logged out. no admincp, still logged in as botanist.

*pssssttt*, weird question perhaps... but are you sure you performed the Lxxxxxxx replacement step in the upgrade?

If the username/password are missing or invalid in the cookie, then after the session has expired it wouldn't automatically log you back transparently either.

Just trying to rule out everything here <g>

I'll put together test cases tomorrow mimicking the ones you tried today, bondjetta. If there's anything in this hack or the combination with Nex's, I'm determined to find it.

Especially since it works without logging out after 10 minutes on the majority of boards... t'is a bit of a mystery, currently. I like mysteries, but I'd rather still it work for everyone.

[bondjetta]

Quote:

Originally Posted by Ianomed

*pssssttt*, weird question perhaps... but are you sure you performed the Lxxxxxxx replacement step in the upgrade?

If the username/password are missing or invalid in the cookie, then after the session has expired it wouldn't automatically log you back transparently either.

Just trying to rule out everything here <g>

I'll put together test cases tomorrow mimicking the ones you tried today, bondjetta. If there's anything in this hack or the combination with Nex's, I'm determined to find it.

Especially since it works without logging out after 10 minutes on the majority of boards... t'is a bit of a mystery, currently. I like mysteries, but I'd rather still it work for everyone.

Here's the thing. the code says replace Lxxxxxxx w/ the value listed at the top (which I did) but i also had to replace the license # at the top because my old license was expired and i bought an Owned license so i got a new license number

but it also said (sort of cryptically) "and in the do=login section". well i found do=login but nowhere to add the license number if i could SCP from work i'd copy the code in here (minus the # obviously) to show you what I see...keep in mind i'm VERY new to PHP but still understand 90% of coding syntax well

[Ianomed]

Sorry, I should perhaps rephrase those instructions there.

What that one sentence meant to read as is: Find the license number, which you can find at the top or in the do=login section, then put that where it says Lxxxxxxx in my programming.

So no need to do anything to the do=login section at all, I'd even advise against it.

In the install/upgrade file:

Quote:

// pay attention here, replace Lxxxxxxx with your own license number as found at the top of the file, and in the do=login section

Now since there's no Lxxxxxxx in the do=login part of the file, as well as that comment appearing near a line of programming that contains Lxxxxxxx, I believed this would sufficiently point out what I just rephrased above

Have you a suggestion how to disambiguate that step?

[bondjetta]

Quote:

Originally Posted by Ianomed

Sorry, I should perhaps rephrase those instructions there.

What that one sentence meant to read as is: Find the license number, which you can find at the top or in the do=login section, then put that where it says Lxxxxxxx in my programming.

So no need to do anything to the do=login section at all, I'd even advise against it.

In the install/upgrade file:



Now since there's no Lxxxxxxx in the do=login part of the file, as well as that comment appearing near a line of programming that contains Lxxxxxxx, I believed this would sufficiently point out what I just rephrased above

Have you a suggestion how to disambiguate that step?

you know, for someone using ESL (english as a second language) you know bigger words than most of my friends here in the US!

anywho...do you truely need the part about: ", and in the do=login section" or can we drop that altogether? because my license number doesn't appear in that part (unless i missed it entirely, it was late, but i'm pretty sure).

but at least i know i did that right

EDIT: wait...the License @ the top of the page is commented out...which means there must be a listing of that Lxxxxxxxx number in the do=login section unless the md5 comparison can pull that value out of a commented line?? which i dont think it can (though again, php illiterate). :ermm:

thoughts?

[Ianomed]

Don't need to as such, no

I just put that in there as a second reference to locate the license #, to use in the cookie code. Obviously trying to clear something up should do just that, so I'll drop that bit from the instructions.

And yes, it was in the do=login code, lol... in the admincp and modcp specifics:

PHP Code:

if (!$_REQUEST['cookieuser'] AND empty($_COOKIE[COOKIE_PREFIX . 'userid']))
            {
                vbsetcookie('userid', $bbuserinfo['userid'], 0);
                vbsetcookie('password', md5($bbuserinfo['password'] . 'Lxxxxxxx'), 0);
            } 


The license code replaced with x's in this quote, naturally. Since the code is similar (for a good reason), I thought when I wrote the instructions that it may help locate the number (seeing the same thing appear twice would strenghten the belief it was the correct bit).

[bondjetta]

Quote:

Originally Posted by Ianomed

Don't need to as such, no

I just put that in there as a second reference to locate the license #, to use in the cookie code. Obviously trying to clear something up should do just that, so I'll drop that bit from the instructions.

And yes, it was in the do=login code, lol... in the admincp and modcp specifics:

PHP Code:

if (!$_REQUEST['cookieuser'] AND empty($_COOKIE[COOKIE_PREFIX . 'userid']))
            {
                vbsetcookie('userid', $bbuserinfo['userid'], 0);
                vbsetcookie('password', md5($bbuserinfo['password'] . 'Lxxxxxxx'), 0);
            } 


The license code replaced with x's in this quote, naturally. Since the code is similar (for a good reason), I thought when I wrote the instructions that it may help locate the number (seeing the same thing appear twice would strenghten the belief it was the correct bit).

i think there's a good chance I was lookin in the wrong place then, because i promise my code doesn't look like that (where I was looking) so when i get home tonight (and after Smallville) i'll see what i can find, i think that's part of my problem