HTaccess integration hack... a beginning ?

It would be great if there were some hack to integrate vbulletin's user database with htaccess...

that would do the following things:[list=1][*]Vbulletin would seamlessly control htaccess as well as vbulletin user databases (for example.. u change password in vbulletin it also changes htaccess pass, or when u reg new user in vbulletin it would also create necessary htaccess user, etc..)[*]When users login with htaccess vbb automatically logs them in using the information that the user inputed for htaccess login[/list=1]

I just came across this script written for phpNuke that checks to see if a user logs in with htaccess and if they login with htaccess it will automatically log them in to phpNuke. I thought that much of this could be reused to work with vbulletin. Its only a portion of what would be required for a full htaccess integration hack but its a start anyway.

Im am just starting to learn php and dont have the necessary time or knowledge to create this hack but Im sure alot of ppl would benefit from it, and would all be very appreciateive if someone would create one.

Here is the source:

PHP Code:

<?PHP

/************************************************************************/
/*  Automatic recognition and connection of a user who connects to a    */
/*  PHPNuke site with a htaccess file.                                  */
/* ==================================================================== */
/*                                                                      */
/* Copyright (c) 2001 by Thomas Rudant (thomas.rudant@grunk.net)        */
/* [url]http://www.grunk.net[/url]                                                 */
/* [url]http://www.securite-internet.org[/url]                                     */
/*                                    */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License.       */
/************************************************************************/


if(!isset($mainfile)) { include("mainfile.php"); }

function docookie($setuid, $setuname, $setpass, $setstorynum, $setumode, $setuorder, $setthold, $setnoscore, $setublockon, $settheme, $setcommentmax) {
    $info = base64_encode("$setuid:$setuname:$setpass:$setstorynum:$setumode:$setuorder:$setthold:$setnoscore:$setublockon:$settheme:$setcommentmax");
    setcookie("user","$info",time()+15552000);
    
    global $user;
    $user=$info;
    
}

function login($uname, $pass) {
    global $setinfo,$system;
    dbconnect();
    $result = mysql_query("select pass, uid, storynum, umode, uorder, thold, noscore, ublockon, theme, commentmax from users where uname='$uname'");
    if(mysql_num_rows($result)==1) {
        $setinfo = mysql_fetch_array($result);
        $dbpass=$setinfo[pass];
        
        if(!$system)
             $pass=crypt($pass,substr($dbpass,0,2));

        if (strcmp($dbpass,$pass)) {
                        Header("Location: user.php?stop=1");
                        return;
                }

        docookie($setinfo[uid], $uname, $pass, $setinfo[storynum], $setinfo[umode], $setinfo[uorder], $setinfo[thold], $setinfo[noscore], $setinfo[ublockon], $setinfo[theme], $setinfo[commentmax]);
    }
}

if ($user)
{
    global $cookie;
    
    cookiedecode($user);
    $username = $cookie[1];

    if ($PHP_AUTH_USER!=$username)
    {
        setcookie("user");
        login ($PHP_AUTH_USER,$PHP_AUTH_PW);
    }
}
else
{
    login ($PHP_AUTH_USER,$PHP_AUTH_PW);
}

?>

[Ruth]

Polo

we are trying to manage the htaccess thru vB CP, so when everyone registers the login and pass are added automatically to the .htaccess (.htpasswd)

using that script has nothing to do with that, although they have the new SQL version but it is very expensive, and making a hack code for vB is much better with a better features

besides widexl.com support really sucks.

I haven't messed with .htpasswd files in ages, but it should be pretty simple to add new people to the file on the fly. But if a user changes their password that might be a pain. Unless you dump out the whole userbase fresh on every change?

There is also something like mod_auth_dbm, for dbm files instead of text files. That could make it trivial to both add and update the .htpasswd dbm file on every new user and changed password.

Would something ugly like writing out a .htpasswd from scratch every time work all right? Can you see if you have mod_auth_dbm support? (I think it comes with apache and might be turned on by default.)

-Jonathan

[The Prohacker]

Using .htpasswd, could be very ineffeciant, so the best plan for it would be to use $PHP_AUTH_USER and $PHP_AUTH_PASS to get the username and password, then drop these varibles into a routine to see if they are a registered member, then if they are, and the password is correct, set a cookie to their system so they would be logged in.......

This check would have to added to everypage or would have to alter the getpermissions function in someway to check this....

We actualy use this on our site to give members only access to hosted sites on our server.

From what I can gather it is pretty easy to install on the server and involves a mod to the httpd.conf file.

It gets passes directly from the SQL database and users can be removed from access by removing their accounts using the admin control panel.

We have been using it for a few weeks now and had no problems with it at all, users can even change pass as it does not write to a htaccess file it just accesses the database.

I will get my server admin Gaf to write a doc on it and post it up in the next few days.

I also know he has made it so we can give certain user groups access to certain sections of the site. Not a clue how but it works.

HM

[Martz]

Try this link for another approach to this - most of work looks like its already done.

[fragbait]

bump

[fragbait]

has anybody figured this hack out yet?

I'm curious, what do you actually need it for?

-Jonathan

[fragbait]

well i have a games and anime site, and have tons of media to download. But i only want members to be able to download, so i was wondering if i could use the members already registered in my vbb....

[Cybergaf]

To HTACCESS protect pages for members only...

Install mod_auth_mysql on apache.

then for example in httpd.conf

<DIRECTORY /home/testdir>
AuthType Basic
AuthUserfile /dev/null
AuthName "Forum Member Access Only"
AuthType Basic
AuthGroupFile /dev/null
AuthMySQLHost localhost
AuthMySQLCryptedPasswords Off
AuthMySQLUser <user>
AuthMySQLPassword <pw>
AuthMySQLDB <forums dbase name>
AuthMySQLUserTable user
AuthMySQLNameField username
AuthMySQLPasswordField password
<Limit GET POST>
require valid-user
</limit>
</DIRECTORY>

just change user/pw to user/pw you use to access dbase and dbase name to whatever ya dbase is called and bobs ya uncle.

Or....

<DIRECTORY /home/testdir>
AuthType Basic
AuthUserfile /dev/null
AuthName "Member Access Only"
AuthType Basic
AuthGroupFile /dev/null
AuthMySQLHost localhost
AuthMySQLCryptedPasswords Off
AuthMySQLUser <user>
AuthMySQLPassword <pw>
AuthMySQLDB <forums dbase name>
AuthMySQLUserTable user
AuthMySQLNameField username
AuthMySQLPasswordField password
AuthMySQLGroupField usergroupid
<Limit GET POST>
require group 6 7
</limit>
</DIRECTORY>

The above example restricts to forum members who are 'admins & mods' a list of our group ids are..

# GROUP ID's
# 1 Unregistered / Not Logged In
# 2 Registered
# 3 Users Awaiting Email Confirmation
# 4 (COPPA) Users Awaiting Moderation
# 5 JNR Admin
# 6 Administrator
# 7 Moderators
# 8 Banned
# 9 Moderated
# 10 Gold Member
# 11 Platinum Member

You can see we have a few of ours added at the end, lol

Good luck