Integrate ParaChat v7.0 Into vBulletin - Hosted Chat Services

Download the attached document and follow the instructions in the READ ME - INSTALL.html file. For an example of ParaChat integration with vBulletin, please visit http://community.parachat.com/vb/index.php

*** Promotional Text Removed *** (MarcoH64)

To receive a free ParaChat evaluation visit http://www.parachat.com/professional/proevaluation.html.

This integration will support the following Hosted Chat Services:

ParaChat Basic
ParaChat Advanced
ParaChat Professional
ParaChat Enterprise
ParaChat Event
ParaChat Server (server is installed on your hardware)

[Eq4bits]

I have the 'Standard' paid version of Parachat (formerly called 'Advanced') and the # of chatters is built in to the Standard paid version.
Running vB 3.8.1 PL1
Just tried integrating this and after making the navbar changes when I save the template I get an error message stating that an expected ']' is missing on line 114 of adminfunctions_template.php.

when I check adminfunctions_template.php lines 113-117 show as follows, but I'm not catching where a bracket should be

Code:

 if (is_array($template))
{
array_walk($template, 'array_trim');
$template = "background: $template[background]; color: $template[color]; padding: $template[padding]; border: $template[border];";
}

what am I not seeing?

[hqarrse]

Warning.

This integration has a file chat_auth.php . It is an unprotected tool for testing username/ password pairs and therefore an open invitation to hackers. If you are using parachat I strongly suggest you stop until this problem is sorted. I have reported this to parachat but as yet (5 days later) have had no response.

[hqarrse]

Response:

Quote:

Thank you for contacting ParaChat Support. I apologize for the delay in responding to your inquiry. The vBulletin module to which you refer is not available for download from our web site at this time. Please note that all of our third-party integration modules are currently being re-developed, including the vBulletin integration module. The new modules will include a method to recognize calls where applicable, and will be available for download from our web site when they are completed. But utilization of the HTTP Authentication file itself is optional.

The HTTP authentication file is deployed on installations external to the ParaChat system, so its level of exposure from a security standpoint will vary from installation to installation. The Auto Log-in feature could be utilized exclusive of HTTP authentication. Also, if the HTTP authentication feature is used, your ParaChat service could be configured to limit the number of simultaneous connections allowed per IP address. However, the remedy for the issue as you describe it will be the utilization of the new module when released. We understand your concern, and genuinely appreciate your feedback on this topic.

A good point that even if you do protect the file, then the chat system itself can be used for brute force as there are no maximum tries, but I'm guessing that since this is via a java applet, it is more of a task for a hacker than just downloading an HTML form hacking tool.

Anyway, assuming Parachat come good with their updated module, then I am impressed with the response, although it did take a week. In the mean time you can look at your server log and see what IP address they are using to request autorisation on chat_autrh.php and limit access to it, so:

Code:

<Directory /mypath/mydirectory>
<Files chat_auth.php>
order deny,allow 
deny from all
allow from 64.13.158.89
</Files>
</Directory>

I don't know how often that IP address will vary. Time will tell I suppose - I'll watch my logs and wait for complaints.

[hurricane_sh]

It would be great if you could create a mod for vB4.