Password Protected Forums (vB3 Style)

-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
Password Protected Forums (vB3)
By Shaolyen
email: John@eovie.com
msn: John@eovie.com

TESTED ON A FRESH vB 2.3.0
-\/-\/-\/-\/-\/-\/-\/-\/-\/-\/-\/-

Introduction
-----------------------------------------------------------
This hack is fairly simple in what it does.

If a user tries to access a password protected forum, they will be
prompted for the password. Once entered correctly they'll be able
to browse the forum as normal. It's as simple as that!

There are a few extras in this. When a user enters a password and
it's verified as being correct, a cookie is sent to their PC
containing the password. This will ensure that they don't need to
log in every time they access the protected area, until the cookie
expires.

The cookie timeout time for each protected forum can be set in the
AdminCP. (You can choose anything from 1 minute to 1 year.)

Password protected forums are denoted by the text
"[Password Protected]" tagged on the end of the forum description.
If you don't have a forum description for your password protected
area, "[Password Protected]" will take its place.

Please bear in mind:
? Threads will appear in searches, but the title, author, etc. are
all set to "Restricted". A password is needed to access these threads.
? The password in the cookie IS NOT ENCRYPTED. This is for a
reason, so the password can be viewable in the AdminCP. If
anyone would prefer MD5 encryption in their cookies, let me know.
? In the very near future I will be adding on options to enable
MD5 encryption.
? When you specify "Regular Forum Security" in the AdminCP and
a password has been entered, that password will not be recorded.

Security level, password, and timeout times can be specified when
creating or editing a forum.
(AdminCP > Forums & Moderators > Add | Modify)


Warning
-----------------------------------------------------------
BACKUP YOUR DATABASE AND FORUM FILES BEFORE YOU EVEN THINK ABOUT APPLYING THIS HACK!
-----------------------------------------------------------

Shameless Plug
-----------------------------------------------------------
This hack was written for the fine people at xAviaHosting -
www.xaviahosting.com. Pay them a visit (Or I'm a dead man!)
-----------------------------------------------------------

Shameful Plea
-----------------------------------------------------------
I'm poor as always, I'd be seriously grateful for any donations..!
If you have a few spare pennies in that Paypal account, my address
is "John@eovie.com" - share the wealth!
-----------------------------------------------------------

Screenshots:
-----------------------------------------------------------
Password protected indicator
Password prompt
AdminCP Settings
Search results 1
Search results 2
-----------------------------------------------------------

Update 1.0 > 1.1
-----------------------------------------------------------
? Search blocking enabled.
Screenshots:
Search results 1
Search results 2

Available here
-----------------------------------------------------------

[John]

There was no description. It doesn't replace it.

[giang]

Hey guys, I tried to install on 2.30 and I have some problem, maybe you guys can help me out.

1) When Edit my forums, I choose Password Protect Security then I enter the password and the time out but when I click submit, I got this message.
"Password protection enabled, yet no password was submitted.
(Forum access can be gained by leaving the password field blank on entry.)"
However when I look in the database, the forumpass field got the right password.
2) I can't get inside that protective forums when I supply the password. It keeps asking me to enter the password.

thakz

G

[John]

Hmm, do you have register_globals turned on or off?

[sparky2]

Thanks for releasing this hack. It's opens a fresh can o' worms, though.

---------------------------
Use of password-protected subforums will probably cause resentment among the excluded members, and generate repeated posts/PM from excluded members
demanding to know "Why?", "Why am I not special?", "Why can't I get in?!?"

You might preclude/alleviate this somehat by including in the forum description a CLEAR explanation of WHY the subforum is protected, HOW select members attain
eligibility to participate in it (and WHO to contact with a password request if a member believes he's eligible)...
and you'd probably need to change the forum description field to allow enough room for sufficient descriptive text ~~ the standard field is limited to 250 characters.

To avoid the "in your face, but you can't access it" effect, consider marking any password-protected subforum(s) "inactive" via the AdminCP--}Forums:Edit interface.
This will suppress the title/description display on ForumsHome, will remove the forum(s) from forumjump and from the search selectbox... yet it won't interfere with the
ability of "insiders" to use the "Search this forum" feature (included in the "forumdisplay" template).

---------------------------
Password-protection is "only as good as" the people protecting the password. Bear in mind that it's subject to "social engineering". Ultimately (eventually) you should
EXPECT that someone(s) not "officially" invited will coax a friend (to whom the password is known) into divulging the password.

So, if you decide to employ a pw-protection scheme, you should PLAN (and communicate to included members) in advance:
-- which person(s) has the ability/authority to change the password
-- when/why the password may be changed (how often // for what reason)
-- how the included members will be notified, in the event of a password change
-- who (everyone, or just the leader) is permitted to divulge the password and to invite new "insiders"
-- what penalty will be applied if someone irresponsibly divulges the password to unqualified/uninvited "outsiders"
---------------------------

[John]

People understand what they get when they install this hack.

If they wish to "brace themselves" for the potentially huge influx of people asking for access, they can do so. If they can't deal with this, they probably shouldn't be running a forum.

The hack is here to make it technically possible for people to do things with their bulletin boards, the way they deal with the results is up to them.

[John]

Quote:

You might preclude/alleviate this somehat by including in the forum description a CLEAR explanation of WHY the subforum is protected, HOW select members attain
eligibility to participate in it (and WHO to contact with a password request if a member believes he's eligible)...
and you'd probably need to change the forum description field to allow enough room for sufficient descriptive text ~~ the standard field is limited to 250 characters.

I should think that anyone who installs this hack would explain why it's there, in the form of a thread or an announcement.

Quote:

To avoid the "in your face, but you can't access it" effect, consider marking any password-protected subforum(s) "inactive" via the AdminCP--}Forums:Edit interface.
This will suppress the title/description display on ForumsHome, will remove the forum(s) from forumjump and from the search selectbox... yet it won't interfere with the
ability of "insiders" to use the "Search this forum" feature (included in the "forumdisplay" template).

If a user tries to access the forum, they'll still be prompted for a password. (Which would kind of give the game away)

Quote:

Password-protection is "only as good as" the people protecting the password. Bear in mind that it's subject to "social engineering". Ultimately (eventually) you should
EXPECT that someone(s) not "officially" invited will coax a friend (to whom the password is known) into divulging the password.

Obviously.

Quote:

So, if you decide to employ a pw-protection scheme, you should PLAN (and communicate to included members) in advance:
-- which person(s) has the ability/authority to change the password
-- when/why the password may be changed (how often // for what reason)
-- how the included members will be notified, in the event of a password change
-- who (everyone, or just the leader) is permitted to divulge the password and to invite new "insiders"
-- what penalty will be applied if someone irresponsibly divulges the password to unqualified/uninvited "outsiders"

This hack does exactly what it says it does. It password protects forums. If you can't handle having passwords, don't - stick to user access masks. It's not supposed to replace it, it's here as an alternative.

Honestly, people understand what the hack is for and if they need it, they use it. If anyone wants to release a "Enhanced Diplomatic Solutions to Ease Forum Tension in the Event of Password Protected Forum Usage" hack, be my guest.

[Smoothie]

Quote:

If anyone wants to release a "Enhanced Diplomatic Solutions to Ease Forum Tension in the Event of Password Protected Forum Usage" hack, be my guest.

LOL

[jancarlo]

Database error in vBulletin 2.3.0:

Invalid SQL: SELECT security,forumpass,passtimeout
FROM forum
WHERE forumid='2'
mysql error: Unknown column 'security' in 'field list'

mysql error number: 1054

Date: Wednesday 19th of March 2003 10:51:28 AM
Script: http://pinuvccio.altervista.org/foru....php?forumid=2
Referer:



help my

[John]

You didn't run the queries at the beginning (the very first thing listed in the instructions.)

[jancarlo]

error in musql look

1. SQL QUERIES

Run these queries:
-----------------------------------------------------------
ALTER TABLE `forum` ADD `security` TINYINT(1) UNSIGNED DEFAULT "1" NOT NULL;
ALTER TABLE `forum` ADD `forumpass` text NOT NULL;
ALTER TABLE `forum` ADD `passtimeout` int(8) UNSIGNED DEFAULT "0" NOT NULL;
-----------------------------------------------------------


Database error in vBulletin Control Panel 2.3.0:

Invalid SQL: UPDATE forum
SET
styleid='1', title='Main Category', description='Main Category Description',
active='1', displayorder='1', parentid='-1', parentlist='1,-1',
allowposting='0', cancontainthreads='0', daysprune='0',
newpostemail='', newthreademail='',
moderatenew='0', allowhtml='0', allowbbcode='0',
allowimages='0', allowsmilies='0', allowicons='0',
styleoverride='0', allowratings='0', countposts='1',
moderateattach='0', security='', forumpass='', passtimeout=''
WHERE forumid='1'
mysql error: Unknown column 'security' in 'field list'

mysql error number: 1054

Date: Wednesday 19th of March 2003 11:47:40 AM
Script: www.???_?????????.da.ru/admin/forum.php
Referer: http://pinuvccio.altervista.org/admi...edit&forumid=1