The Arcive of Official vBulletin Modifications Site.

Password Protected Forums (vB3 Style) · **Released**: 03-11-2003

-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
Password Protected Forums (vB3)
By Shaolyen
email: John@eovie.com
msn: John@eovie.com

TESTED ON A FRESH vB 2.3.0
-\/-\/-\/-\/-\/-\/-\/-\/-\/-\/-\/-

Introduction
-----------------------------------------------------------
This hack is fairly simple in what it does.

If a user tries to access a password protected forum, they will be
prompted for the password. Once entered correctly they'll be able
to browse the forum as normal. It's as simple as that!

There are a few extras in this. When a user enters a password and
it's verified as being correct, a cookie is sent to their PC
containing the password. This will ensure that they don't need to
log in every time they access the protected area, until the cookie
expires.

The cookie timeout time for each protected forum can be set in the
AdminCP. (You can choose anything from 1 minute to 1 year.)

Password protected forums are denoted by the text
"[Password Protected]" tagged on the end of the forum description.
If you don't have a forum description for your password protected
area, "[Password Protected]" will take its place.

Please bear in mind:
? Threads will appear in searches, but the title, author, etc. are
all set to "Restricted". A password is needed to access these threads.
? The password in the cookie IS NOT ENCRYPTED. This is for a
reason, so the password can be viewable in the AdminCP. If
anyone would prefer MD5 encryption in their cookies, let me know.
? In the very near future I will be adding on options to enable
MD5 encryption.
? When you specify "Regular Forum Security" in the AdminCP and
a password has been entered, that password will not be recorded.

Security level, password, and timeout times can be specified when
creating or editing a forum.
(AdminCP > Forums & Moderators > Add | Modify)

Warning
-----------------------------------------------------------
BACKUP YOUR DATABASE AND FORUM FILES BEFORE YOU EVEN THINK ABOUT APPLYING THIS HACK!
-----------------------------------------------------------

Shameless Plug
-----------------------------------------------------------
This hack was written for the fine people at xAviaHosting -
www.xaviahosting.com. Pay them a visit (Or I'm a dead man!)
-----------------------------------------------------------

Shameful Plea
-----------------------------------------------------------
I'm poor as always, I'd be seriously grateful for any donations..!
If you have a few spare pennies in that Paypal account, my address
is "John@eovie.com" - share the wealth!

-----------------------------------------------------------

Screenshots:
-----------------------------------------------------------
Password protected indicator
Password prompt
AdminCP Settings
Search results 1
Search results 2
-----------------------------------------------------------

Update 1.0 > 1.1
-----------------------------------------------------------
? Search blocking enabled.
Screenshots:
Search results 1
Search results 2

Available here
-----------------------------------------------------------

Smoothie · #62 03-21-2003, 03:03 AM

There is a major security flaw in this hack that was just discovered. I can tell you an easy way to get in to a password protected forum.

GoTTi · #63 03-21-2003, 06:17 AM

r u gunna tell us how?

John · #64 03-21-2003, 01:45 PM

If you've found a flaw, why haven't you contacted me about it?

TheComputerGuy · #65 03-22-2003, 11:54 AM

Well I tried to update my forum descriptions and it seems not to update any longer?

Did I miss something?

LOD-squa · #66 03-30-2003, 05:20 PM

Hmm, one of my members used another password and he was still able to get into the forum =\

Zero Complex · #67 03-30-2003, 07:01 PM

awesome. Finally someone puts a working one up. the other one had so many bugs.

Bloodfist · #68 04-12-2003, 10:17 PM

So is this hack stable or what?

What's it's status?

Crazy Pete · #69 04-13-2003, 03:50 AM

Edit - Nevermind, I forgot to clear my cookies.

Crazy Pete · #70 04-13-2003, 04:31 AM

Actually, there does seem to be a problem with this. Some people are able to click on a link to a post in the password protected thread, and it asks them for the password. So far, so good. But then, if they click back to the main index and reload it, THEN click on the password protected forum, they get right in.

I haven't been able to duplicate this, but some of my members said they got in without a password and that was one of the ways they did it.

kushtiUK · #71 04-13-2003, 08:22 AM

Quote:

Today at 06:25 AM Crazy Pete said this in Post #69
Actually, there does seem to be a problem with this. Some people are able to click on a link to a post in the password protected thread, and it asks them for the password. So far, so good. But then, if they click back to the main index and reload it, THEN click on the password protected forum, they get right in.

I haven't been able to duplicate this, but some of my members said they got in without a password and that was one of the ways they did it.

I have the same problem and I also managed to duplicate it. I am running 2.2.6 though so I don't know if that's the problem - can any else confrim?

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.06486 seconds Memory Usage 2,303KB Queries Executed 25 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)modsystem_post (1)navbar (6)navbar_link (120)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (11)post_thanks_box (11)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (11)post_thanks_postbit_info (10)postbit (11)postbit_onlinestatus (11)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!