Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions
  #1  
Old 04-16-2010, 04:37 PM
wilhud wilhud is offline
 
Join Date: Mar 2010
Posts: 11
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Check logged in state in external script

Hello,

I'm trying to hunt down the code required to check for a valid vBulletin login. I've restricted access to my vBulletin site, but in order to protect my files, I've created a script that will feed the files to the users rather than allow them to access the files directly (i.e. pdfs, videos, audio, etc.). I know that once the members get the content they can go around and distribute it as they feel, but I just want to add an extra layer of protection to at least keep non-members from being able to access the files directly. So now that I have the script that feeds the users the files, I want to have that script check that they are a valid vBulletin user. Is there a simple method to do this? The script currently is not tied into vBulletin at all, so I'm wondering what I need to do to verify the user is logged in and is a valid member. I just need pointed in the right direction, because I'm new to vBulletin. Any feedback is greatly appreciated.

Thanks,
Wil

--------------- Added [DATE]1271442679[/DATE] at [TIME]1271442679[/TIME] ---------------

I still have to test it more thoroughly, but so far adding this to the top of my script appears to be working...

PHP Code:
chdir("../");
require_once(
'./global.php'); 
Any time I try to access the file now using an unregistered user or user who does not have permission to use the forum, it kicks them out to the login page.

Wil
Reply With Quote
  #2  
Old 04-16-2010, 05:58 PM
NickyDee NickyDee is offline
 
Join Date: Aug 2008
Posts: 53
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Depending on where this download link is, you could just wrap your download link in a vb:if conditional to see if the user is registered?

See this link for an explanation on conditionals if your not sure what I'm on about.

You basically want to make something that will work like ;
if user == registered {show the link HTML} else { redirect to login page HTML }.

Depending on what the file is and the nature of your site, unless its a map to lost treasure theres probably not much point wrapping this in too many layers of protection simply because theres always one little b*gger who finds a way around it!

Good luck, I hope this helps!
Reply With Quote
  #3  
Old 04-16-2010, 11:21 PM
wilhud wilhud is offline
 
Join Date: Mar 2010
Posts: 11
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi NickyDee,

I was actually trying to find something like you mentioned but this is a script completely independent of the vBulletin software itself. I think the vb:if is only for templates within the vBulletin realm correct?

Basically what I did was this...created a folder called "file" and placed an index.php page inside that folder. The index file has a readfile function that pulls files from a hidden location and serves them up with the proper headers whenever accessed via the script with the proper parameters. So a file link would look something like...

http://www.mysite.com/file/?type=pho...=christmas.jpg

The index page will retrieve the proper jpeg and feed it to that link with image/jpeg headers but I wanted it to only do so if the user was logged into vBulletin. By including the global.php file from vB it appears this has given me the functionality I was looking for. It may be overkill for the simple login check I want to do, so I'll have to look into it a bit deeper. I like your idea of just having a simple if/then but I'll need to research vBulletin some more to see what options I have in those regards. I'd like to make it as streamlined as possible so that all the files are "protected" but load quickly.

It all goes down the drain as soon as some registered user downloads all the files and goes and posts them on their own server, but at least that user was registered and they aren't emailing people a link to free content that we're serving up. Having the file open to the public at...

http://www.mysite.com/file/photo/family/christmas.jpg

...would kinda defeat the purpose of making them register and whatnot, so that's why I'm trying to do this. At least they have to register to use my link or get the file from someone else.

Wil
Reply With Quote
  #4  
Old 04-17-2010, 11:27 AM
NickyDee NickyDee is offline
 
Join Date: Aug 2008
Posts: 53
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hey Wil,

Yeah your right in saying that you won't be able to access vB conditionals outside of a vB page. You could strap this image director into a vB page to access those conditionals but if you managed to get it working just by requiring ./global.php then thats probably a lot easier!

I can't think off the top of my head why its working but - if it works and you aren't getting database errors then whos complaining! good work, its not often that solutions turn out to be so simple - on a side note, it might pay to check this in a couple of browsers with different cookie settings to make sure it consistently works.
Reply With Quote
  #5  
Old 04-19-2010, 08:30 PM
wilhud wilhud is offline
 
Join Date: Mar 2010
Posts: 11
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yeah, you're right...it's only working when I have logged in directly through the files login request. When the file is embedded in a page, it does not recognize the current sessions login. I'll have to see what else I can do.

Wil
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:42 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07779 seconds
  • Memory Usage 2,194KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (5)post_thanks_box
  • (5)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit_info
  • (5)postbit
  • (5)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete