Auto Login

[dvongrad]

I am thinking of using vBulletin to host forums on my web site. I would like to access this forum via a menu item in my Windows application that launches a URL and query string similar to the following (or whatever URL and query string I should use):

http://www.mycompany.com/vBulletin/l...id&pw=password

If you could point me to relevant sections of your documentation or examples from your site or other areas of your forums, I would be most appreciative. Thank you for your attention regarding this matter.

there is no documentation about how to convert the actual authentication process.

for what you need, someone will have to deactivate all the authentication securities inside vBulletin to make it possible to login from a GET line... so any hacker or spammer will be able to access your forum...

remember that when you deactivate all securities, your site is easy to crack...

also, the session system inside vBulletin let your users be logged-in infinitely, so it is useless to have the login info in the url... once you're logged in, you can be forever logged in...

[dvongrad]

Would hacking/spamming still be an issue if the user/password combination was a user who had absolutely no rights other than viewing forum posts?

it is not a question of rights of user X, but the ability to spambot X to try any combination of username/password...

why do you think the net evoluted and brought encryption on password and logins ?!... because a spambot can try more than 50 000 combinations of random username/passwords per minute, trying to access your forum OR breaking your server by DDOS or DOSS... (denial of service)...

[SEOvB]

Quote:

Originally Posted by dvongrad

Would hacking/spamming still be an issue if the user/password combination was a user who had absolutely no rights other than viewing forum posts?

Trust us you dont want to remove the built in securities of vBulletin. You'll have some idiot bot pounding at you forum 24x7 just trying everything to get in which could lead to more problems from the bot doing it other than just whatever it may post such as server loads which could get your account suspended.

[dvongrad]

That certainly makes sense and I appreciate your comments. Rather than disabling security outright, is it possible to disable security for a single read-only user and then enable it upon an auto login or would such changes still be prone to attacks? Another approach might be to pass a query string not containing user/password info to vBulletin and then modifying index.php to check for the query string and populate the user/password fields and click the login button (possibly through JavaScript) if there's a match. The Windows application where this URL and query string would come from if fully secured and thus no login info would have to be passed.

[Marco van Herwaarden]

If you want to allow guests to view threads on the forum (that is what you are trying to do with a single user with low security with read-only access), hen no user account is needed. Simple form permissions can be set to allow guests to read threads.