Simple vB User login and access control on non vB pages

Hack Description

This is a cutdown version of the user authentication and access control system I use on the non vB pages on my website.

This uses the vB 3.5 login system to log you in and out. It allows you to move between your forums and other pages on your site while remaining logged in.

It allows you to do things such as restrict pages by usergroup, display different content depending on a user being logged in or not.
For example, you can have banner Adds displying to non members only, and/or let members access to specific content.

Ive cut it down to the bare minimum that it needs to work, no fancy stuff such as avatars, PM's, or even formating.

I will try and offer support, but work and family commitments mean I dont have much free time.

This code is a mix of my own, and pieces I have used from other hacks that are floating around.

This script has been confirmed as working on

• vB 3.5.x - All Versions

Changelog

Version 1.30 (24th April 2007)

• Fixed - // in paths bug
• Fixed - Javascript warning in some browsers
• Fixed - Tidied up some code

Version 1.20 (2nd December 2006)

• Fixed Logout incorrect path bug
• Made change to reduce compatibility problems with foreign scripts

Version 1.10 (4th Feb 2006)

• Changed login_inc.php so you only need to edit path in one place now.
• Added more commenting to login_inc.php
• Added usage instructions to instructions file
• Added troubleshooting guide with all common problems and fixes to instructions file.

Note: It is NOT necessary to update from 1.0 to 1.10.
There is no functionality changes or bug fixes between these 2 releases.

Version 1.0 (17th November 2005)

• Initial Release

Deluxe Version of this hack is now available
Has Avatars, PM's, Number of Posts etc.

Click Here


Click on Install
If you have this script installed then please click on the install link because;

• You will get notified if any security issues are reported.
• You will get notified when there are any upgrades to this script
• It gives me a warm fuzzy feeling and motivates me to develop more

Donations
First of all, to be clear. This script is 100% free.

However if you feel an urge to donate I'm not going to say no.
Donations can be made at http://www.billspaintball.com/vb3/bd_donate.php

[Billspaintball]

Quote:

Originally Posted by lightwave

How do I make this work across different subdomains?

Tried step 4 yet?
https://vborg.vbsupport.ru/showpost....98&postcount=2

[Evoir]

Hi, I baaaack

I have another question: I'd like to lock up an entire page based on vB usergroup, and it seems like there is a problem doing this... here is the error I get:

Quote:

Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /big/dom/xc5children/www/private/aboutus/index.php on line 30

I'm using your second suggestion under USAGE:

Quote:

You can use a simple variation of this to restrict entire pages to a certain usergroup.
For example,
PHP Code:
<?php
if ($vbulletin->userinfo['usergroupid'] == '6' )
{
echo "Have stuff for here";
} else {
echo "You do not have permission for this page"; }
?>

Can you help me understand how to protect a whole page (including the navigation etc)? I simply wrapped my html inside of the quotes "Have stuff for here" in above example. It includes html and php calls (includes for the navigation etc). Basically, everything between <body> and </body>

[soletrader]

Quote:

Q. Now that I've installed this script I'm having problems logging in/out!

A. Try clearing your cookies. If you're still having problems afterwards, go to your Admin CP, click on vBulletin Options, and edit your Cookie Domain (listed under Cookies and HTTP Header Options). Change that option to ".yoursite.com" (note the two dots!). Also make sure that your Cookie Path option is set to "/".
Once you change that, close all browser windows, clear your cookies again, and then try to log in/out again.

Once I do this, I can no longer login to the control panel. Are there any solutions to this?

[Billspaintball]

Quote:

Originally Posted by Evoir

I simply wrapped my html inside of the quotes "Have stuff for here" in above example. It includes html and php calls (includes for the navigation etc). Basically, everything between <body> and </body>

Ok, thats were the problem is.

Wrapping the HTML in those tags is fine, however when you wrapped the PHP inside the echo tags everything breaks as you have found out.

If your wrapping a mix of HTML and PHO you need it in a format like this.

PHP Code:

<?php
if ($vbulletin->userinfo['usergroupid'] == '6' )
{
echo "Have stuff for here";
// put some PHP code here
echo "Now some more HTML goes here";
// and some more PHP stuff cos I can
echo "and the final HTML stuff here";
} else {
echo "You do not have permission for this page"; }
?>

Ive just used comments // in the above example where you would add your straight PHP code.

Hope thats a bit more clear.
If your still having problems just post the first dozen lines or so of your page or so.

[Billspaintball]

Quote:

Originally Posted by soletrader

Once I do this, I can no longer login to the control panel. Are there any solutions to this?

Did you flush the cookies in your browsers cache and force a page reload? (CTRL+F5 (I think) )

[boske]

Quote:

Originally Posted by Billspaintball

Did you flush the cookies in your browsers cache and force a page reload? (CTRL+F5 (I think) )

Yeah make sure you do this when you have changed Cookies and HTTP headers, I had the same problem as you.

[quadude]

Something maybe worth mentioning is that to prevent script issues from happenning(due to path changes) You can do something like this:

Code:

$cwd = getcwd();
chdir('/path/to/your/forums'); 
require_once('/path/to/your/forums/global.php'); 
chdir($cwd);

[Evoir]

Ok, now I am having trouble with any quotes being used within the document. Is there a way around this? I am using this code on a template, and my client is using quotes, which is causing an error.

Quote:

Parse error: parse error, unexpected T_STRING, expecting ',' or ';' in /big/dom/xc5children/www/private/learning_areas/dramatic_play.php on line 38

[grayloon]

Since the chdir code must be first on the page, how do you handle the sending of headers (like cookies)?

[Bahawolf2]

I have a question...

I am using the script in other folders, and it wont then login... For example:

Main directory: public_html/
Forum Directory: public_html/forums/

Say I have a page in public_html/support/

The script doesnt login, or logout properly, but If I login to a page before the /support/ directory it works okay. Otherwise only pages in the public_html folder works.

Any help? I have changed the codes inserted in the page to reflect the change, (ie. ../forums/login_inc.php) like that.

[Billspaintball]

Quote:

Originally Posted by grayloon

Since the chdir code must be first on the page, how do you handle the sending of headers (like cookies)?

As long as its all before any page output there shouldant be any problems.

[Billspaintball]

Quote:

Originally Posted by quadude

Something maybe worth mentioning is that to prevent script issues from happenning(due to path changes) You can do something like this:

Code:

$cwd = getcwd();
chdir('/path/to/your/forums'); 
require_once('/path/to/your/forums/global.php'); 
chdir($cwd);

Yeah I should have done that I spose.

[Zidane007nl]

Good hack, got it running successfully finally.
But when someone who is banned on my forums is watching the website and is still logged in they get the forum banned message (which doesn't look well).

[Billspaintball]

Quote:

Originally Posted by Zidane007nl

Good hack, got it running successfully finally.
But when someone who is banned on my forums is watching the website and is still logged in they get the forum banned message (which doesn't look well).

I will look at that and see if I can do something about that.

[Sparky_s]

Works perfect on 3.6.0.

I added a little code in the login_irc.php to inform users that they can proceed to the forums.

Code:

//Added by Sparky-s 25/08/06
echo "<a href=\"".$forumpath."index.php";
echo "\">";
echo "<font size=\"1\" face=\"verdana\">You may click to proceed to the forums.</font></a>
";

echo "<font size=\"1\" face=\"verdana\">You may also </font></a>
";

The last bit is to lead to the log out link.

I'm mainly using this as a cover page for users with access masks before they get to the forum.

I'm not sure it it has been altered already like this, as I couldn't be bothered reading 14 pages.

I assume I'm allowed edit the login_inc file?
Thanks.

Sparky