Integration with vBulletin - Simple vB User login and access control on non vB pages

Hack Description

This is a cutdown version of the user authentication and access control system I use on the non vB pages on my website.

This uses the vB 3.6 login system to log you in and out. It allows you to move between your forums and other pages on your site while remaining logged in.

It allows you to do things such as restrict pages by usergroup, display different content depending on a user being logged in or not.
For example, you can have banner Adds displying to non members only, and/or let members access to specific content.

Ive cut it down to the bare minimum that it needs to work, no fancy stuff such as avatars, PM's, or even formating.

I will try and offer support, but work and family commitments mean I dont have much free time.

This code is a mix of my own, and pieces I have used from other hacks that are floating around.

This script has been confirmed as working on

• vB 3.6
• vB 3.6.1
• vB 3.6.2
• vB 3.6.3
• vB 3.6.4
• vB 3.6.5

Changelog

Version 1.10 (24th April 2007)

• Fixed - // in paths bug
• Fixed - Javascript warning in some browsers
• Fixed - Tidied up some code

Version 1.0 (2nd December 2006)

• Very similar to my vB 3.5 version, however logout bug fixed and should be more compatible with other scripts on your page.

Click on Install
If you have this script installed then please click on the install link because;

• You will get notified if any security issues are reported.
• You will get notified when there are any upgrades to this script
• It gives me a warm fuzzy feeling and motivates me to develop more

Donations
First of all, to be clear. This script is 100% free.

However if you feel an urge to donate I'm not going to say no.
Donations can be made at http://www.billspaintball.com/vb3/bd_donate.php

[tirol07]

Hi,

have a question,

How can I Disable to show this php-Page for non registered users?

PHP Code:

<?php



include("./config.php");
include("./header.php");
include("./lang/$language.php");

$rand1 =rand(0,9);
$rand2 =rand(0,9);
$rand3 =rand(0,9);
$rand4 =rand(0,9);
$rand5 =rand(0,9);
$rand6 =rand(0,9);
$secrandcode = $rand1. $rand2. $rand3. $rand4. $rand5. $rand6;

$bans=file("./secure/bans.mfh");
foreach($bans as $line)
{
  if ($line==$_SERVER['REMOTE_ADDR']){
?>
<center><table style='margin-top:20px;width:790px;height:400px;'><tr><td style='border:1px #AAAAAA solid;height:100%;background-color:#DFEFFF;padding:20px;text-align:left;' valign=top><?
    echo "$lang[younallow]";
?></center></td></tr></table><p style="margin:3px;text-align:center"><?
    include("./footer.php");
    die();
  }
}

if(isset($_GET['file'])) {
  $filecrc = $_GET['file'];
} else {
?>

<?
?>
<center><table style='margin-top:20px;width:790px;height:400px;'><tr><td style='border:1px #AAAAAA solid;height:100%;background-color:#DFEFFF;padding:20px;text-align:left;' valign=top><?
  echo "$lang[inlink] <br />";
?></center></td></tr></table><p style="margin:3px;text-align:center"><?
  include("./footer.php");
  die();
}

$foundfile=0;
if (file_exists("./files/".$filecrc.".mfh")) {
    $fh1=fopen("./files/".$filecrc.".mfh",r);
    $foundfile= explode('|', fgets($fh1));
    fclose($fh1);
}
{
  $thisline = explode('|', $line);
  if ($thisline[0]==$filecrc){
    $foundfile=$thisline;
  }
}

if(isset($_GET['del'])) {

$deleted=0;
$filecrc = $_GET['file'];
$filecrctxt = $filecrc . ".mfh";
$passcode = $_GET['del'];
if (file_exists("./files/".$filecrctxt)) {
    $fh2=fopen ("./files/".$filecrctxt,r);
    $thisline= explode('|', fgets($fh2));
    if($thisline[2] == $passcode){
$deleted=1;
fclose($fh2);
        unlink("./files/".$filecrctxt);
    }

}

if($deleted==1){
unlink("./storage/".$_GET['file']);
?>
<center><table style='margin-top:0px;width:790px;height:400px;'><tr><td style='border:1px #AAAAAA solid;height:100%;background-color:#DFEFFF;padding:20px;text-align:left;' valign=top><?
echo "<center><b>$lang[ufwd]</b></center><br />";
?><center><img src="images/silindi.png" border="0" /></center> <META HTTP-EQUIV="Refresh"
      CONTENT="10; URL=index.php"> <p><?

echo "<center><b>$lang[uwbr] </center></b><br />";
} else {
?><center><img src="images/load.gif" border="0" /><center><table style='margin-top:0px;width:790px;height:400px;'><tr><td style='border:1px #AAAAAA solid;height:100%;background-color:#DFEFFF;padding:20px;text-align:left;' valign=top><?
echo "<center><b>$lang[indlink2] </b></center><br />";
?> <META HTTP-EQUIV="Refresh"
      CONTENT="10; URL=index.php"> <p><?

echo "<center><b>$lang[uwbr] </center></b><br />";
}
?><center><img src="images/load.gif" border="0" /></center></td></tr></table><p style="margin:3px;text-align:center"><?
include("./footer.php");
die();

}

if($foundfile==0) {
?> <center><table style='margin-top:0px;width:790px;height:400px;'><tr><td style='border:1px #AAAAAA solid;height:100%;background-color:#DFEFFF;padding:20px;text-align:left;' valign=top><?
  echo "<center><b>$lang[inlink]</center></b><br />";
?> <META HTTP-EQUIV="Refresh"
      CONTENT="10; URL=index.php"> <p><?

echo "<center><b>$lang[uwbr]</center></b><br />";
  ?></center></td></tr></table><p style="margin:3px;text-align:center"><?
include("./footer.php");
  die();
}

if(isset($foundfile[7]) && $foundfile[7]!=md5("") && (!isset($_POST['pass']) || $foundfile[7] != md5($_POST['pass']))){
?>  <center><table style='margin-top:0px;width:790px;height:400px;'><tr><td style='border:1px #AAAAAA solid;height:100%;background-color:#DFEFFF;padding:20px;text-align:left;' valign=top>
 <p><?
echo "<form action=\"download.php?file=".$foundfile[0]."\" method=\"post\"><center><b>$lang[pw2] : </center></b><p><center><input type=\"password\" name=\"pass\"><p><center><input value=\"Devam\" type=\"submit\" /></form>";
?><p><center><? echo $lang[petc];?></center><?
?><p><p><br /><img src="images/kilit.png" border="0" /></center></td></tr></table><p style="margin:3px;text-align:center"><?
include("./footer.php");
die();
}
?>
<center>
<table style="margin-top:0px;width:790px;height:400px;"><tr><td style="border:1px #AAAAAA solid;height:100%;background-color:#DFEFFF;padding:20px;text-align:left;" valign=top>



 <center><img src="img/pic_download.gif" border=0 width=24 height=24> <font size=5><b><? echo $lang[dl_a_file];?></b> <img src="img/pic_download_1.gif" border=0 width=24 height=24></font><br>
<?

$filesize = filesize("./storage/".$foundfile[0]);
$filesize = $filesize / 1048576;

$userip=$_SERVER['REMOTE_ADDR'];
$time=time();

///////////////////////////////////////////TIMER////////////////////////////////////
if($filesize > $nodolimit) {
if(file_exists("./downloader/".$userip.".mfh"))
{

$downloaders = fopen("./downloader/".$userip.".mfh","r+");
flock($downloaders,2);

while (!feof($downloaders)) {
  $user[] = chop(fgets($downloaders,65536));
}

fseek($downloaders,0,SEEK_SET);
ftruncate($downloaders,0);

$youcantdownload = 0;
foreach ($user as $line) {
list($savedip,$savedtime) = explode('|',$line);
 if ($savedip == $userip) {
    if ($time < $savedtime + ($downloadtimelimit*60)) {
      $youcantdownload = 1;
      $downtimer = $time - $savedtime ;
      $counter = $downloadtimelimit*60 - $downtimer;
    }
  }

  if ($time < $savedtime + ($downloadtimelimit*60)) {
    fputs($downloaders,"$savedip|$savedtime\n");
  }
}


if($youcantdownload==1) {

echo "<h1><center>Download Time Limit</center></h1>";
        ?><script type="text/javascript">

var running = false
var endTime = null
var timerID = null
var totalMinutes = <?php echo $counter;?>;

function startTimer() {
    running = true
    now = new Date()
    now = now.getTime()
    endTime = now + (1000 * totalMinutes);
    showCountDown()
}

function showCountDown() {
    var now = new Date()
    now = now.getTime()
    if (endTime - now <= 0) {
       clearTimeout(timerID)
       window.location.reload()

    } else {
        var delta = new Date(endTime - now)
        var theMin = delta.getMinutes()
        var theSec = delta.getSeconds()
        var theTime = theMin
        theTime += ((theSec < 10) ? ":0" : ":") + theSec
        document.getElementById('SessionTimeCount').innerHTML = 'Please wait ( <font color="#FF0000">' + theTime + '</font> ) Minutes for Download'
        if (running) {
            timerID = setTimeout("showCountDown()",1000)
        }
    }
}

window.onload=startTimer
</script>


<center><span id="SessionTimeCount"></span></center><br />
 <?

        include("./bottomads.php");
?><td><tr><table><?
       include("./footer.php");
      die();

}

}
}
///////////////////////////////////////////TIMER///////////////////////



$fsize = 0;
$fsizetxt = "";
  if ($filesize < 1)
  {
     $fsize = round($filesize*1024,0);
     $fsizetxt = "".$fsize." KB";
    $check1 = "KB";
  }
  else
    {
     $fsize = round($filesize,2);
     $fsizetxt = "".$fsize." MB";
$check1 = "MB";
  }

?>
<p>
<?
$quantity= $foundfile[5] * $fsizetxt;
$d=$descriptionoption;
switch ($d)
{
case false:
 $test="";
  break;
case true:
  $test= "$lang[fd6]";
  break;
default:
  echo ""; }
$f=$foundfile[6];
if ($f=="")
  $test2= "None";
else
  $test2= "$foundfile[6]";
$e=$descriptionoption;
switch ($e)
{
case false:
 $test4="";
  break;
case true:
  $test4= "$test2";
  break;
default:
  echo ""; }

echo '<center>';
echo '<table  border="0" cellpadding="0" cellspacing="0" width="">';
echo '<tr>';
echo '<td width="16"><img src="img/top_lef.gif" width="16" height="16"></td>';
echo '<td height="16" background="img/top_mid.gif"><img src="img/top_mid.gif" width="16" height="16"></td>';
echo '<td width="24"><img src="img/top_rig.gif" width="24" height="16"></td>';
echo '</tr>';
echo '<tr>';
echo '<td width="16" background="img/cen_lef.gif"><img src="img/cen_lef.gif" width="16" height="11"></td>';
echo '<td align="center" valign="middle" bgcolor="#DFEFFF">';

echo "<img src=\"img/warning.gif\" border=0 width=12 height=12> <a href='report.php?file=$foundfile[0]' style=color:#FF0000>".$lang[rtf]."</a><br><br>";

echo "<table cellspacing=1 cellpadding=2 border=0 bgcolor=#C0C0C0>";
echo "<tr><td align=left bgcolor=#F4F4F4 background=\"img/button03.gif\">".$lang[fn6].":</td><td bgcolor=#EEF4FB background=\"img/button03.gif\"><font color=#000080>".$foundfile[1] ."</td></tr>";
echo "<tr><td align=left bgcolor=#F4F4F4 background=\"img/button03.gif\">".$lang[fbu].":</td><td bgcolor=#EEF4FB background=\"img/button03.gif\"><font color=#000080>".$quantity ." ". $check1."</td></tr>";
echo "<tr><td align=left bgcolor=#F4F4F4 background=\"img/button03.gif\">".$lang[dl_ip].":</td><td bgcolor=#EEF4FB background=\"img/button03.gif\"><font color=#000080>".$foundfile[3]."</td></tr>";
echo "<tr><td align=left bgcolor=#F4F4F4 background=\"img/button03.gif\">".$lang[dl_filesize].":</td><td bgcolor=#EEF4FB background=\"img/button03.gif\"><font color=#000080>". $fsizetxt."</td></tr>";
echo "<tr><td align=left bgcolor=#F4F4F4 background=\"img/button03.gif\">".$lang[dl_file_dl].":</td><td bgcolor=#EEF4FB background=\"img/button03.gif\"><font color=#000080>". $foundfile[5]." ".$lang[dl_file_dl1]."</td></tr>";
echo "<tr><td align=left bgcolor=#F4F4F4 background=\"img/button03.gif\">".$lang[dl_last_dl].": </td><td bgcolor=#EEF4FB background=\"img/button03.gif\"><font color=#000080>".date('Y-m-d G:i', $foundfile[4])."</td></tr>\n";

if(isset($foundfile[6])){ echo "<tr><td align=left bgcolor=#F4F4F4 background=\"img/button03.gif\">$test</td><td bgcolor=#EEF4FB background=\"img/button03.gif\"><font color=#000080>$test4</td></tr>"; }
$randcounter = rand(100,999);
echo "</td></tr></table>";

?>
       </td>
      <td width="24" background="img/cen_rig.gif"><img src="img/cen_rig.gif" width="24" height="11"></td>
    </tr>
    <tr>
      <td width="16" height="16"><img src="img/bot_lef.gif" width="16" height="16"></td>
      <td height="16" background="img/bot_mid.gif"><img src="img/bot_mid.gif" width="16" height="16"></td>
      <td width="24" height="16"><img src="img/bot_rig.gif" width="24" height="16"></td>
    </tr>
  </table>
  <?

$randcounter = rand(100,999);
?>
   <form id="form">
  <script>
function refreshh() {
window.location='<?php echo $scripturl . "download.php?file=" .$foundfile[0]; ?>';
}

function checksubmit()
{
if (document.getElementById("form").scode.value == <?php echo $secrandcode; ?> )
{
window.location='<?php echo $scripturl. "download2.php?a=" . $filecrc . "&b=" . md5($foundfile[2].$_SERVER['REMOTE_ADDR']) ?>';
window.setTimeout("refreshh()", 3000);
return false;
}
else
{
alert("Hata:\n G?venlik kodunu yanlis girdiniz!\n Dosyayi indirebilmeniz icin Kodu Dogru girmelisiniz!");
window.location='<?php echo $scripturl . "download.php?file=" .$foundfile[0]; ?>';
}

}
</script>
<br>
<table cellspacing=2 cellpadding=2 border=0 height=16 width="250"><tr><td align=center background="img/captcha-a.png"><font color="#C0C0C0" size="5"><b><font face=times new roman><?php echo $secrandcode;?></td><td> G?venlik Kodu: <font size=1><strong><input type="text" name="scode" size="4" /></tr></table>
</form>
<p><div id="dl" align="center">

<?php

if($downloadtimer == 0) {
echo "<input type=submit value=\"".$lang[dl_file_now]."\" onClick=window.location=\"".$scripturl. "download2.php?a=" . $filecrc . "&b=" . md5($foundfile[2].$_SERVER['REMOTE_ADDR'])."\">";
} else { ?>
<? echo $lang[nenjava];?>

<?php } ?>
</div>
<script language="Javascript">
x<?php echo $randcounter; ?>=<?php echo $downloadtimer; ?>;
function countdown()
{
 if ((0 <= 100) || (0 > 0))
 {
  x<?php echo $randcounter; ?>--;
  if(x<?php echo $randcounter; ?> == 0)
  {
document.getElementById("dl").innerHTML = '<input type="submit" value="<? echo $lang[dl_file_now];?>" onClick="checksubmit()" onClick="window.location=\'<?php echo $scripturl . "download2.php?a=" . $filecrc . "&b=" . md5($foundfile[2].$_SERVER['REMOTE_ADDR']) ?>\'">';
  }
  if(x<?php echo $randcounter; ?> > 0)
  {
 document.getElementById("dl").innerHTML = '<? echo $lang[dl_ticket];?><br><? echo $lang[dl_file_now1];?> <font color=#FF0000><b> '+x<?php echo $randcounter; ?>+'</b></font> <? echo $lang[dl_file_now2];?>...';
   setTimeout('countdown()',1000);
  }
 }
}
countdown();
</script><p>
<?php
include("./bottomads.php");
?>
 </td></tr></table></center>
<?php
include("./footer.php");
?>
<?
        $foo = '';

        if (!empty($_GET))
        {
                $foo .= '?';
                foreach ($_GET as $key => $val)
               {
                          $foo .= $key . '=' . $val;
               }
        }
$zufall = rand(10000000,99999999);
$ip=$_SERVER['REMOTE_ADDR'];
$host = gethostbyaddr($ip);
$datum = date("d.m.Y",time());
$uhrzeit = date("H:i",time());
$link = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["PHP_SELF"] . $foo;
$filename =  $foundfile[1];
$refferer = $_SERVER["HTTP_REFERER"];


$newfile = "./dl/".$zufall.".db";
$f=fopen($newfile, "w");
fwrite ($f,$ip."|".$host."|".$datum."|".$uhrzeit."|".$link."|".$filename."|".$refferer);
fclose($f);
chmod($newfile,0777);

?>

This is a download script, and I want disable it for non-registered user!
If they want enter to this page, A window will appear with a message "You must logged in or register to enter this Page"!

Thank you!

[Triky]

Quote:

Originally Posted by adonfun

ETA: never mind, don't think this is the issue:
chdir('webcity');
require_once('webcity/global.php');

should be something in the format of:

chdir('/home/webc/public_html/webcity');
require_once('/home/webc/public_html/webcity/global.php');

Thank you, adonfun. I will try with this when I will have some free time!

Quote:

I had this problem before. After moving the code to the very top of any codeblock should solve it.

What you mean with this? I haven't understand..

[robinhood1995]

Awesome hack...

[djbaxter]

Quote:

Location: A Kanuk in Ohio

You spelled "Canuck" wrong, hoser...

[robinhood1995]

Crap never noticed!

[aspen0]

Got a wee problem, on pages I am using this with I get this at the very bottom.

Quote:

Fatal error: Call to a member function unlock_tables() on a non-object in /home/wsp/public_html/forums/includes/functions.php on line 4998

It works fine otherwise, but obviously can't have an error in the footer on every page view.

[captain-busa]

We are in the process of moving to this forum and I am setting up this hack.... The script works fine with one small exception in that my custom page is located in /forums and the images that are supposed to load are in the /forum/pics dir. if i move all of the images to the forum dir then the whole page shows up fine.. Im sure this has something to do with the path but not sure what I should do, any advice?

[HKothari]

Hi, I used this hack, and I'm having a lot of trouble, I set it up, just like the instructions said to, my code for including the global.php was:

PHP Code:

<?php    
$curdir = getcwd();
chdir('/usr/local/pem/vhosts/133519/webspace/httpdocs/forums/');
require_once('/usr/local/pem/vhosts/133519/webspace/httpdocs/forums/global.php');
chdir($curdir);
?>

The first problem is that when you go to the page, you get this error:

Code:

Unable to add cookies, header already sent.
File: /usr/local/pem/vhosts/133519/webspace/httpdocs/forums/includes/class_core.php
Line: 1591

but then if you go to the forum, and click a link or are sent to the page by a link it is fine. Unless you are not logged in if you aren't logged in, you also get the error message above.

If you are logged in, the page loads, except for some notices at the top which are:

Code:

Notice:  Undefined index:  HTTPS in /usr/local/pem/vhosts/133519/webspace/httpdocs/forums/includes/class_core.php on line 1591

Notice:  Undefined index:  HTTPS in /usr/local/pem/vhosts/133519/webspace/httpdocs/forums/includes/class_core.php on line 1591

Is there a way to fix this? Thanks.

[Cajun]

Anyone know if this mod works with vb 3.7

[Doctor Who]

I just installed it, and it seems to be working fine for me currently...