Version: 1.00, by Stadler
Developer Last Online: Jul 2018
Version: 2.2.x
Rating:
Released: 11-16-2002
Last Update: Never
Installs: 2
Is in Beta Stage
No support by the author.
Well, what I'm trying to reach with this hack, is, that you can logout globally with it, no matter on how many browsers/computers you have your cookies saved.
This hack saves the time of creation of your user and password-cookies and if you logout, it updates the new lastlogout-field. If you try to login with a cookie, that has a creation time older than lastlogout, the cookie will be deleted. Thats it.
Pfew, I hope, you unterstood what I'm trying to tell you. :knockedout:
Now I need some people, that help me testing and sorting out bugs for that hack.
I haven't tested it on a live forum, yet, but maybe I do some testing, later today.
Show Your Support
This modification may not be copied, reproduced or published elsewhere without author's permission.
I did some testing on our public board. And it seems to work without problems "for users!"
But I couldn't login to the admin-cp, if I haven't logged in to the forums homepage. I've had to be logged in to the forums homepage, before I could login to the adminpanel.
Sorry, but right now I have no idea, how to fix this.
My main page is not a PHP/VB page. It's an html page, in which I simply integrated the login code. Thus, I removed the "forums" icon from the navbar, and Im not allowing any access to un-registered users.
This means... You get into my page... must register if you're a new user, or just login if you're already registered. As soon as you login, you're taken to the forums page. If you click on Logout icon on the navbar, your taken back to the main page, where you must sign if you want to get back into the forums. BUT if for some reason, a user enters http://mydomain.com/forums in his/her browser, it will be taken back to the forums...and logged-in, since the LOGOUT icon it's not really login-out.
Here's the what I have in the logout icon.. which I know is NOT correct..
As for Darth Cow's idea: I've added the md5-hash of $ourtimenow to the cookie "bbcookietime"
Cool . However, the hack still isn't very secure - the MD5 algorithm is known, so someone could change the date and then md5 the changes as well. Now that I think about, you're right that you don't need to save all login time. But I would rather use a variant of md5 to store the date. Checking it to make sure the date still equals the md5($date . "randomstringtochangemd5") would make the system secure, as long as everyone can come up with a constant random string to append to the date for the md5.
Originally posted by hellsatan Sounds like a cool idea...
Can anyone confirm that it works?
Satan
Can you install it and set up a test account on your board and have someone log in and out and you do that right after them and see if it allows you on? Will that work?