PasswordHack

HackVersion: BETA 2.1

German:

Mit diesem Hack k?nnt ihr ein Board mit einem Passwortschutz versehen.
Das Passwort wird im Adminbereich unter:

Forums and Moderators
--> modify
---> das board w?hlen

eingegeben.

Dieser Hack ist erst einmal eine BETA. In der Endversion Soll der Hack sollen die gesch?tzten Beitr?ge auch nicht von einem unberechtigten ?ber die Suchfunktion
gefunden werden k?nnen und man soll auch den Zugriff auf die gesch?tzten Boards selbst wieder (als normaler member) aufheben k?nnen.

Hack ansehen:
Gesch?tztes Board:
http://www.the-afterburner.com/vbull...?s=&forumid=30
Ein Topic in diesem Board:
http://www.the-afterburner.com/vbull...&threadid=1029

Der Hack im Anhang ist in Deutsch

English:

You can make a board password protected with this hack.
You can insert the password here:

Forums and Moderators
--> modify
---> choose a board

Remember this is only a BETA

suggestion for the final:
- no matches in the searchengine if a board is protected and the member hasn?t access to this board
- unsubscribe a access to a password protected board

Sorry for my english

see this hack in action:
protected board:
http://www.the-afterburner.com/vbull...?s=&forumid=30
a topic in a protected board:
http://www.the-afterburner.com/vbull...&threadid=1029

the hack in the attachment is in german the english version is below in a reply.

@ VB Support

If you want to use this Hack in your next version - you can do this


UPDATED 30.08.2001 to BETA 2.1

then is it a cookie thing that allows me to get in that forum from all these links everywhere?

I cleared all cookies, temp internet files, everything but all I have to do is login to my board and go to that forum and I am in.

The only time I can't get in is if I am not logged into the board

[Afterburner]

Quote:

Originally posted by drives_fast
then is it a cookie thing that allows me to get in that forum from all these links everywhere?

I cleared all cookies, temp internet files, everything but all I have to do is login to my board and go to that forum and I am in.

The only time I can't get in is if I am not logged into the board

yes this is right, if you insert the correct password you are able to access the board every time, this settings are in your profile in the database, see in the instruction file from the hack there you can find my suggestions for the next version:
unsubscribe a password protected board.

is there any way to get those that have already gotten in through a hole out?

is it possible to code in that the cookie not be set for access to the protected forum?

in other words.....make it so everyone with the password have to put it in every time they visit that forum?

I have some that got in.......I need to be able to get them out

Well....after further investigation....there are definately holes in this.

I registered a name and then tried to access the protected forum......could not get in.....good.

I removed all instances of "view new posts" or anything similar

went to the search feature.....typed in a name of someone that posted in the protected forum.....boom...there are the links and yes.....you can click them and get in. (mind you that I never entered a password to access the protected forum before trying these things)

backed out of that and went to that members profile and clicked on the last post (in the protected forum) and boom.....in again

So I say....there are holes in this.

I tried these thing on your board (afterburner) and they did not work......maybe some tweaks you did to yours that aren't documented in the installation file?

I really want this to work but need some help to make it either not search and list threads in protected forums from every angle or something......

anybody....please?

[Afterburner]

did you modified the showtopic.php correctly ? I have the same code in the description of the hack than in my board.

PHP Code:

download the showthread.php and make a backup of this file

look for this code (ca 205):

if (!$thread['visible']) {
  $idname="thread";
  eval("standarderror(\"".gettemplate("error_invalidid")."\");");
  exit;
}

$forum=getforuminfo($thread['forumid']);

add below this code:

// Password-Hack-by Afterburner-Start 
if ($forum['password']) {
$boardid="userspezial$thread[forumid]";
if ($bbuserinfo[$boardid] != 1) { 
eval("standarderror(\"".gettemplate('fehler_password_showtopic')."\");"); 
exit; 
} 
}
// Password-Hack-by Afterburner-End

upload the showthread.php. 


yes...I have that in there exactly as you shoed it

do you think it could be this:....."userspezial$thread" instead of spelled "userspecial$thread" that is causing the problem?

My board is in english

[Afterburner]

userspezial$thread is the correct version
with z not with c

[drives fast]

I am still looking for a working version of this hack. I am willing to pay for it as long as it doesn't have any holes in it.

I tried the same tactics on afterberners site and the holes aren't there but on my board they are. I followed the instructions to the tee and even removed the hack and re-installed it but if I click on the name of the last poster in that forum and then clicl the last post they made (in the protected forum) I can get right in.

If someone has a "Secure" version of this and wants some bucks, please contact me.

I will however need refrences from the people that run this site because I am still dealing with one person that has not followed through with what I payed him for.

Thanks in advance......drives

[Snake~eyes]

Is it possible to make this hack work for version 2.2.0?

[Bedhead]

I would be interested in hole free password protection as well.