The Arcive of Official vBulletin Modifications Site.

HTTP Basic Authentication against vB-Accounts · **Released**: 02-12-2004

Seeing all those "user integration" requests over and over again I made a small "hack" (not really as no tables, templates or files are modified

) that might be useful if you want to give access to non-forum content based on forum accounts:

HTTP Basic Authentication against vB user table
------------------------------------------------

This "hack" allows you to use HTTP Basic authentication
(password protected directories) based upon vB accounts.

Update Version 0.2
------------------
I've added a configuration option to the .htaccess so
you can specify which usergroup (only one for the moment)
you want to grant access.
If you don't need this feature just leave the line commented out.

Requirements
------------
- vBulletin 3 (at least the user table)

- Apache/mod_perl compiled with support for PerlAuthenHandler
- Basic Authentication feature enabled to be used in .htaccess

Installation
------------
1) Edit vBAuth.pm, fill in the configuration settings (database, etc.)
2) Put vBAuth.pm in your Perl Apache-Moduls directoy
3) (Optional) Edit .htaccess to meet your requirements
4) Put .htaccess in the directory you want to protect

Andreas · #22 03-06-2004, 03:50 PM

No. This hack will only work with Apache (who uses IIS anyway ^.^).

For IIS and ISAPI Authentication Filter would be required.
I am not all familiar with IIS (haven't used it yet) but i'll try to write one, although this might take some days.

Chrissicom · #23 03-06-2004, 04:24 PM

would be great to have this working with IIS

Rampag33 · #24 03-11-2004, 04:37 AM

Great mod. Will have to wait to see if the admin has the mod_perl compiled.

Yoshy · #25 03-11-2004, 01:02 PM

Bug:
1st line of vBAuth.pm is package Apache::vBAuth2;
In the .htaccess it's PerlAuthenHandler Apache::vBAuth

You might want to put PerlAuthenHandler Apache::vBAuth2 in the htaccess

Also on my server I had to remove PerlOptions +GlobalRequest to make it work.

This is perfect for my test forum ! Thanks
[high] * Yoshy installs ![/high]

Rampag33 · #26 03-11-2004, 04:41 PM

don't have that module install or I would install it. Damn and I was so close.

my username · #27 04-15-2004, 07:45 PM

So much for all the work the vb team has spent on making the application as secure as possible (application-level security).

HTTP basic auth. (http://www.ietf.org/rfc/rfc2617.txt) sends the password in clear text for every HTTP-request made to the server (when using cookies you're at least able transfer a hashed version of the password for each request)...this is why the W3C tell you NOT to use HTTP basic auth.

Why not just include/require global.php in the scripts that are "off-forum"?

http://www.w3.org/Security/Faq/wwwsf2.html
http://www.xiven.com/sourcecode/digestauthentication

JohnBee · #28 11-15-2004, 02:49 AM

Any chance this mod will get out of beta?
I want to install it on my server but the admins will not add beta material
on serverside.

AN-net · #29 11-15-2004, 03:06 AM

wow great hack!!! wish i had root access

HiDeo · #30 11-15-2004, 03:36 AM

Nice jobs, thanks

JohnBee · #31 11-16-2004, 10:16 AM

My hosting company will not add any Beta files to there serverside
modules, can you tell me if you have any plans of moving this to
full release anytime soon?

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04919 seconds Memory Usage 2,301KB Queries Executed 25 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)modsystem_post (1)navbar (6)navbar_link (120)option (1)pagenav (1)pagenav_curpage (3)pagenav_pagelink (11)post_thanks_box (11)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (11)post_thanks_postbit_info (10)postbit (11)postbit_onlinestatus (11)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!