Trap Banned Members: They cant logout.

Hey there,

This is a very tiny (and very easy to install) hack but I like to use it and found it useful:

I have a certain user group for trouble users in my board which I disabled all access to my board and this group can not even search or display the board itself or anything, so they are lower than guests. So I need to trap them in their username so that they wouldnt log out and "gain" guest access. This tiny hack exactly does this. You can use it with "banned users" or any user group you need to trap. Here we go:

Edit member.php and find
-- cut ---
// ############################### start logout ###############################
if ($action=="logout") {
include("./global.php");
-- cut ---

AFTER THAT add:
-- cut --
// Banned users cant logout hack
if ($bbuserinfo[usergroupid]==XX) {show_nopermission(); exit;}
// Banned users cant logout hack
-- cut --

Replace XX with any usergroup id. (Banned by Moderators group is 12 in my board). If you put your mouse icon on "Edit" in http://www.url.com/yourboardadmin/us...tion=modify&s= , you can learn the usergroupid of any groups. If you need to trap more than 1 usergroups use this line:

if ($bbuserinfo[usergroupid]==XX OR $bbuserinfo[usergroupid]==YY) {show_nopermission(); exit;}

After applying the hack, trapped users will get "You dont have access" page if they try to logout from anywhere. Of course these members can still clear the cookies by deleting them manually, but you'll stop 95% of members who dont know the trick anyway!

Enjoy!

Logician //=^))

[Erwin]

If they clear the cookies, then they will be logged out. You can't prevent members from clearing their cookies.

[Logician]

Quote:

Originally posted by ZiRu$
damn......so even if they clear cookies and all references to my site they still cant log out?

This would be impossible, wouldn't it? In fact I have an idea to still recognize them even they manually clear the cookies but well I haven't coded that hack yet, bear with me and my long to-do list..

Anyway it's as Erwin stated: This hack only stops users who havent manually deleted the cookies, from logging out so that they wont get guests right by logging out.. In other words it doesnt stop users who manually cleared the cookies but it at least prevents the vb to clear their cookies if they are banned..

[Tigga]

Quote:

Originally posted by okidoki
I seriously don't understand the people that complain that "it isn't working, my users can get around it in a matter of minutes!"...

Sorry if it sounded like I was complaining. I was just saying how easy it was to get around it, even for someone that doesn't know anything about clearing their cookies and such. It's a great idea and I've still got it installed today. I usually use it and a couple of the other banning methods whenever we have a problem user. Oh, and I did install the hack to remove the register link for users so it's not quite as easy to get around.

[Dan Flynn]

I think this hack is great! Plus this entire converstation reminds me about the news. The more you talk about it and how to do it, the more info you give to the bad guy! he he

[Dynamic One]

Great job done m8. Can realy use this :0)

[BlackDeath]

i wonder since .NET is going to be doing away w/ cookies will this make vbb more secure. if vbb started using .NET technology, and you have to use a "passport". cookies would be obsolete. hmmm....

[Craigr]

Thanks, works great.

Craig

[Koutaru]

=/ I also have a temporary ban installed. How can I make sure they can't log out as well?

Hack:
http://www.vbulletin.org/hacks/index...ack&hackid=410

[Logician]

Quote:

Today at 12:02 AM Koutaru said this in Post #58
=/ I also have a temporary ban installed. How can I make sure they can't log out as well?

Hack:
http://www.vbulletin.org/hacks/index...ack&hackid=410

Right after my hack line add:

PHP Code:

if ($bbuserinfo['banuntil'] > time()) {show_nopermission(); exit;} 


[Koutaru]

Thanks Logican -- working here! Thanks