Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 2.x > vBulletin 2.x Full Releases
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Password Protected Forums (vB3 Style) Details »»
Password Protected Forums (vB3 Style)
Version: 1.00, by John John is offline
Developer Last Online: Nov 2023 Show Printable Version Email this Page

Version: 2.3.x Rating:
Released: 03-11-2003 Last Update: Never Installs: 50
 
No support by the author.

-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-
Password Protected Forums (vB3)
By Shaolyen
email: John@eovie.com
msn: John@eovie.com

TESTED ON A FRESH vB 2.3.0
-\/-\/-\/-\/-\/-\/-\/-\/-\/-\/-\/-

Introduction
-----------------------------------------------------------
This hack is fairly simple in what it does.

If a user tries to access a password protected forum, they will be
prompted for the password. Once entered correctly they'll be able
to browse the forum as normal. It's as simple as that!

There are a few extras in this. When a user enters a password and
it's verified as being correct, a cookie is sent to their PC
containing the password. This will ensure that they don't need to
log in every time they access the protected area, until the cookie
expires.

The cookie timeout time for each protected forum can be set in the
AdminCP. (You can choose anything from 1 minute to 1 year.)

Password protected forums are denoted by the text
"[Password Protected]" tagged on the end of the forum description.
If you don't have a forum description for your password protected
area, "[Password Protected]" will take its place.

Please bear in mind:
? Threads will appear in searches, but the title, author, etc. are
all set to "Restricted". A password is needed to access these threads.
? The password in the cookie IS NOT ENCRYPTED. This is for a
reason, so the password can be viewable in the AdminCP. If
anyone would prefer MD5 encryption in their cookies, let me know.
? In the very near future I will be adding on options to enable
MD5 encryption.
? When you specify "Regular Forum Security" in the AdminCP and
a password has been entered, that password will not be recorded.

Security level, password, and timeout times can be specified when
creating or editing a forum.
(AdminCP > Forums & Moderators > Add | Modify)


Warning
-----------------------------------------------------------
BACKUP YOUR DATABASE AND FORUM FILES BEFORE YOU EVEN THINK ABOUT APPLYING THIS HACK!
-----------------------------------------------------------

Shameless Plug
-----------------------------------------------------------
This hack was written for the fine people at xAviaHosting -
www.xaviahosting.com. Pay them a visit (Or I'm a dead man!)
-----------------------------------------------------------

Shameful Plea
-----------------------------------------------------------
I'm poor as always, I'd be seriously grateful for any donations..!
If you have a few spare pennies in that Paypal account, my address
is "John@eovie.com" - share the wealth!
-----------------------------------------------------------

Screenshots:
-----------------------------------------------------------
Password protected indicator
Password prompt
AdminCP Settings
Search results 1
Search results 2
-----------------------------------------------------------

Update 1.0 > 1.1
-----------------------------------------------------------
? Search blocking enabled.
Screenshots:
Search results 1
Search results 2

Available here
-----------------------------------------------------------

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #12  
Old 03-12-2003, 10:59 AM
John's Avatar
John John is offline
 
Join Date: Mar 2002
Location: Norwich, UK
Posts: 1,543
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It checks what you enter directly with the password in the database.

To hack in, you'd need to have access to the database.
Reply With Quote
  #13  
Old 03-12-2003, 11:06 AM
Mephisteus's Avatar
Mephisteus Mephisteus is offline
 
Join Date: Dec 2001
Location: The Netherlands
Posts: 288
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by Shaolyen
It checks what you enter directly with the password in the database.

To hack in, you'd need to have access to the database.
so what's the major glitch, access to my database is restricted to localhost
Reply With Quote
  #14  
Old 03-12-2003, 11:07 AM
John's Avatar
John John is offline
 
Join Date: Mar 2002
Location: Norwich, UK
Posts: 1,543
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Here's a little more info on how this works.

Whenever $forumid (and often $forum[forumid]) has a value, it runs a query which checks to see if security is enabled for that particular forum. (The security field in the "forum" table.)

If security is enabled, it will check to see if a cookie exists for that forum containing the password. If there's no cookie with a correct password, the user will be directed to a page where they can enter the password.

The password they enter is then checked, and if it matches the one in the database a cookie will be deployed. (And the whole process will start again, but this time the user will be forwarded to the forumdisplay page.)

The same applies for the code in showthread.php.
Reply With Quote
  #15  
Old 03-12-2003, 11:09 AM
John's Avatar
John John is offline
 
Join Date: Mar 2002
Location: Norwich, UK
Posts: 1,543
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The glitch I left in was this line of code (in two places) which gives access to the forum on the second incorrect attempt.

PHP Code:
setcookie('cookpass['.$forumid.']'$seccheck[forumpass], 0); 
I've deleted it and updated the instructions.

The security is pretty rock solid.
Reply With Quote
  #16  
Old 03-12-2003, 11:18 AM
Mephisteus's Avatar
Mephisteus Mephisteus is offline
 
Join Date: Dec 2001
Location: The Netherlands
Posts: 288
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

OK, removed those lines,

it works like a dream, thanks Shao

but, what is the difference between the security levels?
Reply With Quote
  #17  
Old 03-12-2003, 11:21 AM
John's Avatar
John John is offline
 
Join Date: Mar 2002
Location: Norwich, UK
Posts: 1,543
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Regular is normal, just like a regular forum. (Not password protected).

Password protected is password protected.

Reply With Quote
  #18  
Old 03-12-2003, 11:23 AM
Mephisteus's Avatar
Mephisteus Mephisteus is offline
 
Join Date: Dec 2001
Location: The Netherlands
Posts: 288
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

that's pretty easy Thanks for the help
Reply With Quote
  #19  
Old 03-12-2003, 01:48 PM
Davey Davey is offline
 
Join Date: Nov 2002
Location: England
Posts: 383
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

WOW this is a nice hack.
/me installs.
If there was a Hack of the Month, I'd definately vote this hack for it!
Well done!
*Tests it and stuff O.o*

Dave.
Reply With Quote
  #20  
Old 03-12-2003, 02:40 PM
One-Team's Avatar
One-Team One-Team is offline
 
Join Date: Dec 2002
Posts: 15
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

wow very cool hack
Reply With Quote
  #21  
Old 03-12-2003, 03:45 PM
Dean C's Avatar
Dean C Dean C is offline
 
Join Date: Jan 2002
Location: England
Posts: 9,071
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Excellent hack - i hope this one works because a similar hack was released by one of the vbulletin-germany team with a bug that allows people on online.php to view a thread in a password protected forum... might want to see if that bug is present here?

Regards and nice hack!

- miSt
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:25 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05999 seconds
  • Memory Usage 2,314KB
  • Queries Executed 27 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_php
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete