User authenication

For those of you wondering how to make restricted pages so that only members of your vB can view them, here is a quick code example to do so. Just require this file as the very first line of whatever file that you want to require a user to have logged into the vB in order to view. Copy this code into a file and save it into the forums directory (same directory as index.php, members.php, etc.) and name it whatever you want.

Its a REALLY simple script that just checks to see if the vB cookie exist. Nothing special at all, but for those of you with no programming experience it's something to work with.

Code:

<?php

/* Here we check to see if the vBulletin cookie exist.
If it doesn't, we prompt the user to either log in or
sign up*/

  if (!$HTTP_COOKIE_VARS["bbuserid"]) {
?>

<table border="0" width="600" cellspacing="0" cellpadding="2" align="center">
  <tr>
    <td valign="top">
<center><h2>Unathorized Access</h2></center>
If the users cookie isn't set, here is where your error message, or whatever message, will be.
	</td>
    <td valign="top" bgcolor="#D2D2D2">
    <form action="index.php" method="post">
      <table border="0" width="100%" cellpadding="2">
        <tr>
          <td width="50%" valign="top"><b>username</b></td>
          <td width="50%" valign="top"><input maxLength="25" name="username" size="10"></td>
        </tr>
        <tr>
          <td width="50%" valign="top"><b>password</b></td>
          <td width="50%" valign="top"><input maxLength="13" name="password" size="10" type="password" value></td>
        </tr>
        <tr>
          <td width="100%" valign="top" colspan="2">
            <p align="center"><input type="submit" value="Login!"></td>
        </tr>
      </table>
      </form>
    </td>
  </tr>
</table>

<?php
  exit;
  }
?>

[Edited by Krucifyx on 06-22-2000 at 07:02 AM]

This is great! I think I would incorporate this onto my own site! Thanks krucifyx

Thanks for the code. It's given me a good start on password protecting other pages on my site.

However, I'm having some problems.

I need secure pages to check if there's a vb cookie, and if there's not they can sign in using their vb username and password. Then they would see the protected pages.

This code posts login information to the vb index.php file, but after logging in it dumps the user at the forum. I need to have the user dumped at the page they were trying to view. Also, if an incorrect login is used the user is just dumped at the forum.

Any help would be greatly appreciated.

I've been out of the vb coding scene for a while but perhaps I can help you out.

What do you mean by it dumping you back to the screen? did you try putting this on all viewed scripts, not just forumdisplay.php?

Sorry about my previous post being a little vague.

I'm trying to create a file upload section to my website, but I only want registerd users from my forum to be able to upload. So I'm trying to password protect those upload pages using the vb login and cookies system.

If a vb cookie is already present the user should see the upload page. However, if they aren't logged in, the user should see a page that says, "You need to be a registered user to upload files. Enter username and password or register here." After they login on that screen they should see the upload page.

However, using the code at the top of this thread, the user doesn't see the upload page after logging in -- they are dumped at my forum's index page. An incorrect login has the same result (user is dumped at the forum index page).

In short, if the user is logging in from the forum, they should end up at the forum. If the user is logging in from the upload page, they should end up at the upload page.

Does that make sense?

Sorry for the long post.

[Edited by mferrell on 10-15-2000 at 11:05 AM]

Anyone got any pointers for the above post?

Code:

<?
require("global.php");

if ($bbuserid == 0)
{
   eval("echo standarderror(\$bbtitle,\"".gettemplate("error_nopermission")."\");");
   exit;
}

if ($bbusername == "" || (isset($bbusername))==0)
{
  $getusername=$DB_site->query_first("SELECT username FROM user WHERE userid=$bbuserid");
  $username=$getusername[username];
  $bbusername = $username;
}
else
{
   $username = $bbusername;
}

// Your Code to ul goes here

Thanks! That works but I'm having one problem. When I login with the following code, I'm dumped at my websites index page. How do I get it so that it shows the page that's trying to be viewed?

Here's what I've got now:

__________________________________
<?
chdir($DOCUMENT_ROOT . "/bulletinboard");
require($DOCUMENT_ROOT . "/bulletinboard/global.php3");

if ($bbuserid == 0)
{
eval("echo standarderror(\$bbtitle,\"".gettemplate("error_nop ermission")."\");");
exit;
}

if ($bbusername == "" || (isset($bbusername))==0)
{
$getusername=$DB_site->query_first("SELECT username FROM user WHERE userid=$bbuserid");
$username=$getusername[username];
$bbusername = $username;
}
else
{
$username = $bbusername;
}

// Your Code to ul goes here

?>

<html>
<title>Secure Area</title>
<body><font face=verdana,arial,sans-serif size=2>You should only be able to see this if you're logged in.<p>
</font>
</body>
</html>
____________________________

Thanks again for the help.

Well that is supposed to send you to whatever page you were trying to access after logging in.. hmm..

Does this file have to be located in the bulletinboard directory? My forum resides in bulletinboard, but the file I'm trying to protect is in the root directory.