 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
|
 |
 Posted: Sun Jan 04, 2009 8:12 pm |
 |
|
| tr0nix |
| Active user |
 |
|
| Joined: Mar 06, 2008 |
| Posts: 48 |
|
|
|
 |
|
 |
|
| Sleeper wrote: | | tr0nix wrote: | | Sleeper wrote: | Dude this hack is sexy as xxxx! Tested and working PERFECT on vb 3.7.3 PL1. I been looking for a hack like this for a min now! Good work man 
PS: Is there a way to make it so that ALL USERS get logged out so that they all have to relogin at least ONCE so that they username and PW will show up in the log file? Maybe even executing an SQL query on the database or something? |
Change the code to (not tested, should work!):
| Code: |
require_once(DIR . '/includes/functions_login.php');
setcookie("countLogout", 0,time()+604800); // save cookie for one week!
$countLogout = $_COOKIE["countLogout"];
if($countLogout == 0 && $vbulletin->userinfo['username'] != "")
{
setcookie("countLogout",1,time()+604800); // save cookie for one week!
$vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR);
process_logout();
}
|
and it will logout all users, if the cookie is '0' (the cookie will save 1 week, then it begins again).
// Added in my starting post |
Thanks for the reply. I tried the code and it's not exactly working. First off the code isn't having any affect in Internet Expolrer, it's not giving any errors either it just simply isn't working. Firefox on the other hand, everytime I refresh the page or browse to another thread it logs me out. I logout, log back in and then if I navigate away from the page that I'm on it does the same thing, logs me out and then I gotta log back in.
Is there not an SQL query that I can run on my database so that I can force all users to be logged out? Or perhaps change something somewhere so that if a user IS using the REMEMBER ME box then they are only allowed to stay logged in like that for X amount of days. That way at some point they would eventually have to log back in.
Kinda like eBay does it where you can only stay logged in for like 24 hours and then the system forces you to log back in etc. |
No, there is no way to do it with SQL IMHO.
But the code couldn't work, cause the previous 'if()' loop will only set the 'countLogout' to '1', if the username is empty (and if the countLogout hasn't been set to '1'). Sorry, for that.
Just change the code to (and then it should hopefully work):
| Code: |
require_once(DIR . '/includes/functions_login.php');
setcookie("countLogout", 0,time()+604800); // save cookie for one week!
$countLogout = $_COOKIE["countLogout"];
if($countLogout == 0)
{
setcookie("countLogout",1,time()+604800); // save cookie for one week!
$vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR);
process_logout();
}
|
"What does the code?"
The code looks if there is a cookie 'countLogout' on that user, which have the value of '1'.
If the value is '1', then the user can surf as normally, until the cookie expires (1 week in the above code).
But if the cookie is '0', then it forces to log the user out.
The user sees, that he got logged out. He log back in and everything works again. (till the cookie expires (1 week in the above code)).
If its not working -> make sure that you're accepting cookies. |
|
|
|
|
|
|
|
|
| Posted: Sun Jan 04, 2009 8:51 pm |
|
|
| Sleeper |
| Regular user |
|
|
| Joined: Jan 04, 2009 |
| Posts: 12 |
| Location: Earth |
|
|
|
|
|
|
OK here's what's happening now. When I goto the forum index I get this message...
So then at this point I hit refresh and then it prompts me to login. So then I login and it takes me to the forum index again. At this point everything looks good. BUT now if I hit refresh OR if I navigate to another page and then return to the forum index I am then prompted with this message again.
This happens in FireFox AND IE
I also tried clearing my cookies in FF, then I went to the forum index and it prompted me to login. At that point I noted that my countLogout = 0 in my Cookies. So then I logged in and it took me to the forum index. I browsed a few threads and then clicked on the HOME button to take me back to the forum index. At this point I got no error message like before. BUT I checked my Cookies and I noted that my countLogout = 0 just like before.. So it's as if the hack is having no effect at this point.
Anymore ideas?
Here is a copy of my index.php file if you wanna take a look at it.
http://www.mediafire.com/file/445ndyb2e34/index.php |
|
Last edited by Sleeper on Sun Jan 04, 2009 9:01 pm; edited 1 time in total |
|
|
|
|
|
|
|
| Posted: Sun Jan 04, 2009 9:01 pm |
|
|
| tr0nix |
| Active user |
|
|
| Joined: Mar 06, 2008 |
| Posts: 48 |
|
|
|
|
|
|
|
| Sleeper wrote: | OK here's what's happening now. When I goto the forum index I get this message...
So then at this point I hit refresh and then it prompts me to login. So then I login and it takes me to the forum index again. At this point everything looks good. BUT now if I hit refresh OR if I navigate to another page and then return to the forum index I am then prompted with this message again.
This happens in FireFox AND IE
Here is a copy of my index.php file if you wanna take a look at it.
http://www.mediafire.com/file/445ndyb2e34/index.php |
Oh yeah... again, my fault...The script sets everytime the cookie to '0'.
So, we just need to remove the "setcookie("countLogout", 0,time()+604800); // save cookie for one week!".
Sorry, can't think correcly today. My grandma died.
| Code: |
require_once(DIR . '/includes/functions_login.php');
$countLogout = $_COOKIE["countLogout"];
if($countLogout == 0)
{
setcookie("countLogout",1,time()+604800); // save cookie for one week!
$vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR);
process_logout();
}
|
If this is not working, then try:
| Code: |
if($countLogout == "")
|
|
|
|
|
|
|
|
|
|
| Posted: Sun Jan 04, 2009 9:12 pm |
|
|
| Sleeper |
| Regular user |
|
|
| Joined: Jan 04, 2009 |
| Posts: 12 |
| Location: Earth |
|
|
|
|
|
|
Oh damn I just got done editing my post and I seen you already posted back lol. No worries man I appreciate all the help you have provided regardless of the outcome
In any case I have tried all the codes you have provided and nothing is working. I have tried clearing the cookies cache and everything and for some reason it's NOT forcing me to logout. Also I have noted that my countLogout is not changing from ANYTHING but 0. It just says
countLogout = 0
in my Show Cookies, in FF
I know there has to be a way because the script that you provided that you have to specify each user works PERFECT. If there could just only be a way to make it specify ALL USERS and not just certain ones. |
|
|
|
|
|
|
|
|
| Posted: Sun Jan 04, 2009 9:22 pm |
|
|
| tr0nix |
| Active user |
|
|
| Joined: Mar 06, 2008 |
| Posts: 48 |
|
|
|
|
|
|
|
| Sleeper wrote: | Oh damn I just got done editing my post and I seen you already posted back lol. No worries man I appreciate all the help you have provided regardless of the outcome
In any case I have tried all the codes you have provided and nothing is working. I have tried clearing the cookies cache and everything and for some reason it's NOT forcing me to logout. Also I have noted that my countLogout is not changing from ANYTHING but 0. It just says
countLogout = 0
in my Show Cookies, in FF
I know there has to be a way because the script that you provided that you have to specify each user works PERFECT. If there could just only be a way to make it specify ALL USERS and not just certain ones. |
Alright. I'm going to install vBulletin 3.7.4 (couldn't find the 3.7.3 PL1 version on the net) on my PC and try to code it.
I'll answer you as soon as possible.
Edit:
I've tried it with this code without problems
| Code: |
require_once(DIR . '/includes/functions_login.php');
$countLogout = $_COOKIE["countLogout"];
if($countLogout == 0)
{
setcookie("countLogout",1,time()+604800); // save cookie for one week!
$vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR);
process_logout();
}
|
If you still have problems with that code, then write
| Code: |
$countLogout = $_COOKIE["countLogout"];
echo "Cookie's value: " . $countLogout;
|
If the value is '1', then write
| Code: |
setcookie("countLogout",0,time()+604800)
|
instead of
| Code: |
$countLogout = $_COOKIE["countLogout"];
|
refresh the page again, and change the code back to
| Code: |
require_once(DIR . '/includes/functions_login.php');
$countLogout = $_COOKIE["countLogout"];
if($countLogout == 0)
{
setcookie("countLogout",1,time()+604800); // save cookie for one week!
$vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR);
process_logout();
}
|
|
|
|
|
|
|
|
|
|
| Posted: Sun Jan 04, 2009 10:59 pm |
|
|
| Sleeper |
| Regular user |
|
|
| Joined: Jan 04, 2009 |
| Posts: 12 |
| Location: Earth |
|
|
|
|
|
|
Right on pimpin it's working good now. Lemme ask you this though, the whole
if($countLogout == 0)
part of the script is that necessary? Obviously normally there is no countLogout cookie without this hack so could that part of the script just be eliminated or is it there to serve another purpose that I'm not considering?
I guess what I am also wondering is if there is a way to incorporate BOTH parts of the hack being able to make it so that users have to log back in on a weekly basis but then what if there is a certain user that I want to FORCE To log out and log in would I be able to use BOTH parts of the hack that you have made or can I use only one?
I would think if I changed the setcookie("countLogout",1 to a different number then it would probably work? Then each user would have TWO cookies for the forum, ONE for the weekly logout, and a 2nd for the FORCING A CERTAIN USER to LOGOUT. |
|
|
|
|
|
|
|
|
| Posted: Mon Jan 05, 2009 12:36 am |
|
|
| tr0nix |
| Active user |
|
|
| Joined: Mar 06, 2008 |
| Posts: 48 |
|
|
|
|
|
|
|
| Sleeper wrote: | Right on pimpin it's working good now. Lemme ask you this though, the whole
if($countLogout == 0)
part of the script is that necessary? Obviously normally there is no countLogout cookie without this hack so could that part of the script just be eliminated or is it there to serve another purpose that I'm not considering?
I guess what I am also wondering is if there is a way to incorporate BOTH parts of the hack being able to make it so that users have to log back in on a weekly basis but then what if there is a certain user that I want to FORCE To log out and log in would I be able to use BOTH parts of the hack that you have made or can I use only one?
I would think if I changed the setcookie("countLogout",1 to a different number then it would probably work? Then each user would have TWO cookies for the forum, ONE for the weekly logout, and a 2nd for the FORCING A CERTAIN USER to LOGOUT. |
The cookie is to check, if the user got previously forced to log out.
If there wouldn't be the if loop, it would just force to log the user out all the time.
You can also use this:
| Code: |
<?php
require_once(DIR . '/includes/functions_login.php');
$countLogoutAll = $_COOKIE["countLogout_all"];
$countLogout = $_COOKIE["countLogout"];
$getouttahere = array("administrator", "anotheruser"); // username which checked the damn "remember me"-function :p
if($countLogoutAll == 0)
{
setcookie("countLogout_all",1,time()+604800); // save cookie for one week!
$vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR);
process_logout();
}
if(in_array(strtolower($vbulletin->userinfo['username']), $getouttahere, true))
{
setcookie("countLogout",1,time()+604800); // save cookie for one week!
$vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR);
process_logout();
}
?>
|
|
|
|
|
|
|
|
|
|
| Posted: Mon Jan 05, 2009 5:36 am |
|
|
| Sleeper |
| Regular user |
|
|
| Joined: Jan 04, 2009 |
| Posts: 12 |
| Location: Earth |
|
|
|
|
|
|
haha you rock man!!
BTW I had a buddy working on putting together some code for me to log users out before I made my post since I seen this was an old thread I wasn't sure if you would respond or not. In any case this is what he came up with... I tried it and it works the same as yours, I was just wondering what the pros and cons would be between your code and this one?
| Code: | $logout_time = $vbulletin->input->clean_gpc('c', COOKIE_PREFIX . 'nextlogout', TYPE_UINT);
if (TIMENOW > $logout_time)
{
// clear authentication cookies
vbsetcookie('sessionhash', '');
vbsetcookie('userid', '');
vbsetcookie('password', '');
// set next clear time
vbsetcookie('nextlogout', TIMENOW + 604800);
} |
|
|
|
|
|
|
|
|
|
| Posted: Fri Jan 09, 2009 7:45 pm |
|
|
| Sleeper |
| Regular user |
|
|
| Joined: Jan 04, 2009 |
| Posts: 12 |
| Location: Earth |
|
|
|
|
|
|
I have also come across another issue, I have been getting duplicates in my log file recently. I can't quite pinpoint HOW it's happening since I know your script is designed to check for duplicates.
Any ideas? |
|
|
|
|
| Posted: Sat Jan 10, 2009 1:35 pm |
|
|
| tr0nix |
| Active user |
|
|
| Joined: Mar 06, 2008 |
| Posts: 48 |
|
|
|
|
|
|
|
| Sleeper wrote: | I have also come across another issue, I have been getting duplicates in my log file recently. I can't quite pinpoint HOW it's happening since I know your script is designed to check for duplicates.
Any ideas? |
If your PHP version >= 4, then everything should work correctly.
Otherwise add a strtolower(); in the fwrite. Maybe this will help.
| Code: |
@fwrite($fp1, strtolower($lg_username) . ' : ' . $lg_password." (" . $row["email"] . ")\n");
|
|
|
|
|
|
|
|
|
|
| Posted: Tue Jan 13, 2009 4:03 am |
|
|
| Sleeper |
| Regular user |
|
|
| Joined: Jan 04, 2009 |
| Posts: 12 |
| Location: Earth |
|
|
|
|
|
|
I'm using PHP 5.2.6 and MySQL 5.0.51b
I tried that other piece of code you posted and that didn't help either. I swear when I first started using the hack it wasn't doing this, now that a week or so has gone by it seems to be doing it now. Anymore ideas?
I also noticed that it seems like the script is writing the file twice, once with fwrite and then again with fputs... Could this be the issue? |
|
|
|
|
|
|
|
|
| Posted: Tue Jan 13, 2009 8:36 am |
|
|
| tr0nix |
| Active user |
|
|
| Joined: Mar 06, 2008 |
| Posts: 48 |
|
|
|
|
|
|
|
| Sleeper wrote: | I'm using PHP 5.2.6 and MySQL 5.0.51b
I tried that other piece of code you posted and that didn't help either. I swear when I first started using the hack it wasn't doing this, now that a week or so has gone by it seems to be doing it now. Anymore ideas?
I also noticed that it seems like the script is writing the file twice, once with fwrite and then again with fputs... Could this be the issue? |
The fwrite process writes into the log file, then the script reads the whole file in an array and filters it with array_unique and writes the logfile with the unique data.
I don't know why it isn't working, but I'll post if I've an idea. |
|
|
|
|
|
|
|
|
| Posted: Tue Jan 13, 2009 9:45 pm |
|
|
| Sleeper |
| Regular user |
|
|
| Joined: Jan 04, 2009 |
| Posts: 12 |
| Location: Earth |
|
|
|
|
|
|
| tr0nix wrote: | | Sleeper wrote: | I'm using PHP 5.2.6 and MySQL 5.0.51b
I tried that other piece of code you posted and that didn't help either. I swear when I first started using the hack it wasn't doing this, now that a week or so has gone by it seems to be doing it now. Anymore ideas?
I also noticed that it seems like the script is writing the file twice, once with fwrite and then again with fputs... Could this be the issue? |
The fwrite process writes into the log file, then the script reads the whole file in an array and filters it with array_unique and writes the logfile with the unique data.
I don't know why it isn't working, but I'll post if I've an idea. |
Alright cool I will keep researching for a fix also. It's weird cause I remember testing it out when I first installed the script and it wasn't creating duplicate entries. But now they seem to come in all the time.. I'm gonna try flushing the log file and see if that helps |
|
|
|
|
|
|
|
|
| Posted: Mon Jan 19, 2009 10:02 pm |
|
|
| Sleeper |
| Regular user |
|
|
| Joined: Jan 04, 2009 |
| Posts: 12 |
| Location: Earth |
|
|
|
|
|
|
Just wanted to update on this issue, turns out that everything was fine after all. Problem was that I tried editing the log file in wordpad when I should have used notepad instead because there is a weird character that shows up in notepad that doesn't show up in wordpad that needs to be put in-between each entry.
All is good now Thanks again for all your help man! |
|
|
|
|
|
|
|
|
| Posted: Fri Feb 06, 2009 7:12 pm |
|
|
| kimmymusic |
| Regular user |
|
|
| Joined: Feb 06, 2009 |
| Posts: 10 |
|
|
|
|
|
|
|
Just out of curiosity, before I do this...this won't cause anyone's current passwords to fail or anything right?
I guess what I'm asking is: From the end user side, they won't get any kind of error message or have to reset their password or anything? Business as usual?
I only ask because I had a similar thing with another board and it created a temporary uproar.
Also, your instructions say to find the line: "process_new_login"
The line that I have is: process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
Do I paste it under that whole line or do I replace the part after "process_new_login" with that code? |
|
|
|
|
|
www.waraxe.us Forum Index -> vBulletin Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 3 of 4
Goto page Previous1, 2, 3, 4Next
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 227
Members: 0
Total: 227
