Password Protect Boards

Started by Thantos, December 16, 2005, 01:21:36 AM

Previous topic - Next topic

Thantos

For those of you having problems with this mod:

Do any of the board names contain any type of special characters like ' & " etc?

If so can you try it on a board without those special characters?

teamvtec

Quote from: MikeMill on January 05, 2006, 12:33:43 PM
For those of you having problems with this mod:

Do any of the board names contain any type of special characters like ' & " etc?

If so can you try it on a board without those special characters?

Hehehe, it worked like a charm.... i had a board called DVD's :P
Why is it that the password does'nt work with special characters?
I think i can delete that code what you posted in the previous post?


Big thumbs up for the help ;)

Thantos

Yeah you can delete the code I provided earlier.  The board name is prefixed to the password prior to being hashed, however it does it after the forum does some work to the name to make it safe to put in the database.  I need to look to see if the board name after that point is different the board name at the point where it checks the password.

If you all are feeling really helpful you can try it moving one thing for me and seeing if it works with special characters.

In file ManageBoards.php

1.0.5:
Find
	
	
$_POST['passwdBoard'] = !empty($_POST['passwdBoard']) ? sha1($_POST['board_name'].$_POST['passwdBoard']) : '';


and moving it above

	
	
$_POST['board_name'] = preg_replace('~[&]([^;]{8}|[^;]{0,8}$)~''&$1'$_POST['board_name']);



1.1:
Find

	
	
if ( 
$_POST['passwdBoard'] != "#FAKEPASSWORD" )
	
	
	
$boardOptions['passwd'] = !empty($_POST['passwdBoard']) ? sha1($boardOptions['board_name'].$_POST['passwdBoard']) : '';


And move it above
	
	
$boardOptions['board_description'] = preg_replace('~[&]([^;]{8}|[^;]{0,8}$)~''&$1'$_POST['desc']);



In both cases the code you are moving it above should be right before what you are trying to find.  Also in both cases you'll need to go reset your password for the board.  Make sure you actually type it out otherwise it won't update.

teamvtec

Gave me the same thing as before... not allowing special characters

Thantos

ok thanks.  I'll see what I can dig up.

MJJOS

Hey,

being new to simple machines forums (which are brilliant, well done!) I have just installed my first mod, being the passward mod by MikeMill.

I have sucessfully installed the mod, but I have been looking around for half an hour now and I cant figure out how to set a password on an individual board! How do I do it?

Thanks!

MJJOS.

Bigguy

If you go to make a new board/forum or to modify an exsisting one you should see it.

MJJOS

Oh yes, thats great now I see it. Thats great thanks Bigguy!

MJJOS

Drakhart

"This modification was tested using SMF 1.1 RC2.  It may or may not work with RC1." I guess you wanted to say "This modification was tested using SMF 1.1 RC1.  It may or may not work with RC2." In fact it isn't working with RC2. The installer tells there are some errors applying the mod, and asks if you're sure to do it. With RC1 worked fine, the pity is I upgraded to RC2 and now I can downgrade the files, but not the database (external server with only myPHPAdmin and lazy admins). So I have to stick up to RC2. Are you working in a version compliant with this new release?

Bigguy

I`m running RC2 and it works fine for me with no errors at all.

Drakhart

#70
Then, if someone could give me a hand, I'd be grateful. What I do is go to the packages section, browse to this mod, dowload it, and then click on apply mod. And what I get is this:

Error in Package Installation
At least one error was encountered during a test installation of this package. It is strongly recommended that you do not continue with installation unless you know what you are doing, and have made a backup very recently. This error may be caused by a conflict between the package you're trying to install and another package you have already installed, an error in the package, a package which requires another package that you don't have installed yet, or a package designed for another version of SMF.

Installations actions for "Password Protect Boards":
Installing this package will perform the following actions:
   Type    Action    Description
1.    Execute Modification    ./Sources/Load.php    Test failed
2.    Execute Modification    ./Sources/BoardIndex.php    Test failed
3.    Execute Modification    ./Sources/ManageBoards.php    Test failed
4.    Execute Modification    ./Themes/default/languages/Modifications.english.php    Test successful
5.    Execute Modification    ./Themes/default/ManageBoards.template.php    Test successful
6.    Execute Modification    ./Themes/default/BoardIndex.template.php    Test successful
7.    Execute Code    add_settings.php    
8.    Extract File    ./Sources/passwdBoard.php    
9.    Extract File    ./Themes/default/passwdBoard.template.php


I haven't got any other mod installed, it's a fresh upgrade from RC1 to RC2. What should I do?


Nevermind, I downloaded the right mod from here, not from the Packages option. Running fine now. Thanks.  :)

squirrelof09

Think you can ever get this mod to work with RC2?  We recently upgraded to RC2.

Bigguy


squirrelof09

Ok, sorry, I just don't have time to read this whole topic, so I decided to ask it, but sorry for causing any trouble.

Bigguy


Drakhart

I have one question about coding. In my site, I have an "admins" group besides the actual administrator user, that have full admin privileges given by the maintenance group. But they can't access password protected boards, as the admin and the moderators do. The question is, how could I check out if an user belongs to the maintenance group? And, if this can't be done, how could I know if an user belongs to an X group number? In this case, the co-admins group is the #9 one.

I know the sentences that check out users' groups are these ones, but I don't know how should I ask the board about the maintenance privileges or about a certain group:// Can they view this board?
if ( !$user_info['is_admin'] && !$user_info['is_mod'] && $board_info['passwd'] && !in_array($board, $_SESSION['board_access']) )


Any idea?

Drakhart

Nevermind, I did it.  :D For people interested in doing that, here is the solution, with changes made to sources/Load.php showed between >>> and <<<:
'is_admin' => in_array(1, $user_info['groups']),
        >>>'is_coadmin' => in_array(9, $user_info['groups']),<<<
'theme' => empty($user_settings['ID_THEME']) ? 0 : $user_settings['ID_THEME'],

[...]

// Can they view this board?
if ( !$user_info['is_admin'] >>>&& !$user_info['is_coadmin']<<< && !$user_info['is_mod'] && $board_info['passwd'] && !in_array($board, $_SESSION['board_access']) )


This allows group #9 to bypass the password protection. But only usergroup #9. If you know how to do it for all maintenance groups, please let me know.

Bigguy

I have a small question. No big deal really. The other day one of my members was screwing around as a guest to see if he could get any info out of the password protected boards. He found out that if you search for info with the search in smf you will find info from boards that are password protected. Is there anyway to stop ppl from being able to get info from a search. (Hope that makes sense)

CartDestr

The users can read the posts from the Password Protect Board in the 'recent posts'...

Bigguy

yes and also like Cartdestr said is there away to stop it in recent posts to.

Advertisement: