vBulletin Mods

The Official vBulletin Modifications Site
https://www.vbulletin.org/forum/showthread.php?t=321469

Converting from Xenforo to vBulletin
by Alice
11 Jan 2016 09:09

Hey,

I was wondering if someone might be willing to give me a hand with converting this matter of code to be cross-compatible with vbulletin?

Thanks,


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


Alice 11 Jan 2016 17:31

Anyone know if they can help?

Dave 11 Jan 2016 17:55

Untested, upload to the root of your vBulletin forum.


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


Alice 11 Jan 2016 18:12

First off, thank you so much for being willing to help me with this project. Now, I uploaded the code to the root of the forums, and in Xenforo its supposed to print either a 0,1 or 2 and this only shows a completely blank page. But no errors we're printed, so go you. :)

Dave 11 Jan 2016 18:17

It's because of the check that checks if the current IP matches the $serverip variable.
You probably want it to be something like this in that case:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Then you execute it as follows: http://example.com/script.php?un=Dave&pw=password

Alice 11 Jan 2016 18:21

That code is producing the following error


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

--------------- Added 11 Jan 2016 at 18:25 ---------------

Scratch that, I was using the wrong syntax.

Dave 11 Jan 2016 18:26

That's caused by a plugin you have installed, more specifically at the login_verify_failure_username hook.

Alice 11 Jan 2016 18:26

Thank you so much Your my hero!! :)

Dave 11 Jan 2016 18:26

No problem. ;)

Alice 11 Jan 2016 21:48

Quote:

Originally Posted by Seraphyn (Post 2562469)
That code is producing the following error


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

--------------- Added 11 Jan 2016 at 18:25 ---------------

Scratch that, I was using the wrong syntax.

This is still an issue, specifically when you input a username that doesn't exist... like swglegends.com/forums/auth.php?un=username&pw=password

Please advise,

Dave 11 Jan 2016 22:30

Well it's not caused by the script I gave you, it's caused by one of the plugins you have installed.
Go to your AdminCP > Plugins & Products > Plugin Manager and find a hook which makes use of "login_verify_failure_username". A plugin which makes use of that hook is causing it.

Alice 12 Jan 2016 00:42

Quote:

Originally Posted by Dave (Post 2562494)
Well it's not caused by the script I gave you, it's caused by one of the plugins you have installed.
Go to your AdminCP > Plugins & Products > Plugin Manager and find a hook which makes use of "login_verify_failure_username". A plugin which makes use of that hook is causing it.

Okay, that works. Is there a way to make usernames match this regular expression: ^[^\s]+$
And disallow all symbols?

Thank you,

--------------- Added 12 Jan 2016 at 00:57 ---------------

Oh also, I just banned an account and checked if it would be banned on the game server and its still returning a 1, and not a 2. Any ideas?

--------------- Added 12 Jan 2016 at 07:05 ---------------

Any ideas?

Alice 09 Feb 2016 09:28

Hello. So, this file is for authenticating from a website to a gameserver. Now the issue is that people are able to put spaces after their account name and basically I would like to know if there is anothing anyone might be able to do with this code to prevent that from happening.

Thank you,

MarkFL 09 Feb 2016 20:27

Quote:

Originally Posted by Seraphyn (Post 2564506)
Hello. So, this file is for authenticating from a website to a gameserver. Now the issue is that people are able to put spaces after their account name and basically I would like to know if there is anothing anyone might be able to do with this code to prevent that from happening.

Thank you,

You can prevent embedded spaces, however I find that trailing spaces are automatically trimmed on my local dev site.

To see the options for username restrictions, follow:

AdminCP -> Settings -> Options -> User Registration Options -> Username Regular Expression

Alice 10 Feb 2016 01:25

Quote:

Originally Posted by MarkFL (Post 2564545)
You can prevent embedded spaces, however I find that trailing spaces are automatically trimmed on my local dev site.

To see the options for username restrictions, follow:

AdminCP -> Settings -> Options -> User Registration Options -> Username Regular Expression

Okay, what would you put there to disable embedded spaces after the username?

MarkFL 10 Feb 2016 03:15

Quote:

Originally Posted by Seraphyn (Post 2564564)
Okay, what would you put there to disable embedded spaces after the username?

I don't know offhand of regex that will only trim/leading trailing spaces. :)

Alice 10 Feb 2016 13:36

Quote:

Originally Posted by MarkFL (Post 2564573)
I don't know offhand of regex that will only trim/leading trailing spaces. :)

I've done some research and the only thing that Username expressions eliminates is the ability to create new accounts with trailing spaces. What I want to do is eliminate that ability to login to pre-existing accounts with trailing spaces as well.

Please advise,

MarkFL 10 Feb 2016 16:06

Yes, leading/trailing spaces are trimmed automatically upon registration. I have no idea how users were able to register with trailing spaces.

You will likely have to manually edit the offending usernames, and send the users an email to advise them of the change to their username.

Alice 10 Feb 2016 17:03

Quote:

Originally Posted by MarkFL (Post 2564600)
Yes, leading/trailing spaces are trimmed automatically upon registration. I have no idea how users were able to register with trailing spaces.

You will likely have to manually edit the offending usernames, and send the users an email to advise them of the change to their username.

This is the really weird thing. So, there are no spaces in anyone's username, and yet, they are still able to login when using a space in their name. Like let's say your account name is johndoe16, you can login just fine if your type in "johndoe16 " And this is the case for infinite spaces.

Please advise,

MarkFL 10 Feb 2016 17:12

Yes, you can type in trailing spaces when you log in, but those spaces do not change the actual username in the database.

Alice 10 Feb 2016 17:20

Quote:

Originally Posted by MarkFL (Post 2564605)
Yes, you can type in trailing spaces when you log in, but those spaces do not change the actual username in the database.

But that is the issue. How do I stop those those trailing spaces at login? I use this authentication script to be able to allow members to connect to a gameserver and with the trailing spaces, they can bypass the character limits by creating ghost accounts, thereby having unlimited player characters.

I need to be able to stop this.

Any advise,

MarkFL 10 Feb 2016 17:45

When I login to my dev site, and look at the username retrieved from the login form ($vbulletin->GPC['vb_login_username']) it has already been trimmed of any leading/trailing spaces.

Alice 10 Feb 2016 17:47

Quote:

Originally Posted by MarkFL (Post 2564610)
When I login to my dev site, and look at the username retrieved from the login form ($vbulletin->GPC['vb_login_username']) it has already been trimmed of any leading/trailing spaces.

Then I suppose its not possible. Okay, fair enough. Thanks for trying.

MarkFL 10 Feb 2016 17:53

How are your users logging onto the game server...are they required to manually enter their username?

Alice 10 Feb 2016 18:28

Quote:

Originally Posted by MarkFL (Post 2564613)
How are your users logging onto the game server...are they required to manually enter their username?

They enter their username and password into the game and the game pings the auth.php file on the webserver and depending on the response, it either logs you in, says wrong information or says you've been banned.

MarkFL 10 Feb 2016 19:31

Okay, then the code used for the game login would have to be edited to trim the usernames entered. :)

Alice 10 Feb 2016 20:38

Quote:

Originally Posted by MarkFL (Post 2564622)
Okay, then the code used for the game login would have to be edited to trim the usernames entered. :)

This is what I sent to vBulletin.com Support:

Quote:

Originally Posted by Seraphyn
I am needing some help dealing with an issue with the login protocols. For example say my account name is "johnsmith12" and I can login with that name. However, I can also put in johnsmith with 5 spaces after the name and then click login and that will also log my in. For example [johnsmith12 ]... Is there a way to prevent this?

And this is the response I got:

Quote:

Originally Posted by vBulletin Support
The system ignores the spaces after the username. You would need to modify the code to not allow that.

When I asked which file I needed to modify, they basically stated that I needed to ask over here because it dealt with modifying the original code.

Anyhow, any insight?

MarkFL 10 Feb 2016 20:45

Can you give a link to the vBulletin product you are using for the game server login?

Alice 10 Feb 2016 22:56

Quote:

Originally Posted by MarkFL (Post 2564627)
Can you give a link to the vBulletin product you are using for the game server login?

Yeah, its accessible through www.swglegends.com/forums

MarkFL 11 Feb 2016 00:27

Quote:

Originally Posted by Seraphyn (Post 2564635)
Yeah, its accessible through www.swglegends.com/forums

I would speak to the owner(s) of that site then, as the issue would likely have to be addressed by them.

Alice 11 Feb 2016 00:34

Quote:

Originally Posted by MarkFL (Post 2564643)
I would speak to the owner(s) of that site then, as the issue would likely have to be addressed by them.

I am the Web Developer, though lol. I'm just having trouble figuring it out lol. :(

Alice 12 Mar 2016 03:11

Quote:

Originally Posted by Dave (Post 2562468)
It's because of the check that checks if the current IP matches the $serverip variable.
You probably want it to be something like this in that case:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Then you execute it as follows: http://example.com/script.php?un=Dave&pw=password

Hey. So, I'm trying to update the auth.php file to work properly with an SSL and with vb5. Right now, the file is located at https://www.swglegends.com/forums/auth.php but it says Access denied and was looking for some clarification.

Please advise,

Dave 12 Mar 2016 09:56

Unfortunately I don't have experience with vBulletin 5, so I will not be able to help you out with this. :(

Alice 12 Mar 2016 20:34

Quote:

Originally Posted by Dave (Post 2567055)
Unfortunately I don't have experience with vBulletin 5, so I will not be able to help you out with this. :(

Do you know of anyone I can contact?

Thank you,

Dave 12 Mar 2016 20:40

Maybe Replicant will pass by this thread, he has some experience with vBulletin 5.


All times are GMT. The time now is 05:30.

Powered by vBulletin® Version 3.8.14
Copyright © 2022, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Copyright ©2001 - , vbulletin.org. All rights reserved.