|
|
Joined: Aug 2000
Posts: 874
Moderator / Developer
|
|
Moderator / Developer
Joined: Aug 2000
Posts: 874 |
This integrates a htaccess password popup with your board. Members will be able to enter their login/password for the board into the htaccess to gain access. When their password is changed on the board, their htaccess password will automatically be changed as well. You can turn it on or off from the cp, as well as enable/disable a registration login/pass so people can register. This is beta because I am not sure i have pinned down all the places/ways a member's password can be changed. http://www.jordodesigns.com/UBBhtaccess.zip
|
|
|
|
|
Joined: Dec 2001
Posts: 26
Junior Member
|
|
Junior Member
Joined: Dec 2001
Posts: 26 |
cool I will be adding this tonight
Thanks
|
|
|
|
|
Joined: Jun 2001
Posts: 2,849
Spotlight Winner
|
|
Spotlight Winner
Joined: Jun 2001
Posts: 2,849 |
I assume this only works on unix servers?
|
|
|
|
|
Joined: Dec 2001
Posts: 12
Junior Member
|
|
Junior Member
Joined: Dec 2001
Posts: 12 |
cool gonna install this l8r
|
|
|
|
|
Joined: Feb 2001
Posts: 251
Member
|
|
Member
Joined: Feb 2001
Posts: 251 |
Very COOL gonna install it asap
|
|
|
|
|
Joined: May 2000
Posts: 1,356
Addict
|
|
Addict
Joined: May 2000
Posts: 1,356 |
change .htpasswd to htpasswd.cgi for security. most of the servers will give this file unless it is protected. if you name it .cgi, most of the servers will generate an error message... .htaccess is a standard name but htpasswd not. the password file's name can be anything. Also, you can write 
|
|
|
|
|
Joined: Apr 2001
Posts: 73
Member
|
|
Member
Joined: Apr 2001
Posts: 73 |
hmmm
i dont understand
What do you do with this hack ?
the htaccess = login member ?
euh ?
KillerBee
Bzzzzzzzz
|
|
|
|
|
Joined: Mar 2001
Posts: 7,394
Admin / Code Breaker
|
|
Admin / Code Breaker
Joined: Mar 2001
Posts: 7,394 |
It requests the username + password to access the CGI-BIN dir, which includes ultimatebb.cgi and cp.cgi.
Nice hack, too bad I have a WinNT server.
|
|
|
|
|
Joined: Sep 2001
Posts: 46
Member
|
|
Member
Joined: Sep 2001
Posts: 46 |
did this work out?
'cos mine didn't
i couldn't login using my username and password.
and i think that the encoded password is wrong also. how can i fix this?
|
|
|
|
|
Joined: Aug 2000
Posts: 874
Moderator / Developer
|
|
Moderator / Developer
Joined: Aug 2000
Posts: 874 |
jeologic - can you crack that encryption?  SubZero5 - what type of server are you using? also, make sure that the path you have set in your board configuration is the absolute path, not a relative path. on some servers you can run a ubb using a relative path in there, but this hack will not work if you have a relative path in your config.
|
|
|
|
|
Joined: Oct 2000
Posts: 2,667
Veteran
|
|
Veteran
Joined: Oct 2000
Posts: 2,667 |
quote:
Originally posted by jordo:
jeologic - can you crack that encryption?
Jordo please check that http://www.webextractions.f2s.com/cgi-bin/makepass/password.cgi and tell me what you think, is the same system that you use ? (the script can be downloaded)
-Chuck
Do you believe in love at first sight,
or should I walk by again?
|
|
|
|
|
Joined: May 2000
Posts: 1,356
Addict
|
|
Addict
Joined: May 2000
Posts: 1,356 |
quote:
Originally posted by jordo:
jeologic - can you crack that encryption?
crypt() is a one way system for now. but you can not guarantee the future  secure your system and you'll not have a headache...
|
|
|
|
|
Joined: Aug 2000
Posts: 874
Moderator / Developer
|
|
Moderator / Developer
Joined: Aug 2000
Posts: 874 |
its similar, minescule differences. i was asking seriously, can you crack this encryption. im unfamiliar with what the crypt() routine uses.
|
|
|
|
|
Joined: Jan 2000
Posts: 5,073
Admin Emeritus
|
|
Admin Emeritus
Joined: Jan 2000
Posts: 5,073 |
crypt() has been in use in Unix systems for decades.
It's secure.
UBB.classic: Love it or hate it, it was mine.
|
|
|
|
|
Joined: Sep 2001
Posts: 46
Member
|
|
Member
Joined: Sep 2001
Posts: 46 |
quote:
Originally posted by jordo:
SubZero5 - what type of server are you using? also, make sure that the path you have set in your board configuration is the absolute path, not a relative path. on some servers you can run a ubb using a relative path in there, but this hack will not work if you have a relative path in your config.
at my testing system: Win2kProf & apache 1.3.20 (win32)(server is on Fat32) with mod_perl/1.25_01-dev, mod_ssl/2.8.4, openssl/0.9.6a, php 4.1.1
the password file wasn't found it said. in the server logs...
and at hypermart 's server.. i couldn 't login..
[ 01-11-2002 11:53 AM: Message edited by: SubZero5 ]
|
|
|
|
|
Joined: Sep 2001
Posts: 46
Member
|
|
Member
Joined: Sep 2001
Posts: 46 |
found a bug.. found a bug.. if the $vars_config{BBName} sontains spaces, the .htaccess file doesn't work. gives a http 500 error (o similar thing like that..) this is what apache gives me via its logs..: quote:
.htaccess: AuthName takes one argument, The authentication realm (e.g. "Members Only")
-=> to fix this
* * * * * * * * * * * * * * * * * * * *
* open cp_lib.cgi and find..:
* * * * * * * * * * * * * * * * * * * *
$handle->print("AuthName $vars_config{BBName}n");
* * * * * * * * * * * * * * * * * * * *
* replace it with..:
* * * * * * * * * * * * * * * * * * * *
$handle->print("AuthName "$vars_config{BBName}"n");
[ 01-11-2002 01:04 PM: Message edited by: SubZero5 ]
|
|
|
|
|
Joined: Aug 2000
Posts: 874
Moderator / Developer
|
|
Moderator / Developer
Joined: Aug 2000
Posts: 874 |
hmm i had fixed that one in the instructions, just hadnt put them back in the zip, doh. fixed in the zip now.
on your hypermart server you will need the absolute path set in your bb config, if you are getting failed pass msgs then you have a relative path set.
|
|
|
|
|
Joined: Jan 2002
Posts: 8
Junior Member
|
|
Junior Member
Joined: Jan 2002
Posts: 8 |
the hack work i have ni error
But if i clic on CANCER many time i can post an see topic and forum
Its normal ?
|
|
|
|
|
Joined: Aug 2000
Posts: 874
Moderator / Developer
|
|
Moderator / Developer
Joined: Aug 2000
Posts: 874 |
that is not normal. clicking cancel or entering an incorrect pass 3 times should direct you to an access denied page. it sounds like your server is setup incorrectly, so i would suggest contacting your hosting company if you are on a hosted solution.
|
|
|
|
|
Joined: Jan 2002
Posts: 8
Junior Member
|
|
Junior Member
Joined: Jan 2002
Posts: 8 |
hmmmm
the hack create a .htaccess ??
|
|
|
|
|
Joined: Aug 2001
Posts: 11
Junior Member
|
|
Junior Member
Joined: Aug 2001
Posts: 11 |
so i am a little confused here!! yet again lol
does this hack work with win2k servers???
cos if it does why won't the pop-up window appear????
[ 01-12-2002 01:16 PM: Message edited by: swipecard72 ]
|
|
|
|
|
Joined: Aug 2000
Posts: 874
Moderator / Developer
|
|
Moderator / Developer
Joined: Aug 2000
Posts: 874 |
this hack works on apache only (though there may be additions to other servers to add htaccess). that said im not sure how well htaccess works on win32 apache, but it doesnt work on IIS or any other servers than apache.
|
|
|
|
|
Joined: Aug 2001
Posts: 11
Junior Member
|
|
Junior Member
Joined: Aug 2001
Posts: 11 |
so is it posible to get httaccess for win2k servers and omnihttp as i am hosting on my own server
|
|
|
|
|
Joined: Aug 2000
Posts: 874
Moderator / Developer
|
|
Moderator / Developer
Joined: Aug 2000
Posts: 874 |
im not entirely sure, but i doubt it...
|
|
|
|
|
Joined: May 2001
Posts: 6,708
Member
|
|
Member
Joined: May 2001
Posts: 6,708 |
Nice hack Jordo, I'll try it later.
|
|
|
|
|
Joined: Jan 2002
Posts: 8
Junior Member
|
|
Junior Member
Joined: Jan 2002
Posts: 8 |
hmmm i reinstall the hack 3x and i have no error I delete also tempory file internet and cookies But when i come to login the htaccess show me a window and i clic on cancer many time and the page load  the file .htaccess is on cgi-bin directory the file .htpasswd is on cgi-bin/Members directory someone have same error of me ???
|
|
|
|
|
Joined: Dec 2000
Posts: 371
Member
|
|
Member
Joined: Dec 2000
Posts: 371 |
I get this: Backtrace: ubb_lib_filehandle.cgi:294 -> sub UBB::FileHandle::tracer Backtrace: ubb_lib_filehandle.cgi:382 -> sub UBB::FileHandle::_open Backtrace: ubb_lib_filehandle.cgi:67 -> sub UBB::FileHandle::_open_file Backtrace: ubb_lib_filehandler.cgi:116 -> sub UBB::FileHandle::new Backtrace: cp_lib.cgi:1110 -> sub UBB::FileHandler: 
|
|
|
|
|
Joined: Aug 2000
Posts: 874
Moderator / Developer
|
|
Moderator / Developer
Joined: Aug 2000
Posts: 874 |
Variables - if you have a vars_htaccess.cgi in that dir make sure it is chmodded correctly (777) if not upload a blank file and chmod it.
|
|
|
|
|
Joined: Dec 2000
Posts: 371
Member
|
|
Member
Joined: Dec 2000
Posts: 371 |
No, the same problem. chmod 777 on a blanc vars_htaccess.cgi
|
|
|
|
|
Joined: Sep 2001
Posts: 46
Member
|
|
Member
Joined: Sep 2001
Posts: 46 |
this is what my htaccess file looks like at hypermart..:[code][/code]and no it doesn't accept my password.
ps: i have members that have spaces in their login names. can it still be a problem if they try to log in?
[ 01-21-2002 09:56 PM: Message edited by: SubZero5 ]
|
|
|
|
|
Joined: Aug 2000
Posts: 874
Moderator / Developer
|
|
Moderator / Developer
Joined: Aug 2000
Posts: 874 |
on hypermart you need the real absolute path, some things like ubb will run with the relative paths, but the full path is something like /data1/hypermart.net/yourusername/
|
|
|
|
|
Joined: Sep 2001
Posts: 46
Member
|
|
Member
Joined: Sep 2001
Posts: 46 |
thanks for the help  by the way some of my members have spaces in their login names. will this affect their logins? will they have problems when they want to login? and an addition..: i would like to make people to login to my board via that login and password box. is it possible? [ 01-23-2002 11:50 AM: Message edited by: SubZero5 ]
|
|
|
|
|
Joined: Aug 2000
Posts: 874
Moderator / Developer
|
|
Moderator / Developer
Joined: Aug 2000
Posts: 874 |
quote:
Originally posted by SubZero5:
by the way some of my members have spaces in their login names. will this affect their logins? will they have problems when they want to login?
and an addition..:
i would like to make people to login to my board via that login and password box. is it possible?
spaces in names are fine. im not sure what you mean by the second question... do you mean have the htaccess log them into the board as well? if that is what you mean, then no, it cant work like that.
|
|
|
|
|
Joined: Jan 2002
Posts: 2
Junior Member
|
|
Junior Member
Joined: Jan 2002
Posts: 2 |
dear jordo,
i am unable to download your file ubbhtaccess.zip. do you have another url/ftp address?
also, my website requires the user to enter FIRST a member only area by entering their password into the popup controlled by htaccess, then enter the UBB SECOND. so i need the UBB login to accept the password from htaccess, not htaccess to accept the UBB login. will your proggy do this?
many thanks for help!
|
|
|
|
|
Joined: Mar 2002
Posts: 5
Junior Member
|
|
Junior Member
Joined: Mar 2002
Posts: 5 |
does it work without modifications for ubb 6.2.1 ?? thx in advance 
|
|
|
|
|
Joined: Mar 2002
Posts: 5
Junior Member
|
|
Junior Member
Joined: Mar 2002
Posts: 5 |
quote:
Originally posted by clive:
does it work without modifications for ubb 6.2.1 ??
thx in advance
anyone?? 
|
|
|
|
|
Joined: Aug 2000
Posts: 874
Moderator / Developer
|
|
Moderator / Developer
Joined: Aug 2000
Posts: 874 |
it does on 6.2.0 so it should on 6.2.1...
|
|
|
|
|
Joined: May 2001
Posts: 13
Junior Member
|
|
Junior Member
Joined: May 2001
Posts: 13 |
Let me put a bit of a spin on this hack and ask this question: Can this hack be used to control access to HTML pages =other= than UBB? For example, my board is open for general viewing. I want to create pages for graphics tutorials for my members only. Can I use the hack to allow access to these pages for members only? What I ultimately want is for the member to type in their UBB L/P into the htaccess popup and then be directed to the appropriate tutorial page. (which would not even be a part of UBB)
|
|
|
|
|
Joined: Aug 2000
Posts: 874
Moderator / Developer
|
|
Moderator / Developer
Joined: Aug 2000
Posts: 874 |
this puts a .htaccess file in the non-cgi directory, so any files in that directory will be protected by the htaccess password popup. that includes any html pages in that dir.
|
|
|
|
|
Joined: May 2001
Posts: 13
Junior Member
|
|
Junior Member
Joined: May 2001
Posts: 13 |
Thanks for the quick reply, sir! I'm going to give it a whirl.
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
|
Posts: 449
Joined: February 2008
|
|
|
Forums63
Topics37,573
Posts293,925
Members13,849
| |
Most Online5,166
Sep 15th, 2019
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|
