This integrates a htaccess password popup with your board. Members will be able to enter their login/password for the board into the htaccess to gain access. When their password is changed on the board, their htaccess password will automatically be changed as well. You can turn it on or off from the cp, as well as enable/disable a registration login/pass so people can register.
This is beta because I am not sure i have pinned down all the places/ways a member's password can be changed.
http://www.jordodesigns.com/UBBhtaccess.zip
cool I will be adding this tonight
Thanks
I assume this only works on unix servers?
cool gonna install this l8r
Very COOL gonna install it asap
change
.htpasswd to
htpasswd.cgi for security. most of the servers will give this file unless it is protected. if you name it .cgi, most of the servers will generate an error message...
.htaccess is a standard name but htpasswd not. the password file's name can be anything.
Also, you can write
hmmm
i dont understand
What do you do with this hack ?
the htaccess = login member ?
euh ?
It requests the username + password to access the CGI-BIN dir, which includes ultimatebb.cgi and cp.cgi.
Nice hack, too bad I have a WinNT server.
did this work out?
'cos mine didn't
i couldn't login using my username and password.
and i think that the encoded password is wrong also. how can i fix this?
jeologic - can you crack that encryption?
SubZero5 - what type of server are you using? also, make sure that the path you have set in your board configuration is the absolute path, not a relative path. on some servers you can run a ubb using a relative path in there, but this hack will not work if you have a relative path in your config.
quote:
Originally posted by jordo:
jeologic - can you crack that encryption?
Jordo please check that http://www.webextractions.f2s.com/cgi-bin/makepass/password.cgi and tell me what you think, is the same system that you use ? (the script can be downloaded)
-Chuck
quote:
Originally posted by jordo:
jeologic - can you crack that encryption?
crypt() is a one way system for now. but you can not guarantee the future 
secure your system and you'll not have a headache...
its similar, minescule differences. i was asking seriously, can you crack this encryption. im unfamiliar with what the crypt() routine uses.
crypt() has been in use in Unix systems for decades.
It's secure.
quote:
Originally posted by jordo:
SubZero5 - what type of server are you using? also, make sure that the path you have set in your board configuration is the absolute path, not a relative path. on some servers you can run a ubb using a relative path in there, but this hack will not work if you have a relative path in your config.
at my testing system: Win2kProf & apache 1.3.20 (win32)(server is on Fat32) with mod_perl/1.25_01-dev, mod_ssl/2.8.4, openssl/0.9.6a, php 4.1.1
the password file wasn't found it said. in the server logs...
and at hypermart 's server.. i couldn 't login..
[ 01-11-2002 11:53 AM: Message edited by: SubZero5 ]
found a bug..
found a bug..
if the $vars_config{BBName} sontains spaces, the .htaccess file doesn't work. gives a http 500 error (o similar thing like that..)
this is what apache gives me via its logs..:
quote:
.htaccess: AuthName takes one argument, The authentication realm (e.g. "Members Only")
-=> to fix this
* * * * * * * * * * * * * * * * * * * *
* open cp_lib.cgi and find..:
* * * * * * * * * * * * * * * * * * * *
$handle->print("AuthName $vars_config{BBName}n");
* * * * * * * * * * * * * * * * * * * *
* replace it with..:
* * * * * * * * * * * * * * * * * * * *
$handle->print("AuthName "$vars_config{BBName}"n");
[ 01-11-2002 01:04 PM: Message edited by: SubZero5 ]
hmm i had fixed that one in the instructions, just hadnt put them back in the zip, doh. fixed in the zip now.
on your hypermart server you will need the absolute path set in your bb config, if you are getting failed pass msgs then you have a relative path set.
the hack work i have ni error
But if i clic on CANCER many time i can post an see topic and forum
Its normal ?
that is not normal. clicking cancel or entering an incorrect pass 3 times should direct you to an access denied page. it sounds like your server is setup incorrectly, so i would suggest contacting your hosting company if you are on a hosted solution.
hmmmm
the hack create a .htaccess ??
so i am a little confused here!! yet again lol
does this hack work with win2k servers???
cos if it does why won't the pop-up window appear????
[ 01-12-2002 01:16 PM: Message edited by: swipecard72 ]
this hack works on apache only (though there may be additions to other servers to add htaccess). that said im not sure how well htaccess works on win32 apache, but it doesnt work on IIS or any other servers than apache.
so is it posible to get httaccess for win2k servers and omnihttp as i am hosting on my own server
im not entirely sure, but i doubt it...
Nice hack Jordo, I'll try it later.
hmmm
i reinstall the hack 3x and i have no error
I delete also tempory file internet and cookies
But when i come to login the htaccess show me a window and i clic on cancer many time and the page load
the file .htaccess is on cgi-bin directory
the file .htpasswd is on cgi-bin/Members directory
someone have same error of me ???
I get this:
Backtrace: ubb_lib_filehandle.cgi:294 -> sub UBB::FileHandle::tracer
Backtrace: ubb_lib_filehandle.cgi:382 -> sub UBB::FileHandle::_open
Backtrace: ubb_lib_filehandle.cgi:67 -> sub UBB::FileHandle::_open_file
Backtrace: ubb_lib_filehandler.cgi:116 -> sub UBB::FileHandle::new
Backtrace: cp_lib.cgi:1110 -> sub UBB::FileHandler:
Variables - if you have a vars_htaccess.cgi in that dir make sure it is chmodded correctly (777) if not upload a blank file and chmod it.
No, the same problem. chmod 777 on a blanc vars_htaccess.cgi
this is what my htaccess file looks like at hypermart..:[code][/code]and no it doesn't accept my password.
ps: i have members that have spaces in their login names. can it still be a problem if they try to log in?
[ 01-21-2002 09:56 PM: Message edited by: SubZero5 ]
on hypermart you need the real absolute path, some things like ubb will run with the relative paths, but the full path is something like /data1/hypermart.net/yourusername/
thanks for the help
by the way some of my members have spaces in their login names. will this affect their logins? will they have problems when they want to login?
and an addition..:
i would like to make people to login to my board via that login and password box. is it possible?
[ 01-23-2002 11:50 AM: Message edited by: SubZero5 ]
quote:
Originally posted by SubZero5:
by the way some of my members have spaces in their login names. will this affect their logins? will they have problems when they want to login?
and an addition..:
i would like to make people to login to my board via that login and password box. is it possible?
spaces in names are fine. im not sure what you mean by the second question... do you mean have the htaccess log them into the board as well? if that is what you mean, then no, it cant work like that.
dear jordo,
i am unable to download your file ubbhtaccess.zip. do you have another url/ftp address?
also, my website requires the user to enter FIRST a member only area by entering their password into the popup controlled by htaccess, then enter the UBB SECOND. so i need the UBB login to accept the password from htaccess, not htaccess to accept the UBB login. will your proggy do this?
many thanks for help!
does it work without modifications for ubb 6.2.1 ??
thx in advance
quote:
Originally posted by clive:
does it work without modifications for ubb 6.2.1 ??
thx in advance
anyone?? 
it does on 6.2.0 so it should on 6.2.1...
Let me put a bit of a spin on this hack and ask this question: Can this hack be used to control access to HTML pages =other= than UBB? For example, my board is open for general viewing. I want to create pages for graphics tutorials for my members only. Can I use the hack to allow access to these pages for members only? What I ultimately want is for the member to type in their UBB L/P into the htaccess popup and then be directed to the appropriate tutorial page. (which would not even be a part of UBB)
this puts a .htaccess file in the non-cgi directory, so any files in that directory will be protected by the htaccess password popup. that includes any html pages in that dir.
Thanks for the quick reply, sir! I'm going to give it a whirl.
quote:
Originally posted by jordo:
this puts a .htaccess file in the non-cgi directory, so any files in that directory will be protected by the htaccess password popup. that includes any html pages in that dir.
Okay, I have the hack installed and it seems to be working. However, I did have to manually create the vars_htaccess.cgi file to get it to work. You may want to consider adding that to your instructions. So, with that said, here's what I am ultimately trying to do. I do not want the CGI-BIN or UBB directories protected. I want to see if I can protect another directory on my site using the UBB membership database. I want to create separate tutorial and file download pages for members only. Got any ideas? Where might I edit the hack to point the protection at a different directory?
thanks in advance!
in the additions made to cp_lib.cgi you will find this:
[/code]replace it with this (and change the "/path/to/protected/dir" to the dir you want to protect:
[code]
Sweet! It seems to be working perfectly so far. Thanks for your help!
Jordo,
This is a beautiful, beautiful thing!!!
I've been using a
really old htaccess hack that was starting to fall apart.
I've been afraid to upgrade my board because upgrading to 6.0 almost made my brain explode.
There are
many people looking for a way to use the ubb registration info to protect their site and this hack does exactly that. I added an htgroup file and a few other htaccess files that all point to htpasswd and so far so great!
Out of curiosity, do you have any hints on how to make htaccess check the ubb cookie?
Have I mentioned how great this is?
thank you,
-i
quote:
Originally posted by qgeek:
Out of curiosity, do you have any hints on how to make htaccess check the ubb cookie?
how do you mean?
I would love to be able to check to see if a cookie exists and if it doesn't, send users to a page with a registration link and an "I forgot my password" link (because if it's not saved they won't remember it
)
If the cookie does exist I need to pull out the username/password so htaccess can determine what group a user is in.
My problem seems to be not so much reading ubb cookies as passing that info to htaccess.