here is an idea for a hack I think could become popular!

JohnBee · 05-20-2005, 11:16 PM

How about this.

.htaccess db intergration hack.

When the user logs in his IP is scanned against a common username /
IP range table, if the IP is recognized the user is logged in without
questions with remember me function enabled.

If not he is prompted to login.
What do you all think?

I have posted this on vb.org it got little or no attention, I want to get
this for my support forums, I am willing to pay for the work! I noticed
there is already an .htaccess hack out for vbull. so it should be possible
to modify that code and create this.

Any help would be greatly appreciated. :icon14:

Ken Iovino · 05-20-2005, 11:33 PM

How does this differ from the default login option? When someone vists a site, lets say vbhackers.com. There cookie checks to see if that user is logged in or not. If he is then he is directed with no questions, if he isn't then he os prompt with a login screen

JohnBee · 05-21-2005, 11:22 AM

Username + correct IP = cookie login.
Username with wrong IP = manual username/ pass login, no session cookie.

This would allow people to access a site in a public place but still
make use of the remember me feature.

the remember me feature would only work if the IP attached to the
username is a match otherwise they would have to login manually.

IP's would be entered by admins and could only be changed by admins.

Senna · 05-21-2005, 12:29 PM

what do you do with dynamic ip-ranges, db remembers eg ip 123.123.123.123, users ip changes to 123.123.123.124 and someone else gets the ip 123.123.123.123, so basicly someone else could just visit your board and then he would be the other user??? (seems a security issue to me :p)

JohnBee · 05-21-2005, 03:37 PM

The chances that the same username and IP are used by two different people
on a private forum are slim to none.

Still there is that chance.
and in that case this would reach the limit of this particular security feature.

Still coupling IP and username session cookie is a pretty descent enhancement
in security for private boards who are concerned with public access from there
members.

I would gladly pay for this hack, and once it was done by whoever, I would
gladly distribute it to anyone who would like to add it to there forums.

Additionally I think vBulletin should add this as a permanent feature into there
package under the admincp user information page.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Hack Installs / Working - Suggestion	VirtualBurn	Site Feedback	11	08-16-2006 05:01 PM
Install System Part 2	Ken Iovino	Announcements	10	05-19-2005 11:40 AM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)