Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 30 Sep 2010, 17:27
ART's Avatar
ART ART is offline
 
Join Date: Feb 2002
How to force user to log in again when he/she enters user cp?

I have some sensitive private data userfields in my user profiles.

I want to force a user to log in again to access at least his/her profile edit page (or force log out and show again log in form before accessing this page).

When somebody has the "remember me" option set it is very likely that he/she leaves an opened session in a public place and somebody can view this data, read his/hers PMs and so on.

How can I accomplish that on vb38x?

deleting user session in DB alone does not work - I have to reset user's cookies, too I believe. This snippet put into init_startup hook does not work:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Maybe I'm missing something... any hints appreciated
__________________
What's brewing in Poland? Find out on Browar.biz (in Polish)
Reply With Quote
  #2  
Old 01 Oct 2010, 00:18
kh99 kh99 is offline
 
Join Date: Aug 2009
Real name: Kevin
I'm not sure I completely understand what you're trying to do, but I think vbsetcoookie sets the cookies to be returned, which won't be seen until the next page load. Maybe what you want to do is also clear $vbulletin->GPC[COOKIE_PREFIX . 'sessionhash'].
Reply With Quote
  #3  
Old 01 Oct 2010, 12:01
ART's Avatar
ART ART is offline
 
Join Date: Feb 2002
Thanks kh99,

lets say I have here:

http://www.vbulletin.org/forum/profi...do=editprofile

a private profile user field with a user's home address or whatever sensitive data.

I would like to make this area more secure, as I said, when a user logs in on a public computer and forgets to log out, somebody else can easy access http://www.vbulletin.org/forum/profi...do=editprofile and see the data which is supposed to be private.

In other words - i'd like to make the usercp area secure as modcp or admincp area which requires logging in after certain inactivity time ignoring the ticked "Remember me" option.
__________________
What's brewing in Poland? Find out on Browar.biz (in Polish)
Reply With Quote
  #4  
Old 01 Oct 2010, 13:15
kh99 kh99 is offline
 
Join Date: Aug 2009
Real name: Kevin
Sorry - I did get what you were trying to do, I guess what I meant was that I'm not sure exactly how you were planning to do it.
Reply With Quote
  #5  
Old 01 Oct 2010, 13:46
ART's Avatar
ART ART is offline
 
Join Date: Feb 2002
Ah, sorry, my English is not that good as I thought. I did some (I believe) extensive search to find something helpful, but failed. Thanks for help.

Maybe there is a modification that uses the vbulletin core (include global.php) and for its purposes resets a user's session and requires him to log in again for security reasons to access its pages - then i suppose i would find an answer within that mod/hack.
__________________
What's brewing in Poland? Find out on Browar.biz (in Polish)
Reply With Quote
  #6  
Old 01 Oct 2010, 14:30
kh99 kh99 is offline
 
Join Date: Aug 2009
Real name: Kevin
No, it's my English - I didn't say what I meant.

I know there's one place in vBulletin where it asks you to log in again - that's when you try to use "delete as spam" on a post (around line 137 in inlinemod.php). It seems to use show_inline_mod_login() and inlinemod_authenticated() which are in includes/modfunctions.php. These can't be used directly (because they check for moderating permissions) but maybe you can figure out how they work and adapt them.
Reply With Quote
  #7  
Old 01 Oct 2010, 14:36
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Real name: Lynne
vB forces moderators to log in again during their session to do inline moderating (if the admins have that option on), so why not check out that code?
__________________
Former vBulletin.org Staff Member

Try a search before posting for help. Many users won't, and don't, help if the question has been answered several times before.
W3Schools -
Online vBulletin Manual
If I post some CSS and don't say where it goes, put it in the additional.css template.
I will NOT help via PM (you will be directed to post in the forums for help.)
Reply With Quote
  #8  
Old 01 Oct 2010, 16:01
ART's Avatar
ART ART is offline
 
Join Date: Feb 2002
hA! thanks, good trace I suppose, I'll check that out.
__________________
What's brewing in Poland? Find out on Browar.biz (in Polish)
Reply With Quote
Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Administrative and Maintenance Tools Log In Log Out Redirection.(With the User Group Exclusion) borbole vBulletin 3.8 Add-ons 4 03 Sep 2015 15:42
Mini Mods Automatically create user note when renaming user (log old username) nso vBulletin 3.7 Add-ons 2 16 Jul 2009 23:00



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 06:05.

Layout Options | Width: Wide Color: