Firefox PHP

forums for members only Hack

Posted by Vulpes 
forums for members only Hack
September 30, 2000 06:01PM
This hack i took form Phorum installation FAQ:

This simple hack alow you have forums for Members only. Inside your ./include directory there is a file called auth.php. Open this file up in an editor and change '$secure["all"]=false. Where it says "all" this can be changed to your forum ID number (mouse over the forum link to obtain the ID number). Where it says "false" chnage this to "true". This will now make your first forum secure, to make more secure forums change the // $secure[1]=true; to suit, remember to remove the "//"

Also in auth.php you must also give the path to your .htpasswd such as $password_file=".htpasswd" to $password_file="/web/sites/nnn/username/www.username.f2s.com/secret directory/.htpasswd" it is best to have this directory outside of the phorum directory.

Now that you have got your auth.php set, remember to create a .htpasswd in the location you chose outside of phorum.

Finally you must now edit 'common.php' this is found in the main Phorum directory. scroll down the code near to the very bottom until you find //include "$include_path/auth1.php"; now change this to "$include_path/auth.php"; please note that I have removed the '//' and auth1.php to auth.php.

When you have done this your forum will be protected and only accessible to the members found in your .htpasswd file
Done!
RE: forums for members only Hack
December 08, 2000 09:54PM
just wanting to know if i could mix the 2 ways, that you can post without being registered, but you can't use registered logins...

for example, if FunkyMan is registered, that nobody could use the Name FunkyMan to post a message in the forum, but won't need to be registered to post a message with the name Tobby...
RE: forums for members only Hack
December 22, 2000 11:34PM
Ummm how do you create a .htpasswd?
Ahhhmmmm, one little question:

Must there be a pssword for the members, or only the membername ?
Jules
problems...someone please help me
March 25, 2001 02:18AM
Hi,
I did all this, as perfectly described...use the htpasswd to create the password file, moved it, renamed the path, uncommented the lines and all...but i get a 500 Internal Server Error when i access the forum i secured...i have 2 forums to secure, so in the auth.php file, i placed the id number instead of the "all" and changed that value to true and the other line i uncommented and change the id and value set to true also... and i get the error msg for both forums..the rest work normally...any hints? thx

Jules
Jules
parse error in auth.php...
March 25, 2001 03:13AM
i get a parse error when i specify it to secure all forums instead of just one or two...=/
im lost...
Jules
oops...
March 25, 2001 03:15AM
forgot to mention that it gives the parse error on the line where i specify the password file location...but it is correct...i quadruple checked =P
Re: oops...
March 25, 2001 06:22AM
in auth.php you have to have only 2 $secure[number]=true;
that means that you don't need $secure["all"]=false; anymore.

also remember to change common.php at the end of the file.

Vulpes
Jules
ya...
March 27, 2001 05:02AM
I did leave only 2 $secure[number]=true;
( $secure[5]=true; and $secure[8]=true; )
and the $secure["all"]=false; i removed from the auth.php file
and in the common.php i uncommented the line and since there is no auth1.php file i didnt need to edit it...its auth.php.... ( include "$include_path/auth.php"; )
and it still gives me the errors, the 500 server internal error... =/
any ideas? thx

Jules
Re: ya...
March 27, 2001 05:15AM
there is also auth_db.php, try to edit it too, also .htpasswd have to be right format, try to go to [www.google.com] and enter there .htpasswd and it should show you links to scripts that will make right username and pass.
Really hope this helps :)

Vulpes
Re: ya...
March 27, 2001 05:15AM
there is also auth_db.php, try to edit it too, also .htpasswd have to be right format, try to go to [www.google.com] and enter there .htpasswd and it should show you links to scripts that will make right username and pass.
Really hope this helps :)

Vulpes
Jules
hmm...
March 27, 2001 08:06AM
well, i tried that, uncommenting the line for the auth_db file and i also edited it...now it gives me a access denied for the forums and some other errors...i no longer receive the 500 server internal errors...i can get into the forums that arent secured...they show the error lines below, but the forum that is secured is blocked and gives these errors also...these are the errors and it points to these lines:

Parse error: parse error in /home/www/myweb/forums/include/auth.php on line 27

which is this one:

$secure[5]=true;

Warning: Cannot add header information - headers already sent by (output started at /home/www/myweb/forums/include/auth.php:27) in /home/www/myweb/forums/include/auth_db.php on line 41

which is this one:

Header("WWW-authenticate: basic realm=\"Phorum\"");

Warning: Cannot add header information - headers already sent by (output started at /home/www/myweb/forums/include/auth.php:27) in /home/www/myweb/forums/include/auth_db.php on line 42

which is this one:

Header("HTTP/1.0 401 Unauthorized");


im using a .htpasswd file out of the web directory, in the same as the phorum config files, made with the htpasswd prog in telnet. i tried looking for some scripts but some were complicated to download cuz i had to fill out download forms informing them of my salary and personal life, and since thats none of their business i tried looking elsewhere =P i found one but wasnt able to make it work here also, gave a 500 server internal error...argh...im trying to look for another...but im not having any luck here...
in a text file of this last one i tried that gave the error said:
"!!Important!! All of the files except the image files have to be uploaded in "ASCII" mode or you will always get a 500 server error while accessing this program."
well, i did upload in ascii mode and still giving me the error...the forums i also uploaded the files in ascii mode...i made sure of that..and the images in binary...i set the permissions like informed in the readmes...oh boy...what can possibly be wrong? =/

Jules
Jules
okay...
March 27, 2001 08:24AM
now i just noticed...
in the auth.php file, the $secure["all"]=false was also uncommented...so i put the // in front and left only the $secure[5]=true there and now im getting the 500 internal server error and i cant get into any other forum cuz it gives me this error..the forum list doesnt even show:

Fatal error: Cannot redeclare authenticate() in /home/www/aliennation/forums/incl/auth_db.php on line 40

which is this one:

function authenticate() {


im still looking for that htpasswd file creator tho...so if it makes any diference, ill let ya know =P

thx

Jules
Jules
problerm is the auth.php...i think
March 27, 2001 09:47AM
i put // in front of the line in the common.php file for the auth.php file and left the auth_db uncommented...everything looks normal, i can access the forums, the list etc but the forum i secured (5) gives the 500 internal error and doesnt show...doesnt even say access denied....no parse errors even...could be the htpasswd file..but also could be something else...is there a problem for it being inside the phorum directory ($inf_path) or no problem at all? is it sensitive to any permissions set (chmod)? this is driving me crazy hehe
thx

Jules
Is there any way to get memers and passwd from a mysql database?

I need to do this.

plz help me if you know how to.


//Dennis
Jules
I finally found out why...
April 04, 2001 04:17AM
Heya Vulpes,

I was able to secure directories using the htaccess and htpasswd and it works perfectly. But the phorum securing still gave problems. I finally found out with the technical support of my site on why the forum securing aint working. It took a while after various msgs and me bugging them. I sent the auth.php file and some info on WWW-Authentication to them and they finally told me that the PHP they run on the system is CGI. It emulates the php module and is thrown in the cgi-bin directory.

This is the info i found: "The HTTP Authentication hooks in PHP are only available when it is running as an Apache module and is hence not available in the CGI version. In an Apache module PHP script, it is possible to use the Header() function to send an "Authentication Required" message to the client browser causing it to pop up a Username/Password input window. Once the user has filled in a username and a password, the URL containing the PHP script will be called again with the variables, $PHP_AUTH_USER, $PHP_AUTH_PW and $PHP_AUTH_TYPE set to the user name, password and authentication type respectively. Only "Basic" authentication is supported at this point. See the Header() function for more information."

hehe i can't beleive this, all this time configuring the phorums, reinstalling it over and over and now i cant use the securing function. Is there an alternative to this? Is there any possible way to secure at least one forum using this cgi version of php?

Thanks a lot for your help =)

Jules
Re: I finally found out why...
April 04, 2001 10:20AM
you can try to use "login hack" in topic "login Hack ready to go"

Vulpes
Jules
oh ya...almost forgot about that...
April 05, 2001 04:40AM
Cool..im gonna try it out...i'll keep ya posted =)

Jules
Hi; I did all my setups and now it looks it's working, I created my .htpasswd file through [www.inr.net] address, it's an .htpasswd password generator, by copy-past I made my .htpasswd file by hand and uploaded. Everything is ok but my only problem is that .htpasswd file reads only the last line's passwords.
If we say
user1:FRaBSaaJ1qZS2
user2:DOOHpC0UTvuNA
user3:nPm.0fe9LYB.I
are my file's content, only the user3 works. If you make it
user1:FRaBSaaJ1qZS2
user2:DOOHpC0UTvuNA
then only user2 works.. Always the last line.. It doesn't accept the others.. What could be this from?
I'd be glad if you advice me smt...
Thanks...
This is my .htpasswd file

user1:FRaBSaaJ1qZS2
user2:DOOHpC0UTvuNA
user3:nPm.0fe9LYB.I

If I create this file so, it only accepts the last line. (user3:nPm.0fe9LYB.I) As you try the others you cannot login.

But if you make the file as

user1:FRaBSaaJ1qZS2:
user2:DOOHpC0UTvuNA:
user3:nPm.0fe9LYB.I:

I mean the :'s at the and
everything works fine...

Is it a bug about auth.php or what?
Sorry, you do not have permission to post/reply in this forum.