Hey everybody... I've been searching the forums here and over at the hacking site for a while now and still haven't found something that will work for me. I need to password protect a page/area of my website using the VB member database. In other words, here's what I'd like to do:

The user tries to view a page. If they are logged into the message boards already, it lets them view the content of the page. If they are not logged in, they are prompted with a login form, which when filled out properly will allow them to view the page content. I want it to use the membership information from vBulletin.

Is this so simple that any idiot would know how to do it? Thanks for any help anyone can provide.

Why dont you use something like the Articles template modification Steve posted. Set one forum for articles, set the permissions in the Admin CP, force the Articles template to be used there so users cant choose.

http://www.vbulletin.com/forum/showthread.php?t=75796


If you set the permissions correctly, you can set it for someone who is logged in can view the article/page. If you set the permissions for non-registered/not logged in you can prevent them from seeing the page and they will be greeted with the "Not logged in" page. From there they can register if they want to.

look up mod_auth_mysql, this will work for vB2 forums.

Thanks for the replies, y'all. Beth, I don't think that's what I am looking for actually. That looks like something that is just for the message boards? The page that I want to password protect will be a form for visitors to fill out as part of a contest. I only want board members to have access.

The board I am working with is running version 3.0.0 Beta 4 so I am not sure if that will have anything to do with your suggestion, Scott MacVicar. I'm off to search for that anyway though.

Thanks again.

I am trying to just code something myself. Here is what I have...<?php
//CONNECT TO THE DATABASE
$link_forum = mysql_connect("localhost","user","password");
$select_db = mysql_select_db(forum, $link_forum);

$get_userinfo_query = "SELECT username, password FROM user WHERE username='$username'";
$get_userinfo_result = mysql_fetch_array(mysql_query($get_userinfo_query) );
if(md5($password) != $get_userinfo_result[password])
{
print("You entered the wrong username or password.");
}
elseif(md5($password) == $get_userinfo_result[password])
{
print("Your password has been accepted. Now we can move on and display the content of the page.");
}
mysql_close();
?>I thought this code would work, but it just gives me the wrong password message. Is there something I'm doing wrong?

I actually wrote this code a while ago when I was more into PHP, but now I'm all rusty. I thought it worked at the time, but it doesn't seem to be doing anything anymore.

Can anyone help? TIA.

we dont use the md5 method any more.

I think they'll be a new verify_login feature for Beta 5.

We use a new password hash in vB3. so you need to use the following condition

if (md5(md5($password . $get_userinfo_result['salt'])) == $get_userinfo_result['password'])
{
echo 'bad password';
exit;
}

also need to make sure you select salt from the user table.

Thanks so much for the help. I've tried using this: $get_userinfo_query = "SELECT username, password, salt FROM user WHERE username='$username'";
$get_userinfo_result = mysql_fetch_array(mysql_query($get_userinfo_query) );
if (md5(md5($password . $get_userinfo_result['salt'])) == $get_userinfo_result['password'])
{
echo 'Good password.';
exit;
}
else
{
echo 'Bad password.';
exit;
}Am I still doing something wrong? I still get the bad password message every time.

go for some debugging then.

echo $password . '<br />';
echo $get_userinfo_result['salt'] . '<br />';
echo md5(md5($password . $get_userinfo_result['salt'])) . '<br />';
echo $get_userinfo_result['password'] . '<br />';

Thanks so much, Scott! The debugging helped me figure out that it was something wrong with...md5(md5($password . $get_userinfo_result['salt']))It should be...md5(md5($password) . $get_userinfo_result['salt'])So it was just a parenthesis in the wrong spot. It all seems to be working fine now. Thanks again!

ah sorry about the wrong parenthesis. Its late and I never checked the code over.

Hey, thanks guys. I needed to add this functionality as well, and after making a couple of stupid errors in following this thread's corrections, I finally got this working.

An additional question, however (I'm new to protecting areas with methods other than htaccess). How do I set it up so that users only have to log in once during a visit, either to the forum or the member portion of the website, and then regardless of where they go in the site, they're still logged in?

TIA
Jeniffer

I'm slow, would this be a seperate php file you would call, or embeded code?

Also...what exactly does the final code look like?

I use the one by the Accord Forums and it worlks pretty good,

http://www.vbulletin.org/forum/showthread.php?s=&postid=430562#post430562

You can see it in action here- http://www.trackpads.com/factsheets Just click on any topic.

Hope this helps, if I could get it working then it must be safe ;-)

-Jason