| Author |
 Topic  |
|
|
Dave L
Starting Member
5 Posts |
 Posted - 19 April 2001 : 22:18:48
|
I have a "members only" forum that needs a password and registered user name to enter as well as forums that are open to the public. A new member person who did not have the password was able to get into the password protected forum and post messages! I checked to make sure that the forum was password protected and it was. I sent him an email and he said he just registered a user name and it let him in. What is going on and how do I prevent this from happening again? Thanks
|
|
|
master of puppets
Junior Member
Canada
117 Posts |
Posted - 19 April 2001 : 22:30:10
|
There is a mod somewhere that has a password sent to the email address they submitted when they signed up. That way they have to use a vaild email address. Other than that, I don't know.
"It's not how far you go, it's how go you far"
- Guy in Ski School |
 |
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 20 April 2001 : 00:44:28
|
The Auth Type option, Members Only & Password Protected means the user can either be a registered user of the forum OR if they are not a registered user, they have to know the password to enter.
|
|
|
|
babygate
Starting Member
32 Posts |
Posted - 20 April 2001 : 03:19:05
|
Hi Dave,
If you want Members Only & Password Protected to be registered-member AND password-protect forum, edit the sub chkUser4() code in inc_function.asp around line 1490:
case 7 '## members or password
if (strDBNTUserName = "") then 'if not member, no access
doNotAllowed
Response.end
else 'if is member, check password
select case Request.Cookies(strUniqueID & "User")("PRIVATE_" & rsStatus("F_SUBJECT"))
case rsStatus("F_PASSWORD_NEW")
'## OK
case else
if Request("pass") = "" then
doLoginForm
Response.End
else
if Request("pass") <> rsStatus("F_PASSWORD_NEW") then
Response.Write "Invalid password! <a href='" & Request.ServerVariables("HTTP_REFERER") & "'>Back</a>"
Response.End
else
if strSetCookieToForum = 1 then
Response.Cookies(strUniqueID & "User").Path = strCookieURL
end if
Response.Cookies(strUniqueID & "User")("PRIVATE_" & rsStatus("F_SUBJECT")) = Request("pass")
end if
end if
end select
end if
let me know if you need any help coding it.
Edited by - babygate on 20 April 2001 05:45:48 |
|
|
|
Kat
Advanced Member
United Kingdom
3065 Posts |
Posted - 20 April 2001 : 04:59:43
|
If this is the case, wouldn't it be clearer to mark the Auth Type as Members Only OR Password Protected 
I thought it should work as an AND judging from the way it currently reads. Thanks babygate, for the code.
I have now applied this to my site. I would have looked stupid to the customer if I had gone on what I thought it meant. It seems I am not the only one to have been confused by this.
KatsKorner
|
|
|
|
babygate
Starting Member
32 Posts |
Posted - 20 April 2001 : 05:11:30
|
n/p 
You are absolutely right, Kat. I got fooled too with the &.
BabyGate
|
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 20 April 2001 : 12:26:45
|
I know, I thought the very same thing too when I firsted started out with Snitz, until Gor explained it in detail for me. I thought it was silly. It probably might be changed sooner or later.
Thanks babygate for the code.
|
|
|
|
Dave L
Starting Member
5 Posts |
Posted - 20 April 2001 : 13:34:01
|
Thanks for all your help. It is confusing as it is shown as Password & Member. I have made the adjustments.
|
|
|
| |
Topic |
|
Topic Locked
