LOGIN.CGI - Version 3.0 [New Public Release]
By Jim Goldbloom sysop@accessdeniedbbs.net

Release date: 01/06/01 9:00PM

Folks, version 3 supports full SSI hacking with redirect back to source URL after forced login, including support for those who use HTML frames. If a user visits a link to a forum topic without logging in first (i.e clicking on a link sent in email reply notification) they will be displayed a warning they must login, then after they login they'll be sent back to the forum topic page. That's part of the SSI hack. Also finished guest login restrictions and logging output screens.

Also added many new hacks to secure up UBB and updated the docs. Many cosmetic changes and timing changes to the redirect screens and logs. This public version is the culmination of countless suggestions and testing and I am actually running out of ideas. Very, very stable and beta tested. No hack is ever perfect, but 3.0 has all my original ideas without anything missing. I am proud of this version.

If you're upgrading, get this latest version, I updated the hacks and docs to assist with upgrading.

Full features listing in 3.00 public:

* authenticates username/pass with UBB member files
* catches/logs ALL invalid/missing/illegal logins
* full support for IP ban list in CP
* login username displayed in UBB; logout prompt hack
* full support for guest login mode
* support for registration screen (new members)
* support for lost password function in UBB
* when posting, username/pass fields *always*
filled in automatically even if other cookies expire
* guests are restricted from posting - full control
* custom entry point login screen integration for
unique online experience for your users
* automated logging (creates browser viewable HTML)
including date/time/user/IP/hostname lookup
and ability to disable events as you wish
* optional SSI support for max. data protection
(such as accessing UBB HTML topics/forums) with
registered user auto-redirect after login
* forced/manual login/logout, integrated into UBB
* allow custom private forum/screen redirect to
expand functionality of your UBB
* demo screens included in release archive
* full documentation and examples in archive
for UBB hacks, login screen demo, SSI setup
* friendly login-setup.txt - new and improved
* very streamlined UBB hacks, easy to install
* redirects have sensible timing delays

See it in action:
http://www.accessdeniedbbs.net
(support forum in place on the BBS)

Download the latest files/zip from:
http://www.accessdeniedbbs.net/downloads

I have all the hacks running on my BBS. I'm not online to the public yet, will be soon, so feel free to check it out if you wish. Remember, if you test my SSI - you must be a registered user to see the redirect in action. I disabled it for guests intentionally, as a security measure. I've had people try it after registering and say, simply, "wow." Uh huh. I even saw some of you try to hack your way into my BBS and fail miserably. Bless all you UBB webmasters for trying!

What is LOGIN.CGI?

This is a VERY serious and powerful script/integrated UBB hack for those who want to control access to their UBB, design a unique login screen to serve as one entry point for all your users. It allows you to integrate more personality into the UBB than you ever had before and also restrict access if you run sensitive data. Or, if you want folks to login first and have their username and pasword *always* filled in when posting (no worry with expired username/password cookies.) The cookies are session only, independantly controlled, and all redirect HTML screens are customized by you for complete uniqueness and control of your users. Give your BBS personality. Numerous login actions and HTML files can be configured to integrate with default UBB options also - very easy to setup.

Please visit the download site and examine the help files and example files. The zip is also available for download or view the scripts directly on the site. I even included a demo login screen (to view source of only) and demo log output.

This script has nothing at all to do with any previous releases of login hack/login.cgi by Dave Downin - but his original script inspired me and many thanks to him. My script is a separate UBB hack.

Thank you to Wraith, Allan, other UBB sysops for helping out, and for the excellent word of mouth and postings about this on other UBB Hack BBS's and support forums.

Enjoy, and feedback always appreciated.
If you wish to become a beta tester, send me email please! I need beta testers for 4.x!



------------------
From: Jim Goldbloom
UBB Code Hacker
http://www.accessdeniedbbs.net/downloads for latest hacks

Thanks, installing now

------------------
I Disappear ?
http://www.Metallifukinca.com

Awesome! thanks dude!

------------------
www.skinningworld.net

First: excellent hack - very well done

I've read the install instructions, but I I can't put &ConfirmLogin; BEFORE any print statements in postings.cgi because 'print' is on the 1st line. This is what I have:



Thus I am getting the 'Location:xxxx' error described here:

The reason it must be inserted before any print statements is the script
will use a "Location: xxxx" header sent to the web server and that can't happen
if text or a header already was displayed. Otherwise our header outputs as text
and the user will see "Location: xxxx" on their browser screen. Big oops.

Any help greatly appreciated. Thanx again.


<FONT COLOR="#6699cc" SIZE="1" FACE="Verdana, Arial">This message has been edited by spiffy on January 08, 2001 at 10:28 AM</font>

Simply move that print statement "print ("Content-type: text/htmlnn"); " directly below the &Confirmlogin; that's all. Insert it there if necessary or cut/paste it to the new location. It's been awhile since I checked the factory edition of ubb_library.pl but I think that print statement does NOT reside at that position by default. I could be wrong, heck, I hacked my scripts a zillion times by the time I wrote my docs, heh.

You may notice that in most UBB scripts that print statement and also &ReadParse is towards the top. The print statement sets up the HTML headers and the &ReadParse function reads the environment and arguments passed to the script from other scripts. My hack line &ConfirmLogin; must be anywhere after the require statements and anywhere before the first print and &ReadParse statements, that's all. This is your extended answer.

Take care and thanks for the nice words from you and others in this thread!

-Jim


------------------
From: Jim Goldbloom
UBB Code Hacker
http://www.accessdeniedbbs.net/downloads for latest hacks

<FONT COLOR="#6699cc" SIZE="1" FACE="Verdana, Arial">This message has been edited by hate98 on January 08, 2001 at 10:53 AM</font>

Hi Jim. This mod looks great. I just have one quick question before I install it.

Because of another mod (private messages), the cookies for my ubb don't work very well anymore. This goes for both remebering the username of members as well as the last time they logged in. Resetting cookies works for about a day until they're not working again.

Do you think your mod may get these cookies working again? I am just wondering if your coding that controls cookies will replace whatever isn't working about mine. Thanks

Thanks for asking! login.cgi is guaranteed to set the username and password cookies 100%, each and every time someone logs in. This has *completely* solved a problem with those cookies because I use a reliable external Perl library that sets the cookie path as root, does not set expiration and is session only. Each login means brand new username and password cookies, so it's not retrieving cookies, it's SETTING them. I'm glad you asked that because this was a side benefit of the script among it's many other uses. I actually mention this in the docs.

However, login.cgi does NOT effect any other UBB cookies such as last time visited, etc., so any troubles with those cookies are UBB caused. This means that my script "fixes" username and password cookis only, per se. The last time visited cookies and others (private forums, preferences and such) are 100% UBB controlled - please be informed.

I also added a hack to the delete cookies UBB routine (deleting cookies via preference link in UBB) so the session cookie login.cgi sets ("authorized")when a user logs in does not get axed forcing them to logout. But this does not fix anything else wrong with UBB cookie functions.

I have not received any bug reports from folks yet with regards to cookie problems of any kind handled by login.cgi. I expect the script to help you with the two cookies, username and password, in this regard based on my experience and feedback of beta testers.

Hope this answers your question. Of course you'll need to let me know your exprience with this, so email login-bugs@accessdeniedbbs.net if problems after you get it running.

-Jim

------------------
From: Jim Goldbloom
UBB Code Hacker
http://www.accessdeniedbbs.net/downloads for latest hacks

<FONT COLOR="#6699cc" SIZE="1" FACE="Verdana, Arial">This message has been edited by hate98 on January 08, 2001 at 02:22 PM</font>

I have been updating this hack for about the last 4 updates and something I have noticed
(You really got to work to find this however)
If I bookmark posting and dont login but use the bookmark try to post instead of sending me to my forced logout page I get a white screen with this at the top.Location:http://www.esteroumc.com/scripts/cgi-bin/login.cgi?action=forcelogout
Does anyone else get this or is it normal.
My board will go to the forced logout page if I bookmark ultimate.cgi


------------------
SPEED
Just A Thought Christian Chat

Not a script error, speed...

All you need to do is relocate print"Content-type: text/htmlnn"; (called the content type header) to a position just *below* the &ConfirmLogin; that's all. Cut and paste it, that's not adding or removing - that's relocating. :-)

From the docs:
--- snip ---
The reason it must be inserted before any print statements is the script
will use a "Location: xxxx" header sent to the web server and that can't happen
if text or a header already was displayed. Otherwise our header outputs as text
and the user will see "Location: xxxx" on their browser screen. Big oops.
--- snip ---

---snip---
just make sure &ConfirmLogin; is located below the require
lines and BEFORE any other lines.
--- snip ---

The example snippet in the docs was only that, an example and clearly stated so - not everyone's UBB scripts are the same due to hacks and varying versions, etc., so some content headers may be in different places for you vs. for someone else.

This is the most common "bug" report I get, and it's not a bug at all.

-jim



------------------
From: Jim Goldbloom
UBB Code Hacker
http://www.accessdeniedbbs.net/downloads for latest hacks

HEY I got it what files do you reccomend adding this too.
------------------
SPEED
Just A Thought Christian Chat

<FONT COLOR="#6699cc" SIZE="1" FACE="Verdana, Arial">This message has been edited by speed on January 08, 2001 at 10:46 PM</font>

Speed:

Check further UP in postings.cgi (for example), above the require lines, you will see:

print"Content-type: text/htmlnn";

Relocate it by cut/pasting directly below &ConfirmLogin; please. The print statement you are referring to is not the content header or the first print statement in your file. :-)

Here is my actual postings.cgi to assist you:



-jim



------------------
From: Jim Goldbloom
UBB Code Hacker
http://www.accessdeniedbbs.net/downloads for latest hacks

I didnt have it that way before but I updated my pm3.8 hack they moved a line on me, oops that is the only three files I have added that to do you reccomend any more. I didnt think that done that when I first installed the hack.

------------------
SPEED
Just A Thought Christian Chat

So now you see this is not a bug, right?

As I stated before "not everyone's UBB scripts are the same due to hacks and varying versions, etc., so some content headers may be in different places for you vs. for someone else."

So the moral of the story is if you see a content header such as print ("Content-type: text/htmlnn"); at the very top of the file due to some other hack, simply relocate it below &ConfirmLogin; and all hacks will work including mine.

Speed, it's up to you to check this for each UBB script you opt to hack. Based on your original message about this, only postings.cgi seems to have been affacted but if you use my hack in other scripts, check 'em all out just to be sure - only you can do that and it takes 5 mins to fix once you know what to fix (as you do now.)

I think you're following me now, so if you have further issues - please email them privately to me so the other folks here can ask questions via equal time. Glad I could help, speed. Enjoy login.cgi.

-jim



------------------
From: Jim Goldbloom
UBB Code Hacker
http://www.accessdeniedbbs.net/downloads for latest hacks

Hi,

Great hack! One thing I have noticed though. Sometimes when your moving between forums, it takes you back to the login page. This also happens if you perform other actions such as deleting posts, etc. Any idea why this would happen?

AgentX

Okay I noticed this...

If your at the Ultimate.cgi url using this URL:

/Ultimate.cgi?action=intro&BypassCookie=true

And you refresh a couple of times, it seems to get confused and jumps you back to the login page.

However, if your at this URL:

/Ultimate.cgi?action=intro

And refresh a couple of times, it always remembers that your there. Is it just me or is this a bug?

AgentX

You're the first to report that type of problem, so my guess is you're having cookie problems. The script will only force log you out if a session only cookie named "authorized" disappears. As you know 3.0 includes a hack to prevent this from happening when you delete cookies in preferences. So I am guessing you have another hack that may be messing with cookies when it should not be, or your browser is fubar. If your users are not experiencing this and you are, you know it's your browser and not the script.

I want to stress that I intentionally chose to use an external perl cookie library, plus a unique session only cookie, to *ensure* compatibility with other well written hacks, and also not to affect cookies generated by UBB. I had foresight with respect to cookies is my point. ;-)

-jim



------------------
From: Jim Goldbloom
UBB Code Hacker
http://www.accessdeniedbbs.net/downloads for latest hacks

see response below if running the script on NT

<FONT COLOR="#6699cc" SIZE="1" FACE="Verdana, Arial">This message has been edited by hate98 on January 11, 2001 at 02:56 PM</font>

>As a side note - do what UBB docs suggest, >delete your cookies and start 'em over >using the preferences link when logged in. >If the problem goes away, even if for 5 >minutes, you'll know it's your browser >corrupting your cookies. I advise the same >troubleshooting procedure.

I have done this, several times infact, and it does not solve the problem. I uploaded your script to my UBB, and almost everyone who viewed the UBB that day had problems with it. Upon refreshing the page, the user will get booted back to the login page, or even jumping between different forums/posts will result in the same effect. What do you think?

AgentX

see response below if you run the script on NT

<FONT COLOR="#6699cc" SIZE="1" FACE="Verdana, Arial">This message has been edited by hate98 on January 11, 2001 at 02:55 PM</font>

Hi, I'm having problem with Netscape 4.7/NT where enter my details and I get the intermediary page 'processing' and then am shunted back to login. So, I deleted ALL my cookies and then tried again. When I tried to login, same thing happens, and NO cookies are written to my disk.

Any ideas much appreciated. Ta.