MyBB Community Forums

Hi. I'm trying to set up a secure forum in which only authorised members have access. I Have so far restricted all the forums to registered members only, apart from a welcome message.

Originally I tried to set up a complicated user group system in which only users i have upgraded there permissions to can view the forums. I rejected this Idea because it ment having to set permisions for every group to every forum which was becoming complicated and also ment users would not be able to access forums instantly after registering.

What I would like to do is have a password that has to be entered during registration. So only people who know the password can register.

I have had some success by editing the member_register_agreement template. I have ran a java script on the html which asks for a password before showing the register agreement. This appears to work but I question wether this actually stops people from being able to register (can you register without going through this agreement)?

The other problem with this (though minor) is that I can get the original password request screen to display within the forums templates but when it moves on to the actual register agreement the templates are lost and the agreement is shown on a blank page. (the templates return when moving on to the actual registration screen)

This may sound like a strange request but the forum is intended for an Air Cadet Squadron whilst we are not actually part of the Royal Air Force some of the content that we wish to post will be security restricted. Also due to the same link to the RAF we need to keep members personal details private as well as dates and times of some of our movements.

Javascript can be disabled by the user himself so that is definitely not an option. For the rest, I cannot help you, you will have to ask someone of the MyBB team

Its not currently possible. You could do it by adding another custom profile field to be entered on registration only, and then you would have to modify member.php to check the supplied password.

Otherwise you can setup the usergroups for each forum - well, you know you can just make another group (setting the usergroup permissions for registered to can view = no), then when users register you can validate them and move them in to the other group which has the default permissions of viewing?

Chris.

Nothing is ever secure on the Internet unless you take your computer and lock it in a closet disconnected from the Internet.

That being said, why don't you just use .htaccess to protect your board and only give out the username and password combinations to those users that you want to have access?

Ok thanks all. That gives me a few things to think about.

Hi, Ive been giving this some more thought recently. The code already exists in memeber.php to check a password in the Image Verification of the registration process. What i'd like to do is edit the template so the image is not shown (easy enough) and then upon registration enter the private password(s) in the field for the image verification.

But I need some help in editing the php file to do this...

Change:

	if($settings['regimage'] == "on" && function_exists("imagecreatefrompng"))
	{
		$query = $db->query("SELECT * FROM ".TABLE_PREFIX."regimages WHERE imagehash='$imagehash' AND imagestring='$imagestring'");
		$imgcheck = $db->fetch_array($query);
		if(!$imgcheck['dateline'])
		{
			$errors[]  = $lang->error_regimageinvalid;
		}
		$db->query("DELETE FROM ".TABLE_PREFIX."regimages WHERE imagehash='$imagehash'");
	}

To:

	if($settings['regimage'] == "on" && $imagestring != "mysecretpassword")
	{
		$errors[]  = "Sorry but you entered the wrong validation password!";
	}

Change:

		// Spambot registration image thingy
		if($settings['regimage'] == "on" && function_exists("imagecreatefrompng"))
		{
			$randomstr = random_str();
			$time = time();
			$imagehash = md5($randomstr);
			$db->query("INSERT INTO ".TABLE_PREFIX."regimages VALUES ('$imagehash','$randomstr','$time')");
			eval("\$regimage = \"".$templates->get("member_register_regimage")."\";");
		}

To:

		// Spambot registration image thingy
		if($settings['regimage'] == "on")
		{
			eval("\$regimage = \"".$templates->get("member_register_regimage")."\";");
		}

Then edit the member_register_regimage template to remove the <img src..> from it and change the textbox to password one.

Thanks Chris Its late now and off to bed, but will try this in next few days.

Merry Christmas