Users running a non-download version of Vanilla (pulled from github), on branch release/2019.016 or master from the last 2 weeks should upgrade to release/2019.017 or latest master for security reasons. Downloaded official open sources releases are not affected.
Please upgrade here. These earlier versions are no longer being updated and have security issues.

Password protect forum?

Hello all - tis my first post! :D

I have been using Vanilla for a while now and I love it!

But i was wondering is there a way to password protect the forum. Yes people can make accounts, but for them to get to the account creation stage they need to enter a master password that I provide to them. Is there a way to do this? If so - please someone help :D

Also - is there a way I can use the Vanilla users database to allow clients to log in to an external application I am working on? If so - can someone help me with this as well!

Many thanks,
ApolloPiglet

Comments

  • Dr_SommerDr_Sommer Dr. of tender Programing ;) ✭✭

    For the Password part:

    Use .htaccess to provide a Password protection:

    http://www.htaccesstools.com/articles/password-protection/

  • edited October 2015

    @Dr_Sommer You little wizard... I never thought of that!

  • @Dr_Sommer Thinking about it - How could I have it so that they only need to put a password in once - forever, so to access the sign up page, they need a password, but dont need a password for the login page

  • peregrineperegrine MVP
    edited October 2015

    what is your primary goal.

    to add an additional one-time password during registration process?

    if so. try

    http://vanillaforums.org/addon/addregistrationquestion-plugin

    if you want to make your forum discussions only viewable to logged in users, you can control that through viewing permissions in dashboard roles and permissions for guests.

    determination of whether a person is logged in is via a cookie. if they don't delete and their browser doesn't delete the cookies for the site they can remain signed in until cookie expiration (which is 30 days iirc).

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • x00x00 MVP
    edited October 2015

    @ApolloPiglet said:
    Dr_Sommer Thinking about it - How could I have it so that they only need to put a password in once - forever, so to access the sign up page, they need a password, but dont need a password for the login page

    Http is stateless there is no logged in or logged out, only cookies create that impression and you have limited control over that.. As a visitor they are unknown so you can't know.

    What you want is invitation based registration (built into vanilla). Get their email and send them an invitation.

    Sending passwords around is flawed security anyway.

    grep is your friend.

  • @x00 @Dr_Sommer I think the plugin is the answer as I only want the users to have to enter something for them to be able to sign up. This would be a random key I make and give to people I want to join. I'll try it and see how it works :)

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator

    I never used that feature, but isn't that what invitations are for?


  • @R_J Yes - that would be useful, but the whole process needs to be automated - so they would get the code / password from a download that gives them the ability to make the account. Yes invitation would work on a smaller scale but I want anyone who gets the code to be able to join. To make it simple User goes external site - Gets txt file with forum link and password - with the password they can make their account

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... Moderator

    Then addregistrationquestion does what you need.

    The answer to the question you set is whatever you give out, job done.

    Obviously, it can be a statement like 'Enter code here', rather than a question.

  • @whu606 Sweet! I'll add it in when I get home and hopefully it works :D

Sign In or Register to comment.