Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Password protect forum?
Hello all - tis my first post!
I have been using Vanilla for a while now and I love it!
But i was wondering is there a way to password protect the forum. Yes people can make accounts, but for them to get to the account creation stage they need to enter a master password that I provide to them. Is there a way to do this? If so - please someone help
Also - is there a way I can use the Vanilla users database to allow clients to log in to an external application I am working on? If so - can someone help me with this as well!
For the Password part:
Use .htaccess to provide a Password protection:
@Dr_Sommer You little wizard... I never thought of that!
@Dr_Sommer Thinking about it - How could I have it so that they only need to put a password in once - forever, so to access the sign up page, they need a password, but dont need a password for the login page
what is your primary goal.
to add an additional one-time password during registration process?
if so. try
if you want to make your forum discussions only viewable to logged in users, you can control that through viewing permissions in dashboard roles and permissions for guests.
determination of whether a person is logged in is via a cookie. if they don't delete and their browser doesn't delete the cookies for the site they can remain signed in until cookie expiration (which is 30 days iirc).
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Http is stateless there is no logged in or logged out, only cookies create that impression and you have limited control over that.. As a visitor they are unknown so you can't know.
What you want is invitation based registration (built into vanilla). Get their email and send them an invitation.
Sending passwords around is flawed security anyway.
grep is your friend.
@x00 @Dr_Sommer I think the plugin is the answer as I only want the users to have to enter something for them to be able to sign up. This would be a random key I make and give to people I want to join. I'll try it and see how it works
I never used that feature, but isn't that what invitations are for?
@R_J Yes - that would be useful, but the whole process needs to be automated - so they would get the code / password from a download that gives them the ability to make the account. Yes invitation would work on a smaller scale but I want anyone who gets the code to be able to join. To make it simple User goes external site - Gets txt file with forum link and password - with the password they can make their account
Then addregistrationquestion does what you need.
The answer to the question you set is whatever you give out, job done.
Obviously, it can be a statement like 'Enter code here', rather than a question.
@whu606 Sweet! I'll add it in when I get home and hopefully it works