HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Search
-
I found a little bug on authentication method
Hi, after playing with vanilla the last 10 days i found a little bug regarding the authentication. Login and register forms shouldn't be accessible when a user is already loged in the site. Steps to reproduce the issue: Log in on the site and then visit the link https://open.vanillaforums.com/entry/login or… -
Re: How to block this spambot?
Update: The advice here helped enormously and I think I've closed the vulnerability. Thanks again for the help, @x00 and @peregrine ! Due to the database import (from the weird old proprietary forums), many threads had an InsertUserID of 0. These threads' OPs (author "Unknown") could be edited simply by accessing… -
Comment & registration plugin
Hi there! I found that sometime people want to answer a question (in case of a new forum) but they don't want to spend time on registration. So I want to build a form that combines registration and posting a comment, see below. When a user clicks "submit" button three things will happen: 1) it creates a new user 2) it… -
Re: Show a display name instead of username
To my opinion the approach is somewhat borked, but I'm not 100% sure what the requirements are. Is it for security? Is it just for fun? I have just drafted* a small plugin which forces users to log into the forum with their mail address so that it wouldn't be possible to log into the forum with the user name displayed. If… -
Re: Upgrading from 2.0.18b1 to 3.3
-
Re: Method to allow SSO auto logon/logoff
-
Looking for a Plugin "show new comments/discussions only"
-
Problem with the login function on my forums
Hey everyone, just wondering if anyone else is experiencing this problem. When a user logins in or I do, I enter the username and password and click 'sign in' I get error "please try again", then I click sign in again without changing the username or password and it logs in fine. What would be causing this strange thing? -
What is the best approach for SSO and resource consumption via API v2?
We have an app that we would like to integrate with Vanilla via SSO. jsConnect approach either for embedding or full-site is not useful to us since we intend on using API v2 to request specific resources and display them however we see fit. How can we programmatically create or log a user in, while getting its access… -
Re: Signed out after entering the custom page
You can check if the user is actually logged in with: Gdn::Session()->IsValid(); Haven't used this plugin since 2.0.18, because there are better alternatives now as long as you just want static pages: http://vanillaforums.org/addon/basicpages-application http://vanillaforums.org/addon/simplepages-plugin
248 results