Announcement

Collapse
No announcement yet.

Quick fix for the reset-password page being inaccessible to logged out users in a private forum

Collapse
X
Collapse
First Prev Next Last
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Official - Free Quick fix for the reset-password page being inaccessible to logged out users in a private forum

    If you are running a private vB5 forum that requires registered users to access and view the forums, you are experiencing this bug where the reset-password page is not accessible when user is not logged in. So it's not possible for your users to reset their password.

    Enabling "Can View Channels" permission fixes the issue, however it's not a desirable workaround as it allows guests to partially view the site.

    This issue occurs in vB 5.2.1 to 5.2.3 which was recently released. Based on the bug report, it seems that vBulletin will fix it in the next version 5.2.4 which would probably be released in 3 months or so. I based this on the time it took to release 5.2.3 from the time 5.2.2 was released. But you'll never know when.

    If you cannot wait for the official fix, then this hack is for you. (Note: As of 5.2.4, this issue was officially fixed by vB, so you don't need this mod anymore)

    Open and edit this file in a text editor.

    Code:
    /core/vb/api/route.php

    Find and replace this line:

    PHP Code:
    protected $whitelistPrefix = array('help''contact-us''lostpw''register''activateuser''activateemail''admincp'); 

    with:

    PHP Code:
    protected $whitelistPrefix = array('help''contact-us''lostpw''register''activateuser''activateemail''admincp''reset-password'); 

    Notice that you simply have to add the URL prefix for Reset Password page to the array. I don't know why it is taking time for vBulletin to fix this issue.

    Note: Since this is a core hack, you have to re-apply this change whenever you upgrade. But this wouldn't matter anymore if they would fix this in vB 5.2.4.
    Last edited by glennrocksvb; 02-10-2017, 02:27 PM. Reason: Added note that this mod is no longer needed in 5.24 and up

    #2
    awesome thanks

    Comment


    • glennrocksvb
      glennrocksvb commented
      Editing a comment
      You're welcome djbrown.

    #3
    Very keen to get this mod having just upgraded our club forum from VB4 to VB5 yesterday and now getting users emailing me because they can't reset their passwords! However I have signed up and activated my account, I can post but can't see the code in the solution above. Does something else need to happen so I can see it?

    Thanks!

    Comment


      #4
      Originally posted by WRXClub View Post
      Very keen to get this mod having just upgraded our club forum from VB4 to VB5 yesterday and now getting users emailing me because they can't reset their passwords! However I have signed up and activated my account, I can post but can't see the code in the solution above. Does something else need to happen so I can see it?

      Thanks!
      Ignore that, it has just lit up for me.

      Comment


      • glennrocksvb
        glennrocksvb commented
        Editing a comment
        Glad it works now. Sometimes it takes few minutes before the usergroup change propagates.

      #5
      This fix works perfectly, thanks!

      Comment


        #6
        FYI, I did a similar fix like this some time back and you are mistaken. This is a flaw which goes back as far as vB5.1.2, and perhaps earlier. This is one of many known flaws which have existed for a long time which vB knows about and simply refuse to fix. Much like the RSS.php being unable to detect and error trap an ATOM feed mislabeled as RSS.
        Anyhow, your approach is a little cleaner than mine, so kudos and thanks.

        Comment


          #7
          Originally posted by glennrocksvb View Post
          If you are running a private vB5 forum that requires registered users to access and view the forums, you are experiencing this bug where the reset-password page is not accessible when user is not logged in. So it's not possible for your users to reset their password.

          Enabling "Can View Channels" permission fixes the issue, however it's not a desirable workaround as it allows guests to partially view the site.

          This issue occurs in vB 5.2.1 to 5.2.3 which was recently released. Based on the bug report, it seems that vBulletin will fix it in the next version 5.2.4 which would probably be released in 3 months or so. I based this on the time it took to release 5.2.3 from the time 5.2.2 was released. But you'll never know when.

          If you cannot wait for the official fix, then this hack is for you.

          Open and edit this file in a text editor.

          Code:
          /core/vb/api/route.php

          Find and replace this line:

          PHP Code:
          protected $whitelistPrefix = array('help''contact-us''lostpw''register''activateuser''activateemail''admincp'); 

          with:

          PHP Code:
          protected $whitelistPrefix = array('help''contact-us''lostpw''register''activateuser''activateemail''admincp''reset-password'); 

          Notice that you simply have to add the URL prefix for Reset Password page to the array. I don't know why it is taking time for vBulletin to fix this issue.

          Note: Since this is a core hack, you have to re-apply this change whenever you upgrade. But this wouldn't matter anymore if they would fix this in vB 5.2.4.
          I did as described in this post, but I have not solved the problem with vb 5.2.3. when a user tries to do the password reset email arrives but once you have clicked on the url to make the password reset appears a blank page! help

          Comment


            #8
            There must br something else going on as some had confirmed the fix works.

            But why don't you just upgrade to 5.2.4? This issue appears to be fixed in the latest version along with hundred other fixes.

            Comment


              #9
              Originally posted by glennrocksvb View Post
              There must br something else going on as some had confirmed the fix works.

              But why don't you just upgrade to 5.2.4? This issue appears to be fixed in the latest version along with hundred other fixes.
              We have not installed the 5.2.4 because unfortunately our hosting has the php 5.4.19 and feedback installation problems.. you can overcome this problem?

              Comment


                #10
                Starting vB 5.2.4, the minimum required PHP version is 5.5. You have to ask your host to upgrade PHP to at least 5.5.

                Comment


                  #11
                  Originally posted by glennrocksvb View Post
                  Starting vB 5.2.4, the minimum required PHP version is 5.5. You have to ask your host to upgrade PHP to at least 5.5.
                  It happens if I change this? "Install versions.php", unfortunately my host asks me to migrate to the new servers to have the php 5.5 and still have seven months paid with the server where I am right now

                  Comment


                  • glennrocksvb
                    glennrocksvb commented
                    Editing a comment
                    If upgrading is not an option at this time, then you have to stick with 5.2.3 for now and figure out why this fix does not work for you. If you need private help, you could hire my services. PM me if you are interested.

                  #12
                  Upgrading is not an option for many due to hosts not wanting to upgrade servers.
                  vB5.2.4 is very pushy about using PHP7 which tends to break a great number of servers. e.g. Apache II crashes with PHP7. Being forced to upgrade PHP can mean the end of a host. Who is going to give up their business just for a shoddy forum product?

                  FYI, vB5.2.4 has become a nightmare with permissions now so loose that by default they are almost pointless.
                  Moderators have no more access than do registered users and unregistered and banned users can access the site with the same ease as registered users.
                  I have tested the hack on a vB5.2.4 forum and it worked.
                  The fact that vB introduces another 150 new bugs with every release is very frustrating. Moreso that they have bugs well known and detailed, many with fixes that have been around for years which they refuse to address, is just bad business. You know some of what I mean Glen and you have seen the official reports and fixes.

                  Why this is not working for Gimsy I also do not know.
                  Perhaps Gimsy can post a copy of his route.php file, or just the line, for review and comparison. May just be a typo.

                  Comment


                    #13
                    I'm curious to know why vbmods.rocks use the 5.2.2?
                    greetings by Formiano.

                    Comment


                      #14
                      Originally posted by formiano View Post
                      I'm curious to know why vbmods.rocks use the 5.2.2?
                      greetings by Formiano.
                      Because of this critical vBMessenger issue I found

                      http://tracker.vbulletin.com/browse/VBV-16581

                      This is fixed in 5.2.5 which I'm waiting to be released.

                      Comment


                        #15
                        @ Felix2 the post above, it is the confirmation of what he writes.
                        vBulletin 5 Connect costs $ 249.00 and this is not a beautiful thing.

                        Comment

                        Working...
                        X