PDA

View Full Version : [Fixed] vbPlaza


Bratz-Designs
04-05-2007, 10:00 PM
http://www.vbplaza.com

Hello,

The original creator of this mod has asked me to post this again. ALL CREDITS FOR THIS MOD GO TO HIM AND NOT TO ME!!!!
* Fixed version!
* Ill try to provide help where i can but it is unsupported!

CMX zegt:
u can post this at vb.org as a "fixed" package
CMX zegt:
I would, but no time atm, getting ready to head out, bbl

***Version no's are fixed in the php and xml file!***

------------------------------------
vbBux / vbPlaza Full Features Listing!
------------------------------------

------------------------------------
vbBux Settings:
------------------------------------
1) Enable vbBux Points System?
2) Displayed Decimal Places?
3) Paycheck Period?
4) Paycheck Last Activity Required?
5) Points For Registerring?
6) Points For Buying Paid Subscription?
7) Points For Birthdays?
8) Points For Referral?
9) Points For Referral's Actions Multiplier?
10) Points Per Profile View?
11) Points Per Thread View Multiplier?
12) Points Per Thread Multiplier?
13) Points Per Reply Multiplier?
14) Points Per Posted Character?
15) Points Per Good Reputation?
16) Points Per Bad Reputation?
17) Points Per Poll Creation?
18) Points Per Poll Vote?
19) Points Per Thread Rate?
20) Points Per Calendar Event Added?
21) Points Given for Adding a Profile Picture?
22) Points Taken Away for Removing a Profile Picture?
23) Points For Attachments Enabled?
24) All Attachments Cost X Points
25) Use Attachment Confirmation Page?
26) Points Per New Arcade Champion?
27) Points Table Name
28) Points Field Name
29) Bank Field Name
30) Bank Interest Percent
31) Bank Interest Interval
32) Bank Interest Interval Reset on Deposit
33) View Richest X Members
34) Show Admins on Richest X Members
35) Show Super Moderators on Richest X Members
36) Show Moderators on Richest X Members
37) Show Total Points on vbPlaza Main
38) Unregistered Gives Points for Viewing Threads to Thread Creator?
39) Moderators Earn Extra Points Multiplier?
40) Super Moderators Earn Extra Points Multiplier?
41) Enable Arcade Integration?

------------------------------------
vbPlaza Settings:
------------------------------------
1) Enable vbPlaza System?
2) Administrator Usergroups?
3) Protected From Options Usergroups?
4) Enable Mod CP Options?
5) Displayed Decimal Places?
6) Display X Items Per Item History Page
7) Display X Winners Per Lottery Winners Page
8) Display X Changes Per Username Changes Page
9) Senior Member Age
10) Senior Member Discount Percentage
11) Loyal Member is Registered for X Days?
12) Loyal Member Discount Percentage
13) Item Refill Interval
14) Federal Tax Percentage
15) Glow Strength Intensity
16) Shadow Strength Intensity
17) Admin Number of Option Fields
18) Display Richest / Most Sold on All Pages?
19) Max Gifts Displayed Other Than User Profile
20) Max Gifts Displayed Per Row?
21) Max Ribbons Displayed Other Than User Profile
22) Max Ribbons Displayed Per Row?
23) Removeable Items Are Refundable?
24) Default PM Userid to send PM's from
25) Allow your members to Hide Gifts in Posts?
26) Allow your members to Hide Ribbon in Posts?
27) Allow your members to Receive no PM upon New Gift?
28) Allow your members to Receive no PM upon New Ribbon?
29) ibProArcade Jackpot Increases X Percentage of Cost to Play
30) Arcade Pass Owners Can Win Jackpots?
31) vbPlaza Options Display Style
32) Display Options Per Row in vbPlaza?
33) Enable vbPlaza Override For Username HTML Markup?

------------------------------------
vbBux Forums Settings:
------------------------------------
1) vbBux Options
a) Give vbBux Per Thread View
b) Give vbBux Per Thread
c) Give vbBux Per Reply
2) vbPlaza Thread Options
a) Users Can Open Threads in this Forum?
b) Users Can Close Threads in this Forum?
c) Users Can Sticky Threads in this Forum?
d) Users Can Unsticky Threads in this Forum?
e) Users Can Bump Threads in this Forum?
f) Users Can Debump Threads in this Forum?
3) vbPlaza Forum Options
a) Users Can Buy Access to this Forum?
b) Users Can Give Access to this Forum?
c) Users Can Deny Access to this Forum?
d) Users Can Buy Password for this Forum?

------------------------------------
Individual vbPlaza Option Settings:
------------------------------------
Admin Donate Settings:
1) Sends PM to user?

Donate Settings:
1) Sends PM to user?

Give Gifts Setting:
1) Users Can Buy Themself A Gift?
2) Sends PM to user?

Thief Settings:
1) Thief Success Rate Percentage. (Very simple check at the moment.)
2) Thief Always Fails On Staff.
3) Thief Failures Go To Theftee. (Explanation below in updates.)
4) Thief Loses Reputation For Attempting Theft And Failing.
5) Thief Loses Reputation For Attemping Theft And Succeeding.
6) Thief Max Theft Amount.

Steal Others Reputation Points Settings:
1) Amount of Reputation to Steal?

Remove Others Reputation Points Settings:
1) Amount of Reputation to Remove?

All Options:
1) Enable Active On/Off.
2) Show in vbPlaza On/Off.
3) Log History On/Off.
4) Override Category Permissions On/Off.
5) Additional Allowed Usergroups.
6) Additional Denied Usergroups.

------------------------------------
vbPlaza Options:
------------------------------------
1) Change Username
2) Bold Username
3) Italic Username
4) Underline Username
5) Colored Username
6) Glow Username
7) Donate
8) Bold User Title
9) Italic User Title
10) Underline User Title
11) Colored User Title
12) Admin Donate
13) Bank
14) Change User Title
15) Change Others User Title
16) Thief
17) Thief Immunity
18) Change User Title Immunity
19) Sticky Thread
20) Unsticky Thread
21) Postcount Plus 50
22) Close Thread
23) Open Thread
24) Forum Access
25) Deny Forum Access
26) Give Forum Access
27) Give Gifts
28) Bump Thread
29) Debump Thread
30) Bypass Flood Control
31) Forum Password
32) Secondary Usergroup
33) See Deletion Notices
34) Primary Usergroup
35) Invisible Mode
36) Can See Invisible Users
37) Default Avatar
38) Change Others Default Avatar
39) Change Default Avatar Immunity
40) Remove Others Default Avatar
41) Remove Default Avatar Immunity
42) Custom Avatar
43) Change Others Custom Avatar
44) Change Custom Avatar Immunity
45) Remove Others Custom Avatar
46) Remove Custom Avatar Immunity
47) Change Profile Picture
48) Buy Lottery Ticket
49) Can Use Signature
50) Can View Members Info
51) Can Modify Profile
52) Can Set Self Invisible
53) Can View Others Usernotes
54) Can Manage Own Usernotes
55) Can Upload Profile Picture
56) Can See Who Left Reputation
57) Can Upload Custom Avatar
58) Can Use Custom User Title
59) Can See Others Profile Pictures
60) Can View Own Usernotes
61) Can Manage Others Usernotes
62) Can Post Own Usernotes
63) Can Post Others Usernotes
64) Can Edit Own Usernotes
65) Can See Hidden Custom Fields
66) Can Give Reputation
67) Can Hide Reputation
68) Can Give Negative Reputation
69) Can Upload Animated Avatar
70) Can Upload Animated Profile Picture
71) Can Edit All Posts
72) Can Delete All Posts
73) Can Open/Close All Posts
74) Can Edit All Threads
75) Can Manage All Threads
76) Can Post Annoucements
77) Can Moderate Posts
78) Can Moderate Attachments
79) Can Mass-Move Threads
80) Can Mass-Prune Threads
81) Can View IP Addresses
82) Can View Whole User Profile
83) Can Ban Users
84) Can Unban Users
85) Receive Email Upon New Thread
86) Receive Email Upon New Post
87) Can Set Forum Passwords
88) Can Physically Remove Posts
89) Can Edit Signatures
90) Can Edit Avatars
91) Can Edit Polls
92) Can Edit Profile Pictures
93) Can Edit Reputation
94) Can Access Control Panel
95) Can Administer Settings
96) Can Administer Styles
97) Can Administer Languages
98) Can Administer Forums
99) Can Administer Threads
100) Can Administer Calendars
101) Can Administer Users
102) Can Administer Permissions
103) Can Administer FAQ
104) Can Administer Images
105) Can Administer BB Codes
106) Can Administer Cron Jobs
107) Can Administer Maintenance
108) Can Administer Upgrades
109) Can Administer Plugins
110) Buy Reputation Points
111) Steal Others Reputation Points
112) Remove Others Reputation Points
113) Reputation Points Immunity
114) Unlimited Reputation Per Day
115) Always Horizontal Postbit
116) Always Legacy Postbit
117) Shadow Color for Username
118) Awareness Ribbons
119) Bypass PM Flood Control
120) Bypass Search Flood Control
121) Can Use Message Tracking
122) Can Deny PM Receipts
123) Arcade Pass
124) Arcade Access
125) Glow User Title Color
126) Shadow User Title Color
127) Username Font Type
128) User Title Font Type
129) Bold Thread Title
130) Italic Thread Title
131) Underline Thread Title
132) Colored Thread Title
133) Glow Thread Title Color
134) Shadow Thread Title Color
135) Thread Title Font Type
------------------------------------
Admin CP Options:
------------------------------------

------------
vbBux Options
------------
Manage Settings
Mass Points Giveaway
Mass Forum Settings
Reset All Bank Intervals
v3 Arcade Quick Editor
v3 Arcade Update All
uCash Integration

--------------
vbPlaza Options
--------------
Manage Settings
Search Item History
Manage Categories
Manage Options
Add New Category
Add New Option

----------------
eLottery Options
----------------
Manage Lotteries
Add New Lottery
Search Lottery Winners

-------------------
vbPlaza Gift Options
-------------------
Search Gifts
Fix All Gift Postbits
Delete All Gifts

---------------------
vbPlaza Ribbon Options
---------------------
Manage Ribbons
Search Ribbons
Fix All Ribbon Postbits
Delete All Ribbons

------------------
vbPlaza Maintenance
------------------
Rebuild Datastore
Rebuild Items Sold
Refill Options Now
Clear Always Change Items
Clear All User History
Clear All Other Flags
Clear All Display Flags
Rebuild Bitfields

------------------------------------
Mod CP Options:
------------------------------------

-------------
vbBux Options
-------------
Arcade Quick Editor
Arcade Update All

---------------
vbPlaza Options
---------------
Manage Categories
Manage Options
Search Item History

-----------------
vbLottery Options
-----------------
Manage Lotteries
Search Lottery Winners

--------------------
vbPlaza Gift Options
--------------------
Search Gifts
Fix All Gift Postbits

----------------------
vbPlaza Ribbon Options
----------------------
Search Ribbons
Fix All Ribbon Postbits

-------------------
vbPlaza Maintenance
-------------------
Rebuild Items Sold
Refill Options Now

Brandon Sheley
04-06-2007, 08:05 PM
hmm.. all holes are closed ?

thepub
04-06-2007, 08:38 PM
Loco I'm going to let you be the guinea pig lol!

Shazz
04-06-2007, 08:41 PM
Umm... Errm...
/me is thinking hard

JamieLee2k
04-06-2007, 09:30 PM
Has he released a list of things he has fixed? I heard there are lots of problems and I wondered if has fixed them all!

cashpath
04-06-2007, 09:33 PM
Would uploading the files be enough? (i.e. no need to reload product.xml?)

HMBeaty
04-06-2007, 09:33 PM
Has he released a list of things he has fixed? I heard there are lots of problems and I wondered if has fixed them all!

Well hopefully Bratz or the staff here will eventually let us know

UncoderMom
04-06-2007, 09:47 PM
3.6.x

HMBeaty
04-06-2007, 09:53 PM
Would uploading the files be enough? (i.e. no need to reload product.xml?)

You'll more than likely want to re-import the product and set allow overwrite to yes

rjmjr69
04-06-2007, 10:02 PM
Get this error when trying from scratch and when upgrading

The vbBux / vbPlaza Product XML you have imported does not match the same Version number as the PHP files uploaded. Please reupload all PHP files to your forum's root folder. Then re-import the Product XML file with Allow Overwrite set to Yes.

Too many errors reverting back

The new XML has a version number of 1.5.81?

rjmjr69
04-06-2007, 10:38 PM
The new upload files work fine with the old XML.... And werent the problems in the php's anyway?

redtaz
04-06-2007, 11:00 PM
OK is this a fixed version? Have all the loop holes been fixed?

Rickeo
04-06-2007, 11:03 PM
vbplaza.php change the line version number to the correct 1 if u need me to elaborate on this please tell me thanks

~Rick~

rjmjr69
04-06-2007, 11:07 PM
vbplaza.php change the line version number to the correct 1 if u need me to elaborate on this please tell me thanks

~Rick~


Please do cause only version info I can find in the php is this which is correct right?

define('THIS_SCRIPT', 'vbplaza');
define('VBPLAZA_RUNNING', true);
define('VBPLAZA_SCRIPT_VERSION', '1.5.8');

rjmjr69
04-06-2007, 11:10 PM
OK is this a fixed version? Have all the loop holes been fixed?


ARE YOU SERIOUS? Whats the title say?

redtaz
04-06-2007, 11:14 PM
ARE YOU SERIOUS? Whats the title say?

It says it has but can a mod confirm that all the bugs have been fixed? and that its safe to use again?

JamieLee2k
04-06-2007, 11:30 PM
The vbBux / vbPlaza Product XML you have imported does not match the same Version number as the PHP files uploaded. Please reupload all PHP files to your forum's root folder. Then re-import the Product XML file with Allow Overwrite set to Yes.

So you are saying I have to edit my vbplaza.php file to say 1.5.8.1 ?

edited: Changed to match new version and it didn't work

JamieLee2k
04-06-2007, 11:46 PM
I have just compared the xml file from 1.5.8 & 1.5.8.1 and I wouldn't advise anyone putting in the old one as there is code added in the new one which might be the fix.

Code changed on these lines:
Line 6
Line 1463-1473
Line 3304

JamieLee2k
04-06-2007, 11:53 PM
Here is the working version
You also need to open vbplaza.php in notepad and change line 17
From
define('VBPLAZA_SCRIPT_VERSION', '1.5.8');

To this
define('VBPLAZA_SCRIPT_VERSION', '1.5.81');

redtaz
04-06-2007, 11:54 PM
Here is the working version

So vbplaza is safe again to use?

JamieLee2k
04-06-2007, 11:59 PM
I haven't tested it with the exploits, I only got it working for everyone to use, If you look at the changes file enclosed it says:
v1.5.81 has been released
--- Bugfix: strip_tags exploit has been fixed.

redtaz
04-07-2007, 12:08 AM
I haven't tested it with the exploits, I only got it working for everyone to use, If you look at the changes file enclosed it says:
v1.5.81 has been released
--- Bugfix: strip_tags exploit has been fixed.

Oh ok well hopefully it has been fixed but when u do test it with the exploits can you tell us the results?

JamieLee2k
04-07-2007, 12:12 AM
I won't test it as I don't even know what the original exploit was so someone else will have to check it and report here.

redtaz
04-07-2007, 12:13 AM
I won't test it as I don't even know what the original exploit was so someone else will have to check it and report here.

Oh ok well hopefully somone does do that.

rjmjr69
04-07-2007, 12:16 AM
Here is the working version
You also need to open vbplaza.php in notepad and change line 17
From
define('VBPLAZA_SCRIPT_VERSION', '1.5.8');

To this
define('VBPLAZA_SCRIPT_VERSION', '1.5.81');


Thank you that worked. Wonder how that was missed what did you do to the xml?

JamieLee2k
04-07-2007, 12:17 AM
I edited it in notepad, changed the version number from 1.5.8 to 1.5.81

JamieLee2k
04-07-2007, 12:19 AM
Oh ok well hopefully somone does do that.
Someone will know

rjmjr69
04-07-2007, 12:20 AM
I edited it in notepad, changed the version number from 1.5.8 to 1.5.81

I tried that hhhmmmm

JamieLee2k
04-07-2007, 12:25 AM
Yeah but the version number is in 2 different places, Line 6 and 3304

rjmjr69
04-07-2007, 12:42 AM
Ah I missed the 3304 one.... Thanks Wordpad search sucks.....lol

rjmjr69
04-07-2007, 12:46 AM
Oh ok well hopefully somone does do that.


The problem has been posted for quite some time now. It had to do with how it striped code. I personally fixed mine with the directions that were already posted two month's ago and have had no issues and I had someone attack the install it was safe with those edits......

JamieLee2k
04-07-2007, 12:46 AM
I use Ultraedit, it has a compare on there which lets me check from the other version and what's new/old

JamieLee2k
04-07-2007, 12:48 AM
One thing I would like to do is change points to pounds or another name, not possible from what I can see without loads of editing

rjmjr69
04-07-2007, 12:59 AM
One thing I would like to do is change points to pounds or another name, not possible from what I can see without loads of editing


Actually thats not as hard as you think..... Goto your Phrase search. And search for POINTS edit

JamieLee2k
04-07-2007, 01:09 AM
And did you try this as I got tooooooooo many results

rjmjr69
04-07-2007, 01:19 AM
Yes I've done it to mine... Find the global phrase POINTS does not hurt to change them just remember which ones you change. Actually they will appear anyhow. You need to change IIRC 3 of them for it to change in all spots.

LOOK FOR POINTS all by itself in the description.

JamieLee2k
04-07-2007, 01:21 AM
Cheers I am gonna do that tomorrow it's 3:20am now and I am going to bed

SkippySkippy
04-07-2007, 03:07 AM
So... does this thing actually work? And are ALL of the exploits fixed? Also... does this work on 3.6.x? I want to make sure everything is all set before I try to upgrade.

-Skip

rjmjr69
04-07-2007, 04:32 AM
So... does this thing actually work? And are ALL of the exploits fixed? Also... does this work on 3.6.x? I want to make sure everything is all set before I try to upgrade.

-Skip

Guess you'll have to either wait until someone whoever that would be comes out and says it is or you'll just install it because the poster claims FIXED. Do not recall anything else that needed to be done.......

bashy
04-07-2007, 05:53 AM
The author and poster says its fixed... Untill a staff member says otherwise i have installed again, thank you very much for talking the time to sort this.....

Well done :)

Rickeo
04-07-2007, 06:10 AM
Please do cause only version info I can find in the php is this which is correct right?

define('THIS_SCRIPT', 'vbplaza');
define('VBPLAZA_RUNNING', true);
define('VBPLAZA_SCRIPT_VERSION', '1.5.8');

NOPE corect the following

Please do cause only version info I can find in the php is this which is correct right?

define('THIS_SCRIPT', 'vbplaza');
define('VBPLAZA_RUNNING', true);
define('VBPLAZA_SCRIPT_VERSION', '1.5.81');

Add a 1 to that line hope that helps :)

~Rick~

JamieLee2k
04-07-2007, 09:22 AM
Rick that isn't the only thing that needs to be edited, you need to edit the vbplaza.php file and twice in the xml file, line 6 & 3304 or you can get the xml I uploaded yesterday

JamieLee2k
04-07-2007, 09:26 AM
This also works for 3.6.x

Dismounted
04-07-2007, 10:45 AM
Ahem...https://vborg.vbsupport.ru/showthread.php?t=144180

Bratz-Designs
04-07-2007, 10:56 AM
Versions are fixed in the .php and xml file!

Matt_270581
04-07-2007, 10:58 AM
Thanks Bratz-Designs!

<3 (no homo)

Hornstar
04-07-2007, 01:29 PM
I'll see how this goes. thanks.

Sooner95
04-07-2007, 02:03 PM
many thanks for getting a fix out for this. I know alot have been waiting.

KHALIK
04-07-2007, 02:17 PM
Does this work for 3.6.5 ?

Luky
04-07-2007, 02:49 PM
Well im about to install it on 3.6.5 so i bloodey hope it does! :)

Paul M
04-07-2007, 03:14 PM
Well hopefully Bratz or the staff here will eventually let us knowI've done a code comparison on the new version compared to the removed version and it looks like the function strip_tags() has been replaced in a whole bunch of files with a vbulletin input cleaning function. I don't know if this fixes the problem as I don't have details of the original issue. I'l ask the original member of staff who dealt with this to take a look.

Edit: The staff who examined this have found that the exploits detailed to the original author have not been fixed in this version, therefore we have no alternative but to remove it again.