A member did a page source view of a post on my site and took a screenshot of it. Its the one I have attached.

This member claims the code means I have the admin log in as user hack installed on my site. But its not installed nor has it ever been. So now this member is spreading rumors that an admin on my site has been logging in as a user and making posts.

So was wondering if someone could shed some light on this.

TIA

If that code is in your source code, then it is from this mod, https://vborg.vbsupport.ru/showthread.php?t=168819

I would ban the user or at least give him a warning after all he is a member you are the owner

If that code is in your source code, then it is from this mod, https://vborg.vbsupport.ru/showthread.php?t=168819

yes, indeed that is the hack the source code is from. in my option, theres one place you can see this source code, (only if hack is installed) and thats in "Admin Log In As User" "fetch_userinfo_query" in plug in section Plugin Manager. which im guessing built into xml.

if a guest/member was to view the source of this members admin profile without the plug in installed. all they will see is:

<!-- Start Admin Log In As User -->
<li class="thead"><a href="index.php?u=26971&amp;admin_log_in_as_user=+++">Log In As This User</a></li>
<!-- End Admin Log In As User -->

correct me if im wrong.

because i did see an option to edit memberinfo template to add:
<!-- Start Admin Log In As User -->
$admin_log_in_as_user_link
<!-- End Admin Log In As User -->

blastme, it really is easy for a member to stir trouble on a forum and say take a screen cap of example this: see in attachment. which i got from: http://pastebin.com/9HJw2W31 thx to google. also if this hack did let the public see its source, you would think google would paste it all over the net in search example "!$processed_admin_log_in_as_user" :erm:

maybe double check in Plugin Manager for any tracers. but sure do believe you. can you find where this source if found like on what page of your forum?

yes, indeed that is the hack the source code is from. in my option, theres one place you can see this source code, (only if hack is installed) and thats in "Admin Log In As User" "fetch_userinfo_query" in plug in section Plugin Manager. which im guessing built into xml.

if a guest/member was to view the source of this members admin profile without the plug in installed. all they will see is:

<!-- Start Admin Log In As User -->
<li class="thead"><a href="index.php?u=26971&amp;admin_log_in_as_user=+++">Log In As This User</a></li>
<!-- End Admin Log In As User -->

correct me if im wrong.

because i did see an option to edit memberinfo template to add:
<!-- Start Admin Log In As User -->
$admin_log_in_as_user_link
<!-- End Admin Log In As User -->

blastme, it really is easy for a member to stir trouble on a forum and say take a screen cap of example this: see in attachment. which i got from: http://pastebin.com/9HJw2W31 thx to google. also if this hack did let the public see its source, you would think google would paste it all over the net in search example "!$processed_admin_log_in_as_user" :erm:

maybe double check in Plugin Manager for any tracers. but sure do believe you. can you find where this source if found like on what page of your forum?



Guess I am not understanding because the hack is not installed. I do not have log in as this user in the drop down menu of quick user links and never have. It does not show up as an option in administrator permissions.


How would I double check in plugin manager for any tracers. ? The member said that he right clicked on a post on my site, click on view source code and that is where the code came from. I don't see it when I try it but than he'll say I had it installed and removed it.


I never even knew there was a hack like this.

If you want PM me a admin account and a link to the site and I can check it out for you.

Guess I am not understanding because the hack is not installed. I do not have log in as this user in the drop down menu of quick user links and never have. It does not show up as an option in administrator permissions.


How would I double check in plugin manager for any tracers. ? The member said that he right clicked on a post on my site, click on view source code and that is where the code came from. I don't see it when I try it but than he'll say I had it installed and removed it.


I never even knew there was a hack like this.Dude might be just making it up in a attempt to discredit you.

It's entirely possible, that's why I want to have a look around. :)

This is the screen shot that member posted on another site with saying it proves I have that hack installed.

If you want PM me a admin account and a link to the site and I can check it out for you.


Sent you a PM.

This is the screen shot that member posted on another site with saying it proves I have that hack installed.
I don't know what that really proves, other than he can take screenshots. I don't even really know what the accusation is supposed to be. A lot of admins log in as other users to participate, moderate and troubleshoot in their forums. Common practice and indicative of nothing duplicitous. If you've checked to make sure the mod isn't installed (which, again, there's nothing wrong with that), ban him. Ignore him. Move on to enjoying administrating your forum. Enough is enough.

The member said that he right clicked on a post on my site, click on view source code and that is where the code came from.
Then that member is a complete liar.

That code is php code, you cannot right click on a post and view php code, only the post html.

Clearly he went to alot of trouble to photoshop this up.... Looks like you have a real nutter on your hands.

Yeah the mod is not on there, the dude is a liar. :)

Then that member is a complete liar.

That code is php code, you cannot right click on a post and view php code, only the post html.
LOL As Paul said, it is PHP code. You can see it is the PHP code in one of the plugins if you download the modification. :)

I was wondering how he was viewing PHP source code. I could have used that years ago. :rolleyes:

Thanks guys that is what I wanted to know. Since I am not technical when someone says they viewed the code and than says it proves its installed I am not in a position to reply to it. However since that hack is not installed I knew something was up and figured if I came here there would be some explanation that made sense.


What I learned that it is impossible to see that code the way this member said he did so I accept he is a liar :)


In fact the first time I even heard of that hack is when he said it and came to see it a few days ago.

Thanks guys that is what I wanted to know. Since I am not technical when someone says they viewed the code and than says it proves its installed I am not in a position to reply to it. However since that hack is not installed I knew something was up and figured if I came here there would be some explanation that made sense.


What I learned that it is impossible to see that code the way this member said he did so I accept he is a liar :)


In fact the first time I even heard of that hack is when he said it and came to see it a few days ago.When and if you link folks to this thread for proof and to debunk the nutter you have lying about you, I leave this note: PaulM works for Internet Brands, the company that owns vBulletin. So what he says is Holy where vBulletin is concerned. He is correct in his assertion no one can view php code using a browser source code reader - that's actually sort of the point of it.

This alone proves beyond any doubt that your stalker/nutter is not only lying, he went to alot of trouble to do it but like all nutters, failed to actually do his homework.

Then that member is a complete liar.

That code is php code, you cannot right click on a post and view php code, only the post html.

yep basically what i said, fetch_userinfo_query is in the php code.

in my option, theres one place you can see this source code, (only if hack is installed) and thats in "Admin Log In As User" "fetch_userinfo_query" in plug in section Plugin Manager.

if a guest/member was to view the source of this members admin profile without the plug in installed. all they will see is:

<!-- Start Admin Log In As User -->
<li class="thead"><a href="index.php?u=26971&amp;admin_log_in_as_user=+++">Log In As This User</a></li>
<!-- End Admin Log In As User -->


so yes, complete liar.
i spent almost an hour installing that mod and looking for source codes just to help this user lol.

in the past i have seen this happen to boards with login as user hack and read pm's. in the way as in, some people know of such a addons for vbulletin and spread lies. 70% of them have most likely had a nulled vbulletin and its addons and then fail...so they attack others boards.
anyways ;)

Now the word is that the person claims to have hack in to the ACP with a simple sql injection and guess got the code there that does not exist.

Never thought its a good idea to admit hacking into one's site even if its a lie.

Now the word is that the person claims to have hack in to the ACP with a simple sql injection and guess got the code there that does not exist.

Never thought its a good idea to admit hacking into one's site even if its a lie.
I like how his story keeps evolving.

Then that member is a complete liar.

That code is php code, you cannot right click on a post and view php code, only the post html.
That's not entirely true. Evaluated php code will never appear as part of a final page, but non-evaluated php certainly will, for example if you accidentally (or intentionally) close a php block of code and not all the php code is included inside of the block, the page will render that extra php outside the php block as regular text, which will show up in the markup.

Now that clearly isn't the case.

Now the word is that the person claims to have hack in to the ACP with a simple sql injection and guess got the code there that does not exist.

Never thought its a good idea to admit hacking into one's site even if its a lie.Yep liar nutters change their story - they move the goalposts - when caught in their lie.

Hi guys I have another question. If a site had that hack installed where would that code be ? I am assuming it would show in the ACP somewhere ?

And than if someone took a screenshot of it, it would not come up with the URL in that screenshot I provided, is that correct ?

They keep claiming its real but if its real than why does it have that URL in the screenshot ? I attached it again plus a screenshot of just the URL.

Hope you all have a nice Xmas

It's a photoshop job and a fraud. Your stalker/nutter is not only lying, he went to alot of trouble to do it but like all nutters, failed to actually do his homework - right down to having the wrong URL in his "screenshot!"

He is lying, tell him to move on.

Hi guys I have another question. If a site had that hack installed where would that code be ? I am assuming it would show in the ACP somewhere ?


And than if someone took a screenshot of it, it would not come up with the URL in that screenshot I provided, is that correct ?



They keep claiming its real but if its real than why does it have that URL in the screenshot ? I attached it again plus a screenshot of just the URL.


Hope you all have a nice Xmas
The PHP code would either be in one of the plugins or the PHP file. Not on a Firefox view-source page. Were it a plugin, it would be in the Admin CP list of plugins. Were it a PHP file, you have to open it in an editor. Again, not in Firefox's, or any other browser's, view source feature.

I'm not sure why he's still going on about this. All anyone would have to do is open up the same page by hitting CTRL+U or go to their options menu to see if he's telling the truth. Then CTRL+F to see if any of those words in the picture are even in the page. This can be done by anybody with a browser and fingers (fingers optional). Screenshot not required.

The PHP code would either be in one of the plugins or the PHP file. Not on a Firefox view-source page. Were it a plugin, it would be in the Admin CP list of plugins. Were it a PHP file, you have to open it in an editor. Again, not in Firefox's, or any other browser's, view source feature.

I'm not sure why he's still going on about this. All anyone would have to do is open up the same page by hitting CTRL+U or go to their options menu to see if he's telling the truth. Then CTRL+F to see if any of those words in the picture are even in the page. This can be done by anybody with a browser and fingers (fingers optional). Screenshot not required.


Because after I learned what I did on this thread I pointed out that the screenshot was faked to give the impression the code was installed and was not an accurate display as proof that the hack was installed and that the person had lied.


Than it came out that the person said he was in the ACP briefly. Some members frequent my site and theirs so been explaining what I learned here. I can imagine some are not sure who to believe. Imagine someone admitting they hacked into my ACP though I am sure its a lie. Than this was posted on my site yesterday ( Below 2 posts ) I believe by the owner of the other site using as alias nick to what he normally uses. That's when I came back here with my latest post. If he was in the ACP which I say is BS than why not take a screenshot there. ? Why not just go back and take one and show your proof that your able to access the ACP if you admit to it. ?


The screenshot XXXXX posted was real as it gets.

Saying "he lied to you" in 50 repetitious posts won't change the fact.

Same old thang. You think if you say something enough with frequent repetition then the members here will believe it through some type of subliminal suggestion?!

XXXXX showed the truth and had nothing to gain from manufacturing false results.

"He didn't lie to you"



That was the whole point of his post.

He WAS in the ACP briefly, but long enough. His post left nothing to the imagination.

Of course it wouldn't mean ++++ squat if he wasn't where he shouldn't have been. That's the whole point of all of this. He found what you didn't think was possible to find.

Sorry to burst your bubble, but you're outted.

If you haven't already, if the site in question doesn't prevent off site linking, you should link back to this thread. People who don't know what their talking about are the one's who should be "outed".

The PHP code would either be in one of the plugins or the PHP file. Not on a Firefox view-source page. Were it a plugin, it would be in the Admin CP list of plugins. Were it a PHP file, you have to open it in an editor. Again, not in Firefox's, or any other browser's, view source feature.

I'm not sure why he's still going on about this. All anyone would have to do is open up the same page by hitting CTRL+U or go to their options menu to see if he's telling the truth. Then CTRL+F to see if any of those words in the picture are even in the page. This can be done by anybody with a browser and fingers (fingers optional). Screenshot not required.

If you haven't already, if the site in question doesn't prevent off site linking, you should link back to this thread. People who don't know what their talking about are the one's who should be "outed".


The URL here has been posted a few times. Some of my members have come to look. The opposing side/site making the baseless claim know about this thread also and have suggested they were or would like to show up to express themselves here but have not shown up. No real surprise. Its one thing to make an allegation with no proof and another to make it with fake proof so ya lets hear what you have to say.


Guess its one of those situations with site conflicts and since I admit I am not knowledgeable and figured why not post/share here to see the comments. I have learned things I would not have known otherwise like the simple fact the code from that hack would not be representative of that URL in that screenshot. Coming here as been quite helpful and sorry to unload what some would regard as crap and maybe not what these forums are for.

blastme,

I strongly doubt anyone here has a problem with you posting your concerns about this over at your site my Man. Everyone here is always so helpful not just to me but to others and the forum's own history of threads is proof.

All you can do is give your forum's members your word that you are not hiding anything and you are not doing anything to violate their privacy. Everyone here is convinced that you are not doing what these people accuse you of and you should not worry about this any longer.

So no blastme, this is not crap at all, this is what we are all here for, to help each other my Man. I think I can speak for most if not all here that we have no problem with anyone posting or asking questions here with issues like these.

Have a Merry X-Mas my Man and hope you feel more at ease now.

It's not a problem. These forums are for helping admins and sharing what we all know. Hope we helped.

It's not a problem. These forums are for helping admins and sharing what we all know. Hope we helped.

Exactly Jedi, thanks for also making our new friend here see that we don't mind anyone's questions here, if it wasn't for these forums I would be in a world of hurt. Everyone here has always been so helpful to me and it's always great to see people come together like you all have done here to help people out.

Please see the last post in this thread. It clears up a misunderstanding that started with the first post.

Max is right. It's all "yeahbut" stuff if it's trying to justify something that was done on blastme's site.
The actual issue is, it was was not done on his site.
He's complaining about something that was posted on another site.

Please note that I am not the one who posted the original message "blastme" has shown, but you should all know there is a lot more to this story than the one side you have been given by blastme. It doesn't make a hill of dogshit what the "rest of the story" is, the "screen shot" posted is a fraud, there is NO way it could have happened as pictured. You're employing "yeahbut" type arguments, which are a fail from the jump.

Let's all just drink some beer :)

Let's all just drink some beer :)http://youtu.be/xy8tIA50YM4


First of all, I'd like to say this thread is a great example of the lengths the members here, will go to, to help any other member. It's a testament to the excellence of this site and it's knowledgeable members. I've long known this but it's always great to see one more excellent example. Nobody here went to anywhere near the lengths the psycho did in creating his mediocre photographic fakery.

It doesn't make a hill of dogshit what the "rest of the story" is, the "screen shot" posted is a fraud, there is NO way it could have happened as pictured. You're employing "yeahbut" type arguments, which are a fail from the jump.
Max, you're right. And I've removed it for that reason.

Skip to my last post here and you'll realize there has been a misunderstanding.
The "screen shot" was never posted on his site. At least, not by myself or the person who created it.

Well, lets just say then, he's getting what he deserves. No "yeahbuts" about it. Does that work for you?

He's done the same sort of thing on my site and I didn't come running to you folks about it.

When someone gets into that sort of unethical behaviour, masquerading as a member he's about to ban, trying to cover up legal issues, there is NO defence for his actions.None of that is proven nor is it relevant to the OP. The OP is about whether someone could get a particular Mod's PHP code coming up in a page source code from a browser. And no, it can't happen. Therefore the creator of the photoshop job is a psychopathic liar. And anyone who believes him/her is a dupe.

All this other stuff is "yeahbut" deflection and isn't relevant at all to the issue.

If you say so.

--------------- Added 1389318971 at 1389318971 ---------------


I just realized something. HE is the one that told you - on this site - that it supposedly came up in the page source code from a browser. But that's not what was posted in the original message he copied the graphic from. NO ONE told him at any time that it came from viewing the page source in a browser. Hell, all you see doing that is html. Everyone knows that. (Or should.)

Dude just go take your Meds and move along already. I am just trying to stop you from further embarrassing yourself here.

It doesn't make a hill of dogshit what the "rest of the story" is, the "screen shot" posted is a fraud, there is NO way it could have happened as pictured. You're employing "yeahbut" type arguments, which are a fail from the jump.
Max, you're absolutely right. And I can see how it fails here as it's been presented.
So, stripping it down to the real issue because I know there has been a misunderstanding:

A member did a page source view of a post on my site and took a screenshot of it. Its the one I have attached.
I would ban the user or at least give him a warning after all he is a member you are the owner
He is lying, tell him to move on.
Dude might be just making it up in a attempt to discredit you.
It's entirely possible, that's why I want to have a look around. :)
I like how his story keeps evolving.
Yep liar nutters change their story - they move the goalposts - when caught in their lie.

PLEASE NOTE: The creator of that screen shot, never posted it on blastme's site. It was posted in a thread on my site. One of blastme's members got hold of it and sent it to him in a Private Message. He chose to make an issue of it at his site.

In other words, there is no one to ask to move on. No one to ban. No one went to his site to attack him. The person who created the graphic, is NOT a member of his site.

Does this clear it up or does "hearsay" (because it's from another site) still carry all the weight here?

PLEASE NOTE: The creator of that screen shot, never posted it on blastme's site. It was posted in a thread on my site. One of blastme's members got hold of it and sent it to him in a Private Message. He chose to make an issue of it at his site.

In other words, there is no one to ask to move on. No one to ban. No one went to his site to attack him. The person who created the graphic, is NOT a member of his site.

Does this clear it up or does "hearsay" (because it's from another site) still carry all the weight here?You doth protest too loudly methinks.

You keep trying to pettifog the issue, trying to baffle with BS since you can't dazzle with brilliance. The posting history of the fabricated, mediocre photographic fakery isn't at issue and no one gives a flying red rat's ass about it.

Max, you're absolutely right. And I can see how it fails here as it's been presented.
So, stripping it down to the real issue because I know there has been a misunderstanding:




Quoted content not shown see above for blue text.




PLEASE NOTE: The creator of that screen shot, never posted it on blastme's site. It was posted in a thread on my site. One of blastme's members got hold of it and sent it to him in a Private Message. He chose to make an issue of it at his site.

In other words, there is no one to ask to move on. No one to ban. No one went to his site to attack him. The person who created the graphic, is NOT a member of his site.

Does this clear it up or does "hearsay" (because it's from another site) still carry all the weight here?

^ Hogwash. The thread was closed due to mrhobby being someone who does not get along with blastme and I'm not goign to have that drama and trying to quote, take out of context, and to try and bend the truth around like I've seen done before on those sites will not be allowed here. Furthermore I've been shown some posts on one of these sites and you took what I said completely out of context and its not appreciated. The next time mrhobby sees a post by blastme or vice-versa I suggest you two don't reply to each other becasue I can clearly see that this "dramas" was posted on your sites well before it came here and to try and use vbulletin.org as an official means to discredit someone based on bad logic will not be tolerated.


Ok this thread has run it's course but before I close it I will say this:

The mod in question requires you to be listed as a Super-Administrator of your forum in the config file in order to access it in the admincp or even see the links yourself to login as said user so that might have been oversight at the time when you thought it was not installed because you could not see the links (@Owner of site who was not sure if this was installed or not).

Now one more thing, SatChat, NewCardNews, the lot of those sites I have worked on in the past heck that logo on the NewCardNews screenshot posted, I made it. Do not pm me asking for the owners personal info to any of those sites it will not be provided to sum it up, don't come on here bringing that "drama" I'm all too familiar with between all of your sites here to vbulletin.org. If you've ran off at the mouth too much and now a member you've told off is trying to scare you with fake screenshots or other well then that's between the two of you and if you have time to bicker then you have time to properly research this stuff and learn for yourself instead of posting then "telling" your sides of the drama story - none of us care to be quite frank and this entire thread could have been handled properly instead of turning into a he said she said type of ordeal.

I like the owners of all the sites, I personally do not see why you all can't get along but needless to say like I said above don't bring the drama here to vb.org it's not appreciated one bit and in fact is a disruption to the board which by the way is against the rules.