PDA

View Full Version : modify table with external php


Dr.CustUmz
02-25-2015, 03:55 PM
so me and KH99 got my confirm password working, but we were thinking, to make it more secure i need to have something that triggers it to change a table.

I have created the most simple product (for testing purposes) that only adds the column we need the install code is as follows:
$db->query("
ALTER TABLE `" . TABLE_PREFIX . "session`
ADD COLUMN `idle` smallint(5) DEFAULT '0'
");

this create our column in the session table saying if the user is idle or not. Default being 0 (not idle) 1 (idle) ...so is the idea

ok from there, i created a script that triggers after set amount of time:
$.ajax({ url: 'script.php' });

once script.php is triggered it is suppose to modify the idle table and set it to 1. here's what script.php looks like:
error_reporting(E_ALL & ~E_NOTICE & ~8192);
define('THIS_SCRIPT', 'idle');
define('CSRF_PROTECTION', true);
require_once('./global.php');
$vbulletin->db->query("
UPDATE `" . TABLE_PREFIX . "session`
SET idle = '1'
");

this is somewhat new to me, and im shocked i got this far with it before asking for help.
in chrome while loading my page, (watching network tab in the console) i can see after set time script.php trigger, this leaves me to believe i fudged something up in the text of script.php cause after it triggers and refreshing the DB i see no change in the idle column.

later ill need to make it so submitting a form reverse's this back to 0 so if anyone can kill 2 birds with one stone im throwing that out there too.

--------------- Added 1424887890 at 1424887890 ---------------

i figured i'd update this since its still needed but the issue didnt lie in the php, it works great! the issue is in my ajax call

i need a way to trigger this file without reloading the page are there any other methods i can do THAT WONT RELOAD THE PAGE.

--------------- Added 1424888239 at 1424888239 ---------------

this is what i used when it set the idle column properly:
$.ajax({
type: "GET",
url: "script.php" ,
success : function() {
location.reload();
}
});
it worked... but reloaded the page

removing:
success : function() {
location.reload();
}

fixed the reload but now wont set the column in the table =/


also the script seems to execute every set interval this is partial of the full snippet, any way i can kill it after it runs once:
if (idleTime > 2) {
$.ajax({
type: "GET",
url: "script.php"
});
$("#idle").removeClass("hide");
$( ".background-image" ).removeClass("hide");
idleTime = 0;
$('body').children().each(function(){
if($(this).attr('id')!="idle"){
$(this).css("-webkit-filter","blur(15px)");
}
});
}

so script.php is being called every 3 seconds.... which is kind of a big deal, but not like ud actually have this set to 3 seconds in a real environment.

--------------- Added 1424888499 at 1424888499 ---------------

now even re adding the reload doesnt update the table -_- back to square one

--------------- Added 1424889825 at 1424889825 ---------------

ok i got it all working EXCEPT it re runs every 3 seconds(testing time) but still if i set it to not trigger for 5 minutes i only want it to trigger on the first 5 mins not every 5 mins after its already triggered

this is my javascript:
function timerIncrement() {
idleTime++;
if (idleTime > 2) {
$.ajax({
type: "GET", url: "script.php"
});
$("#idle").removeClass("hide");
$( ".background-image" ).removeClass("hide");
idleTime = 0;
$('body').children().each(function(){
if($(this).attr('id')!="idle"){
$(this).css("-webkit-filter","blur(15px)");
}
});
}
}

the
$.ajax({
type: "GET", url: "script.php"
});

is the part fetching the script, so when the idle triggers it shows a div, when that div is triggered it triggers the script... now the script should trigger again untill the div has been closed and reactivated after say another 5 minutes of inactivity. but what its doing is trigerring the script.php EVERY 5 minutes of inactivity. (in the code displayed the trigger is set to 3 secs for developing and not having to wait)

kh99
02-25-2015, 04:54 PM
I hardly know anything about jquery, but as for th query to modify the table, I think you'd want:

$vbulletin->db->query("
UPDATE `" . TABLE_PREFIX . "session`
SET idle = '1'
WHERE dbsessionhash = {$vbulletin->session['vars']['dbsessionhash']}
");

otherwise you'll set idle in all sessions to 1. Also, you can check the value by checking $vbulletin->session['vars']['idle'] so you don't have to do a query.

Dr.CustUmz
02-25-2015, 05:35 PM
sweet thanks, as for the rest i got everything sorted out =) and ill probally start product fying this when i wake up.

thanks for all your help and suggestions kev, you better believe you'll have credit on this

--------------- Added 1424893001 at 1424893001 ---------------

oh heres a screen but the close button wont be there
http://cl.ly/image/3h0835223y19/Image%202015-02-25%20at%202.36.20%20PM.png

--------------- Added 1424893035 at 1424893035 ---------------

still needs some work but its a pretty sexy screen to get trapped on lol

--------------- Added 1424920959 at 1424920959 ---------------

so ive been playing with this and seems like the session table is reset after some time, creating a vulnerability to this mod.

if i get the idle set to 1 after some time the table is creating a new table for my id with the default of idle being 0, I believe moving this column to user table will solve this problem, but im not sure if it will achieve the desired effect

--------------- Added 1424921132 at 1424921132 ---------------

also using
$vbulletin->db->query("
UPDATE `" . TABLE_PREFIX . "session`
SET idle = '1'
WHERE dbsessionhash = {$vbulletin->session['vars']['dbsessionhash']}
");

doesnt seem to change the table at all