After some requests and a debate in the requests forum I've finally finished the majority of this hack. It allows the admin to find a user via the current method in the control panel then click view user's pm's. They are then shown all the pm's in the users folders.

Includes admin logging and is designed to use the cp.css file which is already used by the control panel. I considered adding a search feature but it would be hard without indexing all of the pm's the way vBulletin already does. This means it would be a very limited search.
You can also now select which admins can view user pm's this is done the same way that restriction to the adminlogging is done, the variable is at the top of pm.php

This hack involves uploading pm.php to the admin directory then following the instructions which requires you adding the two links within /admin/user.php

Updated 25th November 2001 @ 22:39

Update was to fix broken smilies by disabling them and to show pm's in all folders not just the inbox. To update simply upload pm.php to your admin folder again.

Scott

looks cool!

tried to download this, and it says that the zip is corrupt.....

The zip file works fine for me, I'll email the hack to you pm me your email.

Scott

I`ll try this out later man....thanks!

Works very well for me! Thank you! :D

sweet hack, nice job PPN

Cool hack, works great! :)

EXCEPT, all of the smilies are broken, show as red x's. :(

(not a big deal, just thought I'd let you know!)

yeah i've yet to figure out a way to fix that, as it relies on the images folder being in the folder with all the main files and not the admin section. I don't think there is going to be an easy way around this.

I guess I could just upload the smiley folder/files to the admin directory, right?

Yup, that worked.

I uploaded the smiley folder to a image folder under admin. :)

I installed this. Very simple and easy :)
And..very evil thing for us admins :greedy:

thank you !!!

PPN !!

Good hack I like it

Thanks :supwink:

thanks for this very good hack

Instead of just doing this:
adminlog(iif($userid!=0,"user id = $userid",""));
you can use this:
adminlog(iif($userid!=0," user id = $userid",iif($pmid!=0,"private message id = $pmid","")));
so it will also record the private message id the admin is viewing. :)

good hack
:D

thanks firefly

would it be possible to allow no all admins but only ONE ! ?

Thanks for a great hack!!

Ok i updated the attachment at the start with this feature, it follows the same principles as the adminlog restrictions apart from the variable which stores the userid's is at the top of pm.php and NOT in config.php

Scott

[QUOTE]Originally posted by PPN
Ok i updated the attachment at the start with this feature, it follows the same principles as the adminlog restrictions apart from the variable which stores the userid's is at the top of pm.php and NOT in config.php


Scott

just re-upload pm.php presuming you haven't edited it.

At the top of it you will see the variable you can insert id's if you wish, if you don't then all admins will still be able to view user pm's.

See I told you that people would like this hack!!

Arn't you glad you made it now!

Anyways, job well done my friend!

THANSK A BUNCH!!!

Worked great and easy to install! Thanks!

Excellent Hack.
Works great for me.

cooool, upgraded this hack....anything on makin the smilies work correctly though??

Great hack, only question is how to get it to list ALL PMs. For instance. I have 32 messages but it only shows 8? I believe the inbox?

just about to update zip then to turn smilies off and to sort it only showing inbox it will show all folders apart from the sent one.

ok thanks! I await the word:D

word :D

I reuploaded pm.php but I don't see a change?

ok I checked the two different versions with beyond compare and I certainly see a difference in them, but it still shows me the same list as the old one.

cache problem maybe i downloaded it and it is the new version.

Scott

Can you post a screenie? I haven't had this issue before but I have shift refreshed to no avail.

I don't see the different folders. Everything else works great tho. Did you change user.php from the earlier version to this one?

no changes to user.php, just linked to it

and the hack doesn't include the sent folder, as its simply stoes the pm's the user sent, do you really want to read them?

Scott

Yes because this allows to check to see if they sent it. Another user may delete it casually, but a lot of people forget about the sent items folder. Please Please Please

ok change
WHERE privatemessage.userid='$user[userid]' AND privatemessage.fromuserid!='$user[userid]' ORDER BY dateline DESC");

to

WHERE privatemessage.userid='$user[userid]' ORDER BY dateline DESC");

in pm.php

Scott

Excellent!! Thank you PPN!!

no problem

most of my users wipe their sent box as it fills the pm limit sometimes.

Invasion of privacy anyone? :stupid:

[QUOTE]Originally posted by DarkReaper
Invasion of privacy anyone? :stupid:

[QUOTE]Originally posted by JTMON


Oh just get over it already. You are on private property. You have no privacy!:D

I restricted viewing of pm's only to my id so no other admins can use it and I doubt that I'm gonna use it that much. Its just nice to have that option there if the occasion arises.

Scott

Guess I am the first one who got problem, stupid me :(

The error why trying to run http://mydomain.com/forums/admin/pm.php


Invalid SQL: SELECT * FROM user WHERE user.userid=
mysql error: You have an error in your SQL syntax near '' at line 1

mysql error number: 1064

Date: Monday 26th of November 2001 05:54:01 AM
Script: http://www.mydomain.com/forums/forums/admin/pm.php
Referer:


Note that the script path is wrong, it was suppose to be http://mydomain.com/forums/admin/pm.php, not extra one extra forums.

Weird, I follow exactly instruction, which was so easy, the first hack I've failed :(. Any help? please?

[QUOTE]Originally posted by CHeeKY


Then I am very glad im not a member of your board :D

Your access it the wrong way, you are not meant to access pm.php directly.

Your meant to find the user using the find option and then click View User's Pm's in the options part of the displayed users or at the top of the edit user page.

Scott

NICE HACK :D

argh..... thanks PPN, got it

I realize your intentions are all good, but the fact is this will most likely be abused by tons of people. This hack has probably kept me from using some vB's Private messaging systems in the past few days, and will indefinately :o

Yes but they already have access to this information freely. This just places it in the AdminCP.

Cool Hack

It always has been accessable, true. But what percent of the admins of vB's out there(legal and illegal) do you think know/knew how to access them? I'd say under 30%. If phpMyAdmin isn't installed, then its even more difficult to retrieve the PMs. This makes it a breeze to read anyone's PMs at any time.

Darkreaper, if your not wanting any support for the hack stop complaining, this thread isn't for debating if its right or not, if an admin feels that its nescerary to do so then they can. Its not for you to decide or for anyone else.
Stop trying to force your views on this issue on others.

Scott

Amen scott! ;)

hopefully no one else will wish to debate if its right or not :D

[QUOTE]Originally posted by DarkReaper
It always has been accessable, true. But what percent of the admins of vB's out there(legal and illegal) do you think know/knew how to access them? I'd say under 30%. If phpMyAdmin isn't installed, then its even more difficult to retrieve the PMs. This makes it a breeze to read anyone's PMs at any time.

Oh I'm sorry PPN, I didn't realize opinions weren't allowed here. God forbid someone speak out against something you've made. Please forgive me. :rolleyes:

you have been forgivien ;)

This doesn't work if you have a user name specified like Joe Smith which I do on my board rather than jsmith or something withone word. It gives this error:

Viewing User PM's is restricted.

Great hack!!! :)
I've installed it and it works perfectly.

PS : I am new here ;)

did you read the bit about restricting access to pm?

you need to enter your userid with the variable at the top of pm.php

Scott

I did do that. That's my point. Userid's like this: Joe Smith do not work.

That's how we have users sign up. With both first and last name with a space.

The hack cannot handle a first and last name with a space.

Yes it dose, dude dont come off like that, saying that the hack dosn't work!! YOu did somethign wrong!

You've done something wrong,

in no aspect of the code does the hack use the username to get information, it only uses the Userid to get the pm's and then gets the username for that.

If your still getting the error then you have to make sure your userid is correct.

Scott

Ok, I never said it didn't work. It obviously works. I never understood it was USERID and not USERNAME. Me bad. Sorry bout that! :)

Thanks!

I would just like to warn those admins who installed this hack from a legal standpoint.

If you do not clearly state both in your privacy statement and in your Private Messaging area (eg at the bottom) that PMs may be viewed by administrators, you are making yourself liable to ANY user suing you for privacy invasion.

Those who say that this is on your own "property" don't know the law.

ISPs, for example, store your e-mails. PMs are by default person-to-person exchange - their name suggests as such, and any reasonable user is allowed to assume by the name alone that they are as such = and are therefore defined by law in US and EU the same as e-mails. If an ISP admin was reading your e-mail without your knowledge or permission, you could sue the ISP and win.

The same applies to any service provider who offers "private" person-to-person communication on his premises, but in effect does not warn his users that this is not necessarily the case.

Install the hack all you like, but don't forget to add a warning to your Privacy statement and Private Messaging area. Otherwise, each and every single member of your community can sue you - and win.

[QUOTE]Originally posted by jucs
I did do that. That's my point. Userid's like this: Joe Smith do not work.

That's how we have users sign up. With both first and last name with a space.

The hack cannot handle a first and last name with a space.

[QUOTE]Originally posted by bira
I would just like to warn those admins who installed this hack from a legal standpoint.

If you do not clearly state both in your privacy statement and in your Private Messaging area (eg at the bottom) that PMs may be viewed by administrators, you are making yourself liable to ANY user suing you for privacy invasion.

Those who say that this is on your own "property" don't know the law.

ISPs, for example, store your e-mails. PMs are by default person-to-person exchange - their name suggests as such, and any reasonable user is allowed to assume by the name alone that they are as such = and are therefore defined by law in US and EU the same as e-mails. If an ISP admin was reading your e-mail without your knowledge or permission, you could sue the ISP and win.

The same applies to any service provider who offers "private" person-to-person communication on his premises, but in effect does not warn his users that this is not necessarily the case.

Install the hack all you like, but don't forget to add a warning to your Privacy statement and Private Messaging area. Otherwise, each and every single member of your community can sue you - and win.

I also find this odd since ALL vb admins have this ability and it's not in the default privacy statement

[QUOTE]Originally posted by JTMON
I also find this odd since ALL vb admins have this ability and it's not in the default privacy statement

JTMON, consult a lawyer.

Well that helps:rolleyes:

Did you happen to ask your lawyer the laws regarding this if the server isn't in the US, if I'm not in the US, etc etc....

All known ISPs include the following notice in their terms of service.


Our staff will not look at or read your email unless it is necessary to resolve a technical issue. In almost all cases, we will clearly inform you of the need to do so, and we will seek your permission before opening your mailbox on our servers.


Not only don't you have a notice like that on your website, but you now take it a step further and make it readily available to one or more admins to access and read a user's private communication without as much as asking a user's permission or even notifying him.

That is cause for lawsuit.

My source? this used to be my line of work :)

Again I must say that unless just about every vb owner HAS this altered Privacy Statement currently, regardless of if this hack has been installed, then they are ALREADY would be in violation of the law since they ALREADY have this ability WITHOUT this hack.

[QUOTE]Originally posted by JTMON
Well that helps:rolleyes:

Did you happen to ask your lawyer the laws regarding this if the server isn't in the US, if I'm not in the US, etc etc....

[QUOTE]Originally posted by bira


If the service you provide is offered in the USA, even if the server or your company are not in the USA, then you can be charged in the USA as well -- same goes for COPPA if you didn't know.

Furthermore, the Privacy Act is also enforced by the EU (European Union), so if at least 5% of your traffic come from the USA or the EU, you face liability in the USA and any EU member country.

[QUOTE]Originally posted by JTMON
Again I must say that unless just about every vb owner HAS this altered Privacy Statement currently, regardless of if this hack has been installed, then they are ALREADY would be in violation of the law since they ALREADY have this ability WITHOUT this hack.

Actually COPPA is also for general audience websites which may include kids, that collects information. In any event, that is not the point. The point was that even though COPPA is a USA act you as a service provider (assuming you fit the description of the law) are liable in the USA even if your company and server are outside the USA.

[QUOTE]Storing information on your server is passive. It is reasonable that a service provider will have the information stored on its server, and therefore it is reasonable to assume that someone with access could view that information.

However, once you take measures that actively violate the privacy of a user -- for example, install software that will allow you to read their personal communication - you are no longer within the bounds of "reasonable violation".

JTMON, you KNOW your ISP has your e-mails on their server, right?

You KNOW that any admin with root access to the mail server can log on and read your mail with a simple text editor, right?

But,

1) You also know your ISP pledged not to do that; and
2) If you found out anyone in your ISP did do it without your permission, you'd sue them and win.

Here, you are not pledging not to do it, in fact you are taking active steps to indeed do it, while at the same time de facto misleading your users ('clients') to believe their right to privacy is kept.

p.s.

No one can sue you for the fact that you could read his PMs, they'd have to prove you have in fact read them or had intent to do it.

By installing this hack you are exposing yourself to a lawsuit because the intent is there.

What can I say. It's the actuall action that could possibly lead to trouble. If this hack wasn't here. Anyone could use the same argument for myPHPAdmin. That software is installed for the reason of accessing the info in the database, this info could be private and you'd fall into the same trap.

well, if someone could prove in a court of law that you installed phpMyAdmin primarily or solely for the sake of viewing private communication without prior consent or alarm, you would be right.

However, proving that a hack called "Admins can view user's PMs" was installed solely or primarily for the sake of viewing private communication is much easier ;) :D

Hey its private property, there using your resources and your vBulletin you can do what you like.

I don't see hotmail with it in there privacy statement, but if someone abuses the hotmail account you forward the message to abuse@hotmail.com and they check the account to see if they have been abusing it... Whats the difference with this hack?

people send you emails about abuse, you check the pm account and if you find abusive emails, you deal with it.

Scott

[QUOTE]Originally posted by PPN
Hey its private property, there using your resources and your vBulletin you can do what you like.

I don't see hotmail with it in there privacy statement, but if someone abuses the hotmail account you forward the message to abuse@hotmail.com and they check the account to see if they have been abusing it... Whats the difference with this hack?

people send you emails about abuse, you check the pm account and if you find abusive emails, you deal with it.

Scott

Touch? :)

[QUOTE]MSN does not read any of your private online communications. Your MSN Chat conversations, MSN Messenger messages, Hotmail e-mails, and MSN Internet Access e-mails are completely confidential.

Nam, I won't go into further discussion over what MSN does or doesn't do. The point is, they actually write very clearly what they will or will not do and under what circumstances.

Some of the people here (I'll refrain from point at specifics, you figure it out) who argue most vehemently in favour of doing whatever they bloody want on their server, don't even have a PRIVACY STATEMENT on their BB. That's how seriously clueless they are about users' most basic rights.

Anyway, end of my part in this discussion.

I was posting to assist those who are perhaps misinformed and could appreciate a legal advice on the matter. not those who want to do something knowingly and with malice.

(and again, this is NOT a statement against the hack, it's merely an advice what to do if you install it).

[QUOTE]Originally posted by bira
Nam, I won't go into further discussion over what MSN does or doesn't do. The point is, they actually write very clearly what they will or will not do and under what circumstances.

Some of the people here (I'll refrain from point at specifics, you figure it out) who argue most vehemently in favour of doing whatever they bloody want on their server, don't even have a PRIVACY STATEMENT on their BB. That's how seriously clueless they are about users' most basic rights.

Anyway, end of my part in this discussion.

I was posting to assist those who are perhaps misinformed and could appreciate a legal advice on the matter. not those who want to do something knowingly and with malice.

(and again, this is NOT a statement against the hack, it's merely an advice what to do if you install it).

Guys, this my $0.02 point of view :

Private Messaging on vBulletin is a nice feature you offer to your users and they are NOT forced to use it. They know the rules, they use it. Point.

If they want to communicate with themselves with more confidentiality, then they can simply email each other!

That's how I personaly see it... :D

I'm just a young thing :D

i'm 16, 17 in December and i'm still at High School.

I do php scripts and run 4 servers for hosting to make money.

A raq, 2 Red Hat boxes and a nice Win 2k one :D

want my shoe size as well or are we not getting that personal :p

At least MSN clearly points out the real score in their privacy policy ... as Bira said, some sites that use this (or want to use this) don't even have privacy policies, which implies they intend to use this as either an undocumented admin feature or for other stealthy reasons ;)

Well, I wasn't here to discuss MSN's policy either, my point was they will do whatever they want without letting their users know, but they did state in their agreement.

So just put additional line (if you already had :D ) or a new page saying that you reserve the right to view user's PM WITHOUT letting them know IF you need to do so in order to protect your site. It's just that simple. Thanks to Bira for warning us.

hmmmmmmm.....

CAn someone tel me where I can edit the Faqs, and also the statment in thebegging when you register, and also is that the privacy statment

Thanks!

[QUOTE]Originally posted by bira
Nam, I won't go into further discussion over what MSN does or doesn't do. The point is, they actually write very clearly what they will or will not do and under what circumstances.

Some of the people here (I'll refrain from point at specifics, you figure it out) who argue most vehemently in favour of doing whatever they bloody want on their server, don't even have a PRIVACY STATEMENT on their BB. That's how seriously clueless they are about users' most basic rights.

Anyway, end of my part in this discussion.

I was posting to assist those who are perhaps misinformed and could appreciate a legal advice on the matter. not those who want to do something knowingly and with malice.

(and again, this is NOT a statement against the hack, it's merely an advice what to do if you install it).

[QUOTE]Originally posted by Hooper


I agree with what I've read Bira state in here. I also admire her standing alone in the debate. She is correct. You may have the right to view others Private Messages with a certain set publicly known privacy statement. But if a member found that the service you provided was indeed breaching their trust in you in any way, and could prove that you knowingly did so, you could very well be held liable by law for the situation. Not only you, but your hosting company and anyone else remotely connected to the situation. Let alone the fact that this hack is just damn tasteless, viewing someones private information should be something one would do under extreme situations where the admin felt that what was being posted as private messages could result in a legal matter itself. There is absolutley no reason to be viewing anothers private messages unless the above hold true.

So in my opinion this is not good advertisement for vBulletin for one. Jelsoft has taken great strides with the code to insure public safety and privacy. Let's not unhack vBulletin.

Damn you guys, I am sure that all of us installing it, have better things to do with our time than to read are users, petty conversaions with each other!

THe only reason i installed it, is i have been hacked a few times, and A lot of members tell me that this member is the one doign it, and thats the only time i would check his pms!

and again

CAn someone tel me where I can edit the Faqs, and also the statment in thebegging when you register, and also is that the privacy statment

Thanks!

Templates-->Modify

I know that :D

could you be more specific please!?:)

jeez, find it yourself dude, it should be in FAQ template.

That's exactly where it is, not sure about the privacy statement. try searching your templates;)

[QUOTE]Originally posted by Nam
jeez, find it yourself dude, it should be in FAQ template.

it was just so obvious :cool:

Me i would install it but all i get is this error :)


Parse error on pm.php on line 73 any ideas ??
i'm running 2.2.1 and haven't touched the PM.php as it said it was alredy set to let all ADMINS view pm's ????

line 73 is

$bbcode=bbcodeparse2($bbcode,$privallowhtml,$priva llowbbimagecode,0,$privallowbbcode);

have you made any changes to the bbcode parsing within functions.php?

I know that everyone who has run it has had no problems with this script.

K sorted now :) the ftp program i used stop uploading the file 98% done, hence the error the file wasn't all there :).
re-upped it and it works sweet :)

Wonderful hack thanks so much :)

when i try to view pm i have this message : Viewing User PM's is restricted...in pm.php i have added my user name but to view pm but not work...please help me!!!

i get this error ...

Invalid SQL: SELECT * FROM user WHERE user.userid=
mysql error: You have an error in your SQL syntax near '' at line 1

mysql error number: 1064

Anyone know whats wrong ? :stupid:

thanks

I'm guessing your going to pm.php directly cyrus, its not meant to be used in that way, your meant to go find the user using the find user part of the admin panel and then click the link within there to view the users pm's

though to link directly pm.php?userid=USERIDHERE would work

hope this helps

Scott

does this hack also works with 2.2.2 ?

yes it works with all of the 2.2 series and it should work with the 2.0 series as well.

Seems there would be some privacy issues with this hack. Why would anyone want to read private messages between others? Just nosy maybe? Private messages are not private messages if you use this hack. I hope those that are using this are including it in their privacy agreement. It's useless to me.. Sorry!

maybe you should read the whole thread

I don't agree with PPN that DarkReaper was "forcing his views on anyone." (I hate that term...it's just a bad way to say "disagreeing") No, this hack is not immoral. But I DO think it would be very, very sneaky to NOT let your members know about this in one way or another. When people hear the term PRIVATE messages, they're going to take that to mean, indeed, private. I do not have this hack installed, but I believe most of my members know that I can view them if I really want to. So, I just tell them that I have no intention of invading their PM Inbox, but that if they want to be completely sure, just use email.

Yeah I mean, this hack doesn't give you any ability you DON't already have. It just puts it in the VBAdmin. I haven't even reinstalled this hack after I've upgraded.

Well, still...it makes it much easier. The access you have to the PMs without it is unavoidable. Making it easy and installing a feature that is MEANT to help you with it is not unavoidable...so I think that anyone who installs this hack would be wrong not to let their members know, in some way, that their PMs are not 100% private. Frankly, that should probably be something all boards mention, but especially those with this hack.

I dont want to upset anyone or make anyone mad but it's the word private that is at stake for me.. When I tell my users private or call something private then it should be private without any invasion on my part.. Yes, you can view them thru your database, but admin with any morality would not do this. PM's should be called P/AM's for for Private/Admin messages with this hack installed.. Just an opinion:)

True, but like stated earlier in this thread, some admins have issues with PM spam and have a great need for this hack and they DO spell it out in the privacy agreement as well as the FAQ. That's the reason I said to check the thread because we have had this same conversation and Bira was even kind enough to point out the legal aspects for boards that are businesses.

I mention that I *can* read private messages in the pirvacy statement and it doesn't seem to bother users. I think i've used it twice in total on my live boards and it was to deal with threats via PM.
If someone says they are being threatened over PM then how do you prove it? You have to look into the database, this simply makes it easier and if you have no self restraint to use it only when needed then your simply invading their privacy.

[QUOTE]Originally posted by JTMON
True, but like stated earlier in this thread, some admins have issues with PM spam and have a great need for this hack and they DO spell it out in the privacy agreement as well as the FAQ. That's the reason I said to check the thread because we have had this same conversation and Bira was even kind enough to point out the legal aspects for boards that are businesses.

yeah, and what do you do when they only send one pm but it contains a threat or something worse, but the user deletes it.

This hack wasn't designed to hunt through the users pm's for spam, it was simply to confirm any issues that people may have brought to your attention.

Many users might pm you saying SoandSo is sending you spam, you can simply deal with this by confirming that they are.

WORKS FOR 2.2.2

THANKS

Great hack, man :)

Just a tiny addition.

If find
makelinkcode("email","mailto:$user[email]").
somewhere around line 1463 and add
makelinkcode("view pm's","pm.php?s=$session[sessionhash]&action=list&userid=$user[userid]").
Just after, you get the option to view PM's from the PM statistics part too.

Works great, hope I never need it in 'anger'. :)

thanks Sparkz i knew i forgot to do somewhere :)

2.2.3 approved!

Its a seperate file and as the database structure for pm's hasn't changed in all of 2.x it should work with the entire series.

hmm, it doesnt seem to work with 2.2.4... It just displays the user has no pms when i sent like 3..

o hehe NVM, its because hes an admin.. LOL! oopz..

yeah its designed not to read admins pm's

Great hack! It's good to fight the spam.

Clicking on the install button :)

Database error in vBulletin Control Panel 2.2.5:

Invalid SQL: SELECT * FROM user WHERE user.userid=
mysql error: You have an error in your SQL syntax near '' at line 1

mysql error number: 1064

Date: Monday 15th of April 2002 09:50:33 PM
Script: http://www.gods-network.com/forums/forums/admin/pm.php
Referer:
any ideas?

Doesn't seem to work with v2.2.5 - just keeps saying Admin has no permisiion to view PM's

Did you read the instructions about only allowing certain users to read pm's, its at the top of the file you need to enter your own userid.

yeah entered it but no luck

I am running v2.2.5

so

$canviewpms = "";

that contains your userid on your own forums?

um.....you guys didnt answer my problem :/ hehe...

I put my own username in that box and then saved the php file and uploaded it - are you saying I need to insert
$canviewpms = ""; somewhere else?

not supposed to put your user name.....supposed to put your USER number see like your user number 9099 on this board....so youd put 9099 right there....

Does this work for 2.2.4+? I want to use this on http://forums.cheatlist.com. And it seems alot of people are having problems with it. If you need me to i'll update it for 2.2.5

it was written for 2.2.2 and I have used it on every version of vBulletin since then without problem. You also can't really have a problem with it, its a case of uploading a file and linking to it from the admin cpanel.

then....why do i get that db error? lol

what are you clicking in specific?
its cause the userid is blank are you just typing /admin/pm.php into your browser or are you finding the user and then clicking the option on top, like your meant to :P

im going to admin/pm.php then it shows me that db error. Did everything it says in the instructions....Im kinda a newb to this forum [better wash my mouth][better wash my mouth][better wash my mouth][better wash my mouth] but im learning :) but i figured id post here and maybe you guys could help me out.

Your not meant to access the file like that, your suppose to find your user the usual way via the admin panel then click one of the links you added to view the user details.

Dblade (thats god heh) You Find user, then when you edit his profile there will be a gray box above that. Click view PMs.

And ppn, you area Goderator and a Kick ass hacker. thx for the hack :)

I installed this hack, and when I go to pm.php, this is what I get.

Database error in vBulletin Control Panel 2.2.5:

Invalid SQL: SELECT * FROM user WHERE user.userid=
mysql error: You have an error in your SQL syntax near '' at line 1

mysql error number: 1064

Date: Sunday 05th of May 2002 01:50:27 AM
Script: http://forums.ffinsider.net/admin/pm.php
Referer:

ok if you had read any posts in this thread, you will see that you need to find the user then click show users pm's within the page.

Come on its in the post above yours LOL

Hi,

I am running 2.2.5, but it says "Viewing User PM's is restricted.". I have added the admin inot the pm.php file and checked the spelling very carefully, but it keep on saying this.

Any idea?

you need to put in the userid, not the username

Its working now. Cheers

Either through the control panel or direct i get this

Warning: Failed opening '/com/ip-subspace.com/www/forum/admin/pm.php' for inclusion (include_path='.:/usr/local/lib/php') in Unknown on line 0

this is version vb 2.2.1

Nice hack. When I saw first saw this I thought "Nah... too much of a big brother tactic" but recently I had some complaints about a particular user sending very hateful and sometimes lewd PMs to other users.

Thanks to this hack I was able to dig into his PM box and see that the complaints were indeed true.

It's a power that could be used for good or bad, but it definitely helped out in this case. Kudos!

figured it out , rights issue.

Yep kanima, if the file doesn't exist or php doesn't have permission to read the file you get that error

Great! Thanks PPN :)

Is this hack working on the newest version 2 ?

[QUOTE]Originally posted by DudeSicko
Is this hack working on the newest version 2 ?

Thx :) Il install it when i get home from work :)

Worked perfectly with no modifications needed for 2.26.

Question for you though.

I want to make it so the link "Read PM's" doesn't even show up if your not the userid specified in the pm.php

Does anyone have any suggestions on how to do this?

Thanks

Josh

would the user know that the admin has been viewing his/her pms???

No they wouldnt.

[QUOTE]Originally posted by JoshFink
Worked perfectly with no modifications needed for 2.26.

Question for you though.

I want to make it so the link "Read PM's" doesn't even show up if your not the userid specified in the pm.php

Does anyone have any suggestions on how to do this?

Thanks

Josh

Viewing is already restricted within the pm.php file so there is not much point in doing what you suggest. It also limits it to one user instead of just editing who can use it in config.php

yes PPN but if i remember correctly is the link restricted? because that its what i believe the person was asking for :p if not my bad ;)

g-force2k2

Even though Bira hasn't been around for a while, I just read his posts (I think its a him). Anway, he raised many good points. Which is why I wouldn't install this hack. If the need arises, I'll use phpmyadmin.

I couldn't aggree more with Bira on ever post he posted..

Its a her :p

And Ive used it about 8 times to total. You have access to the information anyway so you might as well make it easier for yourself to read them if the need arises.

Nice hack scott :)

Is it possible to be able to read PMs in other folders, besides the Inbox? Just wondering :D

fantastic hack!

Does this hack work with PHP4.2.2?

I've only got one hack that modifies user.php and it's this one and when my host upgraded to PHP 4.2.2 and apparently the file is corrupted in places? Because when I go to change acustom avatar in the CP, I get this come up (attached)

@Tha Rock: Everything works fine when running on PHP 4.2.2, I just tried changing my own avatar, and nothing went wrong.

thank you for this excellent hack

I really really really appreciate your work

really excellent hack again and again

I tried it on many versions of vbulletin , and every time it works....

and only the admin you precise in the pm.php can truly go and see the pms.

that is real nice , thank you a million PPN

no bother the version for vB3 is done

Is there a 2.2.7 for this hack? I just tried the 2.2.4 version but got a lot of errors.

I am doing this and cannot find pm.php. Where the heck is it?

Not anywhere I can find at all. It says to upload it to the admin folder in the server, but I can't find it in my files under admin or any dam thing!

You're supposed to upload the pm.php from the hack ZIP, I believe.

In case it isn't already mentioned, this hack is v2.2.8 compliant! :)

thanx :knockedout:

It just gives me an evil database error. :/

[QUOTE]Originally posted by bira
I would just like to warn those admins who installed this hack from a legal standpoint.

If you do not clearly state both in your privacy statement and in your Private Messaging area (eg at the bottom) that PMs may be viewed by administrators, you are making yourself liable to ANY user suing you for privacy invasion.

Those who say that this is on your own "property" don't know the law.

ISPs, for example, store your e-mails. PMs are by default person-to-person exchange - their name suggests as such, and any reasonable user is allowed to assume by the name alone that they are as such = and are therefore defined by law in US and EU the same as e-mails. If an ISP admin was reading your e-mail without your knowledge or permission, you could sue the ISP and win.

The same applies to any service provider who offers "private" person-to-person communication on his premises, but in effect does not warn his users that this is not necessarily the case.

Install the hack all you like, but don't forget to add a warning to your Privacy statement and Private Messaging area. Otherwise, each and every single member of your community can sue you - and win.

The nick serves you (Visionray) ... I certainly agree with you bro! ;)

If they found out, they better let me wear the glasses their wearing too! I wanna see Halle Berry "NAKED!!!" :p

But I can't do this to my members though ...

Just installed it... THANX!

Installed ok on 2.8 and just to say i had trouble with the user id bit !!

I tryed to put the user name in, but after reading some f the post's i sused it.......

Nice hack...

My Forum: www.walkonzone.com/vboard/

Lee

For those wondering, it works lovely on 2.2.9.

Excellent hack, thanks!

Works wonderful on 2.2.9. Thanks for a great hack!

i am getting this (Parse error: parse error, expecting `','' or `';'' in /forum/admin/user.php on line 294)

this is the error message in cp users.

vesion 2.2.9

I have tried playing with the codes and checking them, and re-uploading, but still getting the error message.

Can somebody that has the mod done please email me the finished user.php file.

Yeah I tried to install it too, but whenever I clicked on the Edit User in Admin CP, I get a database error message.

Help!?

PPN ... another great hack. Installed it in 2.2.9 without a problem.

Pshhhh

Anyone wanna tell us people who get errors, what to do?

Post the Error in full

[QUOTE]i am getting this (Parse error: parse error, expecting `','' or `';'' in /forum/admin/user.php on line 294)

this is the error message in cp users.

vesion 2.2.9

Can you paste a copy of line 294 ???

I have no idea how to find line 294, any suggestions

Open the user.php using NotePad or WordPad and find line 294.

You can see the line #s in the bottom right hand side of the window.

why can i not get the line # to show in either programs?

Use NotePad ... the count is in the bottom right hand corner "Ln 1,Col 1 "

for some reason that does not show on my comp, when i goto edit the >go to is not highlighted.

I keep getting this damn error any help please ??????!!!

---------------------------------------------------------
Database error in vBulletin Control Panel 2.2.9:

Invalid SQL: SELECT * FROM user WHERE user.userid=
mysql error: You have an error in your SQL syntax near '' at line 1

mysql error number: 1064

Date: Wednesday 05th of February 2003 06:48:09 PM
Script: http://tokyoforums.com/admin/pm.php?
Referer:
-----------------------------------------------------------------------

[QUOTE]Originally posted by Andrewf



This is a copy of the error.

i get this Viewing User PM's is restricted.

i got it
thanx
nice mod

My forum data is 100% my property. It is not the property of the members. Do you guys file lawsuits when 1 user deletes a thread with 100 replies? Do I have to get permission from you to take down my server or move things around? If you draw a picture in my sketchbook and give the sketchbook to me, you don't have any ownership over the sketch anymore.

There is NOTHING implied nor are any representations made about privacy by any kind of labeling or documentation in vBulletin.

The hypocracy in this thread is shocking. Disgruntled employees are getting their butts sued off for their "1st amendment" postings on public forums. And you think someone can sue a forum and win for doing what they want with their messages? You can't have it both ways.

All this said, I treat my forum members with utmost respect if they have earned it.

legal ramifications?

we had a situation on the boards, and now users are telling me this could be an invasion of privacy? that this could be a legal matter?

what do you think? we have a terms of use which states (it was read and ok'd by a lawyer, however he wasn't internet law or anything) 'Duplication or use of any content from this WEB SITE for commercial purposes or in any manner likely to give the impression of official approval by Amitymama.com, is prohibited. The WEB SITE Copyright © 1999- 2003 Amitysworld.com, Amitymama.com. Amitymama.com reserves the right to refuse, reject, delete, intercept or otherwise edit any written correspondence or information located on it's server.'

thanks!
amity

unfortunately, i am unable to read most of the pages pertaining to this. :( i am getting a 'bad request' error.

i will continue reading however.

amity

Works great also with 2.2.9 :D

**INSTALL**

Well I have this installed on my board and the only ones to have complained about it are the ones that are trying to distrubute warez in someway and thought that no one could see their PMs. I had to tell them that even with out this hack installed I can go in the database and see everything that they have done anyway.

could someone make it that i can see all pm's sent by all users on one page or something.

come on guys, i really want this? i want to see al the pm's sent on one page, in a table with there username and subject and who to? cant any do it?

i'm gonna make a request

Does this hack enable viewing of the messages in the Sent Items folder , as well as other folders that was created by the user ?

Or just those messages in the Inbox ?

Very useful Scott, Thanks!

Looks like a good hack.
Im not installing just yet , im going to try and edit the code so it will e-mail the user who made the pm that their Pm is being investigated.

Nice job tho :-)

Is there a way to only let a certain admin view PM's. I only trust me.

I thnk you make them Moderators

*installs*

works on vb 2.3.0 ;) nice job

i will install them tonite! Great mod now I can catch those suspious spammers luking ard private messages and catch them red handed! :banana:

i will install them tonite! Great mod now I can catch those suspious spammers luking ard private messages and catch them red handed! :banana:

just to check...

if my userid is 2 and i only want userid 2 to be able to read those pm's do i do this way in pm.php?


adminlog(iif($userid!=2," user id = $userid",iif($pmid!=2,"private message id = $pmid","")));

or


adminlog(iif($userid!=2," user id = $userid",iif($pmid!=0,"private message id = $pmid","")));

or both wrong?


??

[QUOTE]03-10-03 at 11:37 PM feldon23 said this in Post #211 (https://vborg.vbsupport.ru/showthread.php?postid=364036#post364036)
All this said, I treat my forum members with utmost respect if they have earned it.

[QUOTE]Today at 05:01 AM d3nnis said this in Post #226 (https://vborg.vbsupport.ru/showthread.php?postid=412510#post412510)
just to check...

if my userid is 2 and i only want userid 2 to be able to read those pm's do i do this way in pm.php?


adminlog(iif($userid!=2," user id = $userid",iif($pmid!=2,"private message id = $pmid","")));

or


adminlog(iif($userid!=2," user id = $userid",iif($pmid!=0,"private message id = $pmid","")));

or both wrong?


??

[QUOTE]Today at 01:58 AM S.Shady said this in Post #228 (https://vborg.vbsupport.ru/showthread.php?postid=412634#post412634)
bothe wrong keep it like this

adminlog(iif($userid!=0," user id = $userid",iif($pmid!=0,"private message id = $pmid","")));

you need to change this line

// which users are allowed to view user's pm's
// separate each userid with a comma
$canviewpms = "";$canviewpms = "";

well i just checked and double checked and triple checked and still, "Viewing User PM's is restricted."

Yes ive added my username (correctly) at $canviewpms = "userid";

I am running vB 2.3.0

??

whenever i try to click "view users PM's" it says "user blahblah has no PM's"

Even though the PM stats say otherwise =/

[QUOTE]06-26-03 at 10:32 AM Sabrina said this in Post #230 (https://vborg.vbsupport.ru/showthread.php?postid=412869#post412869)
well i just checked and double checked and triple checked and still, "Viewing User PM's is restricted."

Yes ive added my username (correctly) at $canviewpms = "userid";


I am running vB 2.3.0


??

Database error in vBulletin Control Panel 2.3.0:

Invalid SQL: SELECT * FROM user WHERE user.userid=
mysql error: You have an error in your SQL syntax near '' at line 1

mysql error number: 1064

Date: Tuesday 12th of August 2003 03:55:44 AM
Script: http://www.xxxxxx.com/forum/forum/admin/pm.php?s=
Referer:

mmmmmmmmmm :ermm:

Bump so that maybe someone can update this hack for version 2.3.0 and 2.3.2.

This hack will be useful for reference and security purposes.

[QUOTE]Yesterday at 10:30 AM Cal Poly Forum said this in Post #234 (https://vborg.vbsupport.ru/showthread.php?postid=426564#post426564)
Bump so that maybe someone can update this hack for version 2.3.0 and 2.3.2.

This hack will be useful for reference and security purposes.

Hey i installed this hack today. version 2.3.2 and it works fine.

Tanks for great hack.

Installed on vB 2.3.2.

/me clicks install.

Installed on Vb 2.3.0

Clicks Install!!!

This is an excellent hack. We've been using it for some time now. I am also a lawyer, and I can attest to the fact that this is perfectly legal, whether or not you notify your users that you are using this, as the Electronic Privacy Act grants certain inalienable protections to private property, such as web sites and bulletin board systems. Anyone who thinks to the contrary obviously has no understanding of current laws in the United States. The European Union's Common Policy on Privacy is, also, very protective of private property, much more so than personal privacy, which for the purposes of visiting other web sites and providing your information, is considered public domain.

Question: Is there an easy way, either through phpMyAdmin, or maybe through an add-on to this script, to search through private messages for a certain word of phrase? Our board has strict rules against promoting our competitor's products. Thanks!

All the best,
Kaelon

This is an update for vbulletin 2.3.3. I noticed that the code has changed snice then so i took the liberty to go ahead and submit this. I did not create this hack, all credit for this hack goes to Scott MacVicar from Vbulletin. I'm just updating the code for new version of vbulletin.

[QUOTE='[]\[]emesis']This is an update for vbulletin 2.3.3. I noticed that the code has changed snice then so i took the liberty to go ahead and submit this. I did not create this hack, all credit for this hack goes to Scott MacVicar from Vbulletin. I'm just updating the code for new version of vbulletin.

Yeah, I'd like to know the same thing. Maybe I'll tool around with pm.php and figure it out...

[QUOTE=Thomas P]Thanks Scott & Nemesis! :)

How can I view the Outbox of users?
We have some spammers on our forums :(

any 3.0 Betta or Gamma versions of this hack?

fisrt there are no vb3 hacks here, second try at vbulletin.nl

thanks dude, sweet hack

I get:

Database error in vBulletin Control Panel 2.3.4:

Invalid SQL: SELECT * FROM user WHERE user.userid=
mysql error: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

mysql error number: 1064
--------------------------------------

What did I do wrong?

I am running VB 2.3.4

Awesome hack, thank you so very very much.

Nice job.

I kind of customized this by making a small icon, and using a conditional statement so this icon only appears to the superadministrator. I placed the code in the postbit template. Now the superadmin can see a little icon in the postbit box on the forums, and click it and it opens that member's box, as long as you have an active CPANEL session in that browser session. This way you don't have to edit the link to each userid. I also added this to the user profile.

Would this work on vB 2.3.3?

Also, how does it work? does it show all pms or do you have to go to a specific user?

Thanks.

[QUOTE=bigdaddy04]Would this work on vB 2.3.3?

Also, how does it work? does it show all pms or do you have to go to a specific user?

Thanks.