Hack: Clean sessionhash 1.3

With this hack installed bits in the url (s=) used for the sessionhash in all vBulletin powered links will be striped when the sessionhash is not in use.

For example, when the sessionhash is off a link on your forum will look like:

index.php?s=

Or if a action is used:

index.php?s=&action=somthing

With this hack installed the s= and un-needed & will be striped out. And will look like this:

index.php?

and:

index.php?action=somthing

How to install:

1: Apply the change to sessions.php listed in the attachment.

2: Edit all templates containing the $session[sessionhash] variable, I am not including a steap by steap template instructions because they vary so much between differnt styles. You will have to do this yourself.

You have to look for two things, links in this format "?s=$session[sessionhash]" should be changed to just "?$session[sessionhashnoamp]". Also links in this format "?s=$session[sessionhash]&" need to be changed to "?$session[sessionhashamp]"

The old $session[sessionhash] var still works as it normally would, so your board will not break if you miss some templates.

Warning!!: Do not edit links that use $session[dbsessionhash]!

This hack is not for the faint of heart to install, it will take some time. :)

1.3 Released (Stable):

Fixed error in one line of code, hack will work without problems and has been deemed stable, tested with 2.3.0, and 2.2.8.

1.2 Released:

Missed line in block of code, untested. [high]If running upgrade to 1.3[/b]

Deadly ...

If you download the attachment before I made this posts please re-download it and apply the change, I missed one line in the modified block.

It's another beautiful thing about vB3. :) At this rate, Anime-loo you're going to upgrade to vB3 line by line. ;)

Today at 12:38 AM Erwin said this in Post #4 (https://vborg.vbsupport.ru/showthread.php?postid=418856#post418856)
It's another beautiful thing about vB3. :) At this rate, Anime-loo you're going to upgrade to vB3 line by line. ;)
LMAO :bunny:
Nice hack BTW :)

Parse error: parse error in /home/fusionf/public_html/forum/admin/sessions.php on line 442


} else {
// $shutdownqueries[]='DELETE FROM session WHERE lastactivity<'.($ourtimenow - $cookietimeout);
// this will be done automatically in doshutdown
}
// END SESSIONS ************************************************** ****************************

$session['dbsessionhash'] = $session['sessionhash'];

if ($badcookie==1) { // send the session has through the URL if the cookie is bad
$bbuserinfo['nosessionhash']=0;
}

if ($bbuserinfo['nosessionhash']!=0)
{
$session['sessionhashnoamp'] = 's=' . $session['sessionhash'] .;
$session['sessionhashamp'] = 's=' . $session['sessionhash'] . '&';
} else {
$session['sessionhashnoamp'] = '';
$session['sessionhashamp'] = '';
$session['sessionhash'] = '';
}

// vbulletin default
// if ($bbuserinfo['nosessionhash']==1) {
// $session['sessionhash'] = '';
// }

?>


this is line 442


$session['sessionhashnoamp'] = 's=' . $session['sessionhash'] .;

Sweet hack! :) Makes the the URL shorter and more user-friendly. And more vB3ish. ;)

Wow, ALL templates. :o

Is it possible to use a replacement instead? ;)

Yesterday at 01:37 AM Xelation said this in Post #6 (https://vborg.vbsupport.ru/showthread.php?postid=418865#post418865)

this is line 442


$session['sessionhashnoamp'] = 's=' . $session['sessionhash'] .; [/B]


1.3 released to fix this problem, all errors are gone, feel free to install it.

fantastic hack but i started on my templates and thught jesus this will take forever :(

as the other guy said is there no other way of doing a replacement or something ?????

did'nt want to do it and bulls up me forum i thought i would ask you first :)

You can try to use vBulletin's built in template search/replace system but it has always failed to get all the templates updated for me. Also doing it with replacements would be useless because you would still have to update all the templates with links in them for it to work.

worked thanks :)

yeah i ment the search replace thingy lol

also your step 2 m8

do i change all $session[sessionhash] that i find ???

or just the ones in links ??? just under your step 2

ie

?s=$session[sessionhash]

and

?s=$session[sessionhash]&

ok i have this in one of my templates .. if you tell me what to do with that then i am sure i can work it out :)

<input type="hidden" name="s" value="$session[sessionhash]">

i dunno what to do with that ???

sorry i can be a right donut sometimes :(

IMO the best way to do it would be with a preg_replace in the dovars() function that would remove all instatnces of:


?s=
&s=
amp;s=


when the condition used in the hack is true, not fool proof, but easier then editing all the templates.

AL:

I have noticed on my board that the sessionhash numbers are removed anyway without having to remove anything from the templates.

Great hack.

Parker

worked great thanks

L.

Parker...

When I use this wihtout mods to the templates and I have my profile set to use cookies (Thus no session #'s), it STILL uses session numbers. Without the hack installed it does not use session numbers. Does the same on your site.

So, not sure why, but it does not seem right in this case.

David

I didn't have the problem with the session numbers showing up when I used the automatically log in turned on but had the browse this board with cookies turned off. So with that option turned on the sessionhash number aren't getting removed.

Parker

definetly doesn't work for me.

with this hack, it gives a hash and the s=, w/o it, just the s=.

D

7th:

Did you do the required modification to your templates has noted in post #1 of this thread?

Any alternative yet to modifying all the templates in a simpler way??

I definetly want this hack.

Thanks anim-loo !

Cheers

Today at 11:06 AM HostBubble said this in Post #21 (https://vborg.vbsupport.ru/showthread.php?postid=421997#post421997)
Any alternative yet to modifying all the templates in a simpler way??

Why don't you guys use Admin CP/Templates/Search/Search&Replace to replace your keyword with the new one in all templates?

At last. Can you remove the session hash for all links? I mean hide it somethwere?

This doesn't work at all for me. I did everything, including the templates and it's showing the sessionhash now.

To the people having tourble with the modification. Replace you hacked code with this and tell me if it helps anything:

if ($bbuserinfo['nosessionhash'] == 1)
{
$session['sessionhash'] = '';
$session['sessionhashnoamp'] = '';
$session['sessionhashamp'] = '';
}
else
{
$sessionurl_al = $session['dbsessionhash'];
// new template var's fallow
$session['sessionhashnoamp'] = 's=' . $sessionurl_al . '';
$session['sessionhashamp'] = 's=' . $sessionurl_al . '&';
}

I do not have a installation of vB 2.x.x to test with ATM but will set up a test board if this dose not solve your problems

See, the problem I had was that as a logged in user I was getting the sessionhas hand as a guest I wasn't getting the sessionhash.

this attachments seems to have gone walkies

I've replaced the last codes from Anime-loo but I saw my URL still contains "?" and "s=&" things. So I replaced these codes

$session['sessionhashnoamp'] = 's=' . $sessionurl_al . '';
$session['sessionhashamp'] = 's=' . $sessionurl_al . '&';

with these ones

$session['sessionhashnoamp'] = '' . $sessionurl_al . '';
$session['sessionhashamp'] = '' . $sessionurl_al . '';

But it still doesn't work. It would be good if you gave us another code :D
Thanks.
(Btw, I have problem with posting replies, I couldn't click any smiley, or toolbar buttons :/)

This doesn't work for me.

ok it does work, but replacing those damn templates is hard as hell.. if someone can maybe make a installer that will do that, one goes through trouble and makes everyone else happy! :)

Just a little comment. There are about 280 "?s=$session[sessionhash]" instances in vb 2.x .php files, they should b.e changed also... I did something similar a while ago on my 2.3.0 board.

This hack is not good, don't work!

Hi,

is there a Full short cut for all the links of the forum ? I hope to see a FULL update for the hack

I want the links without ((s=&))

for example:

after installing the hack its became like this link:

http://www.xxxxxx.com/vb/forumdisplay.php?s=&forumid=1

but, I want it to be like this:

http://www.xxxxxx.com/vb/forumdisplay.php?forumid=1

hope to know how to do this from anyone knows


Thanks a lot