View Full Version : Quick PM Sending (pop-up) v2
AnhTuanCool
10-01-2004, 10:00 PM
Quick PM Sending
---------------------------------------
Description:
This hack normally adds an option in the menu when you click on an Username. When you click on it, vb will give you a pop-up with the content just like the page that you use to send a new PM with full functions as the original one, which is design for users with have to mass PM others in thread with different PM's content and that persons don't have to reload that thread again again each time, lessen time is lessen costed ;) You might find out its handy in someway.
Updated:
New newpm.php has cleared unwanted script and reduced extra queries when executing
Security Fixed
v2 includes pm sent with template and fixed security in newpm.php
v2.01 includes new bug XSS found in vb 3.0.* refer to this announcement here https://vborg.vbsupport.ru/showthread.php?t=74035 *Thank Erwin for heads-up :)
Note: If you want a better look for the page indicated your message has been sent then just see the pm_sent_with_template.txt file. ;)
Installating Instruction & Screenshot are in attachments. Enjoy :) And don't forget to click install if you use this hack ;)
Johnny
10-02-2004, 01:23 PM
this is pretty cool and useful.
*clicks install* :)
AnhTuanCool
10-02-2004, 01:37 PM
It IS. Thanks ;)
Azhrialilu
10-02-2004, 01:56 PM
excellent....installed perfectly :D thank you!!
dndog
10-02-2004, 02:49 PM
Niceness.
/me clicks install
Red Blaze
10-02-2004, 04:23 PM
Works well, thanks. *clicks install*
Surtain23
10-02-2004, 04:25 PM
Great idea! Good work!
AnhTuanCool
10-02-2004, 05:03 PM
Works great. Just a couple of suggestions:
In the postbit, cursor='hand' needs to be cursor='pointer' otherwise you don't get the mouseover efefct in non-IE browsers.
A close window button would be handy under the 'sent succesfully' message, also would it be possible for that window to match the style of the site rather than being plain white?
If you want to have the window match the style so that would need one more template and few changes. You can do so just see the new udpate txt file. Enjoy ;)
dndog
10-02-2004, 09:57 PM
Works great. Just a couple of suggestions:
In the postbit, cursor='hand' needs to be cursor='pointer' otherwise you don't get the mouseover efefct in non-IE browsers.
A close window button would be handy under the 'sent succesfully' message, also would it be possible for that window to match the style of the site rather than being plain white?
Thanks so much. I was running firefox and trying to figure out what the problem is.
Hmm, so basically you've copied/pasted chunks of code from the private.php file? I'm not even sure that is allowed, but you might want to ask around just to make sure. :)
Floris
10-03-2004, 12:20 AM
Hmm, so basically you've copied/pasted chunks of code from the private.php file? I'm not even sure that is allowed, but you might want to ask around just to make sure. :)
Nope, you can addon or modify, but you can't duplicate and share.
Logikos
10-03-2004, 12:26 AM
Nope, you can addon or modify, but you can't duplicate and share.
So basicly you cannot take code from the vb files and add them else where?
For instant, if i wanted to make the attachments in the new thread page instead of a popup and i just copyed /pasted chucks of the attachments.php file to the newthread.php file.
That is not allowed?
AnhTuanCool
10-03-2004, 12:42 AM
I did the modify to the code and left the copyright notice as you can see :)
This looks nice ;) I will go ahead and install this mod ;)
FleaBag
10-03-2004, 10:11 PM
Sweet.
enginethatcan't
10-08-2004, 04:11 PM
is it me or what? For some reason I don't have a newpm.php file anywhere, are you sure that's what the file is called?
AnhTuanCool
10-08-2004, 04:14 PM
It's(newpm.php) in my attachment at the first post, check it out ;)
Erwin
10-09-2004, 01:38 AM
2 issues:
1. You have not cached a LOT of templates causing 20 extra queries for no reason.
You need to add these templates to be cached (including newpm - make that a global template to be cached, not an actiontemplate).
Replace globaltemplates with these ones:
// pre-cache templates used by all actions
$globaltemplates = array(
'PM',
'newpm',
'newwpm',
'pmsent',
'editor_clientscript',
'editor_jsoptions_font',
'editor_jsoptions_size',
'editor_smilie_wysiwyg',
'editor_smilie_standard',
'editor_smiliebox',
'editor_smiliebox_category',
'editor_smiliebox_row',
'editor_smiliebox_straggler',
'editor_smiliemenu_category',
'editor_smiliemenu_smilie',
'editor_toolbar_wysiwyg',
'editor_toolbar_standard',
'newpost_disablesmiliesoption',
'newpost_quote',
'posticonbit',
'posticons',
'forumrules',
'usercp_nav_folderbit'
);
And remove the actiontemplates bit - no need.
2. Get rid of the smilie panel by doing this:
Find:
require_once('./includes/functions_editor.php');
ABOVE this, ADD:
$vboptions['wysiwyg_show_smiliebox'] = '0';
Enjoy. :)
AnhTuanCool
10-09-2004, 03:43 AM
Oh thank you Erwin, that would help :)
New newpm.php file updated ;)
theArchitect
10-10-2004, 01:51 AM
*theArchitect clicks install*.
A great hack. Very useful. And thankyou Erwin for your corrections.
Lionel
10-14-2004, 09:18 PM
why would I get a javascript error in there? That happened why after I did a copy n paste
Lionel
10-14-2004, 10:42 PM
My problem is at line 116 character 2 object expected. Problem is that line is just plain html. But I could say that it pops up everytime I start typing in the editor's body textarea. Which function or which editor brings that up? And at what point? I am using the WYSIWYG
Lionel
10-14-2004, 10:54 PM
I found the reason... I installed the excellent character counter hack, so I needed to adjust your templates accordingly.
Erwin
10-14-2004, 11:56 PM
This hack has a potential huge security hole - there is no internal usergroup permission check, so unregistered members can use newpm.php to send PMs. :) I would add some sort of check in the newpm.php file itself, plus use templates to prevent unregistered users from accessing the link.
Lionel
10-15-2004, 12:13 AM
@erwin
if I put the below in newpm.php, will that be sufficient?
if (!$vboptions['enablepms'])
{
eval(print_standard_error('pm_adminoff'));
}
// check permission to use private messaging
if ($permissions['pmquota'] < 1 OR !$bbuserinfo['userid'])
{
print_no_permission();
}
//check if the user will receive PMs
if (!$bbuserinfo['receivepm'])
{
eval(print_standard_error('pm_turnedoff'));
}
AnhTuanCool
10-15-2004, 12:22 AM
This hack has a potential huge security hole - there is no internal usergroup permission check, so unregistered members can use newpm.php to send PMs. :) I would add some sort of check in the newpm.php file itself, plus use templates to prevent unregistered users from accessing the link.
Did you even test it? :)
I've just logged out of my board and try to access /newpm.php?do=newwpm&userid=... and I get the page said needed to login, although I haven't changed anything from the one I posted here. :)
Lionel
10-15-2004, 12:26 AM
that would not hurt to incorporate the above. It checks for quotas, pm enabled etc...
Erwin
10-15-2004, 01:09 AM
Did you even test it? :)
I've just logged out of my board and try to access /newpm.php?do=newwpm&userid=... and I get the page said needed to login, although I haven't changed anything from the one I posted here. :)
Obviously.
Unregistered visitors on my site were sending PMs and it took us a day to figure out it was this hack. Serves me right for not checking the code properly.
integra99
10-15-2004, 02:26 AM
I changed the pmsent template a bit...
<script language="Javascript">
<!--
alert("$vbphrase[pm_sent]");
self.close();
//-->
</script>
integra99
10-15-2004, 02:38 AM
Erwin, I had the same problem. I had to add in..
if (!($permissions['forumpermissions'] & CANVIEW) OR ($bbuserinfo['userid'] == '0')) {
print_no_permission();
}
AnhTuanCool
10-15-2004, 03:49 AM
You're right Erwin, I found it now, and newpm.php had been updated too, you can look through and check it yourself, thanks everyone for reporting. :)
IT works well for me, only 1 prob..
After i sent a pm, i get no "message succesfull", nothing.. after i send the pm, i get a blank page :S
AnhTuanCool
11-11-2004, 10:58 PM
Do this update, hope it helps ;)
https://vborg.vbsupport.ru/attachment.php?attachmentid=21736
Sweet Evil
11-14-2004, 11:43 PM
Nice, Installed
bendigo-tech
11-15-2004, 04:25 AM
Installed and working sweet. Thanks :)
Erwin
01-09-2005, 01:12 AM
As per the private.php XSS loophole, you need to patch newpm.php as well or else you can be hacked.
Manual Patch Instructions
In newpm.php, find the following:
$pm['message'] = htmlspecialchars_uni($pm['message']);
BELOW it, add the following:
$pm['recipients'] = htmlspecialchars_uni($pm['recipients']);
Refer to announcement here:
https://vborg.vbsupport.ru/showthread.php?t=74035
JKeats
02-03-2005, 09:40 PM
i noticed that when i select the quick pm link my curser is in the message box. i don't suppose there's a way to get the cursor in the title box first? seems it'd be a more appropriate place to start.
otherwise... great hack. thanks!
Snitz
05-28-2005, 07:41 AM
/me loved it
bryan09
06-08-2005, 03:04 AM
Good job! :)
vBulletin® v3.8.12 by vBS, Copyright ©2000-2024, vBulletin Solutions Inc.