vb.org Archive
Page 15 of 27 « First 51314 15 161725 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.0 Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=33)
-   -   Event attendance (https://vborg.vbsupport.ru/showthread.php?t=63460)

Benj 01-11-2005 12:54 PM
i might try later : bored ill let you know

Oblivion Knight 01-15-2005 02:17 PM
Quote:
Originally Posted by Pseudomizer
I found out how they bypass our check for userid. They open 2 windows as a user who is not attending the event and sees the link "i want to attend to this event". Then he goes to the second window and logs out of the forum. The cookie is cleared. Then he goes back and clicks the link in the first window which is still there and oleeeeeeeee oleeeeeeeeee you have the user "unregistered user" attend the event. :-(
I also experienced this issue recently, I did the following..

In calendar.php, find:
Code:
        if ($_REQUEST['do'] == "attend")
        {
                $roll[$bbuserinfo['userid']] = $bbuserinfo['username'];       
        }
        else
        {
                unset($roll[$bbuserinfo['userid']]);       
        }
Replace it with:
Code:
        if ($_REQUEST['do'] == "attend")
        {
                if ($bbuserinfo[userid])
                {
                        $roll[$bbuserinfo['userid']] = $bbuserinfo['username'];
                } else {
                        print_no_permission();
                }       
        }
        else
        {
                if ($bbuserinfo[userid])
                {
                        unset($roll[$bbuserinfo['userid']]);
                } else {
                        print_no_permission();
                }       
        }
It seems to have worked, as I can no longer replicate the bug.. :)


P.S This mod works flawlessly in 3.0.5.

ricker 01-16-2005 09:34 PM
it seems to be working fine on 3.0.5
:D awesome hack, everyone loves it.

ryancooper 01-16-2005 11:00 PM
Everything seems to work except when i try to add myself to a event i get :"

Invalid Event specified. If you followed a valid link, please notify the webmaster

Now hte strange part . . . IT WORKS It adds my name to the list and removs it when i click remove.

Any Help. . . I would love to get this up and running.

SamirDarji 01-20-2005 03:50 AM
Quote:
Originally Posted by ryancooper
Everything seems to work except when i try to add myself to a event i get :"

Invalid Event specified. If you followed a valid link, please notify the webmaster

Now hte strange part . . . IT WORKS It adds my name to the list and removs it when i click remove.


Any Help. . . I would love to get this up and running.
Check your code changes. Something doesn't sound like it got changed correctly.

SamirDarji 01-20-2005 03:55 AM
Quote:
Originally Posted by Oblivion Knight
I also experienced this issue recently, I did the following..

In calendar.php, find:
Code:
        if ($_REQUEST['do'] == "attend")
        {
                $roll[$bbuserinfo['userid']] = $bbuserinfo['username'];       
        }
        else
        {
                unset($roll[$bbuserinfo['userid']]);       
        }
Replace it with:
Code:
        if ($_REQUEST['do'] == "attend")
        {
                if ($bbuserinfo[userid])
                {
                        $roll[$bbuserinfo['userid']] = $bbuserinfo['username'];
                } else {
                        print_no_permission();
                }       
        }
        else
        {
                if ($bbuserinfo[userid])
                {
                        unset($roll[$bbuserinfo['userid']]);
                } else {
                        print_no_permission();
                }       
        }
It seems to have worked, as I can no longer replicate the bug.. :)


P.S This mod works flawlessly in 3.0.5.
Here's a simpler solution: https://vborg.vbsupport.ru/showthrea...1&postcount=73

Oblivion Knight 01-20-2005 06:34 AM
Quote:
Originally Posted by SamirDarji
As mentioned earlier in this thread, it is possible to bypass your fix.. ;)

"I found out how they bypass our check for userid. They open 2 windows as a user who is not attending the event and sees the link "i want to attend to this event". Then he goes to the second window and logs out of the forum. The cookie is cleared. Then he goes back and clicks the link in the first window which is still there and oleeeeeeeee oleeeeeeeeee you have the user "unregistered user" attend the event. :-("

SamirDarji 01-20-2005 08:27 AM
Quote:
Originally Posted by Oblivion Knight
As mentioned earlier in this thread, it is possible to bypass your fix.. ;)

"I found out how they bypass our check for userid. They open 2 windows as a user who is not attending the event and sees the link "i want to attend to this event". Then he goes to the second window and logs out of the forum. The cookie is cleared. Then he goes back and clicks the link in the first window which is still there and oleeeeeeeee oleeeeeeeeee you have the user "unregistered user" attend the event. :-("
Oh yeah, I forgot about that method. I've only seen it happen once, so I didn't pay much mind to it. I'll be adding your revised code to my setup. Thank you!

alkatraz 01-26-2005 10:28 PM
Great hack, installed on 3.03
thank you!!!

TBSVTOA 01-29-2005 01:37 PM
My admin CP tell me You are not authorized to execute SQL queries.

Anyone have any idea's


All times are GMT. The time now is 09:36 AM.
Page 15 of 27 « First 51314 15 161725 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01275 seconds
  • Memory Usage 1,754KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_code_printable
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (2)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete