vb.org Archive
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 2.x Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=4)
-   -   if() vBCode - Private Post Text Hack (https://vborg.vbsupport.ru/showthread.php?t=48492)

Slynderdale 02-06-2003 12:37 AM
Quote:
Originally posted by Erwin
This is great work. :) Well done! Obviously, use it with care - I would restrict this only for yourself - too easy to be abused or cause db errors by accident. :)
Thanks, I fixed the problem with db base "accidents" and so on, all functions except the ones you allow get removed so there are no security issues unless you allow it, also if some one enters a code with incorrest parsing, it wont show an error on the screen, at the moment when you first install it, you or users (if you have admin only set to false) will only be able to use trim(), strtoupper() and strtolower() in the code section, all other functions gets removed, you can change which are alwoed in the allowed_functions array.

rjpa 02-07-2003 12:28 PM
Is the threads post #1 the new updated code and is it safe to use?

squawell 02-07-2003 09:48 PM
i get error when i edit post and the error line is

$postinfo[message]=trim(preg_replace("/(\[)(if)(\()(.*)(\))(])(\r\n)*(.*)(\[\/if\])/esiU","doif('\\4','\\8','1')",$postinfo[message]));

any idea??

Slynderdale 02-08-2003 09:13 AM
Quote:
Originally posted by squawell
i get error when i edit post and the error line is

$postinfo[message]=trim(preg_replace("/(\[)(if)(\()(.*)(\))(])(\r\n)*(.*)(\[\/if\])/esiU","doif('\\4','\\8','1')",$postinfo[message]));

any idea??
What error do you get?

Slynderdale 02-08-2003 09:17 AM
Quote:
Originally posted by rjpa
Is the threads post #1 the new updated code and is it safe to use?
Yes, the first post's attachment contains the code, and this is now safe to use if you let users use it or not.

squawell 02-08-2003 12:20 PM
Quote:
Originally posted by Slynderdale


What error do you get?
so strange.....now it work....i dont know what happen last night?

but here is another problem i use this

[if($bbusergroupid==6)]XXX[/if] want show to this group member

only....but...when i use normal account(groupid=2)..and it can see

the text....so what happen???(it works perfect to guest...)

by the way...if someone use the [if] code when use search

function it can be see or not??...hope u know poor english...

Slynderdale 02-08-2003 01:09 PM
Quote:
Originally posted by squawell

so strange.....now it work....i dont know what happen last night?

but here is another problem i use this

[if($bbusergroupid==6)]XXX[/if] want show to this group member

only....but...when i use normal account(groupid=2)..and it can see

the text....so what happen???(it works perfect to guest...)

by the way...if someone use the [if] code when use search

function it can be see or not??...hope u know poor english...
The code bit in the if() tag is the same as normal php, so if your checking 2 things like the user group use ==, using just one = would be equal to:
$bbusergroupid=6;
in php, instead of checking it, it sets the varible.

Hmmm, thanks for reminding me about search, ill make a fix for it so if there not allowed to see it they wont and so on.

Slynderdale 02-08-2003 01:36 PM
Search bug fix:

*************************************
In file "search.php":
*************************************

*****************
find:
*****************
PHP Code:
    $sql="
    SELECT
      post.postid,post.title AS posttitle,post.dateline AS postdateline,post.userid AS postuserid,post.iconid AS posticonid,LEFT(post.pagetext,250) AS pagetext,
      thread.threadid,thread.title AS threadtitle,thread.iconid AS threadiconid,thread.replycount,thread.views,thread.pollid,thread.open,thread.lastpost,
      forum.forumid,forum.title AS forumtitle,forum.allowicons,user.username
      IF(post.title='',LEFT(post.pagetext,50),post.title) AS posttext,
      IF(post.userid=0,post.username,user.username) AS usrname,
      posticon.iconpath AS posticonpath,posticon.title AS posticontitle,
      threadicon.iconpath AS threadiconpath,threadicon.title AS threadicontitle
    FROM
      post".iif(strpos($search[query],"searchindex")>0,",searchindex","").",thread
    LEFT JOIN forum ON forum.forumid=thread.forumid
    LEFT JOIN user ON user.userid=post.userid
    LEFT JOIN icon AS threadicon ON thread.iconid=threadicon.iconid
    LEFT JOIN icon AS posticon ON post.iconid=posticon.iconid
    WHERE
      $postids AND thread.threadid=post.threadid
    ORDER BY
      $orderbysql";

    $searchtemplatebit "searchresultbit";
  }

  $searchresults=$DB_site->query($sql); 
*****************
replace it with:
*****************
PHP Code:
    $sql="
    SELECT
      post.postid,post.title AS posttitle,post.dateline AS postdateline,post.userid AS postuserid,post.iconid AS posticonid,LEFT(post.pagetext,250) AS pagetext,
      thread.threadid,thread.title AS threadtitle,thread.iconid AS threadiconid,thread.replycount,thread.views,thread.pollid,thread.open,thread.lastpost,
      forum.forumid,forum.title AS forumtitle,forum.allowicons,user.username,user.usergroupid,
      IF(post.title='',LEFT(post.pagetext,50),post.title) AS posttext,
      IF(post.userid=0,post.username,user.username) AS usrname,
      posticon.iconpath AS posticonpath,posticon.title AS posticontitle,
      threadicon.iconpath AS threadiconpath,threadicon.title AS threadicontitle
    FROM
      post".iif(strpos($search[query],"searchindex")>0,",searchindex","").",thread
    LEFT JOIN forum ON forum.forumid=thread.forumid
    LEFT JOIN user ON user.userid=post.userid
    LEFT JOIN icon AS threadicon ON thread.iconid=threadicon.iconid
    LEFT JOIN icon AS posticon ON post.iconid=posticon.iconid
    WHERE
      $postids AND thread.threadid=post.threadid
    ORDER BY
      $orderbysql";

    $searchtemplatebit "searchresultbit";
  }

  $searchresults=$DB_site->query($sql); 
*****************
find:
*****************
PHP Code:
        // get first 100 chars of page text
        if (strlen($searchresult[pagetext])>200) {
          $spacepos=strpos($searchresult[pagetext]." "," ",200);
          if ($spacepos!=0) {
            $searchresult[pagetext]=censortext(substr($searchresult[pagetext],0,$spacepos))."...";
          }
        } 
*****************
above it add:
*****************
PHP Code:
$searchresult['pagetext']=trim(preg_replace("/(\[)(if)(\()(.*)(\))(])(\r\n)*(.*)(\[\/if\])/esiU","doif('\\4','\\8','1')",$searchresult['pagetext'])); 
*************************************
In file "admin/functions.php":
*************************************

*****************
find:
*****************
PHP Code:
  $postadmin false;
  if ($post['usergroupid']==or $postinfo['usergroupid']==6)  $postadmin true
*****************
replace it with:
*****************
PHP Code:
  $postadmin false;
  if ($post['usergroupid']==or $postinfo['usergroupid']==or $searchresult['usergroupid']==6)  $postadmin true

I also added the fix into the install instructions in the first post.

Slynderdale 02-08-2003 01:49 PM
If any one else has any more problems, comments, ideas and so on, feel free to post them and ill see what I can do.

Also there is a bug, that NuclioN showed me where the code bit wasn't evaluating correctly and it showed the text to every one, this is rare, this bug doesn't happen to every one, just a rare few, if you experience this bug, please post about it, currently I'm still trying to find out what's wrong, I think it might be because of another hack they installed and is interfering with this one.

Also if you experience this bug, tell me if you have Logicians dynamic announcement hack installed or not. I think that might be the cause of the problem.

NuclioN 02-12-2003 01:44 PM
I've removed the dynamic announcement but with all the possible codes, all usergroups can see the priv message. :(

Slynderdale 03-16-2003 03:21 AM
Its been a while, but I fixed the bug that Nuclion had and also added a few more options to it, I also updated the text file with the fix, Ill also post the code below so you dont have to redownload the text. Just replace your old doif function with:

PHP Code:
// ###################### Do IF #######################
function doif($code,$text,$output=0) {
  extract ($GLOBALS);
  
  //Editable Options Below
  $allowed_functions = array('trim','strtolower','strtoupper');  //Array of allowable functions
  $admin_only false//Set to true if you want only admins to use this.
  $admin_allowed_functions false//Set to true if you want only admins to be able to use all the functions.
  $admin_view_all false//Set to true if you want to allow admins to view all text.
  $users_view_all = array('1'); //Users that can view all the text
  //Editable Options Above
  
  $postadmin false;
  if ($post['usergroupid']==or $postinfo['usergroupid']==or $searchresult['usergroupid']==6)  $postadmin true;
  $isadmin false;
  if ($bbuserinfo['usergroupid']==6)  $isadmin true;
  if ($code and ($admin_only!=true or $admin_only==true and $postadmin==true)) { 
      unset($codestuff);
    while (list($key,$val)=each($bbuserinfo)) {
      $codestuff .= '$bb'.strtolower($key).' = "'.$val.'";';
      @define("bb".strtolower($key),$val,true);
    }
    @eval($codestuff);
    $allfuncs get_defined_functions();
    $search_array = array();
    $replace_array = array();
    if ($admin_allowed_functions!=true or $admin_allowed_functions==true and $postadmin!=true) {
      foreach ($allfuncs['internal'] as $name) {
        if (!in_array($name,$allowed_functions)) {
          $search_array[] = "/($name)(.*)(\()(.*)(\))/siU";
          $replace_array[] = "\\4";
        }
      }
      foreach ($allfuncs['user'] as $name) {
        if (!in_array($name,$allowed_functions)) {
          $search_array[] = "/($name)(.*)(\()(.*)(\))/siU";
          $replace_array[] = "\\4";
        }
      }
    }
    $code preg_replace($search_array,$replace_array,$code);
    //$code = str_replace("(","",$code);
    //$code = str_replace(")","",$code);
    $eval_code=false;
    @eval ('if ('.stripslashes($code).') { $eval_code=true; } else { $eval_code=false; }');
      if (($eval_code==true) or ($bbuserinfo['userid'] == $post['userid'] and intval($post['userid'])>0) or ($bbuserinfo['userid'] == $postinfo['userid'] and intval($postinfo['userid'])>0) or ($bbuserinfo['userid'] == $searchresult['userid'] and intval($searchresult['userid'])>0) or ($isadmin==true and $admin_view_all==true) or (is_array($users_view_all) and @in_array($bbuserinfo['userid'],$users_view_all))) {
         if (!$output) {
           return "<table border=\"0\" align=\"center\" width=\"90%\" cellpadding=\"3\" cellspacing=\"1\"><tr><td><smallfont><b>Private Text: ".iif($isadmin,"(".stripslashes($code).")","")."</b></smallfont></td></tr><tr><td class=\"privatetext_style\">".bbcodeparse($text)."</td></tr></table>";
        } else return "[if(".stripslashes($code).")]".$text."[/if]";
     } else {
       return "";
     }
  }
  if ($admin_only==true and $postadmin!=true) return "[if(".stripslashes($code).")]".$text."[/if]";
  else return bbcodeparse($text);


NuclioN 03-16-2003 01:55 PM
Great Slynderdale, i hope it is fixed now :)
I saw this line:

$users_view_all = array('1'); //Users that can view all the text

What does this mean? Is 1 = all users can view and 0 is only the reciever can see it??

Slynderdale 03-16-2003 06:47 PM
Quote:
Today at 10:55 AM NuclioN said this in Post #52
Great Slynderdale, i hope it is fixed now :)
I saw this line:

$users_view_all = array('1'); //Users that can view all the text

What does this mean? Is 1 = all users can view and 0 is only the reciever can see it??

The array of userid's that can view all the private text's on the forum, in case you only want to see all the text instead of all the admins.

squawell 03-22-2003 03:04 PM
i found a problem....

when i use quote than i can see anything if the rule set someone

can see...so how to solve that??

thankz

Intex 08-01-2003 03:35 PM
Slynderdale - just looking at the installation for this hack. In the first part it asks yiou to find some text in functions.php, but then doesn't seem to suggest to modify / replace anything, it just asks to find something else.

Can you confirm please. Thx.

brauner 08-06-2003 10:56 AM
Quote:
08-01-03 at 05:35 PM Intex said this in Post #55
Slynderdale - just looking at the installation for this hack. In the first part it asks yiou to find some text in functions.php, but then doesn't seem to suggest to modify / replace anything, it just asks to find something else.

Can you confirm please. Thx.
Please Help, I have the same problem. I use vb 2.3.0 :cool:

Slynderdale 08-07-2003 07:47 AM
Sorry about that, fixed.

VeoMorphine 11-08-2003 02:02 AM
I was testing this:

[if($ourtimenow>=$post[dateline]+((7*24)*60*60))]Text To Display 1 week from this post[/if]

that makes the showthread.php for that post just a white page.

how would i also enable this for only supermods, admins and mod? and just not users?

#01 12-11-2003 01:46 AM
Thanks a lot for making this hack! Works very good! I can see a lot of work went into it and I give mad props to ya! :D

It was exactly what I was looking for. It's almost 100% secure. Only flaw I can find in it is the fact that if a member who should not be able to see the stuff was to click on "Reply to Thread" They could see all of the info... even the admin portion showing the code. They just need to scroll down to look at the previous threads under the reply box.

Not a big deal though... that feature can be easily shut off (which I'm shutting mine off now.) Thanx a lot!


All times are GMT. The time now is 04:51 AM.
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01602 seconds
  • Memory Usage 1,852KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (7)bbcode_php_printable
  • (7)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (19)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete