vb.org Archive
Page 27 of 107 « First 172526 27 28293777 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.6 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=194)
-   -   Major Additions - Email Integration (New threads/replies by email) (https://vborg.vbsupport.ru/showthread.php?t=151222)

ChurchMedia 08-02-2007 08:54 PM
I'm really excited about releasing this to my community. They will LOVE it! So, great work!

I'm having a problem with BB Code not being formatted correctly and broken links (see attached screenshots). Is there something I'm doing wrong? I'm using MS Outlook and VB 3.8.

Thanks! :)

fxs158 08-02-2007 10:22 PM
Quote:
Originally Posted by Cyricx (Post 1308283)
Like so

Code:
// this grabs an overview of all the messages in the mailbox and creates an array we can read
  $letters = imap_fetch_overview($mailbox,"1:$amountmessages",0);
 
//then later in the cron file it checks the array we made above and determines the sender and host to determine the email address.
  $fromaddress = $letter->sender[0]->mailbox ."@".$letter->sender[0]->host;
 
// then later it does this query to find a user that has that email address
  $userinfo = $vbulletin->db->query_first("
    SELECT user.*, usertextfield.*
    FROM " . TABLE_PREFIX . "user AS user
    LEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON (usertextfield.userid = user.userid)
    WHERE email = '".addslashes(htmlspecialchars($fromaddress))."'
  ");
 
// finally in the cron file it does this which is where if there is not a user found in the above query, it sends the person an error message.
 
  // If Email Address belongs to a user
  if (!$userid)
  {
    $userinfo['username'] = "Unregistered User";
      $userinfo['languageid'] = 0;
    eval(fetch_email_phrases('ei_error_nouser', $userinfo['languageid']));
    vbmail($fromaddress, $subject, $message);
    imap_delete($mailbox,$msgno);
    continue;
  }
You guys are killin me here :)

I think I've mentioned this a few times in this thread how it determines the user that is posting :)
Thanks for the info, I am no coder but if i am understanding correctly this is checking that the email comes from the correct address and or domain and then cross reference the email with one of my database.

I am still not understanding how the script would prevent someone with an email address on same domain and a fake header, from posting as someone else.

I would think that a better approach would be to issue a unique hash to each user on the forum and when the email is sent to them this hash must be somewhere in the email so that when users reply the software will authenthicate the user. Or something along the lines.


Great job by the way on the scrip, I have not been this excited about a hack in a long time!!!!!

cynthetiq 08-03-2007 03:26 AM
Quote:
Originally Posted by Cyricx (Post 1308387)
O awesome.

Those are easy to code. I'll add those to the error codes for the next version I fire out :)

Thanks!!!! :)
Well, if you added a section within the forum setup where you have your email configurations to also include some additional regex items where one can put them in manually it would be a great way to stop spam.

I looked in depth at the form hack and the WoW hack based on form hack and they both require turning off the CAPTCHA image verification to allow guest posting

Here's some screenies of what the m2f backend settings and config are like and it really keeps the system from getting spammed.

https://vborg.vbsupport.ru/external/2007/08/20.jpg

https://vborg.vbsupport.ru/external/2007/08/21.jpg

https://vborg.vbsupport.ru/external/2007/08/22.jpg

Cyricx 08-03-2007 11:13 AM
Quote:
Originally Posted by fxs158 (Post 1308505)
I would think that a better approach would be to issue a unique hash to each user on the forum and when the email is sent to them this hash must be somewhere in the email so that when users reply the software will authenthicate the user. Or something along the lines.


Great job by the way on the scrip, I have not been this excited about a hack in a long time!!!!!
The massive downside to that is that they would have to remember and include that hash for when they wanted to create new threads. Significantly killing the user friendliness of this modification. :(

Cyricx 08-03-2007 11:15 AM
Quote:
Originally Posted by cynthetiq (Post 1308697)
Well, if you added a section within the forum setup where you have your email configurations to also include some additional regex items where one can put them in manually it would be a great way to stop spam.

I looked in depth at the form hack and the WoW hack based on form hack and they both require turning off the CAPTCHA image verification to allow guest posting

Here's some screenies of what the m2f backend settings and config are like and it really keeps the system from getting spammed.
Thanks!! I'll review these and release a version that checks for these things like autoreply and such by early next week. (Have meetings all this weekend heh).

I estimate a release by tuesday :)

Also, yes, it'll be in the options :)

It'll have to be to allow for multiple languages heh :)

fxs158 08-03-2007 11:17 AM
I am also a little concerned about spam, if a spam boot gets hold of the email. They will start spamming it, the script will receive each email and basically return an error to each of the bogus email addresses sent by the spam software, this will cause my board to become a spamming hub as I will be replying to bogus addresses and in essence become a spammer myself. Maybe setup the software to delete any emails that are not in the db, or simply configure a forum to dump posts from unknown emails?

fxs158 08-03-2007 11:18 AM
Quote:
Originally Posted by Cyricx (Post 1308874)
The massive downside to that is that they would have to remember and include that hash for when they wanted to create new threads. Significantly killing the user friendliness of this modification. :(
what if the hash was included on the subject line of the email on the way out of the server? so when they reply to the email then the hash for that user is already inserted for them?

I will do some testing on my board, but if there is a way for someone to bypass the filter and post as another user, then we are approaching this from the wrong angle. Security must prevail over functionality and ease of use. I love the idea of this mod and it is working flawlessly on my site so far!!!

Cyricx 08-03-2007 11:24 AM
Quote:
Originally Posted by fxs158 (Post 1308877)
I am also a little concerned about spam, if a spam boot gets hold of the email. They will start spamming it, the script will receive each email and basically return an error to each of the bogus email addresses sent by the spam software, this will cause my board to become a spamming hub as I will be replying to bogus addresses and in essence become a spammer myself. Maybe setup the software to delete any emails that are not in the db, or simply configure a forum to dump posts from unknown emails?
The code I posted above has this line :)

Code:
    imap_delete($mailbox,$msgno);
That flags the message to be deleted when the script is complete. So any message that errors out gets deleted.

As mentioned, the scripts next creation will handle any "returned mail" errors that you would get from an invalid email address :)

I really really appreciate your input!! Your bringing up some great points!


Quote:
Originally Posted by fxs158 (Post 1308879)
what if the hash was included on the subject line of the email on the way out of the server? so when they reply to the email then the hash for that user is already inserted for them?
That would work great for replies... but not for new threads :(

Or forwarded messages to create new threads would also not work for that system :(

I'm not opposed to a more secure system to receive posts... just wanna make sure it's feasible :)

The previous "Mail Reply" system by Colin F, created a new user profile field that people could put in a password. It hashed that onto the subject line of posts sent to users that when they replied validated the reply.

He then had users have to put something like

-pmypassword

at the end of subject lines of new threads if I recall right.

That seems infeasible, and definatley not user friendly enough to compete with yahoo groups.

I'm curious... will false headers from the same domain work to post to yahoo groups? has anyone tried?

fxs158 08-03-2007 01:19 PM
Well how about this, regular threads would get a random password attached to the subject line. New threads one must add a user password to subject line. If I have to type a whole email to make a post, I do not see why functionality would be sacrificed due to requiring that I type a password on the subject line right after my topic.

It would not be fully automated, but it would definitely beat, having a competitor spam the board with an email bomber. Can you imagine the work to clean that mess? Allot of sites are ran on shared accounts, all I would have to do is get an account on the shared server and then fake the headers and that could spell trouble for an unsuspected site.

I am not trying to be difficult, competition is though as it is, just do not want to give other sites a way to mess with my forum.

Cyricx 08-03-2007 01:30 PM
I'm mixed, I'd rather try to avoid having users that are sending threads to the forum have to do alot extra, or remember a password.

Heck, I have users now that have to reset their passwords weekly because they can't remember them :)

I'd love to hear from others on if they think that this would be nessecary.

Or if anyone else has any alternate ideas :)

Secondly, if you have a "competitor" on a shared server spamming your board... I'd really wonder why your host isn't doing something about that, as the end result would be them crippling their servers ;)

I understand your not trying to be difficult. :)

I just don't find the system your suggesting to be feasible, and would like to find an alternative :)


All times are GMT. The time now is 07:17 PM.
Page 27 of 107 « First 172526 27 28293777 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02023 seconds
  • Memory Usage 1,763KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (7)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (3)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete