I've tested this but i can not find the right code to make a message for a member that can not be read by unregistered/not loggedin users. :(

How does the code looks if we want to let only the sender and reciever and the admin can view those messages?

What difference does the $ in this code means??

[if($bbusername=="MEMBER")]test1[/if]
[if(bbusername=="MEMBER")]test2[/if]

This is a nice hack, except all the possible exploitable methods of using it.
If you add this, don't give members access.
They can cause parse errors at the drop of a hat, no? (Point this out if I'm wrong, by all means)
[if($bbusername=")]Hi I'm exploiting you.[/if]

Dave.

Hm..i've found out that this: [if($bbusername=="MEMBER")]test1[/if] is visible for everyone. The other codes are working fine. :)

Actually the bb and $bb stuff arent used in the posts, they use $bbuserinfo[] and $post[], i have it so it creates $bb vars out of the $bbuserinfo array, like $bbuserinfo[posts] is $bbposts, also I thought about what you said though, Ill add a checker for the code so it check for single = and not == or != and so on and then makes it == for you automticly to prevent some bugs from happening.

Theres no different between them, i added a way so it works even if you dont add a $. And I tried:

[if($bbusername=="Admin")]test1[/if] and it worked, but ill look into it for you and see what I can do, also if you want text to show for just guests you can use:

[if($bbuserid==0)]test1[/if]

and just for members:

[if($bbuserid>0)]test1[/if]

Also note, how I have it, the person who posted the post can see all the private text in the post even if they normaly cant, so if they did:
[if(bbuserid==0)]

they still can see it in there post.

Hmm, I read up more on extract(), from what i read, all it does is exports an array as references an doesnt actualy make them global, so if you have $bbuerinfo[username]="exploit" for instance, it will just change the var in the function, not in the actual post itself, so users ant exploit it and mess with the post varibles.

Ok, big update, i recoded alot of the function so replace your old one with this:

I also updated the text file with it.

See latest Fix here:
https://vborg.vbsupport.ru/showthrea...167#post367167

Also in the update now, only admins see the (code) bit next to private Text, normal users only see Private Text, also you can edit the private text table colors and so on with the privatetext_ style in the headinclude if you like.

With this update it should now get rid of 99% of the bugs, security problems and exploits, only functions you allow will be pass through now, if you dont wanna allow any just make it array(), Also now how its made you can use () to group varibles now like:
[if($bbuserid>0 and ($bbposts>300 or $bbusergroupid==6))]Text[/if]

Hmm, I fixed a small bug in it, before it would remove the functons like max() but i didnt take into cosideration that some one might put a space between it like max (), so i fixed it, i fixed the download file and the post update above, just make sure that your code looks like this if you installed the update above before i fixed it:


I hope you enjoy this hack, if any one has any comments or idea's feel free to ask, also feedback is nice too. All I ask of you if you use this hack on your forum is to click nt install button, thats all.