vb.org Archive
Page 4 of 8 « First 23 4 56 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Modification Graveyard (https://vborg.vbsupport.ru/forumdisplay.php?f=224)
-   -   Cpanel Email per username -Simple extension (https://vborg.vbsupport.ru/showthread.php?t=109598)

lebanon 03-07-2006 07:28 AM
sounds like i skipped the most important question
Specifying this to Special groups :

Replace line 60 of email.php
if (!$vbulletin->userinfo['userid'])
WITH
if (!is_member_of($vbulletin->userinfo, N) AND !is_member_of($vbulletin->userinfo, N2))
(ofcourse replace the N and N2 with numbers of the allowed groups , this example shows two allowed groups lets say admins and paid members groups, ofcourse to allow more just AND !is_member_of($vbulletin->userinfo, N3)

PtP 03-07-2006 07:31 AM
Quote:
Originally Posted by lebanon
//nitro and PtP : As for the PHP security guys are bothered about , just remember ALL scripts, forums, cms shopping carts and every known portal has its KNOWN location of its config files , how come this question was raisen here and u have never worried about everything else you add ur info to ?
PHP is processed before it outputs data to client side. (thus its safe )
Last comment i also read, someone suggested if php didnt run it will expose it , true , but trust me , if your server php stopped being processed for some reason your last worries would be my files !//
I asked this question here because in NO other script I use do I have to put in my username and password to my cpanel which controls EVERYTHING and could a lot of damage so please understand I am not going to jump in and do tbat without asking questions first.

Frugal 03-07-2006 08:18 AM
1 Attachment(s)
Great hack, however I tend to agree about the security, whilst it is true that many cms and other scripts have config files in known locations most have the permissions set to be non world readable or have them located in a .htaccess protected directory. Likewise should they be compromised only your forum or cms gets compromised. If CPANEL gets compromised then you are in deep doodoo as you could get completely locked out of your own server. As such I would definately move the cp_email_config.php into a safe place, outside of your web site's document root or at least protect it with .htaccess.

Easiest way to make it secure is to create a .htaccess file with the following content and drop it in the same directory

<Files cp_email_config.php>
order deny,allow
deny from all
</Files>


This will prevent anyone reading or downloading the file even if PHP was to stop running and should make it about as secure as it can be without moving the config file outside of the document root. Lebanon, how about including a .htaccess in the package, that way it is tightly locked up by default.

I have attached a .htaccess file to this post, just remove the .txt extension and upload it to the same directory as your cp_email_config.php file.

Frugal

lebanon 03-07-2006 08:41 AM
Frugal , yes could be done,
also u can put the config anywhere you want and just change the line in the second two files to point to it correctly instead of include ./ to ./include/ or ./admincp/ however place u feel comfortable about

Frugal 03-07-2006 09:29 AM
Yes on my own forums I'll be moving the file outside of the doc root, but everyones server is set up differently so posting detailed instructions that beginners can follow isn't easy. The .htaccess included in the package makes it very secure right from install for everyone, whilst the advanced users can take whatever additional steps they feel necessary.

Frugal

JirQUEST 03-07-2006 10:50 AM
regarding the special characters... what about underscores?

mathias 03-07-2006 05:53 PM
can you make one for ensim?

steadicamop 03-07-2006 06:58 PM
Q.

Is it only Cpanel logins that will work ... I'm hosting with someone who doesn't have Cpanel as such, just a different way of logging into the admin back end and webmail ... what details would I need - if this is possible?

Thanks,

Jason

nitro 03-08-2006 07:03 AM
Quote:
Originally Posted by lebanon
I havent really considered all cases but since you mentioned it , its doable.
I already took care of users wit Blank spaces where you could find at
Line containing ( in email.php )
$cpun1 = str_replace( " ", ".", $cpun );
Now you could rerun this same line for as much characters u suppose ur members or vbulletin allows and the second value is what it will be
so you could do
$cpun1 = str_replace( " ", ".", $cpun );
$cpun1 = str_replace( "#", ".", $cpun );
$cpun1 = str_replace( "~", ".", $cpun );
( i didnt even notice any forum member containing such characters so i havent really even thought of it except for spaces )

For other questions asked :
A live demo , that can be viewed on http://www.tchatting.com/forum/email.php but u will need to register thats why i added screenies instead .

//nitro and PtP : As for the PHP security guys are bothered about , just remember ALL scripts, forums, cms shopping carts and every known portal has its KNOWN location of its config files , how come this question was raisen here and u have never worried about everything else you add ur info to ?
PHP is processed before it outputs data to client side. (thus its safe )
Last comment i also read, someone suggested if php didnt run it will expose it , true , but trust me , if your server php stopped being processed for some reason your last worries would be my files !//

freako9699 : u dont need to create emails for ur users, THEY will activate their own emails , thats what this extension is for !
You add your cpanel details into the config, then you announce to ur users that they can have their free email at /email.php and thats it.

Snoop-It : to have a vb interface that will require a full email addon as well. I am projecting on doing such thing but that but still looking for Lots of free time.

moonclamp : file to upload are on ur forum root not domain root.
No strains on server no , and as for users deleted , they will keep their emails u should do it manually then , though we can add functions to this one.
Because in general most only require db info not your entire hosting info to be entered, this is where it becomes a much larger security issue. PHPNUke not that we really want to go there recomend that there config file with the db info is put outside of webroot, to a certain extent its the right way to do it, especially when it concerns your cpanel info wich maywell be your ftp info aswell. PHP can stop processing simply by a sysadmin mistakingly disabling the php module during an apache update ie forgetting to compile with php etc, not a serious issue and would soon be noticed and fixed but in that time info could easily be obtained that normally would not. a db user pass is nothing like as serious as cpanel info, likely to be ftpinfo and for some possibly WHM info aswell. This is one time the config file most certainly should be outside of the webroot.

lebanon 03-08-2006 08:10 AM
I updated the uploaded zip file and added the htaccess provided by furgil as well as moved the file into includes folder/
As for the questions for other than cpanel emails, generally i use cpanel thats why i did it for cpanel, but since i used fopen and http login post , this will allow it to be modifed to any panel that can accept http login posts


All times are GMT. The time now is 09:43 AM.
Page 4 of 8 « First 23 4 56 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01578 seconds
  • Memory Usage 1,750KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete