vb.org Archive
Page 5 of 6 « First 34 5 6
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 2.x Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=4)
-   -   if() vBCode - Private Post Text Hack (https://vborg.vbsupport.ru/showthread.php?t=48492)

Slynderdale 02-06-2003 12:37 AM
Quote:
Originally posted by Erwin
This is great work. :) Well done! Obviously, use it with care - I would restrict this only for yourself - too easy to be abused or cause db errors by accident. :)
Thanks, I fixed the problem with db base "accidents" and so on, all functions except the ones you allow get removed so there are no security issues unless you allow it, also if some one enters a code with incorrest parsing, it wont show an error on the screen, at the moment when you first install it, you or users (if you have admin only set to false) will only be able to use trim(), strtoupper() and strtolower() in the code section, all other functions gets removed, you can change which are alwoed in the allowed_functions array.

rjpa 02-07-2003 12:28 PM
Is the threads post #1 the new updated code and is it safe to use?

squawell 02-07-2003 09:48 PM
i get error when i edit post and the error line is

$postinfo[message]=trim(preg_replace("/(\[)(if)(\()(.*)(\))(])(\r\n)*(.*)(\[\/if\])/esiU","doif('\\4','\\8','1')",$postinfo[message]));

any idea??

Slynderdale 02-08-2003 09:13 AM
Quote:
Originally posted by squawell
i get error when i edit post and the error line is

$postinfo[message]=trim(preg_replace("/(\[)(if)(\()(.*)(\))(])(\r\n)*(.*)(\[\/if\])/esiU","doif('\\4','\\8','1')",$postinfo[message]));

any idea??
What error do you get?

Slynderdale 02-08-2003 09:17 AM
Quote:
Originally posted by rjpa
Is the threads post #1 the new updated code and is it safe to use?
Yes, the first post's attachment contains the code, and this is now safe to use if you let users use it or not.

squawell 02-08-2003 12:20 PM
Quote:
Originally posted by Slynderdale


What error do you get?
so strange.....now it work....i dont know what happen last night?

but here is another problem i use this

[if($bbusergroupid==6)]XXX[/if] want show to this group member

only....but...when i use normal account(groupid=2)..and it can see

the text....so what happen???(it works perfect to guest...)

by the way...if someone use the [if] code when use search

function it can be see or not??...hope u know poor english...

Slynderdale 02-08-2003 01:09 PM
Quote:
Originally posted by squawell

so strange.....now it work....i dont know what happen last night?

but here is another problem i use this

[if($bbusergroupid==6)]XXX[/if] want show to this group member

only....but...when i use normal account(groupid=2)..and it can see

the text....so what happen???(it works perfect to guest...)

by the way...if someone use the [if] code when use search

function it can be see or not??...hope u know poor english...
The code bit in the if() tag is the same as normal php, so if your checking 2 things like the user group use ==, using just one = would be equal to:
$bbusergroupid=6;
in php, instead of checking it, it sets the varible.

Hmmm, thanks for reminding me about search, ill make a fix for it so if there not allowed to see it they wont and so on.

Slynderdale 02-08-2003 01:36 PM
Search bug fix:

*************************************
In file "search.php":
*************************************

*****************
find:
*****************
PHP Code:
    $sql="
    SELECT
      post.postid,post.title AS posttitle,post.dateline AS postdateline,post.userid AS postuserid,post.iconid AS posticonid,LEFT(post.pagetext,250) AS pagetext,
      thread.threadid,thread.title AS threadtitle,thread.iconid AS threadiconid,thread.replycount,thread.views,thread.pollid,thread.open,thread.lastpost,
      forum.forumid,forum.title AS forumtitle,forum.allowicons,user.username
      IF(post.title='',LEFT(post.pagetext,50),post.title) AS posttext,
      IF(post.userid=0,post.username,user.username) AS usrname,
      posticon.iconpath AS posticonpath,posticon.title AS posticontitle,
      threadicon.iconpath AS threadiconpath,threadicon.title AS threadicontitle
    FROM
      post".iif(strpos($search[query],"searchindex")>0,",searchindex","").",thread
    LEFT JOIN forum ON forum.forumid=thread.forumid
    LEFT JOIN user ON user.userid=post.userid
    LEFT JOIN icon AS threadicon ON thread.iconid=threadicon.iconid
    LEFT JOIN icon AS posticon ON post.iconid=posticon.iconid
    WHERE
      $postids AND thread.threadid=post.threadid
    ORDER BY
      $orderbysql";

    $searchtemplatebit "searchresultbit";
  }

  $searchresults=$DB_site->query($sql); 
*****************
replace it with:
*****************
PHP Code:
    $sql="
    SELECT
      post.postid,post.title AS posttitle,post.dateline AS postdateline,post.userid AS postuserid,post.iconid AS posticonid,LEFT(post.pagetext,250) AS pagetext,
      thread.threadid,thread.title AS threadtitle,thread.iconid AS threadiconid,thread.replycount,thread.views,thread.pollid,thread.open,thread.lastpost,
      forum.forumid,forum.title AS forumtitle,forum.allowicons,user.username,user.usergroupid,
      IF(post.title='',LEFT(post.pagetext,50),post.title) AS posttext,
      IF(post.userid=0,post.username,user.username) AS usrname,
      posticon.iconpath AS posticonpath,posticon.title AS posticontitle,
      threadicon.iconpath AS threadiconpath,threadicon.title AS threadicontitle
    FROM
      post".iif(strpos($search[query],"searchindex")>0,",searchindex","").",thread
    LEFT JOIN forum ON forum.forumid=thread.forumid
    LEFT JOIN user ON user.userid=post.userid
    LEFT JOIN icon AS threadicon ON thread.iconid=threadicon.iconid
    LEFT JOIN icon AS posticon ON post.iconid=posticon.iconid
    WHERE
      $postids AND thread.threadid=post.threadid
    ORDER BY
      $orderbysql";

    $searchtemplatebit "searchresultbit";
  }

  $searchresults=$DB_site->query($sql); 
*****************
find:
*****************
PHP Code:
        // get first 100 chars of page text
        if (strlen($searchresult[pagetext])>200) {
          $spacepos=strpos($searchresult[pagetext]." "," ",200);
          if ($spacepos!=0) {
            $searchresult[pagetext]=censortext(substr($searchresult[pagetext],0,$spacepos))."...";
          }
        } 
*****************
above it add:
*****************
PHP Code:
$searchresult['pagetext']=trim(preg_replace("/(\[)(if)(\()(.*)(\))(])(\r\n)*(.*)(\[\/if\])/esiU","doif('\\4','\\8','1')",$searchresult['pagetext'])); 
*************************************
In file "admin/functions.php":
*************************************

*****************
find:
*****************
PHP Code:
  $postadmin false;
  if ($post['usergroupid']==or $postinfo['usergroupid']==6)  $postadmin true
*****************
replace it with:
*****************
PHP Code:
  $postadmin false;
  if ($post['usergroupid']==or $postinfo['usergroupid']==or $searchresult['usergroupid']==6)  $postadmin true

I also added the fix into the install instructions in the first post.

Slynderdale 02-08-2003 01:49 PM
If any one else has any more problems, comments, ideas and so on, feel free to post them and ill see what I can do.

Also there is a bug, that NuclioN showed me where the code bit wasn't evaluating correctly and it showed the text to every one, this is rare, this bug doesn't happen to every one, just a rare few, if you experience this bug, please post about it, currently I'm still trying to find out what's wrong, I think it might be because of another hack they installed and is interfering with this one.

Also if you experience this bug, tell me if you have Logicians dynamic announcement hack installed or not. I think that might be the cause of the problem.

NuclioN 02-12-2003 01:44 PM
I've removed the dynamic announcement but with all the possible codes, all usergroups can see the priv message. :(


All times are GMT. The time now is 06:20 AM.
Page 5 of 6 « First 34 5 6
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03466 seconds
  • Memory Usage 1,776KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (6)bbcode_php_printable
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete