vb.org Archive - Change style on index with UPDATE

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vBulletin 2.x Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=4)

- - Change style on index with UPDATE (https://vborg.vbsupport.ru/showthread.php?t=52491)

I can nothing for you at the moment ... haven't any time ...

See it later (at the end of the week ! ;) )

There is a security issue with this hack. I won't release the detail just yet, but here is what mine currently looks like:

PHP Code:


		
			
if ($bbuserinfo['userid'] > 0 and $_GET['styleid'] > 0) {

        $newstyleset = intval($_GET['styleid']);

        if ($allowchangestyles==1) {

                        $DB_site->query("UPDATE session SET styleid='$newstyleset' WHERE sessionhash='".addslashes($session['dbsessionhash'])."'");

                        $DB_site->query("UPDATE user SET styleid='$newstyleset' WHERE userid='$bbuserinfo[userid]' LIMIT 1");

                        vbsetcookie("bbstyleid","",1);

        }

          standardredirect("Style settings have been updated.", $bburl);

        exit;

}

There extra code is how vB itself deals with changing styles i.e. expiring the style cookie and updating the sessions table.

Hey SideKick. I have fixed that problem you have been tlaking about with the having to sumbit twice. Well that problem is due to this hack.

I have fixed it. And I think vbulletin.org should actually use this hack as well.

Ok go to member.php.

change this

Code:

  $stylesetlist = "";

  if ($allowchangestyles==1) {

    $stylesets=$DB_site->query("SELECT * FROM style WHERE userselect=1 ORDER BY title");

    if ( !isset($bbuserinfo['realstyleid']) ) {

      $bbuserinfo['realstyleid'] = $bbuserinfo['styleid'];

    }

    while($thisset=$DB_site->fetch_array($stylesets)) {

      if ($bbuserinfo['realstyleid']==$thisset['styleid']) {

        $selected = "selected";

      } else {

        $selected = "";

      }

      $thisid = $thisset['styleid'];

      $thisstylename = $thisset['title'];

      eval ("\$stylesetlist .= \"".gettemplate("modifyoptions_styleset")."\";");

      eval ("\$stylecell = \"".gettemplate("modifyoptions_stylecell")."\";");

    }

  } else {

    $stylecell = "";

  }

to this

Code:

 $stylesetlist = "";

  if ($allowchangestyles==1) {

$styles=$DB_site->query("SELECT styleid,title FROM `style` WHERE userselect='1'  ORDER by styleid");

while ($style=$DB_site->fetch_array($styles)) {



$listes=$DB_site->query_first("SELECT COUNT(*) AS nombre FROM `user` WHERE styleid='$style[styleid]'");

$nombre=$listes[nombre];



if ($bbuserinfo[styleid] == $style[styleid]) $select='selected'; else $select='';



eval ("\$stylesetlist .= \"".gettemplate("modifyoptions_styleset")."\";");



}

eval ("\$stylecell = \"".gettemplate("modifyoptions_stylecell")."\";");



if ($styleid!='')

{

$DB_site->query("UPDATE user SET styleid='$styleid' WHERE userid='$bbuserinfo[userid]'");

}

}else{

$stylecell = "";

  }

and then change in the templates

modifyoptions_styleset
to this

Code:

<option value="$style[styleid]" $select> $style[title] ($nombre)</option>

This works 100%. I hope u enjoy it.

Thank you very much for looking into it Big, but I think I'm gonna hold off untill this security issue is looked into, and someone can modify it so it will work in the header as well. :)

now ive got 45 queries instead of 35

hm some kind of wierd. with out this hack i've got 33 queries, with it i've got 45 queries. with the one firefly posted 41 queries..... what the hell please help me ^^

I know this has been asked and vaguely responded to, but it would be awesome if I could add this to the header instead of forumhome...

Anyone...?

Please :)

jEd

Quote:

08-11-03 at 11:30 PM DB8 MissingLink said this in Post #47
I know this has been asked and vaguely responded to, but it would be awesome if I could add this to the header instead of forumhome...

Anyone...?

Please :)

jEd

This hack was ditched by the hacker a couple of months ago. =\

Is someone distributing this hack for vb3? I'd love to add this type of functionality to my board. I noticed it's on this [vb.org] board. :)

[I did a search and all I could find were vb2x versions, sorry if I'm blind.]

Hurm, haven't you seen at the bottom of each page on vb3 a similar thing ?? ;)

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (3)bbcode_code_printable (1)bbcode_php_printable (1)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (3)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01062 seconds Memory Usage 1,749KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (3)bbcode_code_printable (1)bbcode_php_printable (1)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (3)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: