Fix-it: Template Edition
 

A common method of defacing vBulletin sites is to edit the parsed template html directly via the database. It makes it harder for administrators to find the issue, and can be a pain in the ass to cleanup if you're not familiar with working with the database.

This tool will make it easier to clean your defaced site.

What it does:
Checks all of the templates in the database:
- Makes a new compiled version from the uncompiled template.
- Compares the current compiled template to the new compiled template
- If they differ, it updates the template, then rebuilds all of the styles.

How do you use it?
- Upload to your admincp, modcp, install, or root forums folder
- Browse to it
- Let it run
- Delete tool_recompiler.php after you are done using it.

This tool now works on vB3 and vB4.

vB4 Thread

Ok, but how does someone without access the the database able to do this to begin with? (Forgive me here, I don't mean to be stupid. But If I don't ask, I won't learn. :o)

They gain access on the server level, either though another account, or an exploit on a server.

Will this mod tell us if we have exploits then? im confused...

No, it will repair the templates for you if you've been defaced by some random hacker group. I released the tool here because I thought people would like to have a tool to help them fix things.

But if it repairs templates, does it save previous template? basically...

Can it destroy a template just as easy as fix one?

Here is the explanation behind how the template system and this tool works.

Templates are stored in two ways. There is the unparsed template, which you edit in the Admin CP. It is the template as you know it. Then, there is the parsed template, which is the template after it has been ran through a function to convert things like <if> tags into valid PHP parsable code.

A common method of defacing vBulletin forums is for a hacker to directly edit the parsed version of the template in the database, leaving the unparsed template alone. When you go to edit the template in the Admin CP, you won't see anything different, but the parsed version of the template has changed.

What this tool does is it takes all of the unparsed templates from the database and creates a new parsed version from it. If the newly generated parse is different than the parsed version currently in the database, it will update the template, overwriting the old, probably compromised, parsed template. This process is not "dangerous" in any way. If you run it on a normal, uncompromised forum, you won't see it updating any templates.

No, it doesn't destory templates.

As explained already in the description, it checks the unprased template agasint the parsed template table. If the two don't match like they should, it takes your unparsed template and re-parses it and inserts it back into the database and removes the defacement.

Thanks to both of you...

thanks

Question: If it just rebuilds styles, it didn't find any issues?

Can you make a diagnostic edition where alert user instead to fix?

Correct.

I don't see any reason to. All this does is fix parsed versions of templates that are different than the unparsed version. There is no reason not to ever fix this problem, as it would only happen if the parsed template was directly edited in the database. All a diagnostic version would do is not run the update query, which doesn't help any.

If you run this and no problems are found, it will simply rebuild the styles. If there is a problem found, it will tell you which template it updates.

Great fix Zachery!
My Forum was hacked twice & defaced in July & August (hosted by Hostmonster) - you fixed it manually twice (a HUGE thanks from all of here in the UAE) and now, if the nasty extreme muslims try it again this fix will wipe them.
Well done! :D

looks really interesting and useful this one...thanks...where should i upload this and how can i run it and where?...sorry for the dumb question but a bit confused here...

:p

You upload it to the admincp folder and run it directly in your browser. http://www.yoursite.com/forum/admincp/tool_reparse.php

Installed and thank you. I navigated to it and it ran all my styles. Now is it automatic from now on, or do I run it every now and then or if I see a problem on forum?

You run it when you see that there's a problem. It's not a preventative measure, just a tool to use to help get your forums back under control.

Ok this seems brilliant... but a little help for us novices.

Just ran this:

And results back are:

Does that mean there were issues ? in the above files?

Are they fixed ? have they been repaired... what was the issue ??

It means that there was a difference between the unparsed version of the template and the parsed version of the template and those templates have been re-compiled from the unparsed version.

What the exact differences were is not something that is checked. This isn't a script to test for the errors, it's a simple script to fix them.

well thanks for the reply...really nice thing to have this mod...great idea...:p:up:

Absolutely brilliant idea, just ran it and it nicely just rebuilt the styles, nice to know this back-up is now available, thank you for this.

Thanks very much for this, a very handy tool :up:

Great Mod thanks :)

I stumbled upon this and its priceless to keep it in hand.

Thank you

If I edit one template for example "header" and run "tool_reparse.php", witch template will be rebuild ?

Original template or my template edited just before the defaced ?

No, it should match both database values and be ignored.

Ignored, which one ?

Nice.

I ran this and it showed.
Updating style information for each style

(Default Style ... (Templates) (StyleVars) (Replacement Variables) (CSS) (Controls) Done.)

Does that mean there were no errors?

So if no results came back, this means everything was fine?

EDIT: Nvm this was answered on page one. Thanks. :)

Isn't this tool good for refreshing all templates to ?
Sorta like purging the cache ?

Thank You,

No, its designed to fix defaced websites.

This fixed the malicious code that was put on my forumhome template by a hacker! This is a great tool!! Thank you so much! The hacker redirected my forum page to some stupid Turkish, Israel forum....my home page is back!!! :):):)

This might seem like an inane question but, if i have changed one of my vbulletin php files like functions_databuild.php (i added a small amount of code to parse VBA code tags) if i run this file will it reset any edits ive made to these files?

This doesn't touch files. It simply recompiles templates from the code you see in the Admin CP into the code that is actually ran when it is displayed in the forums.

Wow, speedy response! thanks for that.

Matthew if you do paid work or Zachery for that matter then please PM me or email simonDOTlloydATthecodecage.com

I guess it should be included in vb script, as you never can be secure enough.
A good idea would be to run on a regular basis as a cron job ...
Many thanks

Thank You!
I hope I wont need it, but I have it just in case.

Will this still allow you to revert templates back to vB stock as you currently can? Even if you've changed them? Not that I would want to but........... (reserved.waiting on reply)