vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 2.x Beta Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=5)
-   -   PasswordHack (https://vborg.vbsupport.ru/showthread.php?t=25845)

Afterburner 08-18-2001 10:00 PM

HackVersion: BETA 2.1

German:

Mit diesem Hack k?nnt ihr ein Board mit einem Passwortschutz versehen.
Das Passwort wird im Adminbereich unter:

Forums and Moderators
--> modify
---> das board w?hlen

eingegeben.

Dieser Hack ist erst einmal eine BETA. In der Endversion Soll der Hack sollen die gesch?tzten Beitr?ge auch nicht von einem unberechtigten ?ber die Suchfunktion
gefunden werden k?nnen und man soll auch den Zugriff auf die gesch?tzten Boards selbst wieder (als normaler member) aufheben k?nnen.

Hack ansehen:
Gesch?tztes Board:
http://www.the-afterburner.com/vbull...?s=&forumid=30
Ein Topic in diesem Board:
http://www.the-afterburner.com/vbull...&threadid=1029

Der Hack im Anhang ist in Deutsch

English:

You can make a board password protected with this hack.
You can insert the password here:

Forums and Moderators
--> modify
---> choose a board

Remember this is only a BETA

suggestion for the final:
- no matches in the searchengine if a board is protected and the member hasn?t access to this board
- unsubscribe a access to a password protected board

Sorry for my english

see this hack in action:
protected board:
http://www.the-afterburner.com/vbull...?s=&forumid=30
a topic in a protected board:
http://www.the-afterburner.com/vbull...&threadid=1029

the hack in the attachment is in german the english version is below in a reply.

@ VB Support

If you want to use this Hack in your next version - you can do this


UPDATED 30.08.2001 to BETA 2.1

GameCrash 08-19-2001 08:32 PM

nice :)

Afterburner 08-19-2001 08:33 PM

here is the english version of this hack

GameCrash 08-19-2001 08:34 PM

What is the password? btw if you try to login to the thread it says no forum is specified...

Afterburner 08-19-2001 08:41 PM

I cant post the password of my example link because its my xxx section and if a "no adult" it read this member has access to aduld stuff.

I will check the bug

Afterburner 08-19-2001 09:00 PM

OK I fixed the bug.
Now BETA 1.1 is available

If you installed BETA 1.0

replace the:
"fehler_password_showtopic" template
with:

English:

PHP Code:

<center>A password is required to enter this forumPlease enter it below: <br
<
form action="forumdisplay.php" method="POST"
<
input type="password" name="password"
<
br
<
input type="hidden" name="action" value="dopassword"
<
input type="hidden" name="forumid" value=$thread[forumid]> 
<
input type="submit" value="Abschicken"
</
form></center

German:

PHP Code:

<center>Du ben?tigst ein Passwort um dieses Topic zu lesen.<br>Bitte das Passwort hier eingeben und auf Abschicken klicken: <br
<
form action="forumdisplay.php" method="POST"
<
input type="password" name="password"
<
br
<
input type="hidden" name="action" value="dopassword"
<
input type="hidden" name="forumid" value=$thread[forumid]> 
<
input type="submit" value="Abschicken"
</
form></center


maverick1236 08-20-2001 12:11 AM

GREAT hack!!

Afterburner 08-20-2001 06:04 PM

BETA 2 is available

now you can protect each board with a different passwort
to download click on the attachment in the first postings

weezle 08-20-2001 06:12 PM

nice hack whens beta 3 coming lol

pipi 08-30-2001 05:43 AM

Quote:

Originally posted by Afterburner
BETA 2 is available

now you can protect each board with a different passwort
to download click on the attachment in the first postings

after install this hack, there are a databases error while use cp add new member.

Afterburner 08-30-2001 02:59 PM

@ pipi

What kind of error ? I need the error message.
I dont have this problem on my board

pipi 08-30-2001 03:07 PM

Quote:

Originally posted by Afterburner
@ pipi

What kind of error ? I need the error message.
I dont have this problem on my board

error message as below, thanks

Database error in vBulletin: Invalid SQL: UPDATE userfield SET userspezial43=1
WHERE userid='2'
mysql error: Unknown column 'userspezial43' in 'field list'
mysql error number: 1054
Date: Thursday 30th of August 2001 12:29:46 AM
Script: /forums/forumdisplay.php

Afterburner 08-30-2001 06:10 PM

ok, here is the fix:

open the user.php from your admin folder, look for this code:

PHP Code:

$sql "";
  
$profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
  while (
$profilefield=$DB_site->fetch_array($profilefields)) {
    
$varname="field$profilefield[profilefieldid]";
    
$sql.=",'".addslashes($$varname)."'";
  }
  
$DB_site->query("INSERT INTO userfield VALUES ($userid$sql)");

  
$action="modify";

  echo 
"<p>Record added</p>";




and replace the code with this code:

PHP Code:

$sql "";
  
$userfieldsnames="(userid";
  
$profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
  while (
$profilefield=$DB_site->fetch_array($profilefields)) {
      
$userfieldsnames.=",field$profilefield[profilefieldid]";
    
$varname="field$profilefield[profilefieldid]";
    
$sql.=",'".addslashes($$varname)."'";
  }
    
$userfieldsnames.=')';
  
$DB_site->query("INSERT INTO userfield $userfieldsnames VALUES ($userid$sql)");

  
$action="modify";

  echo 
"<p>Record added</p>";




Afterburner 08-30-2001 06:26 PM

I uploaded the new version, if you have installed BETA 2 you can update with the steps in the post before

Clueless 08-31-2001 08:06 PM

Hmmm slight prob i've added the hack without any errors, i ran the passwordhack.php first and deleted it after. and it said that it had completed the tables and to carry on with the Hack itself, so now i've finished it the board looks no different at all ????? there's no options in the control panel that i can see where you enter the password ?? Or an i missing something here :))))))))

Kengan 08-31-2001 10:01 PM

any demo please ! thanks !

Clueless 08-31-2001 10:18 PM

there's a demo on the first Post :) and that's what i can't see :) :)

Afterburner 09-02-2001 09:06 AM

go to your control panel
click on modify (Forums and Moderators)
choose a board and insert a password, up to now this board is password protected

drives_fast 10-24-2001 06:01 AM

Is it just me or is this the most un-secure password protect set-up around?

Please don't think me rude.......I installed this and there are holes everywhere.

First of all I have vbportal installed. Understandably....this was not written to accomidate that but aside fro those holes in the vb forum itself there is the link at the top of the main forum page "Active Posts" (or something like that).........then there is the little button by the membername in the table on the main forum page for "last post" (or something).....then there is the search feature.......do a search on the membername you see as the last poster in the forum nad with the results you are in......plus...once someone gets in.....if they never log out.....you can't get them out.....they will be able to waltz right in without any logins or anything.....and let's not forget about clicking on the membername of the last poster on the front of that forum and in his profile there is the link to a post inside and you are in again.

Is there any updates to this hack that will close all these holes?

I really want this to work because I don't want to make the forum private...it is too much work to add all the names

Thanks in advance....drives

Afterburner 10-24-2001 09:47 AM

You can see the titel of the postings but you canĀ“t access the boards wich are protected. This is only a "see the topic title hole"

drives_fast 10-24-2001 11:09 AM

then is it a cookie thing that allows me to get in that forum from all these links everywhere?

I cleared all cookies, temp internet files, everything but all I have to do is login to my board and go to that forum and I am in.

The only time I can't get in is if I am not logged into the board

Afterburner 10-24-2001 11:14 AM

Quote:

Originally posted by drives_fast
then is it a cookie thing that allows me to get in that forum from all these links everywhere?

I cleared all cookies, temp internet files, everything but all I have to do is login to my board and go to that forum and I am in.

The only time I can't get in is if I am not logged into the board

yes this is right, if you insert the correct password you are able to access the board every time, this settings are in your profile in the database, see in the instruction file from the hack there you can find my suggestions for the next version:
unsubscribe a password protected board.

drives_fast 10-24-2001 11:27 AM

is there any way to get those that have already gotten in through a hole out?

is it possible to code in that the cookie not be set for access to the protected forum?

in other words.....make it so everyone with the password have to put it in every time they visit that forum?

I have some that got in.......I need to be able to get them out

drives_fast 10-24-2001 11:24 PM

Well....after further investigation....there are definately holes in this.

I registered a name and then tried to access the protected forum......could not get in.....good.

I removed all instances of "view new posts" or anything similar

went to the search feature.....typed in a name of someone that posted in the protected forum.....boom...there are the links and yes.....you can click them and get in. (mind you that I never entered a password to access the protected forum before trying these things)

backed out of that and went to that members profile and clicked on the last post (in the protected forum) and boom.....in again

So I say....there are holes in this.

I tried these thing on your board (afterburner) and they did not work......maybe some tweaks you did to yours that aren't documented in the installation file?

I really want this to work but need some help to make it either not search and list threads in protected forums from every angle or something......

anybody....please?

Afterburner 10-25-2001 06:22 AM

did you modified the showtopic.php correctly ? I have the same code in the description of the hack than in my board.


PHP Code:

download the showthread.php and make a backup of this file

look 
for this code (ca 205):

if (!
$thread['visible']) {
  
$idname="thread";
  eval(
"standarderror(\"".gettemplate("error_invalidid")."\");");
  exit;
}

$forum=getforuminfo($thread['forumid']);

add below this code:

// Password-Hack-by Afterburner-Start 
if ($forum['password']) {
$boardid="userspezial$thread[forumid]";
if (
$bbuserinfo[$boardid] != 1) { 
eval(
"standarderror(\"".gettemplate('fehler_password_showtopic')."\");"); 
exit; 

}
// Password-Hack-by Afterburner-End

upload the showthread.php


drives_fast 10-25-2001 11:10 AM

yes...I have that in there exactly as you shoed it

do you think it could be this:....."userspezial$thread" instead of spelled "userspecial$thread" that is causing the problem?

My board is in english

Afterburner 10-25-2001 02:13 PM

userspezial$thread is the correct version
with z not with c

drives fast 11-04-2001 07:22 AM

I am still looking for a working version of this hack. I am willing to pay for it as long as it doesn't have any holes in it.

I tried the same tactics on afterberners site and the holes aren't there but on my board they are. I followed the instructions to the tee and even removed the hack and re-installed it but if I click on the name of the last poster in that forum and then clicl the last post they made (in the protected forum) I can get right in.

If someone has a "Secure" version of this and wants some bucks, please contact me.

I will however need refrences from the people that run this site because I am still dealing with one person that has not followed through with what I payed him for.

Thanks in advance......drives

Snake~eyes 11-09-2001 06:11 PM

Is it possible to make this hack work for version 2.2.0?

Bedhead 11-10-2001 07:44 AM

I would be interested in hole free password protection as well.

Afterburner 11-10-2001 08:22 AM

I will make the hack as soon as possible available for 2.2.0 and try to fix the bugs.

FaTaL_ErRoR 11-12-2001 05:05 PM

Afterburner plz release die 2.2.0 version *g*

squawell 11-16-2001 06:43 PM

PHP Code:

$sql "";
  
$profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
  while (
$profilefield=$DB_site->fetch_array($profilefields)) {
    
$varname="field$profilefield[profilefieldid]";
    
$sql.=",'".addslashes($$varname)."'";
  }
  
$DB_site->query("INSERT INTO userfield VALUES ($userid$sql)");

  
$action="modify";

  echo 
"<p>Record added</p>";

}

replace it with:

  
$sql "";
  
$userfieldsnames="(userid";
  
$profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
  while (
$profilefield=$DB_site->fetch_array($profilefields)) {
      
$userfieldsnames.=",field$profilefield[profilefieldid]";
    
$varname="field$profilefield[profilefieldid]";
    
$sql.=",'".addslashes($$varname)."'";
  }
    
$userfieldsnames.=')';
  
$DB_site->query("INSERT INTO userfield $userfieldsnames VALUES ($userid$sql)");

  
$action="modify";

  echo 
"<p>Record added</p>";



i cann't find this in user.php it cann't work on 2.20~~

or someone know how to fix it??

Inzagi 11-17-2001 12:34 PM

Quote:

Afterburner plz release die 2.2.0 version *g*
I agree *g* ..

Snake~eyes 11-17-2001 04:11 PM

It does NOT work on 2.2.0

which stinks.. hehe

drives fast 12-03-2001 04:06 AM

anybody want to get paid to fix this hack for me and my v2.0.3?

I have had to dissable my search feature because of the holes and I would really like to use that feature again.

Again....I am willing to pay


All times are GMT. The time now is 03:51 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01379 seconds
  • Memory Usage 1,854KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (6)bbcode_php_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (36)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete