vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.0 Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=33)
-   -   Quick PM Sending (pop-up) v2 (https://vborg.vbsupport.ru/showthread.php?t=70085)

AnhTuanCool 10-01-2004 10:00 PM
Quick PM Sending (pop-up) v2
 
Quick PM Sending
---------------------------------------

Description:
This hack normally adds an option in the menu when you click on an Username. When you click on it, vb will give you a pop-up with the content just like the page that you use to send a new PM with full functions as the original one, which is design for users with have to mass PM others in thread with different PM's content and that persons don't have to reload that thread again again each time, lessen time is lessen costed ;) You might find out its handy in someway.

Updated:
New newpm.php has cleared unwanted script and reduced extra queries when executing
Security Fixed
v2 includes pm sent with template and fixed security in newpm.php
v2.01 includes new bug XSS found in vb 3.0.* refer to this announcement here https://vborg.vbsupport.ru/showthread.php?t=74035 *Thank Erwin for heads-up :)

Note: If you want a better look for the page indicated your message has been sent then just see the pm_sent_with_template.txt file. ;)

Installating Instruction & Screenshot are in attachments. Enjoy :) And don't forget to click install if you use this hack ;)

Johnny 10-02-2004 01:23 PM
this is pretty cool and useful.
*clicks install* :)

AnhTuanCool 10-02-2004 01:37 PM
It IS. Thanks ;)

Azhrialilu 10-02-2004 01:56 PM
excellent....installed perfectly :D thank you!!

dndog 10-02-2004 02:49 PM
Niceness.

/me clicks install

Red Blaze 10-02-2004 04:23 PM
Works well, thanks. *clicks install*

Surtain23 10-02-2004 04:25 PM
Great idea! Good work!

AnhTuanCool 10-02-2004 05:03 PM
Quote:
Originally Posted by Mark.B
Works great. Just a couple of suggestions:

In the postbit, cursor='hand' needs to be cursor='pointer' otherwise you don't get the mouseover efefct in non-IE browsers.

A close window button would be handy under the 'sent succesfully' message, also would it be possible for that window to match the style of the site rather than being plain white?
If you want to have the window match the style so that would need one more template and few changes. You can do so just see the new udpate txt file. Enjoy ;)

dndog 10-02-2004 09:57 PM
Quote:
Originally Posted by Mark.B
Works great. Just a couple of suggestions:

In the postbit, cursor='hand' needs to be cursor='pointer' otherwise you don't get the mouseover efefct in non-IE browsers.

A close window button would be handy under the 'sent succesfully' message, also would it be possible for that window to match the style of the site rather than being plain white?
Thanks so much. I was running firefox and trying to figure out what the problem is.

M1th 10-02-2004 11:24 PM
Hmm, so basically you've copied/pasted chunks of code from the private.php file? I'm not even sure that is allowed, but you might want to ask around just to make sure. :)

Floris 10-03-2004 12:20 AM
Quote:
Originally Posted by M1th
Hmm, so basically you've copied/pasted chunks of code from the private.php file? I'm not even sure that is allowed, but you might want to ask around just to make sure. :)
Nope, you can addon or modify, but you can't duplicate and share.

Logikos 10-03-2004 12:26 AM
Quote:
Originally Posted by floris
Nope, you can addon or modify, but you can't duplicate and share.
So basicly you cannot take code from the vb files and add them else where?

For instant, if i wanted to make the attachments in the new thread page instead of a popup and i just copyed /pasted chucks of the attachments.php file to the newthread.php file.

That is not allowed?

AnhTuanCool 10-03-2004 12:42 AM
I did the modify to the code and left the copyright notice as you can see :)

Polo 10-03-2004 07:14 PM
This looks nice ;) I will go ahead and install this mod ;)

FleaBag 10-03-2004 10:11 PM
Sweet.

enginethatcan't 10-08-2004 04:11 PM
is it me or what? For some reason I don't have a newpm.php file anywhere, are you sure that's what the file is called?

AnhTuanCool 10-08-2004 04:14 PM
It's(newpm.php) in my attachment at the first post, check it out ;)

Erwin 10-09-2004 01:38 AM
2 issues:

1. You have not cached a LOT of templates causing 20 extra queries for no reason.

You need to add these templates to be cached (including newpm - make that a global template to be cached, not an actiontemplate).

Replace globaltemplates with these ones:

PHP Code:
// pre-cache templates used by all actions
$globaltemplates = array(
    'PM',
    'newpm',
    'newwpm',
    'pmsent',
'editor_clientscript',
'editor_jsoptions_font',
'editor_jsoptions_size',
'editor_smilie_wysiwyg',
'editor_smilie_standard',
'editor_smiliebox',
'editor_smiliebox_category',
'editor_smiliebox_row',
'editor_smiliebox_straggler',
'editor_smiliemenu_category',
'editor_smiliemenu_smilie',
'editor_toolbar_wysiwyg',
'editor_toolbar_standard'
'newpost_disablesmiliesoption',
'newpost_quote',
'posticonbit',
'posticons'
'forumrules',
'usercp_nav_folderbit'
); 
And remove the actiontemplates bit - no need.

2. Get rid of the smilie panel by doing this:

Find:

PHP Code:
    require_once('./includes/functions_editor.php'); 
ABOVE this, ADD:

PHP Code:
    $vboptions['wysiwyg_show_smiliebox'] = '0'
Enjoy. :)

AnhTuanCool 10-09-2004 03:43 AM
Oh thank you Erwin, that would help :)

New newpm.php file updated ;)

theArchitect 10-10-2004 01:51 AM
*theArchitect clicks install*.

A great hack. Very useful. And thankyou Erwin for your corrections.

Lionel 10-14-2004 09:18 PM
why would I get a javascript error in there? That happened why after I did a copy n paste

Lionel 10-14-2004 10:42 PM
My problem is at line 116 character 2 object expected. Problem is that line is just plain html. But I could say that it pops up everytime I start typing in the editor's body textarea. Which function or which editor brings that up? And at what point? I am using the WYSIWYG

Lionel 10-14-2004 10:54 PM
I found the reason... I installed the excellent character counter hack, so I needed to adjust your templates accordingly.

Erwin 10-14-2004 11:56 PM
This hack has a potential huge security hole - there is no internal usergroup permission check, so unregistered members can use newpm.php to send PMs. :) I would add some sort of check in the newpm.php file itself, plus use templates to prevent unregistered users from accessing the link.

Lionel 10-15-2004 12:13 AM
@erwin

if I put the below in newpm.php, will that be sufficient?

if (!$vboptions['enablepms'])
{
eval(print_standard_error('pm_adminoff'));
}

// check permission to use private messaging
if ($permissions['pmquota'] < 1 OR !$bbuserinfo['userid'])
{
print_no_permission();
}

//check if the user will receive PMs
if (!$bbuserinfo['receivepm'])
{
eval(print_standard_error('pm_turnedoff'));
}

AnhTuanCool 10-15-2004 12:22 AM
Quote:
Originally Posted by Erwin
This hack has a potential huge security hole - there is no internal usergroup permission check, so unregistered members can use newpm.php to send PMs. :) I would add some sort of check in the newpm.php file itself, plus use templates to prevent unregistered users from accessing the link.
Did you even test it? :)

I've just logged out of my board and try to access /newpm.php?do=newwpm&userid=... and I get the page said needed to login, although I haven't changed anything from the one I posted here. :)

Lionel 10-15-2004 12:26 AM
that would not hurt to incorporate the above. It checks for quotas, pm enabled etc...

Erwin 10-15-2004 01:09 AM
Quote:
Originally Posted by AnhTuanCOol
Did you even test it? :)

I've just logged out of my board and try to access /newpm.php?do=newwpm&userid=... and I get the page said needed to login, although I haven't changed anything from the one I posted here. :)
Obviously.

Unregistered visitors on my site were sending PMs and it took us a day to figure out it was this hack. Serves me right for not checking the code properly.

integra99 10-15-2004 02:26 AM
I changed the pmsent template a bit...

Code:
<script language="Javascript">
<!--
alert("$vbphrase[pm_sent]");
self.close();
//-->
</script>

integra99 10-15-2004 02:38 AM
Erwin, I had the same problem. I had to add in..

Code:
if (!($permissions['forumpermissions'] & CANVIEW) OR ($bbuserinfo['userid'] == '0')) {
        print_no_permission();
}

AnhTuanCool 10-15-2004 03:49 AM
You're right Erwin, I found it now, and newpm.php had been updated too, you can look through and check it yourself, thanks everyone for reporting. :)

RsX 11-11-2004 12:34 PM
IT works well for me, only 1 prob..

After i sent a pm, i get no "message succesfull", nothing.. after i send the pm, i get a blank page :S

AnhTuanCool 11-11-2004 10:58 PM
Do this update, hope it helps ;)

https://vborg.vbsupport.ru/attachmen...chmentid=21736

Sweet Evil 11-14-2004 11:43 PM
Nice, Installed

bendigo-tech 11-15-2004 04:25 AM
Installed and working sweet. Thanks :)

Erwin 01-09-2005 01:12 AM
As per the private.php XSS loophole, you need to patch newpm.php as well or else you can be hacked.

Manual Patch Instructions

In newpm.php, find the following:

PHP Code:
$pm['message'] = htmlspecialchars_uni($pm['message']); 

BELOW it, add the following:

PHP Code:
$pm['recipients'] = htmlspecialchars_uni($pm['recipients']); 
Refer to announcement here:

https://vborg.vbsupport.ru/showthread.php?t=74035

JKeats 02-03-2005 09:40 PM
i noticed that when i select the quick pm link my curser is in the message box. i don't suppose there's a way to get the cursor in the title box first? seems it'd be a more appropriate place to start.

otherwise... great hack. thanks!

Snitz 05-28-2005 07:41 AM
/me loved it

bryan09 06-08-2005 03:04 AM
Good job! :)


All times are GMT. The time now is 04:46 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01216 seconds
  • Memory Usage 1,819KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (5)bbcode_php_printable
  • (6)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (39)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete