vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 2.x Beta Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=5)
-   -   Moderator / Style hack, BETA TESTERS NEEDED! (https://vborg.vbsupport.ru/showthread.php?t=28546)

merk 09-20-2001 10:00 PM

Thats right!

Ive _almost_ finshed the hack, however, it needs to be tested a bit more than what ive done before i can release it.

Im looking for 2/3 beta testers, preferably regulars here, etc,etc

If you think ill want you, pls PM me, or reply here :)

PS. I would have to say tommorow for the hack, its really only needing some mod testing!

Martz 09-21-2001 07:23 AM

Sign me up :) I got my own version of the panel working now, but I am very keen to see your version and how you have gone about it differently. If possible, I'll beta test the style hack on a fresh forum on my Intranet and check everything is hunky-dorey :)

merk 09-21-2001 07:53 AM

Sure.

Youll need to email me, so i can send you the file.

Im curious, how did you go about it, and what features did you cut?

Basically, ive set it up, so that each mod has a different level of access, depending on what you set.

Some are allowed to edit the same that an admin can, or some cant edit templates, some cant edit the doctype / body tag, and some cant edit the widths.

Pretty simple a guess.

I cut the downloading features, and didnt bother setting up the template/replacment variable stuff.

Martz 09-21-2001 09:19 AM

Firstly - I don't know your e-mail address, I'm hoping I can find your address on your site.

Anyway, what I have done is to copy the styles.php into the /mod directory, and clamped it down by running querys to check which forums the user moderates and has [b]caneditstyles[b] set to 1. If this is the case, the user/moderator may edit the associated style of the forum.

I also put some checks in the modifystyles function, and changed all the "typos" of canmodifystyles to caneditstyles in the admin cp.

It works ok, however I am not confident in my rather dodgy php skills, so I want it to be secure and unhackable. Have you considered people may enter html or php (i dont think its parsed in templates?) which could allow mallicious activity?

Regards,

Martin

DarkReaper 09-21-2001 10:59 AM

The way you did it sounds like the only reasonable way to do it, check if they have the variable "canmodifystyles" set to 1. I'm assuming you did it this way also merk? :)

Quote:

Have you considered people may enter html or php (i dont think its parsed in templates?) which could allow mallicious activity?
Youn could not allow them to use phpinclude, which would thwart almost anything malicious they could do.

Admin 09-21-2001 11:38 AM

Contact me if you wish:
firefly@poolie.net

merk 09-21-2001 12:01 PM

1) The security, is a big issue. So heres what ive done:-

I changed the system for the database storing either 0 or 1 for caneditstyles, to store 0/1/2/3/4. 0= no access, 1= colours, fonts only, 2= table widths+1, 3= DOCTYPE and BODY tags+1+2, 4=templates plus all.


Basically thats how it works :)

Now, i just have to make my modification to the admincp to allow this, and ill distrobute to you fellas, give me about 30 mintues.

Snake~eyes 11-01-2001 06:40 PM

I'd be interested and willing to be a beta tester. I have been looking for somthing like this for awhile.

Thx

SharkY-GA 11-03-2001 07:05 PM

As would I... This would make my life a whole lot easier! Hosting team forums is a strain on ya...

Snake~eyes 11-04-2001 12:20 PM

i know what ya mean!

Merk! please help! :D


All times are GMT. The time now is 01:37 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00995 seconds
  • Memory Usage 1,728KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete