vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   modify table with external php (https://vborg.vbsupport.ru/showthread.php?t=317517)

Dr.CustUmz 02-25-2015 03:55 PM
modify table with external php
 
so me and KH99 got my confirm password working, but we were thinking, to make it more secure i need to have something that triggers it to change a table.

I have created the most simple product (for testing purposes) that only adds the column we need the install code is as follows:
Code:
$db->query("
                                        ALTER TABLE `" . TABLE_PREFIX . "session`
                                                ADD COLUMN `idle` smallint(5) DEFAULT '0'
                                ");
this create our column in the session table saying if the user is idle or not. Default being 0 (not idle) 1 (idle) ...so is the idea

ok from there, i created a script that triggers after set amount of time:
Code:
$.ajax({ url: 'script.php' });
once script.php is triggered it is suppose to modify the idle table and set it to 1. here's what script.php looks like:
PHP Code:
error_reporting(E_ALL & ~E_NOTICE & ~8192);
define('THIS_SCRIPT''idle');
define('CSRF_PROTECTION'true);
require_once('./global.php');
$vbulletin->db->query("
    UPDATE `" TABLE_PREFIX "session`
    SET idle = '1'
"); 
this is somewhat new to me, and im shocked i got this far with it before asking for help.
in chrome while loading my page, (watching network tab in the console) i can see after set time script.php trigger, this leaves me to believe i fudged something up in the text of script.php cause after it triggers and refreshing the DB i see no change in the idle column.

later ill need to make it so submitting a form reverse's this back to 0 so if anyone can kill 2 birds with one stone im throwing that out there too.

--------------- Added [DATE]1424887890[/DATE] at [TIME]1424887890[/TIME] ---------------

i figured i'd update this since its still needed but the issue didnt lie in the php, it works great! the issue is in my ajax call

i need a way to trigger this file without reloading the page are there any other methods i can do THAT WONT RELOAD THE PAGE.

--------------- Added [DATE]1424888239[/DATE] at [TIME]1424888239[/TIME] ---------------

this is what i used when it set the idle column properly:
HTML Code:
$.ajax({
                type: "GET",
                url: "script.php" ,
                success : function() {
location.reload();
                }
            });
it worked... but reloaded the page

removing:
Code:
success : function() {
location.reload();
                }
fixed the reload but now wont set the column in the table =/


also the script seems to execute every set interval this is partial of the full snippet, any way i can kill it after it runs once:
Code:
if (idleTime > 2) {
                $.ajax({
                type: "GET",
                url: "script.php"
            });
                $("#idle").removeClass("hide");
                $( ".background-image" ).removeClass("hide");
                idleTime = 0;
                $('body').children().each(function(){
                        if($(this).attr('id')!="idle"){
                                $(this).css("-webkit-filter","blur(15px)");
                        }
                });       
        }
so script.php is being called every 3 seconds.... which is kind of a big deal, but not like ud actually have this set to 3 seconds in a real environment.

--------------- Added [DATE]1424888499[/DATE] at [TIME]1424888499[/TIME] ---------------

now even re adding the reload doesnt update the table -_- back to square one

--------------- Added [DATE]1424889825[/DATE] at [TIME]1424889825[/TIME] ---------------

ok i got it all working EXCEPT it re runs every 3 seconds(testing time) but still if i set it to not trigger for 5 minutes i only want it to trigger on the first 5 mins not every 5 mins after its already triggered

this is my javascript:
Code:
function timerIncrement() {
        idleTime++;
        if (idleTime > 2) {
                $.ajax({
                        type: "GET", url: "script.php"
                });
                $("#idle").removeClass("hide");
                $( ".background-image" ).removeClass("hide");
                idleTime = 0;
                $('body').children().each(function(){
                        if($(this).attr('id')!="idle"){
                                $(this).css("-webkit-filter","blur(15px)");
                        }
                });       
        }
}
the
Code:
$.ajax({
  type: "GET", url: "script.php"
});
is the part fetching the script, so when the idle triggers it shows a div, when that div is triggered it triggers the script... now the script should trigger again untill the div has been closed and reactivated after say another 5 minutes of inactivity. but what its doing is trigerring the script.php EVERY 5 minutes of inactivity. (in the code displayed the trigger is set to 3 secs for developing and not having to wait)

kh99 02-25-2015 04:54 PM
I hardly know anything about jquery, but as for th query to modify the table, I think you'd want:

Code:
$vbulletin->db->query("
    UPDATE `" . TABLE_PREFIX . "session`
    SET idle = '1'
    WHERE dbsessionhash = {$vbulletin->session['vars']['dbsessionhash']}
");
otherwise you'll set idle in all sessions to 1. Also, you can check the value by checking $vbulletin->session['vars']['idle'] so you don't have to do a query.

Dr.CustUmz 02-25-2015 05:35 PM
sweet thanks, as for the rest i got everything sorted out =) and ill probally start product fying this when i wake up.

thanks for all your help and suggestions kev, you better believe you'll have credit on this

--------------- Added [DATE]1424893001[/DATE] at [TIME]1424893001[/TIME] ---------------

oh heres a screen but the close button wont be there
http://cl.ly/image/3h0835223y19/Imag...36.20%20PM.png

--------------- Added [DATE]1424893035[/DATE] at [TIME]1424893035[/TIME] ---------------

still needs some work but its a pretty sexy screen to get trapped on lol

--------------- Added [DATE]1424920959[/DATE] at [TIME]1424920959[/TIME] ---------------

so ive been playing with this and seems like the session table is reset after some time, creating a vulnerability to this mod.

if i get the idle set to 1 after some time the table is creating a new table for my id with the default of idle being 0, I believe moving this column to user table will solve this problem, but im not sure if it will achieve the desired effect

--------------- Added [DATE]1424921132[/DATE] at [TIME]1424921132[/TIME] ---------------

also using
Code:
$vbulletin->db->query("
    UPDATE `" . TABLE_PREFIX . "session`
    SET idle = '1'
    WHERE dbsessionhash = {$vbulletin->session['vars']['dbsessionhash']}
");
doesnt seem to change the table at all


All times are GMT. The time now is 05:50 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02319 seconds
  • Memory Usage 1,748KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (8)bbcode_code_printable
  • (1)bbcode_html_printable
  • (1)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (3)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete