vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 2.x Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=4)
-   -   Custom User Styles (https://vborg.vbsupport.ru/showthread.php?t=36320)

Neo 03-18-2002 10:00 PM

Custom User Styles
 
Ok this is a big hack people... and I am sure you want to know what it does.. Ok this is very simple to use. It gives the user the ability to make his own custom style/color for the site, which the user can use, edit, let other users usem and delete. It is all very staright forward to use. This will not impact the sites original sytels or such. Now I have input that users can only edit their own styles, as people with think there are security holes, but I have patched then up, so if they they to mess with the system they will get a error message (Tested) This system I larger and
if you find any errors please report them to me at once.

Updated! 1.3

1) In the admin cp user styles / replacements now have their own section as not to confuse admin in the site styles / replacements.

2) In user options they now have the site styles, and then teh drop down for user styles

3) Security updated.


Add Style:
http://www.anime-imagine.com/previewimages/add.jpg

Modify Style:
http://www.anime-imagine.com/previewimages/modify.jpg

Edit Style:
http://www.anime-imagine.com/previewimages/edit.jpg

Remove Style:
http://www.anime-imagine.com/previewimages/remove.jpg

Customize Style:
http://www.anime-imagine.com/preview.../styleedit.jpg

Security Preview:
http://www.anime-imagine.com/previewimages/security.jpg

Enjoy. :smoke:

Admin 03-19-2002 05:46 PM

Disclaimer: Nothing against you, seems like you've done a good job here.

But, I would definitely not let my users mess with styles other people can use. The reason is very simple. Anyone with a little knowledge in Javascript can easily steal cookie data from you with malicious code. So one can create his own style, put some JS code in the header template and bam - anyone using the style (even for once) will have his account stolen.

TheComputerGuy 03-19-2002 05:58 PM

But it seems like a really great hack too...

I am debating on it right now....

Neo 03-19-2002 06:13 PM

Quote:

Originally posted by FireFly
Disclaimer: Nothing against you, seems like you've done a good job here.

But, I would definitely not let my users mess with styles other people can use. The reason is very simple. Anyone with a little knowledge in Javascript can easily steal cookie data from you with malicious code. So one can create his own style, put some JS code in the header template and bam - anyone using the style (even for once) will have his account stolen.

True. But this is an addon, while there may be a way to steal cookie data with malicious code. This could be a very usefull hack. I have added some security to the script, but I am still not totally sure about the security like you have said. So firefly do you think there are any steps to take to get around this?

And thank you for the comment.

nafae 03-19-2002 06:14 PM

I would limit it to color changes... the hack I mean. Giving them just the ability to change like.. the text, background, post color, post color #2, and a few other colors.

Edit, just another questioN~what is to stop users to say, making the header look like http://www.thisisanastyilligalsite.com and, you don't notice it, a member chooses this style, notices, and notifies the authorities :x

Just seems like alot of unwanted work/attention....

Admin 03-19-2002 06:14 PM

Add a regex that will remove all Javascripts from the templates. It's not the best way to go on this, and while it might make some people angry I think it's worth it.

Oh and yes I agree with the above post.

wooolF[RM] 03-19-2002 06:15 PM

I think users must NOT have possibilities to change templates.
Only colors and they cannnot share them with others. Nobody want to choose a set from 1000 styles... Just my opinion...

ExcErr 03-19-2002 06:44 PM

does user edit templates?
if user can edit header, he can add some javascript, as firefly said, and i don't want to have some problems with my users accounts!

MW[MWGN] 03-19-2002 06:57 PM

How about make an option in the admin, with check boxes to which style fields you allow the users to be able to customize, e.g.
CHECKBOX-Ticked Background Colour
CHECKBOX-Unticked Text Colour etc etc.

And perhaps allow the admin to disable/enable the option for the user to share his/her custom style to others, otherwise the board may end up with 1000 style for people to choose from as someone as mentioned above.

TheComputerGuy 03-19-2002 07:49 PM

I would defintly go with the color/text size, let them know what it is like to run a forum, most people haveno idea, and I have had requests for them to be able to do that so that would killer to do that.


All times are GMT. The time now is 12:34 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01147 seconds
  • Memory Usage 1,738KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete