vb.org Archive - Style / Template / Replacement Hack For Moderators

Alright, I've finally finished working on this darn thing and ready for a beta release!

This hack impliments the Style, Template, and Replacement hack into one hack since it was the best way to work on it and easy to setup.

Please read the readme file before you install it.

For the style part, view this thread for screenshots

For the template part, view this thread for screenshots

For the replacement part, view this thread for screenshots

Also remember: It's a beta. There will probably be bugs I haven't found.

--------------------------
SECURITY FIX IF YOU USE XENON'S "MODS CAN EDIT USERS"
(https://vborg.vbsupport.ru/showthrea...threadid=42096)
Security fix by me, thanks to Xenon for pointing out where to edit the code
--------------------------
1. Open user.php in your forums/mod/ folder

2. Find the following:
--------------------------

Code:

  if($canedit[profilefields]) {

    maketableheader("Custom Profile Fields");

    $userfield=$DB_site->query_first("SELECT * FROM userfield WHERE userid=$userid");



    $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");

    while ($profilefield=$DB_site->fetch_array($profilefields)) {

      $varname="field$profilefield[profilefieldid]";

      makeinputcode($profilefield[title],"field".$profilefield[profilefieldid],$userfield[$varname]);

    }

  }

---------------------------

Replace it with:
---------------------------

Code:

 if($canedit[profilefields]) { 

   maketableheader("Custom Profile Fields"); 

   $userfield=$DB_site->query_first("SELECT * FROM userfield WHERE userid=$userid"); 

  

   $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield"); 

   while ($profilefield=$DB_site->fetch_array($profilefields)) { 

    $varname="field$profilefield[profilefieldid]";

   if ($varname != "field999")

   if ($varname != "field998") 

   if ($varname != "field997") 

     makeinputcode($profilefield[title],"field".$profilefield[profilefieldid],$userfield[$varname]); 

   } 

 }

-----------------------------

Find:
---------------------------

Code:

  if($canedit[profilefields]) {

    $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");

    while ($profilefield=$DB_site->fetch_array($profilefields)) {

      $varname="field$profilefield[profilefieldid]";

      $sql.=",field$profilefield[profilefieldid]='".addslashes($$varname)."'";

    }

    $DB_site->query("UPDATE userfield SET userid=$userid$sql WHERE userid=$userid");

  }

---------------------------
Replace it with:

Code:

  if($canedit[profilefields]) {

    $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");

    while ($profilefield=$DB_site->fetch_array($profilefields)) {

      $varname="field$profilefield[profilefieldid]";

if ($varname != "field999")

if ($varname != "field998")

if ($varname != "field997")

      $sql.=",field$profilefield[profilefieldid]='".addslashes($$varname)."'";

    }

    $DB_site->query("UPDATE userfield SET userid=$userid$sql WHERE userid=$userid");

  }

Save and upload.

That's it, your forums are now secure from moderators breaking your security!
-----------------------------

Now...onto the download...

Oh, and if you use it, please click install! :)

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (4)bbcode_code_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

X vBulletin 3.8.12 by vBS Debug Information

Page Generation 0.01117 seconds
Memory Usage 1,739KB
Queries Executed 10 (?)

More Information

Template Usage:

(1)ad_footer_end
(1)ad_footer_start
(1)ad_header_end
(1)ad_header_logo
(1)ad_navbar_below
(4)bbcode_code_printable
(1)footer
(1)gobutton
(1)header
(1)headinclude
(6)option
(1)pagenav
(1)pagenav_curpage
(2)pagenav_pagelink
(1)post_thanks_navbar_search
(1)printthread
(10)printthreadbit
(1)spacer_close
(1)spacer_open

Phrase Groups Available:

global
postbit
showthread

Included Files:

./printthread.php
./global.php
./includes/init.php
./includes/class_core.php
./includes/config.php
./includes/functions.php
./includes/class_hook.php
./includes/modsystem_functions.php
./includes/class_bbcode_alt.php
./includes/class_bbcode.php
./includes/functions_bigthree.php

Hooks Called:

init_startup
init_startup_session_setup_start
init_startup_session_setup_complete
cache_permissions
fetch_threadinfo_query
fetch_threadinfo
fetch_foruminfo
style_fetch
cache_templates
global_start
parse_templates
global_setup_complete
printthread_start
pagenav_page
pagenav_complete
bbcode_fetch_tags
bbcode_create
bbcode_parse_start
bbcode_parse_complete_precache
bbcode_parse_complete
printthread_post
printthread_complete

Messages:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01117 seconds Memory Usage 1,739KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (4)bbcode_code_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: