vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3 Articles (https://vborg.vbsupport.ru/forumdisplay.php?f=187)
-   -   [Tip] - Common Mistake when hacking your vb (https://vborg.vbsupport.ru/showthread.php?t=47319)

Dean C 01-02-2003 10:00 PM
[Tip] - Common Mistake when hacking your vb
 
Well the most common mistake i made when i was new to install hacks was when it was long lines of code which performed a query.

Many hacks require you to edit the same line and add little fractions to it.

Ok so lets start out with a fresh install.

We install just a part of the 'away user hack'.

The instructions want us to replace this in user.php:

PHP Code:
$DB_site->query("UPDATE user SET birthday='$birthday',options='$options',usergroupid='$usergroupid',username='".addslashes(htmlspecialchars($ausername))."'$pwdinclude,email='".addslashes(htmlspecialchars($email))."',styleid='$userstyleid',parentemail='".addslashes(htmlspecialchars($parentemail))."',coppauser=$coppauser,homepage='".addslashes(htmlspecialchars($homepage))."',icq='".addslashes(htmlspecialchars($icq))."',aim='".addslashes(htmlspecialchars($aim))."',yahoo='".addslashes(htmlspecialchars($yahoo))."',signature='".addslashes($signature)."',adminemail=$adminemail,showemail=$showemail,invisible=$invisible,usertitle='".addslashes($usertitle)."',customtitle=$customtitle,joindate=$joindate,cookieuser=$cookieuser,nosessionhash=$nosessionhash,daysprune='$daysprune',lastvisit=$lastvisit,lastactivity=$lastactivity,lastpost=$lastpost,posts='$posts',timezoneoffset='$timezoneoffset',emailnotification=$emailnotification,receivepm='$receivepm',emailonpm='$emailonpm',ipaddress='".addslashes($aipaddress)."',pmpopup=IF(pmpopup=2 AND $pmpopup=1,pmpopup,'$pmpopup') WHERE userid=$userid"); 
With this:

PHP Code:
$DB_site->query("UPDATE user SET away='$away',awaydate=$awaydate,returndate='$returndate',awayreason='".addslashes(htmlspecialchars($awayreason))."',birthday='$birthday',options='$options',usergroupid='$usergroupid',username='".addslashes(htmlspecialchars($ausername))."'$pwdinclude,email='".addslashes(htmlspecialchars($email))."',styleid='$userstyleid',parentemail='".addslashes(htmlspecialchars($parentemail))."',coppauser=$coppauser,homepage='".addslashes(htmlspecialchars($homepage))."',icq='".addslashes(htmlspecialchars($icq))."',aim='".addslashes(htmlspecialchars($aim))."',yahoo='".addslashes(htmlspecialchars($yahoo))."',signature='".addslashes($signature)."',adminemail=$adminemail,showemail=$showemail,invisible=$invisible,usertitle='".addslashes($usertitle)."',customtitle=$customtitle,joindate=$joindate,cookieuser=$cookieuser,nosessionhash=$nosessionhash,daysprune='$daysprune',lastvisit=$lastvisit,lastactivity=$lastactivity,lastpost=$lastpost,posts='$posts',timezoneoffset='$timezoneoffset',emailnotification=$emailnotification,receivepm='$receivepm',emailonpm='$emailonpm',ipaddress='".addslashes($aipaddress)."',pmpopup=IF(pmpopup=2 AND $pmpopup=1,pmpopup,'$pmpopup') WHERE userid=$userid"); 
Ok that's not hard because what we need to replace will be there because the hack is made for a fresh install.

The problem comes when we have to edit that line again and it's different to the instructions. Most people will just look at the first 10 characters of that line and say well i should just replace it. Now if you do your 'away user hack' won't work.

Here's an example in the 'contributor lable' hack. It wants us again to replace this line in user.php:

PHP Code:
$DB_site->query("UPDATE user SET birthday='$birthday',options='$options',usergroupid='$usergroupid',username='".addslashes(htmlspecialchars($ausername))."'$pwdinclude,email='".addslashes(htmlspecialchars($email))."',styleid='$userstyleid',parentemail='".addslashes(htmlspecialchars($parentemail))."',coppauser=$coppauser,homepage='".addslashes(htmlspecialchars($homepage))."',icq='".addslashes(htmlspecialchars($icq))."',aim='".addslashes(htmlspecialchars($aim))."',yahoo='".addslashes(htmlspecialchars($yahoo))."',signature='".addslashes($signature)."',adminemail=$adminemail,showemail=$showemail,invisible=$invisible,usertitle='".addslashes($usertitle)."',customtitle=$customtitle,joindate=$joindate,cookieuser=$cookieuser,nosessionhash=$nosessionhash,daysprune='$daysprune',lastvisit=$lastvisit,lastactivity=$lastactivity,lastpost=$lastpost,posts='$posts',timezoneoffset='$timezoneoffset',emailnotification=$emailnotification,receivepm='$receivepm',emailonpm='$emailonpm',ipaddress='".addslashes($aipaddress)."',pmpopup=IF(pmpopup=2 AND $pmpopup=1,pmpopup,'$pmpopup') WHERE userid=$userid"); 
With this:

PHP Code:
$DB_site->query("UPDATE user SET birthday='$birthday',options='$options',usergroupid='$usergroupid',username='".addslashes(htmlspecialchars($ausername))."'$pwdinclude,email='".addslashes(htmlspecialchars($email))."',styleid='$userstyleid',parentemail='".addslashes(htmlspecialchars($parentemail))."',coppauser=$coppauser,homepage='".addslashes(htmlspecialchars($homepage))."',icq='".addslashes(htmlspecialchars($icq))."',aim='".addslashes(htmlspecialchars($aim))."',yahoo='".addslashes(htmlspecialchars($yahoo))."',signature='".addslashes($signature)."',adminemail=$adminemail,showemail=$showemail,invisible=$invisible,usertitle='".addslashes($usertitle)."',customtitle=$customtitle,joindate=$joindate,cookieuser=$cookieuser,nosessionhash=$nosessionhash,daysprune='$daysprune',lastvisit=$lastvisit,lastactivity=$lastactivity,lastpost=$lastpost,posts='$posts',timezoneoffset='$timezoneoffset',emailnotification=$emailnotification,receivepm='$receivepm',emailonpm='$emailonpm',ipaddress='".addslashes($aipaddress)."',donator='$donation',pmpopup=IF(pmpopup=2 AND $pmpopup=1,pmpopup,'$pmpopup') WHERE userid=$userid"); 
But because we've edited that line of code for another hack it isn't there. This leads many people to go into the support thread and say i haven't got that line of code in my user.php

Well in fact you have but it's slightly changed.

So what we do is look at the code that needs to be changed and we'll look up the line until we find what's different. Here's the code that was added to that line for the away hack:

PHP Code:
away='$away',awaydate=$awaydate,returndate='$returndate',awayreason='".addslashes(htmlspecialchars($awayreason))."'
So what we do is ignore this line of code and see what's different in the other hack:

PHP Code:
donator='$donation'
So we see where the bit of code was added after in the line which was:

PHP Code:
ipaddress='".addslashes($aipaddress)."'
Then we add the relevent code after it. And your final line of code should look like this:

PHP Code:
$DB_site->query("UPDATE user SET away='$away',awaydate=$awaydate,returndate='$returndate',awayreason='".addslashes(htmlspecialchars($awayreason))."',birthday='$birthday',options='$options',usergroupid='$usergroupid',username='".addslashes(htmlspecialchars($ausername))."'$pwdinclude,email='".addslashes(htmlspecialchars($email))."',styleid='$userstyleid',parentemail='".addslashes(htmlspecialchars($parentemail))."',coppauser=$coppauser,homepage='".addslashes(htmlspecialchars($homepage))."',icq='".addslashes(htmlspecialchars($icq))."',aim='".addslashes(htmlspecialchars($aim))."',yahoo='".addslashes(htmlspecialchars($yahoo))."',signature='".addslashes($signature)."',adminemail=$adminemail,showemail=$showemail,invisible=$invisible,usertitle='".addslashes($usertitle)."',customtitle=$customtitle,joindate=$joindate,cookieuser=$cookieuser,nosessionhash=$nosessionhash,daysprune='$daysprune',lastvisit=$lastvisit,lastactivity=$lastactivity,lastpost=$lastpost,posts='$posts',timezoneoffset='$timezoneoffset',emailnotification=$emailnotification,receivepm='$receivepm',emailonpm='$emailonpm',ipaddress='".addslashes($aipaddress)."',donator='$donation',pmpopup=IF(pmpopup=2 AND $pmpopup=1,pmpopup,'$pmpopup') WHERE userid=$userid"); 
And there we go. We've managed to get past one of the most commonest mistakes when editing your long query lines.

Regards

- miSt

Dean C 01-03-2003 10:28 AM
Sorry for the stretching of the page - that can't be helped :(

- miSt

Chris M 01-03-2003 10:34 AM
I suppose it could be useful for newbies - Perhaps you ought to consider a shorter query? Saves side-scrolling;)

Satan

DrkFusion 01-03-2003 03:40 PM
Nice of you to post this hear, many new hackers will get soem use out of it :)

JulianD 01-03-2003 04:04 PM
I've had those problems before, thanks for the nice tips Mist :)

Dean C 01-03-2003 06:06 PM
Your Welcome and yes this was aimed at newbies :)

Regards

- miSt

Xenon 01-03-2003 07:57 PM
Very usefull for newbies indeed!
Thanks mist :)

Logik 01-03-2003 08:13 PM
Yes. Im not new to vB hacks. But this will help alot of new comers.

escoson 01-05-2003 11:29 PM
im a newbie lol so from my perspective it helps to know what i have to do...yet i dont understand the script so i would still be lost
i jus tried doin it and totally messed up and had to upload the backup php file... :cry:
lol
$o.o2

Dean C 01-06-2003 10:19 AM
No lol - this is just a guideline of what to do when you get lines of code which have already been hacked

You didn't try and do what it said in this post did you?

- miSt


All times are GMT. The time now is 06:54 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01339 seconds
  • Memory Usage 1,803KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (8)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete