vb.org Archive - View Single Post

amp2000 · #91 05-15-2003, 06:26 PM

For everyone getting errors similar to the following from xiphoid's update

Code:

Database error in vBulletin 2.3.0:

Invalid SQL:
SELECT security,forumpass,passtimeout
FROM forum
WHERE forumid =

The problem is that $forumid isnt in single quotes, example, instead of

Code:

Open up: root/showthread.php

Find:
-----------------------------------------------------------
eval("dooutput(\"".gettemplate("showthread")."\");");
-----------------------------------------------------------

Replace with:
-----------------------------------------------------------
// Showthread Password Protection Code
// Updated by Scott
$forumid = $foruminfo['forumid'];
$seccheck = $DB_site->query_first("
	SELECT security,forumpass,passtimeout
	FROM forum
	WHERE forumid = $forumid
");

The above code is wrong, use the code below instead of the above from the readme.
The only difference is '$forumid' now has quotes around it. Hope that helps yas

Code:

Open up: root/showthread.php

Find:
-----------------------------------------------------------
eval("dooutput(\"".gettemplate("showthread")."\");");
-----------------------------------------------------------

Replace with:
-----------------------------------------------------------
// Showthread Password Protection Code
// Updated by Scott
$forumid = $foruminfo['forumid'];
$seccheck = $DB_site->query_first("
	SELECT security,forumpass,passtimeout
	FROM forum
	WHERE forumid = '$forumid'
");

I have installed this on a 2.3.0 vBulletin & can see no problems (other than the above which is now corrected) with the hack.
But then again I've only installed the hack from xiphoid's 1.2 version so I dont know what the bug was with Shaolyen's 1.1 version.
If someone can tell me how to reproduce the flaw I'll test it out & let yas know if it works. If anyone is reluctant to tell me how to reproduce the flaw will you pleeeez see does it work on the new updated instructions, ie v1.2, I need to know whether this is secure or not before I use it.

This is a great hack Shaolyen, I'll be definitely clicking install if this works, thanks!

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01162 seconds Memory Usage 1,769KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD_SHOWPOST (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (3)bbcode_code (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_box (1)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit_info (1)postbit (1)postbit_onlinestatus (1)postbit_wrapper (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit reputationlevel showthread	Included Files: ./showpost.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showpost_start bbcode_fetch_tags bbcode_create postbit_factory showpost_post postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start showpost_complete
Messages: