Go Back   vb.org Archive > vBulletin Modifications > Archive > Modification Graveyard
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Flashchat Integration for vB 3.6 Details »»
Flashchat Integration for vB 3.6
Version: 3.57, by Paul M Paul M is offline
Developer Last Online: Nov 2023 Show Printable Version Email this Page

Category: Integration with vBulletin - Version: 3.6.x Rating:
Released: 07-10-2006 Last Update: 05-05-2008 Installs: 1022
Uses Plugins Auto-Templates
Additional Files Translations  
No support by the author.

This modification is no longer available or supported.

Flashchat integration with vBulletin 3.6

Note:
Standard Flashchat includes a version of my vBulletin integration as part of the Tufat supplied files - including a working vBulletin 3.6 CMS file. However, the standard files do not include Direct Usergroup Integration or other extra's like the WOL Display & Flashchat on a vBulletin page. This Integration Mod adds those features


Standard vB 3.6 integration features

* Authorised members are automatically logged in.
* Automatic login works even if a member has not ticked "remember me".
* All non authorised members are locked out (this and the above are based on usergroup membership).
* If enabled, Flashchat updates the users session location (displayed in various vBulletin online location displays such as WOL).
* Real ip detection when a proxy server is used (only if the proxy server passes on the details).
* Permanant, Private Rooms are loaded by Admins and Moderators (allows for Staff Rooms).

Extra's added by this modification

* Direct login to a room.
* The WOL will correctly display Flashchat as the location (not 'Unknown Location')
* Flashchat can be displayed embedded inside a 'standard' vBulletin Page (i.e. not full screen).
* Direct Usergroup Integration - a section is added to each usergroup in the ACP Usergroup Manager to set the Flashchat permissions for that group.
* The plugin will try to automatically add a link to Flashchat in your Quick Links or Navbar - this feature can be disabled if you wish.
* The automatic link can have a prefix path defined - useful if you use something like CMPS.


More notes:

* This integration is for Flashchat versions 4.7.x and above.
* The automatic link feature may fail if you have customised templates.
* For Flashchat inside a vBulletin page you need to link to .../misc.php?do=flashchat
* This modification does not add any links to Flashchat Administration in the ACP.
* You can set all members to login direct to particular room via the ACP.
* You can also add a room parameter to the url - i.e. .../misc.php?do=flashchat&room=3
* 3.56 onwards has extra code to cope with VBs CSRF protection, which interferes with profile linking (vb 3.6.10+).

The CMS file assumes that you are installing Flashchat in your forum root folder - this is the same folder as your usercp.php file and includes folder. Installation will fail if you do not do this.

Support: Please check the instructions, and make sure you have uploaded any files to the correct location - the vast majority of problems reported are due to an error made in editing or uploading files. If you are still stuck and want me to take a look then feel free to PM me your site address, an admin user, and ftp access details, without these I cannot help you. I will look when I have time.

Finally, I am not Tufat.com or Flashchat Support - if you have questions about Flashchat, their forums are here.


To use the this upgraded integration simply download and unzip the file, then follow the instructions in the text file. Once installed, the Flashchat userlevel options for each usergroup will appear in the ACP usergroup edit screens - editing of the CMS file will no longer be required.



History:

v3.01 : First version for vb 3.6 (not released).
v3.02 : Various code changes, first public release.
v3.02A : Minor bug fixes to WOL Display.
v3.02B : Dependancies updated for 3.6.0 Gold.
v3.03 : Minor fix to Get User for membergroupids, some SQL changes.
v3.03A : Updated for Version Checking.
v3.04 : Security (anti-hacking) code added (as supplied by Darren).
v3.05 : Usergroup settings moved to top of CMS file.
v3.06 : Fixed error message when accessing chat admin area.
v3.07 : Default role changed.
v3.08 : Minor bug fix to Avatar detection, login code changes, tidy up.

v3.50 : Beta release with direct usergroup integration.
v3.51 : First full release with direct usergroup integration.
v3.52 : No Access and Banned split into separate permissions.
v3.53 : Minor changes - includes disabling the utf8 functions if the F/C config option is false.
v3.53A : Internal updates, not released.
v3.53B : Internal updates, not released.
v3.53C : Add ability for member to do direct to a room (other than the Flashchat default).
v3.53D : Defaults on first install updated.
v3.54 : Option for link path prefix added.
v3.55 : Minor changes to install code only.
v3.56 : Code added to allow profile views when CSRF protection is active.
v3.57 : CSRF Code changed.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #92  
Old 09-04-2006, 01:49 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by trilOByte
Sorry, but that's a bit like saying "the operation was a complete success, unfortunately the patient died".
Um ....

Quote:
Originally Posted by trilOByte
I have read that there was a securityfocus exploit was published for this on June 16. I had no notification of this issue.
The supposed exploit posted on June 16th refers to a file that doesn't exist in the Tufat version of Flashchat, afaik, it actually belonged to another chat product, also called flashchat (it's not a unique name).

Quote:
Originally Posted by trilOByte
I know that it's "not the fault of this mod" directly, but if I hadnt of had it installed, I wouldnt of spent 4 hours last night going through my site trying to repair the damage done by somne little idiot who exploited this.
It's not the fault of this mod at all, please get that fact very clear. It was the fault of Flashchat itself, installing this made no difference. I'm sorry you spent 4 hours cleaning up your damage, but I don't really appreciate you trying to take out your frustration on me, or my integration mod(s). :alien:

Quote:
Originally Posted by trilOByte
I think I'll wait a good while before re-installing flashchat.
That's your choice, and makes no difference to me

I do wonder if you will uninstall vbulletin next time a security hole is found in it
Reply With Quote
  #93  
Old 09-04-2006, 06:56 PM
trilOByte's Avatar
trilOByte trilOByte is offline
 
Join Date: Nov 2001
Location: England
Posts: 325
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Paul M

It's not the fault of this mod at all, please get that fact very clear. It was the fault of Flashchat itself, installing this made no difference. I'm sorry you spent 4 hours cleaning up your damage, but I don't really appreciate you trying to take out your frustration on me, or my integration mod(s). :alien:
I'm not looking for someone to blame.

..and yes, if vBulletin was so insecure that something like this happened, i would indeed review my choice of forum software. That has never happened though, partly due to the extremely vigilant and speedy security alerts which drop into my mailbox from time to time.

BTW, just FYI - the hackers came again tonight, it would seem that they have left something on the server, some shell script or something, which still gives them access even after flashchat has been completely removed. My host is trying to figure out what/where.
Reply With Quote
  #94  
Old 09-04-2006, 07:17 PM
Smitty's Avatar
Smitty Smitty is offline
 
Join Date: Sep 2002
Location: Southern Ohio
Posts: 385
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by trilOByte
this mod was used as the way in.
It was NOT the integration mod. It was a Flashchat CMS for aedating which, if you understood what a CMS is, was not necessary for vBulletin integration. Had you understood the Flashchat install, and how Flashchat worked, you would not have left the CMSs for all the other programs there to begin with. If you read the install notes with Flashchat (and here I think), it was specific that only the vBulleting CMS was needed. I deleted the other CMSes after the install as 'foreign' files not needed for Flashchat to run and, of course, I didn't get hacked.

If you don't understand what files you're installing, you should get someone who does to install the program you want installed for you.
Reply With Quote
  #95  
Old 09-04-2006, 09:36 PM
trilOByte's Avatar
trilOByte trilOByte is offline
 
Join Date: Nov 2001
Location: England
Posts: 325
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Smitty
It was NOT the integration mod. It was a Flashchat CMS for aedating which, if you understood what a CMS is, was not necessary for vBulletin integration. Had you understood the Flashchat install, and how Flashchat worked, you would not have left the CMSs for all the other programs there to begin with. If you read the install notes with Flashchat (and here I think), it was specific that only the vBulleting CMS was needed. I deleted the other CMSes after the install as 'foreign' files not needed for Flashchat to run and, of course, I didn't get hacked.

If you don't understand what files you're installing, you should get someone who does to install the program you want installed for you.
Oh, yeah sorry, that's right it's my fault. Silly me.
Reply With Quote
  #96  
Old 09-05-2006, 01:59 AM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

@trilOByte, I have edited the inaccuracy from your previous post, despite it being made clear that this mod in no way contributed, your post inferred it was.

@everyone, I'm not prepared to allow this to flare up into a series of personal arguments, everyone please move on, any further off topic/argumentative posts are liable to be removed. Thanks.
Reply With Quote
  #97  
Old 09-05-2006, 09:23 AM
trilOByte's Avatar
trilOByte trilOByte is offline
 
Join Date: Nov 2001
Location: England
Posts: 325
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Paul M
@trilOByte, I have edited the inaccuracy from your previous post, despite it being made clear that this mod in no way contributed, your post inferred it was..
Paul, I think you misunderstand me. Your mod has been excellent for my site, it has worked well and I can see no flaws in it. I do totally understand that your mod and tufats script are two different things.

That's not my point.

From my point of view, they come as a package. Like many others, I installed tufats script because of your excellent mod but your mod does need tufat's script to work. I'm not blaming anyone and I'm not looking for someone to moan at. But the fact remains that the package on offer here (your totally blameless mod + tufats flawed script), had or has a stinking great security hole in it.

Now I'm not sure if simply removing one file from the CMS's is going to plug the hole - I hope it does. But having spent the last 2 days running round chasing hackers off my server, I'm not inclined to place too much faith in that.

I hope the newer package from tufat is secure. If it proves to be in time, I will probably put you excellent mod back on my site, but for now, it (tufats script) consitutes too much of a risk. There are mixed messages on the forums. I've read in one thread that the kiddies were logged running a search for other files in the tufat installation. I dont know why, or if they are vulnerable, but the possibility that they might be, seems to exist.
Reply With Quote
  #98  
Old 09-05-2006, 09:32 AM
trilOByte's Avatar
trilOByte trilOByte is offline
 
Join Date: Nov 2001
Location: England
Posts: 325
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Let me put it another way.

Can you guarantee that tufat's script is now secure?

If not, is it prudent to endorse it's use?
Reply With Quote
  #99  
Old 09-05-2006, 09:59 AM
Smitty's Avatar
Smitty Smitty is offline
 
Join Date: Sep 2002
Location: Southern Ohio
Posts: 385
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by trilOByte
if simply removing one file from the CMS's is going to plug the hole
There are a couple of aedating files to remove to be sure, not just one file:

aedating4CMS.php
aedatingCMS2.php
aedatingCMS.php

And you may as well remove all the other cms files (they are unnecesary) except the vBulletin cms for your vBulletin version.

The hole was plugged in 4.6.2.
Reply With Quote
  #100  
Old 09-05-2006, 10:45 AM
trilOByte's Avatar
trilOByte trilOByte is offline
 
Join Date: Nov 2001
Location: England
Posts: 325
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Smitty
There are a couple of aedating files to remove to be sure, not just one file:

aedating4CMS.php
aedatingCMS2.php
aedatingCMS.php

And you may as well remove all the other cms files (they are unnecesary) except the vBulletin cms for your vBulletin version.

The hole was plugged in 4.6.2.
Look here...

http://www.zone-h.org/component/opti...berLord/page,2
Reply With Quote
  #101  
Old 09-05-2006, 10:59 AM
Smitty's Avatar
Smitty Smitty is offline
 
Join Date: Sep 2002
Location: Southern Ohio
Posts: 385
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

And here: http://forum.tufat.com/showthread.php?t=24428
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:49 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07795 seconds
  • Memory Usage 2,337KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (10)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (3)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete