vB Journal for vBulletin 3.0.3(v1.0.1)

vB Journal v1.0.1
By Antonbomb22(Anthony Scudese)

vB Journal 1.5 Beta 1 is now available, click here.

Features:

• Full vBulletin 3.0.3 intergration
• Install file for SQL queries
• Comment System
• "GoToMyJournal"
• link from postbit to journal
• link from profile to journal
• link from memberlist to journal
• usergroup permissions
• journal buddy system(by Wonko)
• Journal Search Engine
• journal highlight
• bbcode parsing
• smilie parsing
• Admin Cp Support Section
• Journal Status Icons
• Who is viewing
• most recent journal entries and journals
• Who Can View for journals and entries
• Complete journal and entry privacy
• Comment on entries or journals
• Journal Moderation(Like Post and Thread Moderation)
• Entry Moderation(Like Post and Thread Moderation)
• Pagination
• Rating System
• Lock System
• Moods
• "Can Have Journal" on a per user basis
• Ip Logging
• Journalists can name their journals
• Export entries in TXT or XML format
• Flood System
• Administrators have absolute permissions
• Search in Journal
• Last Entry on Journal Index
• Numerous AdminCp Settings
• Unique Standard vB Images for vB Journal
• View Single Entry
• and so much more...

Version 1.0.1:

• Many parts of vB Journal 1.0.0 were rewritten to cap security holes lurking within the code.

Features for later versions:

• journalists can specify colors for their journal
• attachments
• subscriptions
• journal moderators
• report system
• more administration options
• complete phrasing

Demos:

• http://www.animationation.net/community/journal.php
• http://www.wellage.net/journal.php

Add-Ons(I Will not give support for these because i did not create them):

• vBadvanced CMPS Latest Journal Entries Block
• vBindex Latest Journal Entries Block
• RSS 1.0 for vB Journal 1.0.0

Side Credits:

• Journal Buddy System ~ WonkotheSane
• Closed Beta Tester ~ Pitman
• Closed Beta Tester ~ DantX
• Helpful Person ~ Oblivion Knight

And to all those who helped me find my mistakes and encourage me

Notes:

• The WOL(Who's Online) is not yet finished but will be released shortly due to some bugs and flaws
• You may not remove the copyright notice!
• An import script for Ryangle's ported Journal will be made so dont install this hack for now if you have the vb3 port of Ryangle's

Support:
~READ FIRST POST COMPLETELY BEFORE POSTING PROBLEMS AND MAKE SURE YOU DID ALL EDITS AND REQUIREMENTS!~

Support may be denied if provided files are edited/modified and support may be stopped at any time due to any circumstances.

If you should run into any errors, problems, confusion, or maybe even a suggestion please
foward them to one of the following places:

• Official vB Journal Support&Suggestion Forum
• AIM: Antonbomb22
• Email: antonbomb22@animationation.net
• Or this thread

Contents of Zip:

• install.txt
• journal.php
• journaladmin.php
• journalinstall.php
• images

I have also provided several screenshots

Please click install

If you are missing phrases or blank spaces in the usergroup manager click here.

Updates/Fixes:

• Updated zip and journalinstall.php due to a typo(click here for fix:https://vborg.vbsupport.ru/showpost....9&postcount=11)
• fixed a missing " in install.txt, it doesnt cause an error but its a fix (Click here for fix: https://vborg.vbsupport.ru/showpost....8&postcount=16)
• updated zip and journal.php, fixed sql queries that caused problems(Click here for fix: https://vborg.vbsupport.ru/showpost....4&postcount=25)
• fixed a type in journal.php, zip and file updated(Click here for fix:https://vborg.vbsupport.ru/showpost....4&postcount=31)
• updated zip,updated journalinstall.php, and uploaded phrasefix.php to fix the usergroup phrase problem(click here for fix: https://vborg.vbsupport.ru/showpost....9&postcount=36)(09/16/04)
• for those who may be experiencing problems due to conflicts with the articles hack follow these following changes: https://vborg.vbsupport.ru/showpost....&postcount=114(09/18/04)
• for those experiencing blanks or missing descriptions for usergroup permissions use this fix until further notice(for /admincp/usergroup.php): https://vborg.vbsupport.ru/showpost....8&postcount=56(09/18/04)
• updated zip and journal.php for more compatiability with vb and more likeness with vb (use the following fix: https://vborg.vbsupport.ru/showpost....&postcount=120)(09/18/04)
• updated zip and install.txt due to a mistake in functions.php file edit(use the following fix: https://vborg.vbsupport.ru/showpost....&postcount=122)(09/18/04)
• updated zip and journaladmin.php for moderate entries due to an sql error(use this fix: https://vborg.vbsupport.ru/showpost....&postcount=130)(09/19/04)
• updated zip and journal.php for beefed up privacy in journals and their entries(use this fix: https://vborg.vbsupport.ru/showpost....&postcount=292)(10/04/04)
• update zip and journal.php, this fix fixes the permission troubles and mood problems occuring( https://vborg.vbsupport.ru/showpost....&postcount=391)(10/23/04)
• updated zip and journal.php, this fix will provide a new update system which hopefully weeds out any potential problems!(https://vborg.vbsupport.ru/showpost....&postcount=574)(11/17/04)
• updated zip and journal.php, fixing some guest loop holes(https://vborg.vbsupport.ru/showpost....&postcount=645)(12/13/04)
• updated zip and journal.php, fixes possible sql injection problem(https://vborg.vbsupport.ru/showpost....&postcount=902)(3/12/05)
• updated zip and journal.php, fixes LEFT JOIN typo(https://vborg.vbsupport.ru/showpost....&postcount=948)(3/23/05)
• vB Journal Upgraded to v.1.0.1 with many security holes patched.(7/1/05)
• Security Update: a XSS vulnerability was found within journal.php, to patch this see this post, the zip has been updated as well.(9/23/05)

[Paul M]

Quote:

Originally Posted by Pseudomizer

You do not get the point. This is like:

"PC Games magazine publishes a new bug from Microsoft"

And you write an Email to PC Games and ask them to fix the bug.

HELLOOOOOOOOOOOOO?????

Contact the Author or live with the problems.

Just my 2 cents.

Cheers,

Another helpful post

[dsboyce8624]

The author of this hack is still active here, I can't see why it would be ignored.

I know An-net personally, and to the best of my knowledge he thinks he fixed all XSS vunerabilities. Kirby can you PM me and tell me whats wrong so I can tell him personally tomorrow? I know he is busy with his site so that could be the reason for not knowing about any other vunerabilities...

[dsboyce8624]

Quote:

Originally Posted by Danny.VBT

I know An-net personally, and to the best of my knowledge he thinks he fixed all XSS vunerabilities. Kirby can you PM me and tell me whats wrong so I can tell him personally tomorrow? I know he is busy with his site so that could be the reason for not knowing about any other vunerabilities...

Thanks.

[AN-net]

i am sry but personal things have kept me occupied such as my website, school, work, and life its self. i am currently very busy but i will try to find sometime to fix this. i am currently revising the fixes a i posted earlier with a better and more efficient fix. also at PaulM you are always for warned of file modifications and i am not required to provide you with edits if you modified my hack. Try getting a file comparer in the future

[dsboyce8624]

Quote:

Originally Posted by AN-net

i am sry but personal things have kept me occupied such as my website, school, work, and life its self. i am currently very busy but i will try to find sometime to fix this. i am currently revising the fixes a i posted earlier with a better and more efficient fix. also at PaulM you are always for warned of file modifications and i am not required to provide you with edits if you modified my hack. Try getting a file comparer in the future

As long as you are looking into it, and will work on a fix, I think we are all happy. It's just scary to have somebody post a big ugly message about security issues, and have no idea what they are talking about, or how to fix it.

As I said earlier, my users are just figuring out how to use this thing, and they like it.

I'd hate to have to pull it.

That said, thank you for checking into this.

Dennis

[Paul M]

Quote:

Originally Posted by AN-net

also at PaulM you are always for warned of file modifications and i am not required to provide you with edits if you modified my hack. Try getting a file comparer in the future

FFS, please actually read the posts - at no point did I ask you to provide edits, I ASKED FOR DETAILS OF THE PROBLEM, not the fixes - I can do my own fixes as long as I know what I'm supposed to be fixing.

FYI - I have a file compare program, please don't try and be smart, it doesn't suit you.

[Colin F]

Paul M,

Thanks for your input.
We know that announcing that a vulnerability exists can cause people to go search for it and try to exploit for it. In this case, the author had been contacted multiple times, but didn't seem willing to fix the script.
After discussing this internally, vBulletin.org staff decided to announce, that there is a vulnerability. We assumed that people using this modification would in the most cases be able to temporarily remove it and announce on their forum that it was removed due to security issues.

Still, I'm sure we will be reviewing our procedure for such cases. If you would like to provide any input, feel free to PM me.

[MajorFm.com]

Ok anyway... i have removed journal.php for the time being, please let us know the fix...

Our journal is actually used by music artists as a diary for the fans, even though its not as busy as some others, its viewed alot...

I know this is a free hack and is a massive one to that is very helpful, we do appreciate your time etc... look forward to the fix

Thank you

[AN-net]

you dont have to remove the file just turn it off via admincp, i created a master switch for such reasons.