Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > Premium Archives > uCash & uShop
uCash & uShop old support and thank you thread Details »»
uCash & uShop old support and thank you thread
Version: , by BarHopper BarHopper is offline
Developer Last Online: Aug 2005 Show Printable Version Email this Page

Version: Unknown Rating:
Released: 04-12-2004 Last Update: Never Installs: 0
 
No support by the author.

/me Installs. I'm the first for the most aniticipated hack!!1

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #1172  
Old 06-26-2004, 11:30 AM
sabret00the's Avatar
sabret00the sabret00the is offline
 
Join Date: Jan 2003
Location: London
Posts: 5,268
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

that information would be false matt, you need to run the installer
Reply With Quote
  #1173  
Old 06-26-2004, 03:07 PM
Matt Bush Matt Bush is offline
 
Join Date: Jun 2004
Posts: 13
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by sabret00the
that information would be false matt, you need to run the installer
If you couldn't already tell I'm new with this vB stuff. When I click install, what does it do?
Reply With Quote
  #1174  
Old 06-26-2004, 03:11 PM
rabbitdog rabbitdog is offline
 
Join Date: Jan 2004
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I don't think this has been addressed, because I still see the unfixed code in the zip file available for download, so I'd like to point out the fact that there is a critical bug in the uShop change username action.

This affects all current installations of the uStore with this item available for purchase.

The issue is as follows:

The "sanity" check which queries the database to see if a user already exists before accepting a changed username will never find any matches. This is because of the usage of an empty (incorrect) variable in the query.

The result is that any user can change his or her username to that of an existing user.

Note that this does NOT change permissions, so a user changing his name to that of a mod or an admin will not inherit access to those functions.

Here is the fix:

1. Open action.changeusername.php, which is stored in the /uttstore/ directory
2. Change line 5 from:

PHP Code:
$changed $DB_site->query_first("SELECT userid, username FROM ".TABLE_PREFIX."user WHERE username='".addslashes($data)."'"); 
to:

PHP Code:
$changed $DB_site->query_first("SELECT userid, username FROM ".TABLE_PREFIX."user WHERE username='".addslashes($username)."'"); 
Reply With Quote
  #1175  
Old 06-26-2004, 09:41 PM
Link14716's Avatar
Link14716 Link14716 is offline
 
Join Date: Jun 2002
Location: Georgia, USA
Posts: 2,519
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by rabbitdog
I don't think this has been addressed, because I still see the unfixed code in the zip file available for download, so I'd like to point out the fact that there is a critical bug in the uShop change username action.

This affects all current installations of the uStore with this item available for purchase.

The issue is as follows:

The "sanity" check which queries the database to see if a user already exists before accepting a changed username will never find any matches. This is because of the usage of an empty (incorrect) variable in the query.

The result is that any user can change his or her username to that of an existing user.

Note that this does NOT change permissions, so a user changing his name to that of a mod or an admin will not inherit access to those functions.

Here is the fix:

1. Open action.changeusername.php, which is stored in the /uttstore/ directory
2. Change line 5 from:

PHP Code:
$changed $DB_site->query_first("SELECT userid, username FROM ".TABLE_PREFIX."user WHERE username='".addslashes($data)."'"); 
to:

PHP Code:
$changed $DB_site->query_first("SELECT userid, username FROM ".TABLE_PREFIX."user WHERE username='".addslashes($username)."'"); 
Nice catch. $data is used in several functions, but it looks like it shouldn't there.

Fixed for 0.95.
Reply With Quote
  #1176  
Old 06-26-2004, 10:01 PM
GeekyDesigns's Avatar
GeekyDesigns GeekyDesigns is offline
 
Join Date: Mar 2004
Posts: 73
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

PHP Code:
6a9bb87ef571024592ec153b259803a0 
Post created by the GeekyDesigns vB License Verification Hash System.

Hash will be changed regularly.
Reply With Quote
  #1177  
Old 06-26-2004, 10:06 PM
GeekyDesigns's Avatar
GeekyDesigns GeekyDesigns is offline
 
Join Date: Mar 2004
Posts: 73
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

wootage, it worked
Reply With Quote
  #1178  
Old 06-26-2004, 10:16 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

teh woot
Reply With Quote
  #1179  
Old 06-27-2004, 08:42 AM
Taco John Taco John is offline
 
Join Date: Nov 2002
Location: ddddd
Posts: 130
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Question: Can I make this hack so that only certain usergroups can use it?
Reply With Quote
  #1180  
Old 06-27-2004, 10:37 AM
hitmanuk2k hitmanuk2k is offline
 
Join Date: Dec 2002
Location: Durham, England
Posts: 168
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

why is the cost showing up as 0.0 for everything on ushop.php? even though i have it set to larger numbers...
Reply With Quote
  #1181  
Old 06-27-2004, 11:54 AM
b4ne b4ne is offline
 
Join Date: Jun 2004
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi

I have this error that I have no links nowher in my Admin CP or anywhere else on the page, also when I check permission, there is no mention of this .

If I got to the ushop.php page : No Actions found.

Otherwise :
Installation : Manual (did a deinstall and reinstall)

Board vb 3.0.1

Also the very first time I try to connect to ushop.php I get some error in ushop.php on line 144 ?

But this error disapears.

And I wanted to also mention that I run the betting hack.

Any idea ?
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:15 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06064 seconds
  • Memory Usage 2,330KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (5)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (6)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete