Go Back   vb.org Archive > vBulletin Modifications > Archive > Modification Graveyard

Reply
 
Thread Tools
Rules and User Agreement Hack Details »»
Rules and User Agreement Hack
Version: 1.1.5, by uae uae is offline
Developer Last Online: Nov 2023 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 3.5.4 Rating:
Released: 10-05-2005 Last Update: 11-08-2005 Installs: 278
DB Changes Uses Plugins Template Edits
Additional Files  
No support by the author.

This modification currently contains a vulnerability. You are hereby advised to disable this modification until such time that the author provides a fix.
- vBulletin.org Staff


Rules and User Agreement Hack-------------------------------------
Hack Version: 1.1.5
vB-version: 3.5
Developer: WwW.UAEWEB.CoM
Install-difficulty: Easy
Port of: https://vborg.vbsupport.ru/showt...threadid=77666

Introduction:
Rules and User Agreement Hack Is an agreement rules systems, that requires user to agree to each individual forum or/and pages rules within the whole board community ?if applicable? prior to permission them to different action (Viewing a Forum, Posting New Thread for the first time, Posting New Thread, Posting Reply).

This will limit the forum breaches that occur often due to unawareness of the rules and agreement. This shall automate the manual procedures that are followed by users to read the ?rules and agreement? and will enforce to some extent the users to be aware of rules in place. Moreover this will eliminate the options of any denial by certain users of not being aware of ?rules and agreements? being in place for the desired forum.

This can also be used as alerts, broadcasts, messages and tutorials? etc to certain individual, multi users or groups.

Features:
  • Unlimited* Rule(s).
  • An Individual Forum can have multi rules agreement.
  • An Individual FILE within your forum can have mutli rules agreement.
  • List All Rules that user has agreed to from his/her profile page "if a url was provided".
  • Edit/Delete Rule(s).
  • Reset Rule(s) Manually or with Cron Job.
  • Rules can use bbcode.
  • Set to show a rule(s) agreement in any selected forum/page (file url) IF:
- User's Usergroup is Y.
- User's Additional Usergroups is Y.
- User's User Id is X.
- User's User Name is XXX.
- User's first time posting a new thread in this forum.
- User's has posts greater than x posts.
- User's has posts less than x posts.
- User's Join Date is After (yyyy-mm-dd).
- User's Join Date is Befor (yyyy-mm-dd).
- User's Last Activiy is After (yyyy-mm-dd).
- User's Last Activiy is Befor (yyyy-mm-dd).
- User's Last Post is After (yyyy-mm-dd).
- User's Last Post is Befor (yyyy-mm-dd).
* Can Use Conditionals.
  • Fully "phrased" so translations are made easy.
Settings in the Admin CP:
  • List Rule(s).
  • Add New Rule(s).
  • Edit / Delete Rule(s).
  • Reset Rule(s).
  • Activate and Inactivate Rule(s)
Screenshots:

See attachments.

Hack Installation Details:

1 Product XML with 3 Plugins, and 45 Phrases

New files for this Hack: 3
/admincp/rulesagreement.php
/includes/cron/cron_ruleshack.php
/includes/xml/cpnav_rulesagreement.xml

New templates for this Hack: 2
ruleshack_rules
ruleshack_rulesbit

File-edits: 0

Template-edits: 1
MEMBERINFO

New DB tables for this Hack: 1
ruleshack

DB Tables modified for this Hack: 1
user

How to Install:
To install this hack, simply download the zip file, Unzip it to a directory on your computer and follow the steps from README.txt

History:
1.0.0
Initial Version for vBulletin 3.5

1.1.0
Added Rule(s) from URL
Fixed typo in Phrase

1.1.1
Fixed bug with new registration
-> to upgrade, import product-rulesagreement.xml and set Allow Overwrite to yes

1.1.2
Fixed bug with Reseting Rules every 12 hours
-> to upgrade, import product-rulesagreement.xml and set Allow Overwrite to yes

1.1.3
Fixed bug with with TABLE_PREFIX missing
-> to upgrade, import product-rulesagreement.xml and set Allow Overwrite to yes


1.1.4
Fixed bug with with Template / memberinfo Agreed Rules List
-> to upgrade, import product-rulesagreement.xml and set Allow Overwrite to yes

1.1.5
Fixed bug with this & this
-> to upgrade, import product-rulesagreement.xml and set Allow Overwrite to yes

PLEASE REMEMBER TO BACKUP BEFORE YOU BEGIN!

If you like this hack, please be kind and click on

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #142  
Old 04-24-2006, 03:52 PM
JD210 JD210 is offline
 
Join Date: Dec 2004
Posts: 69
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by vibe
When I click on agree and submit, browser takes me to this URL

Code:
http://www.agalico.com/php/php.exe?f=65...

Security Alert! The PHP CGI cannot be accessed directly.

This PHP CGI binary was compiled with force-cgi-redirect enabled. This means that a page will only be served up if the REDIRECT_STATUS CGI variable is set, e.g. via an Apache Action directive.
I ran into the exact same problem. Any idea why and what is causing it?
Reply With Quote
  #143  
Old 04-26-2006, 04:58 PM
bashy bashy is offline
 
Join Date: Nov 2005
Posts: 2,544
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi peeps

I appear to have an uncached template for "forumrules"
The only thing that i can think of thats caused this would be this hack perhaps?

Can anyone advise please?
Reply With Quote
  #144  
Old 04-28-2006, 02:08 PM
Rude Awakening Rude Awakening is offline
 
Join Date: Feb 2006
Location: St.Paul Minnesota
Posts: 36
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

UAE if you ever manage to see this I've got a slight problem. I've noticed that some of the other guys have this issue too.

I wanted the Rules hack to only work for the Registered Users and not Guests. I wanted the Guests to freely surf the forums, but once registered, required to accept the Rules.

Right now even a guest is required to accept the hack which is pretty bad for Crawlers and Bots. I might be missing something but until then I'll have to uninstall.

Thanks.

Update:

Although I didnt find a way to solve the problem above, I did find a way around it. Instead of having it show up when "viewing" a thread I switched it to "new thread" and "new reply". Guests cant post replies or new threads on my forums anyways.

Sometimes you just gotta beat the system
Reply With Quote
  #145  
Old 05-04-2006, 01:08 AM
Bubble #5 Bubble #5 is offline
 
Join Date: Apr 2005
Posts: 984
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

How should we fix this?

Instead of becoming part of the Forums and Moderators section, it started its own Forum and Moderators section so now we have two of them showing

How/where do we rename it?
Reply With Quote
  #146  
Old 05-04-2006, 01:20 AM
Bubble #5 Bubble #5 is offline
 
Join Date: Apr 2005
Posts: 984
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What are the two new templates called, and where (what section) can we find them?
Reply With Quote
  #147  
Old 05-04-2006, 11:35 PM
SimCityForum SimCityForum is offline
 
Join Date: Feb 2005
Posts: 19
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I've discovered one can force a SQL error by adding a single quote to an URL for a registration confirmation (e.g. http://gfxcontests.com/register.html?a=act&u=312&i=19120597'). Apparently there isn't an error checking to clean URLs of stray single quotes before passing them into the SQL string to look for rules that belong to said URL.

A full version of the error result is:
Code:
Database error in vBulletin 3.5.3:

Invalid SQL:
SELECT * FROM tblruleshack 
			WHERE (fileurl LIKE 'http://gfxcontests.com/register.html?a=act&u=312&i=19120597'' AND exactmatch = 1 ) 
			OR (fileurl LIKE 'http://gfxcontests.com/register.html%' AND exactmatch = 0 ) AND active = 1 ORDER BY ruleid;

MySQL Error  : You have an error in your SQL syntax.  Check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://gfxcontests.com/register.html%' AND exactmatch = 0 ) AND
Error Number : 1064
Date         : Thursday, May 4th 2006 @ 08:30:57 PM
Script       : http://gfxcontests.com/register.html?a=act&u=312&i=19120597'
Notice how feeding the extra single quote into the URL passes straight into the SQL statement. I could see someone exploiting this to force a SQL injection.

The solution to this error is to find the following statements in the product-rulesagreement.xml file;
Code:
 	 	$ruleneed = $vbulletin->db->query_first("SELECT * FROM " . TABLE_PREFIX . "ruleshack 
			WHERE (fileurl LIKE '" . $urluri . "' AND exactmatch = 1 ) 
			OR (fileurl LIKE '" . $scripturl1 . "%' AND exactmatch = 0 ) AND active = 1 ORDER BY ruleid");
AND

Code:
		$sql = "SELECT * from " . TABLE_PREFIX . "ruleshack 
			WHERE 
			(
			(forumid = $fid)
			OR 
			(fileurl LIKE '" . $urluri . "' AND exactmatch = 1 ) 
			OR 
			(fileurl LIKE '" . $scripturl1 . "%' AND exactmatch = 0 )
			OR 
			(forumid IN ($parents))
			) 
			AND 
			(ruleid not in (" . $vbulletin->userinfo['agreedrule'] . ")) 
			AND 
			active = 1 
			ORDER BY ruleid";
and add the following code above the two statements above:
Code:
 	  	$urluri = addslashes($urluri);
 	  	$scripturl1 = addslashes($scripturl1);
If you have already installed this mod, then use the plugin manager to find "Hook Location : parse_templates" and edit "Rules And User Agreement" to add in the code above.
Reply With Quote
  #148  
Old 05-05-2006, 07:04 AM
bashy bashy is offline
 
Join Date: Nov 2005
Posts: 2,544
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi

Whoopsy, wrong hack
Reply With Quote
  #149  
Old 05-13-2006, 05:45 PM
arossphoto arossphoto is offline
 
Join Date: Jan 2006
Posts: 126
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Is there any way to use this with paid subscriptions, so the user has to agree to my rules regarding cancellations, refunds, etc?

Thanks,

Andrew
Reply With Quote
  #150  
Old 05-13-2006, 06:02 PM
Bubble #5 Bubble #5 is offline
 
Join Date: Apr 2005
Posts: 984
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by arossphoto
Is there any way to use this with paid subscriptions, so the user has to agree to my rules regarding cancellations, refunds, etc?
Ummm... shouldn't that be handled before the initial payment is made?
Reply With Quote
  #151  
Old 05-13-2006, 06:25 PM
arossphoto arossphoto is offline
 
Join Date: Jan 2006
Posts: 126
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Bubble #5
Ummm... shouldn't that be handled before the initial payment is made?
Yes, of course. That's what I'm talking about.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 05:23 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04872 seconds
  • Memory Usage 2,321KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (5)bbcode_code
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (2)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete