The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#11
|
|||
|
|||
OK, then for the password check part you'd want something like:
PHP Code:
I haven't studied the overall approach so I can't say this is going to work, but the password checking part should be close to correct. BTW, I used clean_array_gpc above even though it's cleaning only one input (there is a function to do a single input) because I figure you might have other fields to check. If not, it doesn't really hurt anything. |
#12
|
||||
|
||||
ive made some changes to the template:
HTML Code:
$stylevar[htmldoctype] <html dir="$stylevar[textdirection]" lang="$stylevar[languagecode]"> <head> <title>$vboptions[bbtitle]</title> $headinclude </head> <body> $header $navbar <script type="text/javascript" src="clientscript/vbulletin_md5.js?v=$vboptions[simpleversion]"></script> <form action="ext.php?do=confirmpassword" method="post" onsubmit="hash_passwords(currentpassword, currentpassword_md5)"> <input type="hidden" name="s" value="$session[sessionhash]" /> <input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" /> <input type="hidden" name="currentpassword_md5" /> <input type="password" class="bginput" name="currentpassword" size="50" maxlength="50" /> <div style="margin-top:$stylevar[cellpadding]px"> <input type="submit" class="button" value="$vbphrase[save_changes]" accesskey="s" /> </div> </form> $footer </body> </html> HTML Code:
<script type="text/javascript"> function hash_passwords(currentpassword, currentpassword_md5, newpassword, newpassword_md5, newpasswordconfirm, newpasswordconfirm_md5) { var junk_output; md5hash(currentpassword, currentpassword_md5, junk_output, $show[nopasswordempty]); // do various checks if (newpassword.value != '') { md5hash(newpassword, newpassword_md5, junk_output, $show[nopasswordempty]); } if (newpasswordconfirm.value != '') { md5hash(newpasswordconfirm, newpasswordconfirm_md5, junk_output, $show[nopasswordempty]); } } </script> Code:
<?php error_reporting(E_ALL & ~E_NOTICE); define('NO_REGISTER_GLOBALS', 1); define('THIS_SCRIPT', 'ext'); $globaltemplates = array('ext'); require_once('./global.php'); $navbits[$parent] = 'Ext Page'; $navbits = construct_navbits($navbits); eval('$navbar = "' . fetch_template('navbar') . '";'); eval('print_output("' . fetch_template('ext') . '");'); if ($_POST['do'] == 'confirmpassword'){ $vbulletin->input->clean_array_gpc('p', array( 'currentpassword'=> TYPE_STR )); if (md5(md5($vbulletin->GPC['currentpassword']).$vbulletin->userinfo['salt']) == $vbulletin->userinfo['password']) { exec_header_redirect('yes.php'); } else { exec_header_redirect('no.php'); } } ?> Quote:
|
#13
|
|||
|
|||
Oh, OK, the line that starts eval('print_output... is going to end the script (after outputting the template). You should probably move everything between require_once('./global.php'); and if ($_POST['do'] == 'confirmpassword'){ to the end of the script, since you don't need to output anything if the user gets redirected.
|
#14
|
||||
|
||||
PHP Code:
|
#15
|
|||
|
|||
Hmm...ok, I think you either need to make 'do' a hidden input field, or else change the 'if' in your script to check $_GET['do'] instead of POST.
|
Благодарность от: | ||
Dr.CustUmz |
#16
|
||||
|
||||
AND THE _GET won it lol, i only didnt even bother trying that cause _GET is depricated code, I was trying 10000000 different things along with your suggestions along the way, but i guess since this is all older code it makes since that worked =)
just when i was going to tell you to click the 2nd URL in my sig too lol, shows you my screen --------------- Added [DATE]1424879932[/DATE] at [TIME]1424879932[/TIME] --------------- but now that it works, i cant help but realize how vulnerable it is. Like i said before whats to stop me from just navigating to another directory =/ --------------- Added [DATE]1424880091[/DATE] at [TIME]1424880091[/TIME] --------------- also, thank you kevin again. you've helped me out quite a bit lately and i truly appreciate it |
#17
|
|||
|
|||
Quote:
Quote:
|
#18
|
||||
|
||||
http://php.net/manual/en/reserved.variables.get.php i read that wrong (my bad) lol
and wouldnt local storage or a cookie work for keeping them on that page (redirect to that page no matter what) untill the password was confirmed? or would it have to be sql based? --------------- Added [DATE]1424881325[/DATE] at [TIME]1424881325[/TIME] --------------- and i have an idle timer i created for this already, would it be possible to modify table (0,1 maybe) using this timer Code:
idleTime = 0; $(document).ready(function () { startIdle(); var idleInterval = setInterval(timerIncrement, 1000); $(document).bind( "mousemove keypress", function () { idleTime = 0; }); }); --------------- Added [DATE]1424881481[/DATE] at [TIME]1424881481[/TIME] --------------- i think im on to something with this http://www.9lessons.info/2011/03/liv...-and-ajax.html |
#19
|
|||
|
|||
Quote:
Quote:
Quote:
You'd have to connect to the server when the timer ran out, to a script that did whatever you needed to do to put them in idle mode (unless you go the cookie route, in which case I believe you can write one with js). You could just load a new page when the timer ran out, I think that's easy enough to do. |
#20
|
||||
|
||||
i think im going to go the sql route, this isnt a product for me personally, just some extra security to add to your forum.
It's a little scary route cause im a beginner in real PHP lol vB template php dont really count, and messing with tables is also new to me, although ive done a little before. but i think i can get most of it, and im sure what i cant figure out i'll get resolved one way or another, got this great community and that one Kevin guy who's pretty awesome =) |
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|