Well the most common mistake i made when i was new to install hacks was when it was long lines of code which performed a query.
Many hacks require you to edit the same line and add little fractions to it.
Ok so lets start out with a fresh install.
We install just a part of the 'away user hack'.
The instructions want us to replace this in user.php:
PHP Code:
$DB_site->query("UPDATE user SET birthday='$birthday',options='$options',usergroupid='$usergroupid',username='".addslashes(htmlspecialchars($ausername))."'$pwdinclude,email='".addslashes(htmlspecialchars($email))."',styleid='$userstyleid',parentemail='".addslashes(htmlspecialchars($parentemail))."',coppauser=$coppauser,homepage='".addslashes(htmlspecialchars($homepage))."',icq='".addslashes(htmlspecialchars($icq))."',aim='".addslashes(htmlspecialchars($aim))."',yahoo='".addslashes(htmlspecialchars($yahoo))."',signature='".addslashes($signature)."',adminemail=$adminemail,showemail=$showemail,invisible=$invisible,usertitle='".addslashes($usertitle)."',customtitle=$customtitle,joindate=$joindate,cookieuser=$cookieuser,nosessionhash=$nosessionhash,daysprune='$daysprune',lastvisit=$lastvisit,lastactivity=$lastactivity,lastpost=$lastpost,posts='$posts',timezoneoffset='$timezoneoffset',emailnotification=$emailnotification,receivepm='$receivepm',emailonpm='$emailonpm',ipaddress='".addslashes($aipaddress)."',pmpopup=IF(pmpopup=2 AND $pmpopup=1,pmpopup,'$pmpopup') WHERE userid=$userid");
With this:
PHP Code:
$DB_site->query("UPDATE user SET away='$away',awaydate=$awaydate,returndate='$returndate',awayreason='".addslashes(htmlspecialchars($awayreason))."',birthday='$birthday',options='$options',usergroupid='$usergroupid',username='".addslashes(htmlspecialchars($ausername))."'$pwdinclude,email='".addslashes(htmlspecialchars($email))."',styleid='$userstyleid',parentemail='".addslashes(htmlspecialchars($parentemail))."',coppauser=$coppauser,homepage='".addslashes(htmlspecialchars($homepage))."',icq='".addslashes(htmlspecialchars($icq))."',aim='".addslashes(htmlspecialchars($aim))."',yahoo='".addslashes(htmlspecialchars($yahoo))."',signature='".addslashes($signature)."',adminemail=$adminemail,showemail=$showemail,invisible=$invisible,usertitle='".addslashes($usertitle)."',customtitle=$customtitle,joindate=$joindate,cookieuser=$cookieuser,nosessionhash=$nosessionhash,daysprune='$daysprune',lastvisit=$lastvisit,lastactivity=$lastactivity,lastpost=$lastpost,posts='$posts',timezoneoffset='$timezoneoffset',emailnotification=$emailnotification,receivepm='$receivepm',emailonpm='$emailonpm',ipaddress='".addslashes($aipaddress)."',pmpopup=IF(pmpopup=2 AND $pmpopup=1,pmpopup,'$pmpopup') WHERE userid=$userid");
Ok that's not hard because what we need to replace will be there because the hack is made for a fresh install.
The problem comes when we have to edit that line again and it's different to the instructions. Most people will just look at the first 10 characters of that line and say well i should just replace it. Now if you do your 'away user hack' won't work.
Here's an example in the 'contributor lable' hack. It wants us again to replace this line in user.php:
PHP Code:
$DB_site->query("UPDATE user SET birthday='$birthday',options='$options',usergroupid='$usergroupid',username='".addslashes(htmlspecialchars($ausername))."'$pwdinclude,email='".addslashes(htmlspecialchars($email))."',styleid='$userstyleid',parentemail='".addslashes(htmlspecialchars($parentemail))."',coppauser=$coppauser,homepage='".addslashes(htmlspecialchars($homepage))."',icq='".addslashes(htmlspecialchars($icq))."',aim='".addslashes(htmlspecialchars($aim))."',yahoo='".addslashes(htmlspecialchars($yahoo))."',signature='".addslashes($signature)."',adminemail=$adminemail,showemail=$showemail,invisible=$invisible,usertitle='".addslashes($usertitle)."',customtitle=$customtitle,joindate=$joindate,cookieuser=$cookieuser,nosessionhash=$nosessionhash,daysprune='$daysprune',lastvisit=$lastvisit,lastactivity=$lastactivity,lastpost=$lastpost,posts='$posts',timezoneoffset='$timezoneoffset',emailnotification=$emailnotification,receivepm='$receivepm',emailonpm='$emailonpm',ipaddress='".addslashes($aipaddress)."',pmpopup=IF(pmpopup=2 AND $pmpopup=1,pmpopup,'$pmpopup') WHERE userid=$userid");
With this:
PHP Code:
$DB_site->query("UPDATE user SET birthday='$birthday',options='$options',usergroupid='$usergroupid',username='".addslashes(htmlspecialchars($ausername))."'$pwdinclude,email='".addslashes(htmlspecialchars($email))."',styleid='$userstyleid',parentemail='".addslashes(htmlspecialchars($parentemail))."',coppauser=$coppauser,homepage='".addslashes(htmlspecialchars($homepage))."',icq='".addslashes(htmlspecialchars($icq))."',aim='".addslashes(htmlspecialchars($aim))."',yahoo='".addslashes(htmlspecialchars($yahoo))."',signature='".addslashes($signature)."',adminemail=$adminemail,showemail=$showemail,invisible=$invisible,usertitle='".addslashes($usertitle)."',customtitle=$customtitle,joindate=$joindate,cookieuser=$cookieuser,nosessionhash=$nosessionhash,daysprune='$daysprune',lastvisit=$lastvisit,lastactivity=$lastactivity,lastpost=$lastpost,posts='$posts',timezoneoffset='$timezoneoffset',emailnotification=$emailnotification,receivepm='$receivepm',emailonpm='$emailonpm',ipaddress='".addslashes($aipaddress)."',donator='$donation',pmpopup=IF(pmpopup=2 AND $pmpopup=1,pmpopup,'$pmpopup') WHERE userid=$userid");
But because we've edited that line of code for another hack it isn't there. This leads many people to go into the support thread and say i haven't got that line of code in my user.php
Well in fact you have but it's slightly changed.
So what we do is look at the code that needs to be changed and we'll look up the line until we find what's different. Here's the code that was added to that line for the away hack:
So what we do is ignore this line of code and see what's different in the other hack:
PHP Code:
donator='$donation',
So we see where the bit of code was added after in the line which was:
PHP Code:
ipaddress='".addslashes($aipaddress)."',
Then we add the relevent code after it. And your final line of code should look like this:
PHP Code:
$DB_site->query("UPDATE user SET away='$away',awaydate=$awaydate,returndate='$returndate',awayreason='".addslashes(htmlspecialchars($awayreason))."',birthday='$birthday',options='$options',usergroupid='$usergroupid',username='".addslashes(htmlspecialchars($ausername))."'$pwdinclude,email='".addslashes(htmlspecialchars($email))."',styleid='$userstyleid',parentemail='".addslashes(htmlspecialchars($parentemail))."',coppauser=$coppauser,homepage='".addslashes(htmlspecialchars($homepage))."',icq='".addslashes(htmlspecialchars($icq))."',aim='".addslashes(htmlspecialchars($aim))."',yahoo='".addslashes(htmlspecialchars($yahoo))."',signature='".addslashes($signature)."',adminemail=$adminemail,showemail=$showemail,invisible=$invisible,usertitle='".addslashes($usertitle)."',customtitle=$customtitle,joindate=$joindate,cookieuser=$cookieuser,nosessionhash=$nosessionhash,daysprune='$daysprune',lastvisit=$lastvisit,lastactivity=$lastactivity,lastpost=$lastpost,posts='$posts',timezoneoffset='$timezoneoffset',emailnotification=$emailnotification,receivepm='$receivepm',emailonpm='$emailonpm',ipaddress='".addslashes($aipaddress)."',donator='$donation',pmpopup=IF(pmpopup=2 AND $pmpopup=1,pmpopup,'$pmpopup') WHERE userid=$userid");
And there we go. We've managed to get past one of the most commonest mistakes when editing your long query lines.
LOL! Great tip Mist. You would hope that someone who is brave enough to hack into his forum program files would be smart enough to work this out for himself like most of us when we first started hacking.
I think he means if we're already brave enough to hack our own boards, we know how to do this anyway.
That's not quite true though.
Here's another common tip for newbie hackers, too.
When you are asked to 'find', sometimes for example it asks you to find:
PHP Code:
$variable = "THIS TEXT";
However, sometimes it uses apostrohpes instead of quotes. So instead of ", it might be '. Example, what you need to find instead is:
PHP Code:
$variable = 'THIS TEXT';
This can be quite tricky and doesn't happen often, but it's worth a try if you can't find it.
Dave.
PS: - Mist ): I've done both a few times now , thanks for releasing.
I've found that making a copy of the the original query, and commenting it out first, and then adding the new hacked lines to another copy of the query ... to be a good way to revert back to the original from all of your hacked php files.
This might make the fils much bigger but at least you know that you can revert your board back to it's original state. Make sure that you add a comment line that describes that this is the original "un-hacked" block of code.
01-02-2003, 10:00 PM
01-18-2003, 10:55 AM
, thanks for releasing.
