This product is different from anything you have seen before, it raises the bar for forums. It will make your forums much more interactive, and also reduce server load.
Technical Details:
If a thread has been posted in X seconds then its now Live, if other users are viewing the Live topic and are on the last page they will experience a clean ajax experience while talking to other members. Once the thread is older than X seconds its no longer Live and it will now act like a normal thread. Also if a user edits one of their posts that's inside of the thread, it will be updated too so there is no longer a reason to ever have to refresh.
There is also logic for the viewer, the viewer of the thread has to be in an active state to see responses. An active user state is determined upon the users actions, if no actions were made in X seconds then the user is marked as inactive.
Also you may wonder why this could save your server bandwidth and CPU. If a user is refreshing to talk to another members the queries on a normal thread load are way more intense than the ajax call that this modification makes. So if you have 5 people talking to each other none of them have to refresh the page, all they are doing is simple page requests and one intense request when there has actual change.
You can test Live Topic with two users, you will see how amaizing this is... And probably spontaneously combust.
One relates to the packed/minified javascript. I want to remove the notice that tells people it's a live topic... or re-format it... it's ugly.
So I'm guessing it's written by the javascript, so I would like to see the unpacked JavaScript to adjust it. OR have the additional notice templated in the vBulletin template system.
Next up is security. I got a few errors through:
PHP Code:
Database error in vBulletin 3.8.1:
Invalid SQL:
SELECT COUNT(*) AS count
FROM vb_post AS post
WHERE
(threadid = 14030
AND visible = 1
AND dateline > 1234287978.:
AND userid != 217)
OR (threadid = 14030
AND visible = 1
AND lastedit > 1234286762);
MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':
AND userid != 217)
OR (threadid = 14030
AND visible = 1
' at line 6
Now where did that come from?
Checking the php source it seems that you just take the POST'd value and put it straight into the MySql script. Is that correct? If so... BIG ++++ING SECURITY HOLE. Because you've just allowed SQL injection.
Could you confirm whether you really are taking $_POST['value'] and using it directly in the SQL, because you REALLY REALLY need to change that before something very bad happens.
What About This, Coders Shack?
Could This Cause Security Problems in Boards and Allow SQL Injection as Mentioned in this Post?
Could This Cause Security Problems in Boards and Allow SQL Injection as Mentioned in this Post?
Is Important to Know the Answer to This !!
It won't. The strigns are escaped, and an attacker won't be able to perform sql-injections.
The error is that the . and : are appended, but they are not harmfull characters.
It could probably be solved by adding int() around the post-variable, or by using the in-built GPC(?) method in vbb
It won't. The strigns are escaped, and an attacker won't be able to perform sql-injections.
The error is that the . and : are appended, but they are not harmfull characters.
It could probably be solved by adding int() around the post-variable, or by using the in-built GPC(?) method in vbb
I Appreciate Your Answer nso. :up:
Could Coders Shack Please Confirm This Answer Provided by nso?
I've Disabled the Product since some days ago Until Coders Shack Answer to that Matter of SQL Injections.
One relates to the packed/minified javascript. I want to remove the notice that tells people it's a live topic... or re-format it... it's ugly.
So I'm guessing it's written by the javascript, so I would like to see the unpacked JavaScript to adjust it. OR have the additional notice templated in the vBulletin template system.
Next up is security. I got a few errors through:
PHP Code:
Database error in vBulletin 3.8.1:
Invalid SQL:
SELECT COUNT(*) AS count FROM vb_post AS post WHERE (threadid = 14030 AND visible = 1 AND dateline > 1234287978.: AND userid != 217) OR (threadid = 14030 AND visible = 1 AND lastedit > 1234286762);
MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ': AND userid != 217) OR (threadid = 14030 AND visible = 1 ' at line 6
Now where did that come from?
Checking the php source it seems that you just take the POST'd value and put it straight into the MySql script. Is that correct? If so... BIG ++++ING SECURITY HOLE. Because you've just allowed SQL injection.
Could you confirm whether you really are taking $_POST['value'] and using it directly in the SQL, because you REALLY REALLY need to change that before something very bad happens.
1.06b will be using GPC,
also if you want to change the text for the notice its a phrase, just go to the phrase manager and search by name "livetopic". I will also be managing all the styling by CSS in 1.06b so you can make it look however you want it to.
I have installed it on vB3.8.0 at http://www.automotiveforums.com/vbulletin/ but the AJAX does not seem to do anything. The LiveTopic image does show up and then disappears after the specified time of inactivity.
Just an update on my problem - it was mod_security. If you have mod_security, then screws with vB's ajax in default settings and needs to be modified to allow vB's files.
Just an update on my problem - it was mod_security. If you have mod_security, then screws with vB's ajax in default settings and needs to be modified to allow vB's files.
where /waht is mod security?
I seem to have the same problem...installed. no errors...
but can't actually get it to do anything when I tested. (same icon appears...but no updates even testing with 2,3,4 ppl)