Go Back   vb.org Archive > vBulletin Modifications > vBulletin 4.x Modifications > vBulletin 4.x Add-ons

Reply
 
Thread Tools
Private Messages & Email Log Details »»
Private Messages & Email Log
Version: 3.1, by Vitaly Vitaly is offline
Developer Last Online: Jul 2014 Show Printable Version Email this Page

Category: Administrative and Maintenance Tools - Version: 4.0.x Rating:
Released: 06-24-2010 Last Update: 03-20-2011 Installs: 199
DB Changes Uses Plugins Auto-Templates
Re-useable Code Additional Files  
No support by the author.

Port of vb.3.8 version

Features:
  1. Log all PM and Emails, sent via forum forms.
  2. Keep logs in separate table with automatic rotation of old records.
  3. Add new menu items in topics and profiles for fast access.
  4. Have nice dynamic menus in search results for cross-searches
  5. Managed access for administrators (except superadmins)
How to install
  1. Upload files to your server
  2. Import product xml
  3. Go to ACP
  4. Select required settings in ?Vbulletin options → Private Message Log?
  5. Set access ?Can view PM logs? to necessary members in ?Usergroups → Administator Permissions?. Super administrators can be skipped.
Notes:

This mod uses full scan for text searches, that can affect SQL-server load at really big boards. Fulltext indexes are not used intentionally, because whose can't produce sharp results and not compatible with innodb. I suppose, that if you really need this mod, you know exactly, what are you doing and what are you going to search. In my practice, ONLY exact matches were useful.

One of tradeoff to reduce SQL-server load ? make log size shorter (1-2 months instead of 6). When vB 4.0 provides refactored search framework, search method can be rewritten.

If you install this mod on your server, i recommend to clarify forum rules, and add text, that your project doesn't provide the ways of confidential communication ? only public and non public.

This mod is developped here http://github.com/rcdesign/vb-pm_log . Patches are welcome.

history

3.1
- fixed specialchars in SQL search request. Thanks to mplode

3.0
- refactoring + some fixes
- separate fields for nick & text in search form

2.5
- ported to vb4
...

2.2
- Redesigned database to improve search/paging in some cases
- Should fix conflicts with other mods, that where reported in this threads
- Sources repo is now @ github

... (not public)

1.9
- Ups... another broken link (from message list to user profiles)
- Fixed access for non superadmins, who had "Read PM Log" privilegies.

1.8
- fixed broken link in ACP popup menu
- workaround to show smiles and bbcodes

1.7
- fixed some sql-error

1.6
- first public release

Download Now

File Type: zip vb-pm_log-2.5.zip (12.0 KB, 446 views)
File Type: zip vb-pm_log-3.0.zip (11.5 KB, 210 views)
File Type: zip vb-pm_log-3.1.zip (11.6 KB, 810 views)

Screenshots

File Type: gif pm_admin.gif (23.2 KB, 0 views)
File Type: gif pm_admin2.gif (24.5 KB, 0 views)
File Type: png pm_menu1.png (22.2 KB, 0 views)
File Type: png pm_menu2.png (38.1 KB, 0 views)
File Type: gif pm_perm.gif (7.9 KB, 0 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Благодарность от:
santor

Comments
  #42  
Old 01-07-2011, 02:53 PM
Vitaly's Avatar
Vitaly Vitaly is offline
 
Join Date: Apr 2004
Location: Russia, St.Petersburg
Posts: 428
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

TimesOut, Britmovies,

Checks, that you have uploaded source files to server, and set ptoper permission. That file exists in archive.
Reply With Quote
  #43  
Old 01-15-2011, 12:32 PM
Paul. Paul. is offline
 
Join Date: Mar 2007
Location: ?ire
Posts: 78
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Since it has been updated after I installed it, is it necessary to download and replace all the files again? Is that how you do it? Download it again as if you never had it and let it replace what is there already?
Reply With Quote
  #44  
Old 01-19-2011, 03:49 AM
Vitaly's Avatar
Vitaly Vitaly is offline
 
Join Date: Apr 2004
Location: Russia, St.Petersburg
Posts: 428
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yes, all files have been changed. You have to reupload all (override old ones, if any).
Reply With Quote
  #45  
Old 02-22-2011, 09:12 AM
mplode mplode is offline
 
Join Date: Jan 2011
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Invalid SQL:
Code:
SELECT DISTINCT  COUNT(cr.logid) AS count
               FROM((SELECT
                       pm.logid AS logid
                   FROM
                       rcd_log_pm AS pm
                   WHERE
                fromusername = 'Qui's World' ) UNION (SELECT
                       pm.logid AS logid
                   FROM
                       rcd_log_pm AS pm
                   WHERE
                tousername = 'Qui's World' )) AS cr;
Got a bit of an SQL injection going there. Might want to fix that.

edit: two actually. You need to sanitize $user_name

Additionally, there's XSS on the search fields. You need to sanitize those for HTML usage as well. And everywhere where it lists usernames.
Reply With Quote
  #46  
Old 02-22-2011, 01:22 PM
Vitaly's Avatar
Vitaly Vitaly is offline
 
Join Date: Apr 2004
Location: Russia, St.Petersburg
Posts: 428
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Try the latest version frim github

https://github.com/shkuropat/vb-pm_log

Updated nick escapeing.
Reply With Quote
  #47  
Old 02-22-2011, 11:50 PM
mplode mplode is offline
 
Join Date: Jan 2011
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks for the quick response! I have some remarks, however.

Why are you applying htmlspecialchars_uni() to the usernames before using them in the query? That should be unnecessary and in fact will probably cause problems with users who have <>& or similar signs in their usernames. $db->escape_string() should be enough there.

Code:
    print_input_row($vbphrase['username'], 'username', $user_name, false);
    print_input_row($vbphrase['keywords'], 'keywords', $search_keywords, false);
in these lines, you have not yet sanitized the HTML on the other hand;
Code:
    print_input_row($vbphrase['username'], 'username', htmlspecialchars_uni($user_name), false);
    print_input_row($vbphrase['keywords'], 'keywords', htmlspecialchars_uni($search_keywords), false);
And I think you need to sanitize the username in the search results etc. as well. In case someone has a username like "<script>alert(1)</script>" or "<!--" or something.
Reply With Quote
  #48  
Old 02-23-2011, 03:42 AM
Vitaly's Avatar
Vitaly Vitaly is offline
 
Join Date: Apr 2004
Location: Russia, St.Petersburg
Posts: 428
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You could check on real data fist. Nicks in db are html-escaped.
Reply With Quote
  #49  
Old 03-05-2011, 06:45 PM
mplode mplode is offline
 
Join Date: Jan 2011
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ah. Yeah, I wasn't too sure about that one.
Reply With Quote
  #50  
Old 03-10-2011, 08:06 AM
RedHacker RedHacker is offline
 
Join Date: Jan 2009
Posts: 878
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Fatal error: Call to undefined function rcd_pm_log_CacheTemplates() in /home/xxxxxxx/public_html/includes/class_bootstrap.php(1312) : eval()'d code on line 363

I cant use anything with update
Reply With Quote
  #51  
Old 03-21-2011, 03:44 PM
Vitaly's Avatar
Vitaly Vitaly is offline
 
Join Date: Apr 2004
Location: Russia, St.Petersburg
Posts: 428
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Updated version to fix bug with SQL, reported by mplode.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:16 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.12401 seconds
  • Memory Usage 2,340KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (3)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (11)post_thanks_box
  • (1)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (8)postbit_attachment
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete