Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 2.x > vBulletin 2.x Full Releases

Reply
 
Thread Tools
if() vBCode - Private Post Text Hack Details »»
if() vBCode - Private Post Text Hack
Version: 1.00, by Slynderdale Slynderdale is offline
Developer Last Online: Nov 2023 Show Printable Version Email this Page

Version: 2.2.x Rating:
Released: 02-02-2003 Last Update: Never Installs: 23
 
No support by the author.

Important News: This hack is now out of beta testing and is now in alpha.

What this hack does, is add a if() vB Code where you can enter formulas that if true, the user will be able to see the private text in the post, if it shows up false, its hidden from the users sight. This hack doesnt use any queries at all. Also the if() vB Code also supports other vB Codes inside of it.

The formulas can contain both functions and varibles such as $bbuerinfo[userid] or strtolower(), you can add a list of allowed functions to it and all others functions that arent allowed are removed from the code to prevent security issues.

All security issues and exploits have now been fixed. This hack has settings where you can allow all users to use it or just allow admins to use it. Theres also a setting that you can change to allow admins to see all the private text in posts even if they normaly cant see it.

The code part of the vB Code ( if(code) ) uses the same syntax as php script, so if you wanna check if a varible equals something, you must use == instead of =, also all varibles from $bbuserinfo also have there own varible, what i mean by this is that $bbuserinfo[username] is also $bbusername and $bbuserinfo[posts] is also $bbposts, with these specail varibles, it is optional to add a $ in front of it, so $bbusername and bbusername will both work.

Also theres a feature where admins can see the forumula that was used next to the text "Private Text:", it is shown is (code used here), other members will just see "Private Text:".

Examples of the If() vB Code:
[if($bbuserid>0)]Thank you for joining![/if]
[if(bbuserid>0)]Thank you for joining![/if]

[if($bbusername=="Admin")]Whats up?[/if]
[if(bbusername=="Admin")]Whats up?[/if]

[if($ourtimenow>=$post[dateline]+((7*24)*60*60))]Text To Display 1 week from this post[/if]

[if(bbuserid>0 and bbposts>100)]Keep up the posting [/if]

[if(bbusergroupid==6 or bbusergroupid==7)]Important Text[/if]



Important: New Update as of March 16th
I recoded the doif function and fixed it up and added editable options for and also a bug that Nuclion encountered:
Admin Only
Admin can read all private text
Allowable functions that you can use
Certain accounts that can see all the private texts
Admins allowed to use all php functions

https://vborg.vbsupport.ru/showthrea...167#post367167
The text below already contains the fix.

Important: New Update as of February 8th
I fixed a bug, that when you search your forums, the if() tag shows even if you cant view it.

https://vborg.vbsupport.ru/showthrea...808#post351808
The text below already contains the fix.

Also I hope you enjoy the hack, If you have any problems, ideas, or just feedback, feel free to post.

Screenshots:
Heres a screenshot of a test post I did with the if() vB Code, the user who made the post can see all the private text in the post by default.
https://vborg.vbsupport.ru/attachmen...&postid=350154
(Note: The private text table can esily be edited in the "privatetext_style" style in headinclude after the hack is installed:

Heres a screen shot of the same post but after I logged out, so this is what the guest would see.
https://vborg.vbsupport.ru/attachmen...&postid=350155

I only have one request if you install this hack, please click Install, Thank You.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #42  
Old 02-06-2003, 12:37 AM
Slynderdale Slynderdale is offline
 
Join Date: Mar 2002
Location: New York State
Posts: 576
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by Erwin
This is great work. Well done! Obviously, use it with care - I would restrict this only for yourself - too easy to be abused or cause db errors by accident.
Thanks, I fixed the problem with db base "accidents" and so on, all functions except the ones you allow get removed so there are no security issues unless you allow it, also if some one enters a code with incorrest parsing, it wont show an error on the screen, at the moment when you first install it, you or users (if you have admin only set to false) will only be able to use trim(), strtoupper() and strtolower() in the code section, all other functions gets removed, you can change which are alwoed in the allowed_functions array.
Reply With Quote
  #43  
Old 02-07-2003, 12:28 PM
rjpa rjpa is offline
 
Join Date: Aug 2002
Posts: 38
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Is the threads post #1 the new updated code and is it safe to use?
Reply With Quote
  #44  
Old 02-07-2003, 09:48 PM
squawell's Avatar
squawell squawell is offline
 
Join Date: Oct 2001
Posts: 681
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

i get error when i edit post and the error line is

$postinfo[message]=trim(preg_replace("/(\[)(if)(\()(.*)(\))(])(\r\n)*(.*)(\[\/if\])/esiU","doif('\\4','\\8','1')",$postinfo[message]));

any idea??
Reply With Quote
  #45  
Old 02-08-2003, 09:13 AM
Slynderdale Slynderdale is offline
 
Join Date: Mar 2002
Location: New York State
Posts: 576
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by squawell
i get error when i edit post and the error line is

$postinfo[message]=trim(preg_replace("/(\[)(if)(\()(.*)(\))(])(\r\n)*(.*)(\[\/if\])/esiU","doif('\\4','\\8','1')",$postinfo[message]));

any idea??
What error do you get?
Reply With Quote
  #46  
Old 02-08-2003, 09:17 AM
Slynderdale Slynderdale is offline
 
Join Date: Mar 2002
Location: New York State
Posts: 576
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by rjpa
Is the threads post #1 the new updated code and is it safe to use?
Yes, the first post's attachment contains the code, and this is now safe to use if you let users use it or not.
Reply With Quote
  #47  
Old 02-08-2003, 12:20 PM
squawell's Avatar
squawell squawell is offline
 
Join Date: Oct 2001
Posts: 681
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by Slynderdale


What error do you get?
so strange.....now it work....i dont know what happen last night?

but here is another problem i use this

[if($bbusergroupid==6)]XXX[/if] want show to this group member

only....but...when i use normal account(groupid=2)..and it can see

the text....so what happen???(it works perfect to guest...)

by the way...if someone use the [if] code when use search

function it can be see or not??...hope u know poor english...
Reply With Quote
  #48  
Old 02-08-2003, 01:09 PM
Slynderdale Slynderdale is offline
 
Join Date: Mar 2002
Location: New York State
Posts: 576
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by squawell

so strange.....now it work....i dont know what happen last night?

but here is another problem i use this

[if($bbusergroupid==6)]XXX[/if] want show to this group member

only....but...when i use normal account(groupid=2)..and it can see

the text....so what happen???(it works perfect to guest...)

by the way...if someone use the [if] code when use search

function it can be see or not??...hope u know poor english...
The code bit in the if() tag is the same as normal php, so if your checking 2 things like the user group use ==, using just one = would be equal to:
$bbusergroupid=6;
in php, instead of checking it, it sets the varible.

Hmmm, thanks for reminding me about search, ill make a fix for it so if there not allowed to see it they wont and so on.
Reply With Quote
  #49  
Old 02-08-2003, 01:36 PM
Slynderdale Slynderdale is offline
 
Join Date: Mar 2002
Location: New York State
Posts: 576
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Search bug fix:

*************************************
In file "search.php":
*************************************

*****************
find:
*****************
PHP Code:
    $sql="
    SELECT
      post.postid,post.title AS posttitle,post.dateline AS postdateline,post.userid AS postuserid,post.iconid AS posticonid,LEFT(post.pagetext,250) AS pagetext,
      thread.threadid,thread.title AS threadtitle,thread.iconid AS threadiconid,thread.replycount,thread.views,thread.pollid,thread.open,thread.lastpost,
      forum.forumid,forum.title AS forumtitle,forum.allowicons,user.username
      IF(post.title='',LEFT(post.pagetext,50),post.title) AS posttext,
      IF(post.userid=0,post.username,user.username) AS usrname,
      posticon.iconpath AS posticonpath,posticon.title AS posticontitle,
      threadicon.iconpath AS threadiconpath,threadicon.title AS threadicontitle
    FROM
      post"
.iif(strpos($search[query],"searchindex")>0,",searchindex","").",thread
    LEFT JOIN forum ON forum.forumid=thread.forumid
    LEFT JOIN user ON user.userid=post.userid
    LEFT JOIN icon AS threadicon ON thread.iconid=threadicon.iconid
    LEFT JOIN icon AS posticon ON post.iconid=posticon.iconid
    WHERE
      
$postids AND thread.threadid=post.threadid
    ORDER BY
      
$orderbysql";

    
$searchtemplatebit "searchresultbit";
  }

  
$searchresults=$DB_site->query($sql); 
*****************
replace it with:
*****************
PHP Code:
    $sql="
    SELECT
      post.postid,post.title AS posttitle,post.dateline AS postdateline,post.userid AS postuserid,post.iconid AS posticonid,LEFT(post.pagetext,250) AS pagetext,
      thread.threadid,thread.title AS threadtitle,thread.iconid AS threadiconid,thread.replycount,thread.views,thread.pollid,thread.open,thread.lastpost,
      forum.forumid,forum.title AS forumtitle,forum.allowicons,user.username,user.usergroupid,
      IF(post.title='',LEFT(post.pagetext,50),post.title) AS posttext,
      IF(post.userid=0,post.username,user.username) AS usrname,
      posticon.iconpath AS posticonpath,posticon.title AS posticontitle,
      threadicon.iconpath AS threadiconpath,threadicon.title AS threadicontitle
    FROM
      post"
.iif(strpos($search[query],"searchindex")>0,",searchindex","").",thread
    LEFT JOIN forum ON forum.forumid=thread.forumid
    LEFT JOIN user ON user.userid=post.userid
    LEFT JOIN icon AS threadicon ON thread.iconid=threadicon.iconid
    LEFT JOIN icon AS posticon ON post.iconid=posticon.iconid
    WHERE
      
$postids AND thread.threadid=post.threadid
    ORDER BY
      
$orderbysql";

    
$searchtemplatebit "searchresultbit";
  }

  
$searchresults=$DB_site->query($sql); 
*****************
find:
*****************
PHP Code:
        // get first 100 chars of page text
        
if (strlen($searchresult[pagetext])>200) {
          
$spacepos=strpos($searchresult[pagetext]." "," ",200);
          if (
$spacepos!=0) {
            
$searchresult[pagetext]=censortext(substr($searchresult[pagetext],0,$spacepos))."...";
          }
        } 
*****************
above it add:
*****************
PHP Code:
$searchresult['pagetext']=trim(preg_replace("/(\[)(if)(\()(.*)(\))(])(\r\n)*(.*)(\[\/if\])/esiU","doif('\\4','\\8','1')",$searchresult['pagetext'])); 
*************************************
In file "admin/functions.php":
*************************************

*****************
find:
*****************
PHP Code:
  $postadmin false;
  if (
$post['usergroupid']==or $postinfo['usergroupid']==6)  $postadmin true
*****************
replace it with:
*****************
PHP Code:
  $postadmin false;
  if (
$post['usergroupid']==or $postinfo['usergroupid']==or $searchresult['usergroupid']==6)  $postadmin true

I also added the fix into the install instructions in the first post.
Reply With Quote
  #50  
Old 02-08-2003, 01:49 PM
Slynderdale Slynderdale is offline
 
Join Date: Mar 2002
Location: New York State
Posts: 576
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If any one else has any more problems, comments, ideas and so on, feel free to post them and ill see what I can do.

Also there is a bug, that NuclioN showed me where the code bit wasn't evaluating correctly and it showed the text to every one, this is rare, this bug doesn't happen to every one, just a rare few, if you experience this bug, please post about it, currently I'm still trying to find out what's wrong, I think it might be because of another hack they installed and is interfering with this one.

Also if you experience this bug, tell me if you have Logicians dynamic announcement hack installed or not. I think that might be the cause of the problem.
Reply With Quote
  #51  
Old 02-12-2003, 01:44 PM
NuclioN's Avatar
NuclioN NuclioN is offline
 
Join Date: Aug 2002
Posts: 955
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I've removed the dynamic announcement but with all the possible codes, all usergroups can see the priv message.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:59 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04688 seconds
  • Memory Usage 2,336KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (6)bbcode_php
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete