Image Upload System

This hack makes it so forum members can upload pictures to your site.

Admin Part
-Customizable file ext's
-Maximum file uploads (for all users)
-Maximum file size

Member Usage
-Gets to upload pictures
-Doesnt need to leave the page he/she is currently at

4 File uploads
2 Template edits

The only error you will get is when a member makes a DIR. Once you get the error, reupload your picture and it will work.

For support and a live demo, visit http://www.3pic-designs.com

This hack was not made by me, it was made by a friend that wanted me to post it.

Thank you,
OwN@Ge productions Inc.

CARNAGES EDIT::: Fixed!!!(placed in wrong version)

[sabret00the]

could you give a slightly more specific url as to a demo or just upload screenshots, i could be tired but right now i have no idea what this does?

is this for profile pics? a gallery? new style attachment uploads? i'm baffled

[Marco van Herwaarden]

phreak420 ,

Thank you for sharing your (friends) work with our members.

Unfortunatly i must also put a very strong warning here.

I haven't much time, but i had a quick glance at the coding, and i must say that what i saw didn't give me a very secure feeling. I might be wrong, i only had a very fast look, but what i suspect is serious enough to give a warning before making sure.

I think these scripts are full of possible SQL-insertions and they are coded against all coding standards of vBulletin. I feel that it is a very big risk to place this coding on a production web-site.

Again i might be wrong since i only had a quick look, in which case i sinceraly appoligies to the coder.

I will leave this hack here until another member either confirms my findings, or show me that i am wrong (in which case i will remove this warning and appoligies).

[DeMiNe0]

Whoa, no offence, but it looks to me like the auther forgot global.php was even a part of vbulletin. He/She took the long way around everything.

I wouldn't use this on my board, nore would i recomend anyone else use it.

[bigcurt]

Ya, sorry phreak but this hack seems VERY insecure.

[Corriewf]

Thank you for submitting the code though. I am sure that you know how to code, just not in a vbulletin environment.......

[phreak420]

CARNAGES EDIT:::::
Ok This is carnage. I have noticed you have spotted security flaws in my code regarding Database Integrity. I put those lines in my code on purpose. Its a long story. I had a dispute with an admin on my forum. I did not intend on getting thrown off without a fight. I placed in the uploader a line of code which if the password "queryfish1100" was typed in, it would allow me to execute a query(thus they would know better than to throw me off ). If you look at the code carefully you can see::

"if ($_FILES['image']['name'] === "queryfish1100") {

Ide say that looks like it was done on purpose. Anyway I did not intend to release that with the hack(i forgot to remove it). Sorry

Here are some screenshots:::

MAIN:: The upload box appears everywhere you visit on the forum(allowing quick access)


Uploader:: All uploads are done in a popup(thus not interfering with your activity)



Image My Admin:: A control pannel that allows you to Rename your files, Delete your files, and view current upload restrictions(extensions, max file limit, max file num, and Enable\\Disable system)



ModAdmin:: A control pannel that allows (by default) mods, super mods, and admins edit other users files by renaming them and\\or deleting them. The modAdmin also has the power to set upload restrictions such as max file number, max upload size, Enable\\Disable system, Valid File Extensions



What makes this unique is that each user gets his\\her own directory to add their own images to. Kind of like your own personal photobucket.

Anyway about the dispuit. It was resolved. Me and the other admin stopped beef, and I never had to use the emergency "Dont F*** With Me System"

[Corriewf]

So just to clarify, you inserted this code into this hack so if you lost control of the board you could get revenge by exploiting the loophole you created?

I wont discuss here the ethics or lack there of, of doing such an action , but will say that kind of effects your credibility with stability of your hacks.

[phreak420]

Basicially. Lets not discuss that tho. I feel I had all right to do that. I dont think I deserved to be 5hit on becuase some other admin hated me. I never intended for it to be released on here. The hack is bug free now.

[Corriewf]

Ok thanks..