The Arcive of Official vBulletin Modifications Site.

About Developer · **Released**: 08-18-2001

HackVersion: BETA 2.1

German:

Mit diesem Hack k?nnt ihr ein Board mit einem Passwortschutz versehen.
Das Passwort wird im Adminbereich unter:

Forums and Moderators
--> modify
---> das board w?hlen

eingegeben.

Dieser Hack ist erst einmal eine BETA. In der Endversion Soll der Hack sollen die gesch?tzten Beitr?ge auch nicht von einem unberechtigten ?ber die Suchfunktion
gefunden werden k?nnen und man soll auch den Zugriff auf die gesch?tzten Boards selbst wieder (als normaler member) aufheben k?nnen.

Hack ansehen:
Gesch?tztes Board:
http://www.the-afterburner.com/vbull...?s=&forumid=30
Ein Topic in diesem Board:
http://www.the-afterburner.com/vbull...&threadid=1029

Der Hack im Anhang ist in Deutsch

English:

You can make a board password protected with this hack.
You can insert the password here:

Forums and Moderators
--> modify
---> choose a board

Remember this is only a BETA

suggestion for the final:
- no matches in the searchengine if a board is protected and the member hasn?t access to this board
- unsubscribe a access to a password protected board

Sorry for my english

see this hack in action:
protected board:
http://www.the-afterburner.com/vbull...?s=&forumid=30
a topic in a protected board:
http://www.the-afterburner.com/vbull...&threadid=1029

the hack in the attachment is in german the english version is below in a reply.

@ VB Support

If you want to use this Hack in your next version - you can do this

UPDATED 30.08.2001 to BETA 2.1

Afterburner · #12 08-30-2001, 02:59 PM

@ pipi

What kind of error ? I need the error message.
I dont have this problem on my board

pipi · #13 08-30-2001, 03:07 PM

Quote:

Originally posted by Afterburner
@ pipi

What kind of error ? I need the error message.
I dont have this problem on my board

error message as below, thanks

Database error in vBulletin: Invalid SQL: UPDATE userfield SET userspezial43=1
WHERE userid='2'
mysql error: Unknown column 'userspezial43' in 'field list'
mysql error number: 1054
Date: Thursday 30th of August 2001 12:29:46 AM
Script: /forums/forumdisplay.php

Afterburner · #14 08-30-2001, 06:10 PM

ok, here is the fix:

open the user.php from your admin folder, look for this code:

PHP Code:


			
$sql = "";

  $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");

  while ($profilefield=$DB_site->fetch_array($profilefields)) {

    $varname="field$profilefield[profilefieldid]";

    $sql.=",'".addslashes($$varname)."'";

  }

  $DB_site->query("INSERT INTO userfield VALUES ($userid$sql)");



  $action="modify";



  echo "<p>Record added</p>";



}

and replace the code with this code:

PHP Code:


			
$sql = "";

  $userfieldsnames="(userid";

  $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");

  while ($profilefield=$DB_site->fetch_array($profilefields)) {

      $userfieldsnames.=",field$profilefield[profilefieldid]";

    $varname="field$profilefield[profilefieldid]";

    $sql.=",'".addslashes($$varname)."'";

  }

    $userfieldsnames.=')';

  $DB_site->query("INSERT INTO userfield $userfieldsnames VALUES ($userid$sql)");



  $action="modify";



  echo "<p>Record added</p>";



}

Afterburner · #15 08-30-2001, 06:26 PM

I uploaded the new version, if you have installed BETA 2 you can update with the steps in the post before

#16 08-31-2001, 08:06 PM

Hmmm slight prob i've added the hack without any errors, i ran the passwordhack.php first and deleted it after. and it said that it had completed the tables and to carry on with the Hack itself, so now i've finished it the board looks no different at all ????? there's no options in the control panel that i can see where you enter the password ?? Or an i missing something here

)))))))

Kengan · #17 08-31-2001, 10:01 PM

any demo please ! thanks !

#18 08-31-2001, 10:18 PM

there's a demo on the first Post

and that's what i can't see

Afterburner · #19 09-02-2001, 09:06 AM

go to your control panel
click on modify (Forums and Moderators)
choose a board and insert a password, up to now this board is password protected

#20 10-24-2001, 06:01 AM

Is it just me or is this the most un-secure password protect set-up around?

Please don't think me rude.......I installed this and there are holes everywhere.

First of all I have vbportal installed. Understandably....this was not written to accomidate that but aside fro those holes in the vb forum itself there is the link at the top of the main forum page "Active Posts" (or something like that).........then there is the little button by the membername in the table on the main forum page for "last post" (or something).....then there is the search feature.......do a search on the membername you see as the last poster in the forum nad with the results you are in......plus...once someone gets in.....if they never log out.....you can't get them out.....they will be able to waltz right in without any logins or anything.....and let's not forget about clicking on the membername of the last poster on the front of that forum and in his profile there is the link to a post inside and you are in again.

Is there any updates to this hack that will close all these holes?

I really want this to work because I don't want to make the forum private...it is too much work to add all the names

Thanks in advance....drives

Afterburner · #21 10-24-2001, 09:47 AM

You can see the titel of the postings but you can´t access the boards wich are protected. This is only a "see the topic title hole"

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.05390 seconds Memory Usage 2,307KB Queries Executed 25 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (2)bbcode_php (1)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)modsystem_post (1)navbar (6)navbar_link (120)option (1)pagenav (1)pagenav_curpage (3)pagenav_pagelink (11)post_thanks_box (11)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (11)post_thanks_postbit_info (10)postbit (8)postbit_onlinestatus (11)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!