Style / Template / Replacement Hack For Moderators

Alright, I've finally finished working on this darn thing and ready for a beta release!

This hack impliments the Style, Template, and Replacement hack into one hack since it was the best way to work on it and easy to setup.

Please read the readme file before you install it.

For the style part, view this thread for screenshots

For the template part, view this thread for screenshots

For the replacement part, view this thread for screenshots

Also remember: It's a beta. There will probably be bugs I haven't found.

--------------------------
SECURITY FIX IF YOU USE XENON'S "MODS CAN EDIT USERS"
(https://vborg.vbsupport.ru/showthrea...threadid=42096)
Security fix by me, thanks to Xenon for pointing out where to edit the code
--------------------------
1. Open user.php in your forums/mod/ folder

2. Find the following:
--------------------------

Code:

  if($canedit[profilefields]) {
    maketableheader("Custom Profile Fields");
    $userfield=$DB_site->query_first("SELECT * FROM userfield WHERE userid=$userid");

    $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
    while ($profilefield=$DB_site->fetch_array($profilefields)) {
      $varname="field$profilefield[profilefieldid]";
      makeinputcode($profilefield[title],"field".$profilefield[profilefieldid],$userfield[$varname]);
    }
  }

---------------------------

Replace it with:
---------------------------

Code:

 if($canedit[profilefields]) { 
   maketableheader("Custom Profile Fields"); 
   $userfield=$DB_site->query_first("SELECT * FROM userfield WHERE userid=$userid"); 
  
   $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield"); 
   while ($profilefield=$DB_site->fetch_array($profilefields)) { 
    $varname="field$profilefield[profilefieldid]";
   if ($varname != "field999")
   if ($varname != "field998") 
   if ($varname != "field997") 
     makeinputcode($profilefield[title],"field".$profilefield[profilefieldid],$userfield[$varname]); 
   } 
 }

-----------------------------

Find:
---------------------------

Code:

  if($canedit[profilefields]) {
    $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
    while ($profilefield=$DB_site->fetch_array($profilefields)) {
      $varname="field$profilefield[profilefieldid]";
      $sql.=",field$profilefield[profilefieldid]='".addslashes($$varname)."'";
    }
    $DB_site->query("UPDATE userfield SET userid=$userid$sql WHERE userid=$userid");
  }

---------------------------
Replace it with:

Code:

  if($canedit[profilefields]) {
    $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
    while ($profilefield=$DB_site->fetch_array($profilefields)) {
      $varname="field$profilefield[profilefieldid]";
if ($varname != "field999")
if ($varname != "field998")
if ($varname != "field997")
      $sql.=",field$profilefield[profilefieldid]='".addslashes($$varname)."'";
    }
    $DB_site->query("UPDATE userfield SET userid=$userid$sql WHERE userid=$userid");
  }

Save and upload.

That's it, your forums are now secure from moderators breaking your security!
-----------------------------

Now...onto the download...

Oh, and if you use it, please click install!

[blackice912]

Ok if you already have it installed, open up style.php in your mod folder and find:

Code:

location.replace(\"http://www.stardust-one.net/forums/mod/style.php?s=$session[sessionhash]&action=styles&dostyleid=$bbuserinfo[field998]\");

And replace it with:

Code:

location.replace(\"style.php?s=$session[sessionhash]&action=styles&dostyleid=$bbuserinfo[field998]\");

Still in that file, find:

Code:

alert(\"You are not authorized to view this area\")
location.replace(\"http://www.stardust-one.net/forums/mod/\");

And replace it with:

Code:

alert(\"You are not authorized to view this area\")
location.replace(\"index.php?s=&action=home\");

And still in that file, find:

Code:

alert(\"You are not authorized to view this area\")
location.replace(\"http://www.stardust-one.net/forums/mod/index.php?s=&action=home\");

Replace it with:

Code:

alert(\"You are not authorized to view this area\")
location.replace(\"index.php?s=&action=home\");

heh, I totally forgot to fix those. Going to update zip file now.

[blackice912]

Zip file updated. Removed vbHacker file because that takes a little longer to update

[blackice912]

I found another flaw. If you use Xenon's "Mods Can Edit Users" hack and then use my fix above, when a Mod edits his or her profile through the system, it erases the information in the fields that were hidden. I guess Xenon was correct about the fix and I think he posted his ideas in another thread so I'll go look and see what I can do.

If you don't use that hack, then no changes for you.

[blackice912]

Flaw fixed, main post updated. Thanks Xenon for pointing out what code should be edited.

[FleaBag]

Good work dude, I can't see any other problems in the hack so far!

[blackice912]

Well I found a security flaw, so I need to go in and fix it. It's a really really small flaw but might as well fix it.

[SZ|TalonKarrde]

Of course you need to fix it =P

[blackice912]

Go away little man litte Tyro Hacker

[FleaBag]

Have you fixed the flaw? I'd like to update my install.

[SZ|TalonKarrde]

That's it. I'm going to release a hack just to spite you.