Go Back   vb.org Archive > vBulletin Article Depository > Read An Article > vBulletin 3 Articles
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
[Tip] - Common Mistake when hacking your vb
Dean C's Avatar
Dean C
Join Date: Jan 2002
Posts: 9,071

 

England
Show Printable Version Email this Page Subscription
Dean C Dean C is offline 01-02-2003, 10:00 PM

Well the most common mistake i made when i was new to install hacks was when it was long lines of code which performed a query.

Many hacks require you to edit the same line and add little fractions to it.

Ok so lets start out with a fresh install.

We install just a part of the 'away user hack'.

The instructions want us to replace this in user.php:

PHP Code:
$DB_site->query("UPDATE user SET birthday='$birthday',options='$options',usergroupid='$usergroupid',username='".addslashes(htmlspecialchars($ausername))."'$pwdinclude,email='".addslashes(htmlspecialchars($email))."',styleid='$userstyleid',parentemail='".addslashes(htmlspecialchars($parentemail))."',coppauser=$coppauser,homepage='".addslashes(htmlspecialchars($homepage))."',icq='".addslashes(htmlspecialchars($icq))."',aim='".addslashes(htmlspecialchars($aim))."',yahoo='".addslashes(htmlspecialchars($yahoo))."',signature='".addslashes($signature)."',adminemail=$adminemail,showemail=$showemail,invisible=$invisible,usertitle='".addslashes($usertitle)."',customtitle=$customtitle,joindate=$joindate,cookieuser=$cookieuser,nosessionhash=$nosessionhash,daysprune='$daysprune',lastvisit=$lastvisit,lastactivity=$lastactivity,lastpost=$lastpost,posts='$posts',timezoneoffset='$timezoneoffset',emailnotification=$emailnotification,receivepm='$receivepm',emailonpm='$emailonpm',ipaddress='".addslashes($aipaddress)."',pmpopup=IF(pmpopup=2 AND $pmpopup=1,pmpopup,'$pmpopup') WHERE userid=$userid"); 
With this:

PHP Code:
$DB_site->query("UPDATE user SET away='$away',awaydate=$awaydate,returndate='$returndate',awayreason='".addslashes(htmlspecialchars($awayreason))."',birthday='$birthday',options='$options',usergroupid='$usergroupid',username='".addslashes(htmlspecialchars($ausername))."'$pwdinclude,email='".addslashes(htmlspecialchars($email))."',styleid='$userstyleid',parentemail='".addslashes(htmlspecialchars($parentemail))."',coppauser=$coppauser,homepage='".addslashes(htmlspecialchars($homepage))."',icq='".addslashes(htmlspecialchars($icq))."',aim='".addslashes(htmlspecialchars($aim))."',yahoo='".addslashes(htmlspecialchars($yahoo))."',signature='".addslashes($signature)."',adminemail=$adminemail,showemail=$showemail,invisible=$invisible,usertitle='".addslashes($usertitle)."',customtitle=$customtitle,joindate=$joindate,cookieuser=$cookieuser,nosessionhash=$nosessionhash,daysprune='$daysprune',lastvisit=$lastvisit,lastactivity=$lastactivity,lastpost=$lastpost,posts='$posts',timezoneoffset='$timezoneoffset',emailnotification=$emailnotification,receivepm='$receivepm',emailonpm='$emailonpm',ipaddress='".addslashes($aipaddress)."',pmpopup=IF(pmpopup=2 AND $pmpopup=1,pmpopup,'$pmpopup') WHERE userid=$userid"); 
Ok that's not hard because what we need to replace will be there because the hack is made for a fresh install.

The problem comes when we have to edit that line again and it's different to the instructions. Most people will just look at the first 10 characters of that line and say well i should just replace it. Now if you do your 'away user hack' won't work.

Here's an example in the 'contributor lable' hack. It wants us again to replace this line in user.php:

PHP Code:
$DB_site->query("UPDATE user SET birthday='$birthday',options='$options',usergroupid='$usergroupid',username='".addslashes(htmlspecialchars($ausername))."'$pwdinclude,email='".addslashes(htmlspecialchars($email))."',styleid='$userstyleid',parentemail='".addslashes(htmlspecialchars($parentemail))."',coppauser=$coppauser,homepage='".addslashes(htmlspecialchars($homepage))."',icq='".addslashes(htmlspecialchars($icq))."',aim='".addslashes(htmlspecialchars($aim))."',yahoo='".addslashes(htmlspecialchars($yahoo))."',signature='".addslashes($signature)."',adminemail=$adminemail,showemail=$showemail,invisible=$invisible,usertitle='".addslashes($usertitle)."',customtitle=$customtitle,joindate=$joindate,cookieuser=$cookieuser,nosessionhash=$nosessionhash,daysprune='$daysprune',lastvisit=$lastvisit,lastactivity=$lastactivity,lastpost=$lastpost,posts='$posts',timezoneoffset='$timezoneoffset',emailnotification=$emailnotification,receivepm='$receivepm',emailonpm='$emailonpm',ipaddress='".addslashes($aipaddress)."',pmpopup=IF(pmpopup=2 AND $pmpopup=1,pmpopup,'$pmpopup') WHERE userid=$userid"); 
With this:

PHP Code:
$DB_site->query("UPDATE user SET birthday='$birthday',options='$options',usergroupid='$usergroupid',username='".addslashes(htmlspecialchars($ausername))."'$pwdinclude,email='".addslashes(htmlspecialchars($email))."',styleid='$userstyleid',parentemail='".addslashes(htmlspecialchars($parentemail))."',coppauser=$coppauser,homepage='".addslashes(htmlspecialchars($homepage))."',icq='".addslashes(htmlspecialchars($icq))."',aim='".addslashes(htmlspecialchars($aim))."',yahoo='".addslashes(htmlspecialchars($yahoo))."',signature='".addslashes($signature)."',adminemail=$adminemail,showemail=$showemail,invisible=$invisible,usertitle='".addslashes($usertitle)."',customtitle=$customtitle,joindate=$joindate,cookieuser=$cookieuser,nosessionhash=$nosessionhash,daysprune='$daysprune',lastvisit=$lastvisit,lastactivity=$lastactivity,lastpost=$lastpost,posts='$posts',timezoneoffset='$timezoneoffset',emailnotification=$emailnotification,receivepm='$receivepm',emailonpm='$emailonpm',ipaddress='".addslashes($aipaddress)."',donator='$donation',pmpopup=IF(pmpopup=2 AND $pmpopup=1,pmpopup,'$pmpopup') WHERE userid=$userid"); 
But because we've edited that line of code for another hack it isn't there. This leads many people to go into the support thread and say i haven't got that line of code in my user.php

Well in fact you have but it's slightly changed.

So what we do is look at the code that needs to be changed and we'll look up the line until we find what's different. Here's the code that was added to that line for the away hack:

PHP Code:
away='$away',awaydate=$awaydate,returndate='$returndate',awayreason='".addslashes(htmlspecialchars($awayreason))."'
So what we do is ignore this line of code and see what's different in the other hack:

PHP Code:
donator='$donation'
So we see where the bit of code was added after in the line which was:

PHP Code:
ipaddress='".addslashes($aipaddress)."'
Then we add the relevent code after it. And your final line of code should look like this:

PHP Code:
$DB_site->query("UPDATE user SET away='$away',awaydate=$awaydate,returndate='$returndate',awayreason='".addslashes(htmlspecialchars($awayreason))."',birthday='$birthday',options='$options',usergroupid='$usergroupid',username='".addslashes(htmlspecialchars($ausername))."'$pwdinclude,email='".addslashes(htmlspecialchars($email))."',styleid='$userstyleid',parentemail='".addslashes(htmlspecialchars($parentemail))."',coppauser=$coppauser,homepage='".addslashes(htmlspecialchars($homepage))."',icq='".addslashes(htmlspecialchars($icq))."',aim='".addslashes(htmlspecialchars($aim))."',yahoo='".addslashes(htmlspecialchars($yahoo))."',signature='".addslashes($signature)."',adminemail=$adminemail,showemail=$showemail,invisible=$invisible,usertitle='".addslashes($usertitle)."',customtitle=$customtitle,joindate=$joindate,cookieuser=$cookieuser,nosessionhash=$nosessionhash,daysprune='$daysprune',lastvisit=$lastvisit,lastactivity=$lastactivity,lastpost=$lastpost,posts='$posts',timezoneoffset='$timezoneoffset',emailnotification=$emailnotification,receivepm='$receivepm',emailonpm='$emailonpm',ipaddress='".addslashes($aipaddress)."',donator='$donation',pmpopup=IF(pmpopup=2 AND $pmpopup=1,pmpopup,'$pmpopup') WHERE userid=$userid"); 
And there we go. We've managed to get past one of the most commonest mistakes when editing your long query lines.

Regards

- miSt
Reply With Quote
  #12  
Old 01-16-2003, 05:19 PM
Automated Automated is offline
 
Join Date: Sep 2002
Posts: 266
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Wish i found this earilier

/me sighs!
Reply With Quote
  #13  
Old 01-17-2003, 03:23 PM
Dean C's Avatar
Dean C Dean C is offline
 
Join Date: Jan 2002
Location: England
Posts: 9,071
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks Automated

- miSt
Reply With Quote
  #14  
Old 01-18-2003, 10:55 AM
Erwin's Avatar
Erwin Erwin is offline
 
Join Date: Jan 2002
Posts: 7,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

LOL! Great tip Mist. You would hope that someone who is brave enough to hack into his forum program files would be smart enough to work this out for himself like most of us when we first started hacking.
Reply With Quote
  #15  
Old 01-18-2003, 11:29 AM
Dean C's Avatar
Dean C Dean C is offline
 
Join Date: Jan 2002
Location: England
Posts: 9,071
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Lol! What do you mean?

- miSt
Reply With Quote
  #16  
Old 01-18-2003, 06:41 PM
EchoHype.com's Avatar
EchoHype.com EchoHype.com is offline
 
Join Date: Mar 2002
Location: Harrisburg, PA
Posts: 174
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

lol

yes, what do you mean
Reply With Quote
  #17  
Old 01-28-2003, 08:45 AM
Davey Davey is offline
 
Join Date: Nov 2002
Location: England
Posts: 383
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I think he means if we're already brave enough to hack our own boards, we know how to do this anyway.
That's not quite true though.
Here's another common tip for newbie hackers, too.
When you are asked to 'find', sometimes for example it asks you to find:
PHP Code:
$variable "THIS TEXT"
However, sometimes it uses apostrohpes instead of quotes. So instead of ", it might be '. Example, what you need to find instead is:
PHP Code:
$variable 'THIS TEXT'
This can be quite tricky and doesn't happen often, but it's worth a try if you can't find it.

Dave.

PS: - Mist ): I've done both a few times now , thanks for releasing.
Reply With Quote
  #18  
Old 01-28-2003, 10:17 PM
Bison's Avatar
Bison Bison is offline
 
Join Date: Jun 2002
Location: Virginia Beach, Virginia
Posts: 522
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I've found that making a copy of the the original query, and commenting it out first, and then adding the new hacked lines to another copy of the query ... to be a good way to revert back to the original from all of your hacked php files.

This might make the fils much bigger but at least you know that you can revert your board back to it's original state. Make sure that you add a comment line that describes that this is the original "un-hacked" block of code.

I do this with any hack that I apply ...
Reply With Quote
  #19  
Old 01-29-2003, 03:45 PM
Dean C's Avatar
Dean C Dean C is offline
 
Join Date: Jan 2002
Location: England
Posts: 9,071
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That is a good way i must admit but this aims to solve those problems :P

- miSt
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:49 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04287 seconds
  • Memory Usage 2,344KB
  • Queries Executed 23 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (10)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_article
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (8)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete