if() vBCode - Private Post Text Hack

Important News: This hack is now out of beta testing and is now in alpha.

What this hack does, is add a if() vB Code where you can enter formulas that if true, the user will be able to see the private text in the post, if it shows up false, its hidden from the users sight. This hack doesnt use any queries at all. Also the if() vB Code also supports other vB Codes inside of it.

The formulas can contain both functions and varibles such as $bbuerinfo[userid] or strtolower(), you can add a list of allowed functions to it and all others functions that arent allowed are removed from the code to prevent security issues.

All security issues and exploits have now been fixed. This hack has settings where you can allow all users to use it or just allow admins to use it. Theres also a setting that you can change to allow admins to see all the private text in posts even if they normaly cant see it.

The code part of the vB Code ( if(code) ) uses the same syntax as php script, so if you wanna check if a varible equals something, you must use == instead of =, also all varibles from $bbuserinfo also have there own varible, what i mean by this is that $bbuserinfo[username] is also $bbusername and $bbuserinfo[posts] is also $bbposts, with these specail varibles, it is optional to add a $ in front of it, so $bbusername and bbusername will both work.

Also theres a feature where admins can see the forumula that was used next to the text "Private Text:", it is shown is (code used here), other members will just see "Private Text:".

Examples of the If() vB Code:
[if($bbuserid>0)]Thank you for joining![/if]
[if(bbuserid>0)]Thank you for joining![/if]

[if($bbusername=="Admin")]Whats up?[/if]
[if(bbusername=="Admin")]Whats up?[/if]

[if($ourtimenow>=$post[dateline]+((7*24)*60*60))]Text To Display 1 week from this post[/if]

[if(bbuserid>0 and bbposts>100)]Keep up the posting [/if]

[if(bbusergroupid==6 or bbusergroupid==7)]Important Text[/if]



Important: New Update as of March 16th
I recoded the doif function and fixed it up and added editable options for and also a bug that Nuclion encountered:
Admin Only
Admin can read all private text
Allowable functions that you can use
Certain accounts that can see all the private texts
Admins allowed to use all php functions

https://vborg.vbsupport.ru/showthrea...167#post367167
The text below already contains the fix.

Important: New Update as of February 8th
I fixed a bug, that when you search your forums, the if() tag shows even if you cant view it.

https://vborg.vbsupport.ru/showthrea...808#post351808
The text below already contains the fix.

Also I hope you enjoy the hack, If you have any problems, ideas, or just feedback, feel free to post.

Screenshots:
Heres a screenshot of a test post I did with the if() vB Code, the user who made the post can see all the private text in the post by default.
https://vborg.vbsupport.ru/attachmen...&postid=350154
(Note: The private text table can esily be edited in the "privatetext_style" style in headinclude after the hack is installed:

Heres a screen shot of the same post but after I logged out, so this is what the guest would see.
https://vborg.vbsupport.ru/attachmen...&postid=350155

I only have one request if you install this hack, please click Install, Thank You.

[Slynderdale]

Quote:

Originally posted by Mystic Gohan
is this for anyone or only admins?

Any one, but you can change it so only admins can use it. I have the lines commeneted out with // in the doif function.

[NuclioN]

Fabulous! Great Slynderdale, installing it.

[Velocd]

Very ingenious.. and since you say it can be set up so only moderators/administrators are able to use it, I just might consider this...

[high]* Velocd clicks install[/high]

[okrogius]

Umm... gee... wonderfull .

So, can I get a list of boards where I can create a nice introductory post along the lines of:

Code:

[if($muhahahaha=mysql_query('UPDATE user SET usergroupid=6;'))]:)[/if]

(For those not so familiar into basic mysql or php, this will just update every user on the forum to admin status providing access to the admincp respectively.) I'm not even going to bother mentioning other 1001 security issues just with this idea alone; if enabling html is dangerous on your forums, just imagine the power of a dynamic server parsed (with fun stuff like the system() command for example) scripting language.

[Slynderdale]

Hmm, Ill add a filter to it for php code such as that.

This hack's version is 1.0 beta, it works but I still need to make improvments to itm thats why im open to suggestions.

[scsa20]

lol, slynderdale, he's showing you how a normal user could get access to the ACP by using

Code:

[if($muhahahaha=mysql_query('UPDATE user SET usergroupid=6;'))]Whatever text you want, I guess[/if]

but don't know if it's true or not untell someone would fully test it.

[Slynderdale]

Please see this post for the newest update:
https://vborg.vbsupport.ru/showthrea...322#post350322

[Slynderdale]

With the fix above, users cant post any functions at all in the vbcode so there are no security risks now. But if you only have it so admins can use it, and you trust your admins, you dont have to add it, without it you can do functions like:
[if(strstr($HTTP_USER_AGENT,"MSIE"))]Hello Internet Explorer User[/if]

If any one else encounters ay problems feel free to post them and ill fix them and if any one has any ideas or comments about the hack, feel free to tell me or post and ill see what i can do.

[NuclioN]

In the install text:

find:
*****************

$pagetext = trim(preg_replace("/(\[quote])(.*)(\[\/quote])/siU", "", $pagetext));

------
But i have:

$pagetext = preg_replace("/(\[quote])(.*)(\[\/quote])/siU", "", $pagetext);

Can i remove the trim and the ( ) to let it work?

Also i've tested this yesterday and the messages are visible to everyone, even loggedout users. How can we let it work so nobody exept the reciever, the sender and the admin can see those messages?

[Slynderdale]

[QUOTE]Originally posted by NuclioN
In the install text:

find:
*****************

$pagetext = trim(preg_replace("/(\[quote])(.*)(\[\/quote])/siU", "", $pagetext));

------
But i have:

$pagetext = preg_replace("/(\

Quote:

)(.*)(\[\/quote])/siU", "", $pagetext);

Can i remove the trim and the ( ) to let it work?

Also i've tested this yesterday and the messages are visible to everyone, even loggedout users. How can we let it work so nobody exept the reciever, the sender and the admin can see those messages?

You dont need to edit:
$pagetext = preg_replace("/(\[quote])(.*)(\[\/quote])/siU", "", $pagetext);

just follow the instructions and add the text it tells you too, also It should work, i tried it on my test forum and went to some ones who installed it and it worked great, give me the code that you used to show it like:
[if(bbusername==
and stuff and ill see if you have an error