An alternative to banning: Miserable Users

This hack is an alternative to banning a user. As the name suggests a user who
gets hit with this hack will become truly miserable while trying to access
your board.

So here is what really happens to a miserable user:

- There is a random 60-120 second delay each time they click on a link.
- 90% of times they have no search engine acccess.
- 75% of the times they get the server too busy error.

If they don't get the server too busy error:
- 50% of the times they may get a blank page
- 30% of the times they may get forwarded to the forum main page
- 20% of the time they may be able to see the page they asked for.

after doing all the math in actuality they have only a 5% chance of seeing the
page they clicked on. What kills them is the time they have to wait before
anything happens.

I actually once tracked a miserable user and watched him suffer for 2 whole
hours before he was able to make a simple post.

This hack is considered one of the most sadistic hacks on my board.

The hack allows you to make your user miserable via the admin CP. It also
allows you to search for all miserable users through the admin CP as well.

Also in showthread.php, it appends a red status that is only visibly to admins
and mods stating that a user is miserable.


Tables affected by this hack: user

Files affected by this hack: global.php, showthread.php, admin/user.php

[subu1]

Quote:

Originally Posted by Kars10

Lol, cool hack!!
Install it later on...
thanks man!!

Hi Kars, bist Du bitte so lieb und kannst mir den Hack nochmal auf deutsch erkl?ren, wei?t doch ich und mein Oxfort eng. *g*

[chrisvonc]

This is sweet! Thank you!
I just installed it on my test forum. vB2.3.2 and worked like a charm. My test account I am trying this on right now, is being brutalized nicely. This is going to be great for trouble makers on my production forum!

*Clicked install*

Thank you again.

[chrisvonc]

Quote:

Originally Posted by drumsy

How can I dial this down a bit?

I kind of would like to know if this is possible as well. Just so they dont catch on too fast.

Thanks again,

Chris

[TechGuy]

This is too great... I changed some of the numbers a little so that it's not so obvious that we're messing with the guy, and I set it up so that it effects his whole IP range, rather than just his username(s)...

To do that, I just copied the global part of the hack (between the if statements) into the checkipban() function in the functions.php file... quote out the eval for the normal error_ipban and we're all set. It's great, man. I laughed for hours.

To keep from making it too obvious, I changed the if glitch numbers down a bit. For example:

Code:

 $glitch = rand(0,100);
  if($glitch < 50) {
    eval("standarderror(\"".gettemplate('error_toobusy')."\");");
    exit;
  }

Will give the error 50% of the time. As opposed to:

Code:

 $glitch = rand(0,100);
  if($glitch < 80) {
    eval("standarderror(\"".gettemplate('error_toobusy')."\");");
    exit;
  }

Which would do it 80% of the time.

[EMiNENCE]

Quote:

Originally Posted by y2krazy

That is the what I meant by "Edit User" page...

Edit User - y2krazy (userid: 1) <- the heading of the main table to edit the user. That is the location I was looking for this "checkbox", and it's still nowhere to be found...

I am guessing that it has something to do with the admin/user.php edits, maybe?

-y2k-

That's my problem too. I checked all hacked files twice, step by step, and everything seems to be ok. But there's still no radiobutton in the user's EDIT profile. No checkbox underneath 'Number of posts', so... I'm not able to set up anyone to be Miserable. Any ideas where's the bug hidden?

[EMiNENCE]

I have finally found the bug!

Just look for inputcode("Number of Posts","posts",$user[posts]); twice in the source code of admin\user.php. There are two simillar sections that match to the description. The first is determined for the ADD USER section in CP, the 2nd is the right for EDIT User.

Just such a small mistake but every install faq should be better commented for this possibility next time.
;]

Thanx for this hack anyway! It really rocks!!

[chrisvonc]

??
Maybe I dont get what you guys are saying but to me it looks like you guys were using too short of a search value. Its not a bug or mistake on the authors part if one doesnt fully read the directions or search for the full code they were told to be looking for.

When I searched my admin/user.php, I only found 1 section with block of code he tells you to look for that includes the line "makeinputcode("Number of Posts","posts",$user[posts]);" in it, and then I put the code under that, like the directions said to.

Now if you were doing your searches for just "$user[posts]", then you would have run into problems that you are describing as there are multiple entrys in the page of "$user[posts]", but again, thats not what the directions were telling you to look for.

Again, maybe I am on the wrong track here and dont understand what you were referancing and if I am, I apologize, but as to the directions, if an idiot like me can install it and have it going on the first try, the directions are pretty much right on.

Quote:

Originally Posted by EMiNENCE

I have finally found the bug!

Just look for inputcode("Number of Posts","posts",$user[posts]); twice in the source code of admin\user.php. There are two simillar sections that match to the description. The first is determined for the ADD USER section in CP, the 2nd is the right for EDIT User.

Just such a small mistake but every install faq should be better commented for this possibility next time.
;]

Thanx for this hack anyway! It really rocks!!

[EMiNENCE]

Quote:

Originally Posted by chrisvonc

??
When I searched my admin/user.php, I only found 1 section with block of code he tells you to look for that includes the line "makeinputcode("Number of Posts","posts",$user[posts]);" in it, and then I put the code under that, like the directions said to.

Now if you were doing your searches for just "$user[posts]", then you would have run into problems that you are describing as there are multiple entrys in the page of "$user[posts]", but again, thats not what the directions were telling you to look for.

It's possible you really have just only one section like that, but some people [inlcuding me] have two...;]

Look at the sample fragment of my admin/user.php [vB 2.2.7]:

PHP Code:

// ###################### Start add #######################
if ($action=="add") {

  echo "Add New User";

  doformheader("user","insert");
  maketableheader("User Profile");
      makechoosercode("User Group","usergroupid","usergroup",2);
      makeinputcode("User Name","ausername");
      makeinputcode("Password","apassword");
      makeinputcode("Email Address","email");
      makeinputcode("User Title","usertitle");
      makeyesnocode("Use Custom Title<br><font size='1'>(This forces the title that you put in the field above to be used)</font>","customtitle",0);
      makestylecode("Style set","userstyleid",$user[styleid]);
      makeinputcode("Home Page","homepage","http://www.");
      makeinputcode("Birthday<br>(Format yyyy-mm-dd)","birthday");
      maketextareacode("Signature","signature","",8,45);
      makeinputcode("ICQ Number","icq");
      makeinputcode("AIM Handle","aim");
      makeinputcode("Yahoo Messenger Handle","yahoo");
      makeyesnocode("COPPA user","coppauser",0);
      makeinputcode("Parent Email Address","parentemail");
  maketableheader("Options");
      makeyesnocode("Receive mailings from admins","adminemail",1);
      makeyesnocode("Show email address","showemail",1);
      makeyesnocode("Invisible on 'Online users' list","invisible",0);
      makeyesnocode("Receive PMs","receivepm",1);
      makeyesnocode("Email on PM","emailonpm",0);
      makeyesnocode("PM Popup","pmpopup",0);
      makeyesnocode("Show Signatures","showsignatures",1);
      makeyesnocode("Show Avatars","showavatars",1);
      makeyesnocode("Show Images","showimages",1);
      makeyesnocode("Show VBcode","showvbcode",1);
      makeyesnocode("Use email notification by default","emailnotification",1);
      makeyesnocode("Remember Username and password","cookieuser",1);
      makeyesnocode("Browse boards with cookies","nosessionhash",1);
      makeinputcode("Join Date<br>(Format yyyy-mm-dd, leave blank for today)","joindate");
      makeinputcode("Default view age<br>'Select threads from last x days'<br>Recommended values: 1, 2, 5, 10, 20, 30, 45, 60, 75, 100, 365, 1000 (ie all). -1 gives default forum selection","daysprune","-1");
      makeinputcode("Last Visit<br>(Format yyyy-mm-dd hh:mm:ss, leave blank for today)","lastvisit");
      makeinputcode("Last Activity<br>(Format yyyy-mm-dd hh:mm:ss, leave blank for today)","lastactivity");
      makeinputcode("Last Post<br>(Format yyyy-mm-dd hh:mm:ss, leave blank for today)","lastpost");
      makeinputcode("Number of Posts","posts","0");
      makeyesnocode("Miserable user","miserable",$user[miserable]);
      makeinputcode("Time Zone Offset (hours)","timezoneoffset","0");
      makeinputcode("IP Address","aipaddress",$ipaddress);
  maketableheader("Custom Profile Fields");
  $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
  while ($profilefield=$DB_site->fetch_array($profilefields)) {
    makeinputcode($profilefield[title],"field".$profilefield[profilefieldid]);
  }

  doformfooter("Save");
} 


...and 82 lines below:

PHP Code:

  doformheader("user","doupdate");
  makehiddencode("userid","$userid");

  maketableheader("Useful Links");
  makedescription("<table width='90%' border='0' align='center'><tr valign='top'><td>
  <li>".makelinkcode("Send email to $user[username]","mailto:$user[email]")."</li>
  <li>".makelinkcode("Send a private message to $user[username]","../private.php?s=$session[sessionhash]&action=newmessage&userid=$user[userid]",1)."</li>
  <li>".makelinkcode("Find posts by $user[username]","../search.php?s=$session[sessionhash]&action=finduser&userid=$user[userid]",1)."</li>
  <li>".makelinkcode("View the profile for $user[username]","../member.php?s=$session[sessionhash]&action=getinfo&userid=$userid",1)."</li>
  </td><td>
  <li>".makelinkcode("Edit forum access for $user[username]","user.php?s=$session[sessionhash]&action=editaccess&userid=$user[userid]")."</li>
  <li>".makelinkcode("View IPs for $user[username]","user.php?s=$session[sessionhash]&action=doips&username=".urlencode($user[username]))."</li>
  <li>".makelinkcode("Email this user their password","user.php?s=$session[sessionhash]&action=emailpassword&email=$user[email]")."</li>
  <li>".makelinkcode("Remove User","user.php?s=$session[sessionhash]&action=remove&userid=$user[userid]")."</li>
  </td></tr></table>");
  restarttable();

  maketableheader("Edit User - $user[username] (userid: $user[userid])");
      makechoosercode("User Group","usergroupid","usergroup",$user[usergroupid]);
      makeinputcode("User Name","ausername",$user[username],0);
      makeinputcode("Password<br>Leave blank unless you want to change it","apassword");
      makeinputcode("Email Address","email",$user[email],0);
      makeinputcode("User Title","usertitle",$user[usertitle]);
      makeyesnocode("Use Custom Title<br><font size='1'>(This forces the title that you put in the field above to be used)</font>","customtitle",$user[customtitle]);
      makestylecode("Style set","userstyleid",$user[styleid]);
      makeinputcode("Home Page","homepage",$user[homepage],0);
      makeinputcode("Birthday<br>(Format yyyy-mm-dd)","birthday",$user[birthday],0);
      maketextareacode("Signature","signature",$user[signature],8,45);
      makeinputcode("ICQ Number","icq",$user[icq],0);
      makeinputcode("AIM Handle","aim",$user[aim],0);
      makeinputcode("Yahoo Messenger Handle","yahoo",$user[yahoo],0);
      makeyesnocode("COPPA user","coppauser",$user[coppauser]);
      makeinputcode("Parent Email Address","parentemail",$user[parentemail],0);
      makeinputcode("Number of Posts","posts",$user[posts]);
      makeyesnocode("Miserable user","miserable",$user[miserable]);
  maketableheader("Options");
      makeyesnocode("Receive mailings from admins","adminemail",$user[adminemail]);
      makeyesnocode("Show email","showemail",$user[showemail]);
      makeyesnocode("Invisible on 'Online users' list","invisible",$user[invisible]);
      makeyesnocode("Receive PMs","receivepm",$user[receivepm]);
      makeyesnocode("Email on PM","emailonpm",$user[emailonpm]);
      makeyesnocode("PM Popup","pmpopup",$user[pmpopup]);
      makeyesnocode("Show Signatures","showsignatures",$user[showsignatures]);
      makeyesnocode("Show Avatars","showavatars",$user[showavatars]);
      makeyesnocode("Show Images","showimages",$user[showimages]);
      makeyesnocode("Show VBcode","showvbcode",$user[showvbcode]);
      makeyesnocode("Use email notification by default","emailnotification",$user[emailnotification]);
      makeyesnocode("Remember Username and password","cookieuser",$user[cookieuser]);
      makeyesnocode("Browse boards with cookies","nosessionhash",$user[nosessionhash]);
      makeinputcode("Join Date<br>(Format yyyy-mm-dd, leave blank for today)","joindate",$user[joindate]);
      makeinputcode("Default view age<br>'Select threads from last x days'<br>Recommended values: 1, 2, 5, 10, 20, 30, 45, 60, 75, 100, 365, 1000 (ie all). -1 gives default forum selection","daysprune",$user[daysprune]);
      makeinputcode("Last Visit<br>(Format yyyy-mm-dd hh:mm:ss, leave blank for today)","lastvisit",$user[lastvisit]);
      makeinputcode("Last Activity<br>(Format yyyy-mm-dd hh:mm:ss, leave blank for today)","lastactivity",$user[lastactivity]);
      makeinputcode("Last Post<br>(Format yyyy-mm-dd hh:mm:ss, leave blank for today)","lastpost",$user[lastpost]);
      makeinputcode("Time Zone Offset (hours)","timezoneoffset",$user[timezoneoffset]);
      makeinputcode("IP Address","aipaddress",$user[ipaddress]);
  maketableheader("User Avatar");
      if ($user[avatarid]!=0) {
         $avatarurl= "../" . $user[avatarpath];
      } else {
        if ($user[hascustomavatar]) {
          $avatarurl="../avatar.php?s=$session[sessionhash]&userid=$user[userid]";
        } else {
          $avatarurl="";
        }
      }
      echo "<tr class='".getrowbg()."'><td>Avatar</td><td nowrap>";
      if ($avatarurl!="") {
        echo "<img src=\"$avatarurl\">&nbsp;&nbsp;&nbsp;";
      }
      echo "<input type=\"submit\" name=\"modifyavatar\" value=\"Change Avatar\">";
      echo "<input type=\"hidden\" name=\"userid\" value=\"$user[userid]\">";
      echo "</td></tr>";

  maketableheader("Custom Profile Fields");
  $userfield=$DB_site->query_first("SELECT * FROM userfield WHERE userid=$userid");

  $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
  while ($profilefield=$DB_site->fetch_array($profilefields)) {
    $varname="field$profilefield[profilefieldid]";
    makeinputcode($profilefield[title],"field".$profilefield[profilefieldid],$userfield[$varname]);
  }

  doformfooter("Save Changes");

} 


So, as you can see, there are really two sections in admin/user.php.... ;] But you're right. I searched for a shorter string cos my admin/user.php is hacked thoroughly and many strings don't match today at all, so I have to look for parts of them instead of using those exact samples from install faq.

[chrisvonc]

Doh! I do apologize. I installed this on my v2.3.2 and it only has the one.

Anyone know if this works on 2.3.5?