Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.0 > vBulletin 3.0 Full Releases
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Quick PM Sending (pop-up) v2 Details »»
Quick PM Sending (pop-up) v2
Version: 2.01, by AnhTuanCool AnhTuanCool is offline
Developer Last Online: Sep 2006 Show Printable Version Email this Page

Version: 3.0.3 Rating:
Released: 10-01-2004 Last Update: 01-11-2005 Installs: 25
 
No support by the author.

Quick PM Sending
---------------------------------------

Description:
This hack normally adds an option in the menu when you click on an Username. When you click on it, vb will give you a pop-up with the content just like the page that you use to send a new PM with full functions as the original one, which is design for users with have to mass PM others in thread with different PM's content and that persons don't have to reload that thread again again each time, lessen time is lessen costed You might find out its handy in someway.

Updated:
New newpm.php has cleared unwanted script and reduced extra queries when executing
Security Fixed
v2 includes pm sent with template and fixed security in newpm.php
v2.01 includes new bug XSS found in vb 3.0.* refer to this announcement here https://vborg.vbsupport.ru/showthread.php?t=74035 *Thank Erwin for heads-up

Note: If you want a better look for the page indicated your message has been sent then just see the pm_sent_with_template.txt file.

Installating Instruction & Screenshot are in attachments. Enjoy And don't forget to click install if you use this hack

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #22  
Old 10-14-2004, 09:18 PM
Lionel Lionel is offline
 
Join Date: Dec 2001
Location: Delray Beach, Florida
Posts: 3,277
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

why would I get a javascript error in there? That happened why after I did a copy n paste
Reply With Quote
  #23  
Old 10-14-2004, 10:42 PM
Lionel Lionel is offline
 
Join Date: Dec 2001
Location: Delray Beach, Florida
Posts: 3,277
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

My problem is at line 116 character 2 object expected. Problem is that line is just plain html. But I could say that it pops up everytime I start typing in the editor's body textarea. Which function or which editor brings that up? And at what point? I am using the WYSIWYG
Reply With Quote
  #24  
Old 10-14-2004, 10:54 PM
Lionel Lionel is offline
 
Join Date: Dec 2001
Location: Delray Beach, Florida
Posts: 3,277
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I found the reason... I installed the excellent character counter hack, so I needed to adjust your templates accordingly.
Reply With Quote
  #25  
Old 10-14-2004, 11:56 PM
Erwin's Avatar
Erwin Erwin is offline
 
Join Date: Jan 2002
Posts: 7,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This hack has a potential huge security hole - there is no internal usergroup permission check, so unregistered members can use newpm.php to send PMs. I would add some sort of check in the newpm.php file itself, plus use templates to prevent unregistered users from accessing the link.
Reply With Quote
  #26  
Old 10-15-2004, 12:13 AM
Lionel Lionel is offline
 
Join Date: Dec 2001
Location: Delray Beach, Florida
Posts: 3,277
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

@erwin

if I put the below in newpm.php, will that be sufficient?

if (!$vboptions['enablepms'])
{
eval(print_standard_error('pm_adminoff'));
}

// check permission to use private messaging
if ($permissions['pmquota'] < 1 OR !$bbuserinfo['userid'])
{
print_no_permission();
}

//check if the user will receive PMs
if (!$bbuserinfo['receivepm'])
{
eval(print_standard_error('pm_turnedoff'));
}
Reply With Quote
  #27  
Old 10-15-2004, 12:22 AM
AnhTuanCool's Avatar
AnhTuanCool AnhTuanCool is offline
 
Join Date: Jul 2004
Location: Albuquerque
Posts: 263
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Erwin
This hack has a potential huge security hole - there is no internal usergroup permission check, so unregistered members can use newpm.php to send PMs. I would add some sort of check in the newpm.php file itself, plus use templates to prevent unregistered users from accessing the link.
Did you even test it?

I've just logged out of my board and try to access /newpm.php?do=newwpm&userid=... and I get the page said needed to login, although I haven't changed anything from the one I posted here.
Reply With Quote
  #28  
Old 10-15-2004, 12:26 AM
Lionel Lionel is offline
 
Join Date: Dec 2001
Location: Delray Beach, Florida
Posts: 3,277
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

that would not hurt to incorporate the above. It checks for quotas, pm enabled etc...
Reply With Quote
  #29  
Old 10-15-2004, 01:09 AM
Erwin's Avatar
Erwin Erwin is offline
 
Join Date: Jan 2002
Posts: 7,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by AnhTuanCOol
Did you even test it?

I've just logged out of my board and try to access /newpm.php?do=newwpm&userid=... and I get the page said needed to login, although I haven't changed anything from the one I posted here.
Obviously.

Unregistered visitors on my site were sending PMs and it took us a day to figure out it was this hack. Serves me right for not checking the code properly.
Reply With Quote
  #30  
Old 10-15-2004, 02:26 AM
integra99's Avatar
integra99 integra99 is offline
 
Join Date: Jun 2003
Location: Indiana
Posts: 125
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I changed the pmsent template a bit...

Code:
<script language="Javascript">
<!--
alert("$vbphrase[pm_sent]");
self.close();
//-->
</script>
Reply With Quote
  #31  
Old 10-15-2004, 02:38 AM
integra99's Avatar
integra99 integra99 is offline
 
Join Date: Jun 2003
Location: Indiana
Posts: 125
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Erwin, I had the same problem. I had to add in..

Code:
if (!($permissions['forumpermissions'] & CANVIEW) OR ($bbuserinfo['userid'] == '0')) {
	print_no_permission();
}
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:14 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04630 seconds
  • Memory Usage 2,307KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_code
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete