Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 2.x > vBulletin 2.x Beta Releases
Reload this Page Style / Template / Replacement Hack For Moderators
FAQ Community Calendar Today's Posts Search

Reply
Page 4 of 4 « First 23 4
 
Thread Tools
Style / Template / Replacement Hack For Moderators Details »»
Style / Template / Replacement Hack For Moderators
Version: 1.00, by blackice912 blackice912 is offline
Developer Last Online: Jun 2006 Show Printable Version Email this Page
Version: 2.2.x Rating:
Released: 09-20-2002 Last Update: Never Installs: 13
Is in Beta Stage  
No support by the author.

Alright, I've finally finished working on this darn thing and ready for a beta release!

This hack impliments the Style, Template, and Replacement hack into one hack since it was the best way to work on it and easy to setup.

Please read the readme file before you install it.

For the style part, view this thread for screenshots

For the template part, view this thread for screenshots

For the replacement part, view this thread for screenshots

Also remember: It's a beta. There will probably be bugs I haven't found.

--------------------------
SECURITY FIX IF YOU USE XENON'S "MODS CAN EDIT USERS"
(https://vborg.vbsupport.ru/showthrea...threadid=42096)
Security fix by me, thanks to Xenon for pointing out where to edit the code
--------------------------
1. Open user.php in your forums/mod/ folder

2. Find the following:
--------------------------
Code:
  if($canedit[profilefields]) {
    maketableheader("Custom Profile Fields");
    $userfield=$DB_site->query_first("SELECT * FROM userfield WHERE userid=$userid");

    $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
    while ($profilefield=$DB_site->fetch_array($profilefields)) {
      $varname="field$profilefield[profilefieldid]";
      makeinputcode($profilefield[title],"field".$profilefield[profilefieldid],$userfield[$varname]);
    }
  }
---------------------------

Replace it with:
---------------------------
Code:
 if($canedit[profilefields]) { 
   maketableheader("Custom Profile Fields"); 
   $userfield=$DB_site->query_first("SELECT * FROM userfield WHERE userid=$userid"); 
  
   $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield"); 
   while ($profilefield=$DB_site->fetch_array($profilefields)) { 
    $varname="field$profilefield[profilefieldid]";
   if ($varname != "field999")
   if ($varname != "field998") 
   if ($varname != "field997") 
     makeinputcode($profilefield[title],"field".$profilefield[profilefieldid],$userfield[$varname]); 
   } 
 }
-----------------------------

Find:
---------------------------
Code:
  if($canedit[profilefields]) {
    $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
    while ($profilefield=$DB_site->fetch_array($profilefields)) {
      $varname="field$profilefield[profilefieldid]";
      $sql.=",field$profilefield[profilefieldid]='".addslashes($$varname)."'";
    }
    $DB_site->query("UPDATE userfield SET userid=$userid$sql WHERE userid=$userid");
  }
---------------------------
Replace it with:
Code:
  if($canedit[profilefields]) {
    $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
    while ($profilefield=$DB_site->fetch_array($profilefields)) {
      $varname="field$profilefield[profilefieldid]";
if ($varname != "field999")
if ($varname != "field998")
if ($varname != "field997")
      $sql.=",field$profilefield[profilefieldid]='".addslashes($$varname)."'";
    }
    $DB_site->query("UPDATE userfield SET userid=$userid$sql WHERE userid=$userid");
  }
Save and upload.

That's it, your forums are now secure from moderators breaking your security!
-----------------------------

Now...onto the download...

Oh, and if you use it, please click install!

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #32  
Old 10-04-2002, 01:26 PM
g-force2k2 g-force2k2 is offline
 
Join Date: Mar 2002
Location: Everywhere you wanna be..
Posts: 1,608
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
SZ|TalonKarrde with the mysql select query of all the templates you can include a statement not to select the phpinclude template

ie:

find the 'WHERE templatesetid' statement

above it add to that:

AND template != 'phpinclude'

i don't currently have any vbulletin files available at the time... but if it doesn't work i'll take a look at it when i get home from college... regards...

g-force2k2
Reply With Quote
  #33  
Old 10-04-2002, 08:00 PM
SZ|TalonKarrde SZ|TalonKarrde is offline
 
Join Date: Jun 2002
Posts: 60
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Thank you, I'll get Brad to fix it ASAP
Reply With Quote
  #34  
Old 10-05-2002, 03:13 AM
blackice912's Avatar
blackice912 blackice912 is offline
 
Join Date: Jun 2002
Location: Tacoma, WA
Posts: 144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Ah, I think I can fix that.

I didn't even think of that as a risk but thanks for the insight
Reply With Quote
  #35  
Old 10-18-2002, 05:16 AM
SZ|TalonKarrde SZ|TalonKarrde is offline
 
Join Date: Jun 2002
Posts: 60
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Any updates to the code status?
Reply With Quote
  #36  
Old 10-18-2002, 06:31 AM
blackice912's Avatar
blackice912 blackice912 is offline
 
Join Date: Jun 2002
Location: Tacoma, WA
Posts: 144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I have had no time to update it...hopefully soon.
Reply With Quote
  #37  
Old 10-30-2002, 11:49 AM
FleaBag's Avatar
FleaBag FleaBag is offline
 
Join Date: Dec 2001
Posts: 1,674
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Good man, I'm waiting for this one, it'll come in handy!
Reply With Quote
  #38  
Old 07-30-2003, 08:14 AM
roxics's Avatar
roxics roxics is offline
 
Join Date: Jan 2002
Location: Detroit Area
Posts: 177
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Was the major security risk fixed in this hack yet? I notice this thread is almost a year old.

Also is there a way to not allow members to edit templates? Just allow them to edit colors, fonts and image paths only?
Thanks
Reply With Quote
Reply
Page 4 of 4 « First 23 4

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 08:17 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04307 seconds
  • Memory Usage 2,280KB
  • Queries Executed 22 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (4)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (8)post_thanks_box
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (8)post_thanks_postbit_info
  • (7)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete