Go Back   vb.org Archive > vBulletin Modifications > vBulletin 3.8 Modifications > vBulletin 3.8 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Live Topic Details »»
Live Topic
Version: 1.07b, by Coders Shack Coders Shack is offline
Developer Last Online: Sep 2013 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 3.8.0 Rating:
Released: 01-09-2009 Last Update: 02-28-2009 Installs: 976
DB Changes Uses Plugins Auto-Templates
Is in Beta Stage  
No support by the author.

. . . . . . . . Brought to you by scriptasy.com

Live Demo:
Live Topic 1.07b Demo (you must be logged in, and the topic must be "live")

Videos: 1.00b 1.06b

watch the damn videos... ^_^
Description:
This product is different from anything you have seen before, it raises the bar for forums. It will make your forums much more interactive, and also reduce server load.

Technical Details:
If a thread has been posted in X seconds then its now Live, if other users are viewing the Live topic and are on the last page they will experience a clean ajax experience while talking to other members. Once the thread is older than X seconds its no longer Live and it will now act like a normal thread. Also if a user edits one of their posts that's inside of the thread, it will be updated too so there is no longer a reason to ever have to refresh.

There is also logic for the viewer, the viewer of the thread has to be in an active state to see responses. An active user state is determined upon the users actions, if no actions were made in X seconds then the user is marked as inactive.

Also you may wonder why this could save your server bandwidth and CPU. If a user is refreshing to talk to another members the queries on a normal thread load are way more intense than the ajax call that this modification makes. So if you have 5 people talking to each other none of them have to refresh the page, all they are doing is simple page requests and one intense request when there has actual change.

You can test Live Topic with two users, you will see how amaizing this is... And probably spontaneously combust.

Found a bug? Want to request a feature?
Live Topic - Project Manager
Installation:
This is take less than 3 minutes to install, takes longer to notice its amazing feature. (you need multiple people to be active in the same topic)

Upgrade:
[1.01b to 1.XXb] Uninstall the product, then reinstall it. Overwrite all old files with new files and you should be fine.

[1.02b to 1.03b] Overwrite files, upgrade product (dont install product)

[1.03b to 1.04b] Uninstall the product, then reinstall it. Overwrite all old files with new files and you should be fine.

[1.04b to 1.05b, 1.05b to 1.06b,1.06b to 1.07b] Upgrade the product. Overwrite all old files with new files and you should be fine.
Works With (FF2, FF3, IE6, IE7, IE8, SF2, SF3, CHROME):
vBulletin [3.8.X]

get the vBulletin [3.7.X] version here

INCOMPATIBLE HACKS:
Versions:
1.01b
1.02b
fixes
safari 2 support
safari 3 support
google chrome sup
port
added live topic icon on new posts page
fixed security issue, strongly suggest upgrading!
changes
added live edit (to avoid a performance hit i had to add two rows to two tables in the database)
added external style sheet
1.03b
fixes
fix double post
phrase notification
fixed an edit bug for people with table prefixes
changes
ability to change interval in ACP
1.04b
fixes
javascript error for guests
fixed live topic activation (first poster to raise a dead topic)
changes
auto quick reply focus after post
1.05b
fixes
css flaw
js error for unsupported browsers (random)

fixed chrome issue
changes
edit notification - thanks to nso
rebuilding some of the original logic to hopefully prevent product conflicts

1.06b
fixes
fixed a little javascript issue that had to do with displaying posts
uses GPC cleaner now
changes
limit the number of ajax posts on the live topic (example 40) and fade them away.
changed the way the hooks are used
tightened up everything a bit

1.07b
fixes
fixed a bug where the live topic notification always making an ajax call
changes
support user ignore list
changed the way the javascript logic worked (hopefully there are less compatibly issues) added support for IE6 and IE8
1.10
hmm

Download Now

File Type: zip LiveTopic107b.zip (15.9 KB, 3950 views)

Screenshots

File Type: png Picture 5.png (33.7 KB, 0 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #462  
Old 02-11-2009, 04:35 AM
inciarco's Avatar
inciarco inciarco is offline
 
Join Date: Mar 2007
Posts: 758
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by buro9 View Post
I have a couple of questions.

One relates to the packed/minified javascript. I want to remove the notice that tells people it's a live topic... or re-format it... it's ugly.

So I'm guessing it's written by the javascript, so I would like to see the unpacked JavaScript to adjust it. OR have the additional notice templated in the vBulletin template system.

Next up is security. I got a few errors through:
PHP Code:
Database error in vBulletin 3.8.1:

Invalid SQL:

                                        
SELECT COUNT(*) AS count
                                        FROM vb_post 
AS post
                                        WHERE
                                                
(threadid 14030
                                                
AND visible 1
                                                
AND dateline 1234287978.:
                                                AND 
userid != 217)
                                                OR (
threadid 14030
                                                
AND visible 1
                                                
AND lastedit 1234286762);

MySQL Error   You have an error in your SQL syntaxcheck the manual that corresponds to your MySQL server version for the right syntax to use near ':
                                                AND userid != 217)
                                                OR (threadid = 14030
                                                AND visible = 1
                                ' 
at line 6 
Now where did that come from?

Checking the php source it seems that you just take the POST'd value and put it straight into the MySql script. Is that correct? If so... BIG ++++ING SECURITY HOLE. Because you've just allowed SQL injection.

Could you confirm whether you really are taking $_POST['value'] and using it directly in the SQL, because you REALLY REALLY need to change that before something very bad happens.
What About This, Coders Shack?

Could This Cause Security Problems in Boards and Allow SQL Injection as Mentioned in this Post?

Is Important to Know the Answer to This !!

Reply With Quote
  #463  
Old 02-11-2009, 06:00 AM
jambo_1969 jambo_1969 is offline
 
Join Date: May 2007
Posts: 224
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by inciarco View Post
What About This, Coders Shack?

Could This Cause Security Problems in Boards and Allow SQL Injection as Mentioned in this Post?

Is Important to Know the Answer to This !!

Tried to uninstall - the product will NOT uninstall.

This all needs to be looked at now.
Reply With Quote
  #464  
Old 02-11-2009, 06:53 AM
nso nso is offline
 
Join Date: Mar 2002
Posts: 42
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by inciarco View Post
What About This, Coders Shack?

Could This Cause Security Problems in Boards and Allow SQL Injection as Mentioned in this Post?

Is Important to Know the Answer to This !!

It won't. The strigns are escaped, and an attacker won't be able to perform sql-injections.
The error is that the . and : are appended, but they are not harmfull characters.
It could probably be solved by adding int() around the post-variable, or by using the in-built GPC(?) method in vbb
Reply With Quote
  #465  
Old 02-11-2009, 10:36 AM
ThorstenA's Avatar
ThorstenA ThorstenA is offline
 
Join Date: Nov 2004
Posts: 669
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Very great product! I was talking about this for years, but did not know how to do that.

Suggestion: Make image/misc icons optional. It's obvious that new posts within last hour are somewhat "live topics".
Reply With Quote
  #466  
Old 02-11-2009, 01:01 PM
inciarco's Avatar
inciarco inciarco is offline
 
Join Date: Mar 2007
Posts: 758
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by nso View Post
It won't. The strigns are escaped, and an attacker won't be able to perform sql-injections.
The error is that the . and : are appended, but they are not harmfull characters.
It could probably be solved by adding int() around the post-variable, or by using the in-built GPC(?) method in vbb
I Appreciate Your Answer nso. :up:

Could Coders Shack Please Confirm This Answer Provided by nso?

I've Disabled the Product since some days ago Until Coders Shack Answer to that Matter of SQL Injections.

My Best Regards.

Reply With Quote
  #467  
Old 02-11-2009, 01:32 PM
DobieGillis? DobieGillis? is offline
 
Join Date: Feb 2009
Posts: 538
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

all I know is this is one of the best hacks I have ever seen and should win MOTM!
Reply With Quote
  #468  
Old 02-11-2009, 01:40 PM
ThorstenA's Avatar
ThorstenA ThorstenA is offline
 
Join Date: Nov 2004
Posts: 669
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by buro9 View Post
One relates to the packed/minified javascript. I want to remove the notice that tells people it's a live topic... or re-format it... it's ugly.
You can just copy forum/clear.gif to forum/images/misc/forumlive.gif

That way there's no image displayed.
Reply With Quote
  #469  
Old 02-11-2009, 03:02 PM
Coders Shack Coders Shack is offline
 
Join Date: Apr 2007
Location: Culver City, CA
Posts: 807
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by buro9 View Post
I have a couple of questions.

One relates to the packed/minified javascript. I want to remove the notice that tells people it's a live topic... or re-format it... it's ugly.

So I'm guessing it's written by the javascript, so I would like to see the unpacked JavaScript to adjust it. OR have the additional notice templated in the vBulletin template system.

Next up is security. I got a few errors through:
PHP Code:
Database error in vBulletin 3.8.1:

Invalid SQL:

                                        
SELECT COUNT(*) AS count
                                        FROM vb_post 
AS post
                                        WHERE
                                                
(threadid 14030
                                                
AND visible 1
                                                
AND dateline 1234287978.:
                                                AND 
userid != 217)
                                                OR (
threadid 14030
                                                
AND visible 1
                                                
AND lastedit 1234286762);

MySQL Error   You have an error in your SQL syntaxcheck the manual that corresponds to your MySQL server version for the right syntax to use near ':
                                                AND userid != 217)
                                                OR (threadid = 14030
                                                AND visible = 1
                                ' 
at line 6 
Now where did that come from?

Checking the php source it seems that you just take the POST'd value and put it straight into the MySql script. Is that correct? If so... BIG ++++ING SECURITY HOLE. Because you've just allowed SQL injection.

Could you confirm whether you really are taking $_POST['value'] and using it directly in the SQL, because you REALLY REALLY need to change that before something very bad happens.
1.06b will be using GPC,

also if you want to change the text for the notice its a phrase, just go to the phrase manager and search by name "livetopic". I will also be managing all the styling by CSS in 1.06b so you can make it look however you want it to.
Reply With Quote
  #470  
Old 02-12-2009, 02:57 AM
auto auto is offline
 
Join Date: Nov 2001
Location: Los Angeles, CA
Posts: 85
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by auto View Post
How can I troubleshoot this hack?

I have installed it on vB3.8.0 at http://www.automotiveforums.com/vbulletin/ but the AJAX does not seem to do anything. The LiveTopic image does show up and then disappears after the specified time of inactivity.
Just an update on my problem - it was mod_security. If you have mod_security, then screws with vB's ajax in default settings and needs to be modified to allow vB's files.
Reply With Quote
  #471  
Old 02-12-2009, 04:48 AM
GrendelKhan{TSU's Avatar
GrendelKhan{TSU GrendelKhan{TSU is offline
 
Join Date: Jun 2005
Location: Boston | Seoul, S. Korea
Posts: 1,311
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by auto View Post
Just an update on my problem - it was mod_security. If you have mod_security, then screws with vB's ajax in default settings and needs to be modified to allow vB's files.
where /waht is mod security?

I seem to have the same problem...installed. no errors...
but can't actually get it to do anything when I tested. (same icon appears...but no updates even testing with 2,3,4 ppl)
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 09:03 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.10293 seconds
  • Memory Usage 2,396KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_php
  • (8)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (3)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (2)postbit_attachment
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete