if() vBCode - Private Post Text Hack

Important News: This hack is now out of beta testing and is now in alpha.

What this hack does, is add a if() vB Code where you can enter formulas that if true, the user will be able to see the private text in the post, if it shows up false, its hidden from the users sight. This hack doesnt use any queries at all. Also the if() vB Code also supports other vB Codes inside of it.

The formulas can contain both functions and varibles such as $bbuerinfo[userid] or strtolower(), you can add a list of allowed functions to it and all others functions that arent allowed are removed from the code to prevent security issues.

All security issues and exploits have now been fixed. This hack has settings where you can allow all users to use it or just allow admins to use it. Theres also a setting that you can change to allow admins to see all the private text in posts even if they normaly cant see it.

The code part of the vB Code ( if(code) ) uses the same syntax as php script, so if you wanna check if a varible equals something, you must use == instead of =, also all varibles from $bbuserinfo also have there own varible, what i mean by this is that $bbuserinfo[username] is also $bbusername and $bbuserinfo[posts] is also $bbposts, with these specail varibles, it is optional to add a $ in front of it, so $bbusername and bbusername will both work.

Also theres a feature where admins can see the forumula that was used next to the text "Private Text:", it is shown is (code used here), other members will just see "Private Text:".

Examples of the If() vB Code:
[if($bbuserid>0)]Thank you for joining![/if]
[if(bbuserid>0)]Thank you for joining![/if]

[if($bbusername=="Admin")]Whats up?[/if]
[if(bbusername=="Admin")]Whats up?[/if]

[if($ourtimenow>=$post[dateline]+((7*24)*60*60))]Text To Display 1 week from this post[/if]

[if(bbuserid>0 and bbposts>100)]Keep up the posting [/if]

[if(bbusergroupid==6 or bbusergroupid==7)]Important Text[/if]



Important: New Update as of March 16th
I recoded the doif function and fixed it up and added editable options for and also a bug that Nuclion encountered:
Admin Only
Admin can read all private text
Allowable functions that you can use
Certain accounts that can see all the private texts
Admins allowed to use all php functions

https://vborg.vbsupport.ru/showthrea...167#post367167
The text below already contains the fix.

Important: New Update as of February 8th
I fixed a bug, that when you search your forums, the if() tag shows even if you cant view it.

https://vborg.vbsupport.ru/showthrea...808#post351808
The text below already contains the fix.

Also I hope you enjoy the hack, If you have any problems, ideas, or just feedback, feel free to post.

Screenshots:
Heres a screenshot of a test post I did with the if() vB Code, the user who made the post can see all the private text in the post by default.
https://vborg.vbsupport.ru/attachmen...&postid=350154
(Note: The private text table can esily be edited in the "privatetext_style" style in headinclude after the hack is installed:

Heres a screen shot of the same post but after I logged out, so this is what the guest would see.
https://vborg.vbsupport.ru/attachmen...&postid=350155

I only have one request if you install this hack, please click Install, Thank You.

[Slynderdale]

Quote:

Originally posted by Erwin
This is great work. Well done! Obviously, use it with care - I would restrict this only for yourself - too easy to be abused or cause db errors by accident.

Thanks, I fixed the problem with db base "accidents" and so on, all functions except the ones you allow get removed so there are no security issues unless you allow it, also if some one enters a code with incorrest parsing, it wont show an error on the screen, at the moment when you first install it, you or users (if you have admin only set to false) will only be able to use trim(), strtoupper() and strtolower() in the code section, all other functions gets removed, you can change which are alwoed in the allowed_functions array.

[rjpa]

Is the threads post #1 the new updated code and is it safe to use?

[squawell]

i get error when i edit post and the error line is

$postinfo[message]=trim(preg_replace("/(\[)(if)(\()(.*)(\))(])(\r\n)*(.*)(\[\/if\])/esiU","doif('\\4','\\8','1')",$postinfo[message]));

any idea??

[Slynderdale]

Quote:

Originally posted by squawell
i get error when i edit post and the error line is

$postinfo[message]=trim(preg_replace("/(\[)(if)(\()(.*)(\))(])(\r\n)*(.*)(\[\/if\])/esiU","doif('\\4','\\8','1')",$postinfo[message]));

any idea??

What error do you get?

[Slynderdale]

Quote:

Originally posted by rjpa
Is the threads post #1 the new updated code and is it safe to use?

Yes, the first post's attachment contains the code, and this is now safe to use if you let users use it or not.

[squawell]

Quote:

Originally posted by Slynderdale


What error do you get?

so strange.....now it work....i dont know what happen last night?

but here is another problem i use this

[if($bbusergroupid==6)]XXX[/if] want show to this group member

only....but...when i use normal account(groupid=2)..and it can see

the text....so what happen???(it works perfect to guest...)

by the way...if someone use the [if] code when use search

function it can be see or not??...hope u know poor english...

[Slynderdale]

Quote:

Originally posted by squawell

so strange.....now it work....i dont know what happen last night?

but here is another problem i use this

[if($bbusergroupid==6)]XXX[/if] want show to this group member

only....but...when i use normal account(groupid=2)..and it can see

the text....so what happen???(it works perfect to guest...)

by the way...if someone use the [if] code when use search

function it can be see or not??...hope u know poor english...

The code bit in the if() tag is the same as normal php, so if your checking 2 things like the user group use ==, using just one = would be equal to:
$bbusergroupid=6;
in php, instead of checking it, it sets the varible.

Hmmm, thanks for reminding me about search, ill make a fix for it so if there not allowed to see it they wont and so on.

[Slynderdale]

Search bug fix:

*************************************
In file "search.php":
*************************************

*****************
find:
*****************

PHP Code:

    $sql="
    SELECT
      post.postid,post.title AS posttitle,post.dateline AS postdateline,post.userid AS postuserid,post.iconid AS posticonid,LEFT(post.pagetext,250) AS pagetext,
      thread.threadid,thread.title AS threadtitle,thread.iconid AS threadiconid,thread.replycount,thread.views,thread.pollid,thread.open,thread.lastpost,
      forum.forumid,forum.title AS forumtitle,forum.allowicons,user.username
      IF(post.title='',LEFT(post.pagetext,50),post.title) AS posttext,
      IF(post.userid=0,post.username,user.username) AS usrname,
      posticon.iconpath AS posticonpath,posticon.title AS posticontitle,
      threadicon.iconpath AS threadiconpath,threadicon.title AS threadicontitle
    FROM
      post".iif(strpos($search[query],"searchindex")>0,",searchindex","").",thread
    LEFT JOIN forum ON forum.forumid=thread.forumid
    LEFT JOIN user ON user.userid=post.userid
    LEFT JOIN icon AS threadicon ON thread.iconid=threadicon.iconid
    LEFT JOIN icon AS posticon ON post.iconid=posticon.iconid
    WHERE
      $postids AND thread.threadid=post.threadid
    ORDER BY
      $orderbysql";

    $searchtemplatebit = "searchresultbit";
  }

  $searchresults=$DB_site->query($sql); 


*****************
replace it with:
*****************

PHP Code:

    $sql="
    SELECT
      post.postid,post.title AS posttitle,post.dateline AS postdateline,post.userid AS postuserid,post.iconid AS posticonid,LEFT(post.pagetext,250) AS pagetext,
      thread.threadid,thread.title AS threadtitle,thread.iconid AS threadiconid,thread.replycount,thread.views,thread.pollid,thread.open,thread.lastpost,
      forum.forumid,forum.title AS forumtitle,forum.allowicons,user.username,user.usergroupid,
      IF(post.title='',LEFT(post.pagetext,50),post.title) AS posttext,
      IF(post.userid=0,post.username,user.username) AS usrname,
      posticon.iconpath AS posticonpath,posticon.title AS posticontitle,
      threadicon.iconpath AS threadiconpath,threadicon.title AS threadicontitle
    FROM
      post".iif(strpos($search[query],"searchindex")>0,",searchindex","").",thread
    LEFT JOIN forum ON forum.forumid=thread.forumid
    LEFT JOIN user ON user.userid=post.userid
    LEFT JOIN icon AS threadicon ON thread.iconid=threadicon.iconid
    LEFT JOIN icon AS posticon ON post.iconid=posticon.iconid
    WHERE
      $postids AND thread.threadid=post.threadid
    ORDER BY
      $orderbysql";

    $searchtemplatebit = "searchresultbit";
  }

  $searchresults=$DB_site->query($sql); 


*****************
find:
*****************

PHP Code:

        // get first 100 chars of page text
        if (strlen($searchresult[pagetext])>200) {
          $spacepos=strpos($searchresult[pagetext]." "," ",200);
          if ($spacepos!=0) {
            $searchresult[pagetext]=censortext(substr($searchresult[pagetext],0,$spacepos))."...";
          }
        } 


*****************
above it add:
*****************

PHP Code:

$searchresult['pagetext']=trim(preg_replace("/(\[)(if)(\()(.*)(\))(])(\r\n)*(.*)(\[\/if\])/esiU","doif('\\4','\\8','1')",$searchresult['pagetext'])); 


*************************************
In file "admin/functions.php":
*************************************

*****************
find:
*****************

PHP Code:

  $postadmin = false;
  if ($post['usergroupid']==6 or $postinfo['usergroupid']==6)  $postadmin = true; 


*****************
replace it with:
*****************

PHP Code:

  $postadmin = false;
  if ($post['usergroupid']==6 or $postinfo['usergroupid']==6 or $searchresult['usergroupid']==6)  $postadmin = true; 


I also added the fix into the install instructions in the first post.

[Slynderdale]

If any one else has any more problems, comments, ideas and so on, feel free to post them and ill see what I can do.

Also there is a bug, that NuclioN showed me where the code bit wasn't evaluating correctly and it showed the text to every one, this is rare, this bug doesn't happen to every one, just a rare few, if you experience this bug, please post about it, currently I'm still trying to find out what's wrong, I think it might be because of another hack they installed and is interfering with this one.

Also if you experience this bug, tell me if you have Logicians dynamic announcement hack installed or not. I think that might be the cause of the problem.

[NuclioN]

I've removed the dynamic announcement but with all the possible codes, all usergroups can see the priv message.