Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Post Edit History (PEH) Details »»
Post Edit History (PEH)
Version: 1.5.0 B 3, by Surviver Surviver is offline
Developer Last Online: May 2020 Show Printable Version Email this Page

Category: Add-On Releases - Version: 3.6.8 Rating:
Released: 11-27-2006 Last Update: 10-26-2007 Installs: 186
DB Changes Uses Plugins Template Edits
Additional Files Translations Is in Beta Stage  
No support by the author.

Edithistory (1.5.0 B 3)

What does this Modification?
This Modification saves a version of a post if someone edits it. If there are saved edits for a post, you can view the "Post History" and you are able to restore old posts.
Also you can compare saved versions of a post.

Installation
Installation-Instructions are included in the zip-File

What's new in Version 1.5.0 B 2?

In this version i made a lot of improvement: eg. I've overwritten the code, the Ajax Compare function now works properly (Screen #3) and I implented a function to mass restore posts of a user. (Screen #6)

Screenshots

#1
Attachment 71292

#2
Attachment 71293

#3 (Compare saved version)
Attachment 71294

#4 (Usergroup Permissions)
Attachment 71295

#5
Attachment 71296

#6 (Mass Restore posts of a user)
Attachment 71297

Not translated yet
- Admin Help

[HR]ss[/HR]
I only get a blank page after the update, waht can I do?

See the new FAQ
[HR]ss[/HR]

Regards
Surviver

PS: I'm very sorry about my bad english

PPS:If you use it, please klick install!

Supporters / CoAuthors

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #52  
Old 12-15-2006, 11:43 AM
Surviver's Avatar
Surviver Surviver is offline
 
Join Date: Feb 2006
Location: Bonn, Germany
Posts: 382
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Jackal von ?RF View Post
At my forums there have been two cases when a user edited all of his messages to remove them from the forums (in one case he had over a thousand messages and it took him two days to edit them). What I've done to them is ban them (removing their right to edit their own posts) and restored all the messages from a backup (takes a couple of hours when writing some SQL scripts manually).

It would be nice if this mod offered the possibility to mass-undo all edits which a user made within a specific time frame. The same way as the prune tools in vB's Admin CP work. It should show all individual edits (before and after editing), when it was done, who edited it, and there should be a checkbox for selecting the edits which should be undone.
I will see, waht I can do
Quote:
Originally Posted by Jackal von ?RF View Post
It would also be nice for the program to send a PM to the admins/moderators when a user edits many of his old messages in a short time. It should be configurable so, that editing even one old message (for example older than 30 days) would send a PM. Then the moderators could quickly stop the user from editing all of his messages away.
This would add 1-2 Querys if you edit a post ... (And not nany user would use ist)
Quote:
Originally Posted by Jackal von ?RF View Post

Anyways, thanks for your work. Your script looks promising. I'll try it soon. I first thought about creating a similar script myself, but luckily you had already done the job. (I might even offer some help in adding these features I requested, if I really like your script and I have the time.)

EDIT 1:
I looked quickly through your code (v1.2.1) and noticed the query in \includes\cron\edithistory.php. Wouldn't it look much nicer if it was written like this?
Code:
$vbulletin->db->query_write("
	DELETE edithistory
	FROM " . TABLE_PREFIX . "edithistory AS edithistory
	LEFT JOIN " . TABLE_PREFIX . "post AS post ON (post.postid = edithistory.postid)
	WHERE post.postid IS NULL
");
Or does this have to do with the incompatibility between MySQL 4.0 and 4.1 as mentioned here? In that case how about writing it without the "AS" keyword like this? Also there should be a comment which would tell about the incompatibility and why the SQL had to be written in an ugly way. (In any case format the SQL to have less tabs; indentation of one tab instead of eight.)

Code:
$vbulletin->db->query_write("
	DELETE " . TABLE_PREFIX . "edithistory
	FROM " . TABLE_PREFIX . "edithistory
	LEFT JOIN " . TABLE_PREFIX . "post ON (" . TABLE_PREFIX . "post.postid = " . TABLE_PREFIX . "edithistory.postid)
	WHERE " . TABLE_PREFIX . "post.postid IS NULL
");
Or does this have to do with the incompatibility between MySQL 4.0 and 4.1 as mentioned here? Yes !
Quote:
Originally Posted by Jackal von ?RF View Post
EDIT 2:
Does the field edithistory.postid have an index at all? I noticed quite many queries use it in the WHERE condition, but I didn't find anywhere an index for it to be created. This might create full scans of the edithistory table...
I will add it !
Quote:
Originally Posted by Jackal von ?RF View Post
Also, I noticed the following line of code. Since reason is a text field, the value assigned to it should be quoted in the SQL query. It would be a good habbit to always quote the values, even if you know that they are numeric.
Code:
$db->query_write("UPDATE " .TABLE_PREFIX. "editlog SET reason = ".$edit['oldreason']." WHERE postid = ".$postinfo['postid']."");
I will fix it !
Quote:
Originally Posted by Jackal von ?RF View Post
Also, I noticed from my DB dump of vB3.5.x (first install was 2.3.5 or older) that the editlog.reason field is defined as `reason` varchar(200) NOT NULL default '' but in your code you have the oldreason and newreason fields defined as varchar(255). Could somebody with a clean vB3.6.x install check that what the size should be?
Why is the size important?
Quote:
Originally Posted by Jackal von ?RF View Post
EDIT 3:
As somebody already mentioned, there's no need for the cron job to run more often that once a day or week (I think it's now by default once an hour). It's rare that posts get physically deleted, so most of the time the cron job would do nothing. I hope you have checked that it uses indexes correctly and runs quickly. I'm just a bit worried because checking every postid might take some time for a big board... My board has some 300K posts and also boards with millions of posts exist. It would be better to remove those rows from edithistory when a post gets physically deleted, and not in a cron job.


PS: I think you should tick the boxes "Additional files" and "Is in Beta stage" for this mod. Also I recommend you to write more comments in your code (I didn't notice any).
I will check Additional Files, but it is not really a beta Release.
Maybe it has some bug, but its no relly Beta

Thanky for your feedback !

Greetings Surviver
Reply With Quote
  #53  
Old 12-16-2006, 04:31 AM
Jackal von ?RF's Avatar
Jackal von ?RF Jackal von ?RF is offline
 
Join Date: May 2002
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Surviver View Post
This would add 1-2 Querys if you edit a post ... (And not nany user would use ist)
Another way would be have search functions in the Admin CP, with which it would be possible to search for suspicious mass edits of old messages. For example in the same place where the controls for mass undoing the edits would be. Or some other way to view all edits which the users have done (just like there is the Moderator Log to see all moderation actions). The biggest problem might be, that how a large number of edits could be visualized informatively and effectively in a small space.

The feature of sending automatic PMs is not very important (and might not even be the optimal solution to the problem), so don't worry about implementing it yet. Maybe I'll make a custom tool for analyzing the edit actions. In any case I'll first need to experiment a bit to find a good way to visualize the edits, after I've had the edit history in use for some time and gathered real usage data.

I'll keep you informed if I get some good ideas.

Quote:
Originally Posted by Surviver View Post
Why is the size important?
Well, since they are VARCHAR fields, I suppose it doesn't take any more space from the database than a VARCHAR(200) would take. So it's not really a problem. Just a matter of style and consistency.
Reply With Quote
  #54  
Old 12-16-2006, 11:41 AM
Surviver's Avatar
Surviver Surviver is offline
 
Join Date: Feb 2006
Location: Bonn, Germany
Posts: 382
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Jackal von ?RF View Post
Another way would be have search functions in the Admin CP, with which it would be possible to search for suspicious mass edits of old messages. For example in the same place where the controls for mass undoing the edits would be. Or some other way to view all edits which the users have done (just like there is the Moderator Log to see all moderation actions). The biggest problem might be, that how a large number of edits could be visualized informatively and effectively in a small space.

The feature of sending automatic PMs is not very important (and might not even be the optimal solution to the problem), so don't worry about implementing it yet. Maybe I'll make a custom tool for analyzing the edit actions. In any case I'll first need to experiment a bit to find a good way to visualize the edits, after I've had the edit history in use for some time and gathered real usage data.

I'll keep you informed if I get some good ideas.


Well, since they are VARCHAR fields, I suppose it doesn't take any more space from the database than a VARCHAR(200) would take. So it's not really a problem. Just a matter of style and consistency.
Ok, i will canch it in the new version. Annd i'll add an index
Reply With Quote
  #55  
Old 01-08-2007, 08:01 PM
Jackal von ?RF's Avatar
Jackal von ?RF Jackal von ?RF is offline
 
Join Date: May 2002
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Code:
Database error in vBulletin 3.6.4:

Invalid SQL:
UPDATE vb_editlog SET reason = fda WHERE postid = 354660;

MySQL Error  : Unknown column 'fda' in 'field list'
Error Number : 1054
Date         : Monday, January 8th 2007 @ 11:59:09 PM
Script       : http://foorumit.fffin.com/edithistory.php?do=restore&editid=5
Referrer     : 
IP Address   : x.x.x.x
Username     : Jackal von ?RF
Classname    : vb_database
This has not yet been fixed in v1.2.2. Also, the value needs to be escaped. If only single quotes are added to the query, it will make the database vulnerable to SQL injection attack:
Code:
Database error in vBulletin 3.6.4:

Invalid SQL:
UPDATE vb_editlog SET reason = 'aa ' bee' WHERE postid = 354660;

MySQL Error  : You have an error in your SQL syntax.  Check the manual that corresponds to your MySQL server version for the right syntax to use near 'bee' WHERE postid = 354660' at line 1
Error Number : 1064
Date         : Tuesday, January 9th 2007 @ 12:03:10 AM
Script       : http://foorumit.fffin.com/edithistory.php?do=restore&editid=6
Referrer     : 
IP Address   : x.x.x.x
Username     : Jackal von ?RF
Classname    : vb_database
I also found that the rest of your the code is vulnerable to SQL injection attacks. You must ALWAYS escape EVERY parameter that is put to an SQL query:
Code:
Database error in vBulletin 3.6.4:

Invalid SQL:
INSERT INTO vb_editlog (postid, userid, username, dateline, reason) VALUES('354660', '468', 'Jackal von ?RF', '1168294059', 'a ' b');

MySQL Error  : You have an error in your SQL syntax.  Check the manual that corresponds to your MySQL server version for the right syntax to use near 'b')' at line 1
Error Number : 1064
Date         : Tuesday, January 9th 2007 @ 12:07:39 AM
Script       : http://foorumit.fffin.com/edithistory.php?do=restore&editid=12
Referrer     : 
IP Address   : x.x.x.x
Username     : Jackal von ?RF
Classname    : vb_database

I've attached a version of edithistory.php where the above security holes have been fixed.

All users of PEH 1.2.2 (and below) are STRONGLY RECOMMENDED to apply this patch, or disable PEH.


PS: I noticed that there are more detailed instructions for installing PEH at http://www.my-vb.org/board/showthread.php?t=236 (fortunately I can read German, I'm worried about everybody else ). Could you also make the English instructions more detailed? Also, please include the instructions as a text file to the ZIP file, so that it would not be necessary to read this thread for the instructions.
Reply With Quote
  #56  
Old 01-10-2007, 05:37 PM
Surviver's Avatar
Surviver Surviver is offline
 
Join Date: Feb 2006
Location: Bonn, Germany
Posts: 382
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Jackal von ?RF View Post
Code:
Database error in vBulletin 3.6.4:

Invalid SQL:
UPDATE vb_editlog SET reason = fda WHERE postid = 354660;

MySQL Error  : Unknown column 'fda' in 'field list'
Error Number : 1054
Date         : Monday, January 8th 2007 @ 11:59:09 PM
Script       : http://foorumit.fffin.com/edithistory.php?do=restore&editid=5
Referrer     : 
IP Address   : x.x.x.x
Username     : Jackal von ?RF
Classname    : vb_database
This has not yet been fixed in v1.2.2. Also, the value needs to be escaped. If only single quotes are added to the query, it will make the database vulnerable to SQL injection attack:
Code:
Database error in vBulletin 3.6.4:

Invalid SQL:
UPDATE vb_editlog SET reason = 'aa ' bee' WHERE postid = 354660;

MySQL Error  : You have an error in your SQL syntax.  Check the manual that corresponds to your MySQL server version for the right syntax to use near 'bee' WHERE postid = 354660' at line 1
Error Number : 1064
Date         : Tuesday, January 9th 2007 @ 12:03:10 AM
Script       : http://foorumit.fffin.com/edithistory.php?do=restore&editid=6
Referrer     : 
IP Address   : x.x.x.x
Username     : Jackal von ?RF
Classname    : vb_database
I also found that the rest of your the code is vulnerable to SQL injection attacks. You must ALWAYS escape EVERY parameter that is put to an SQL query:
Code:
Database error in vBulletin 3.6.4:

Invalid SQL:
INSERT INTO vb_editlog (postid, userid, username, dateline, reason) VALUES('354660', '468', 'Jackal von ?RF', '1168294059', 'a ' b');

MySQL Error  : You have an error in your SQL syntax.  Check the manual that corresponds to your MySQL server version for the right syntax to use near 'b')' at line 1
Error Number : 1064
Date         : Tuesday, January 9th 2007 @ 12:07:39 AM
Script       : http://foorumit.fffin.com/edithistory.php?do=restore&editid=12
Referrer     : 
IP Address   : x.x.x.x
Username     : Jackal von ?RF
Classname    : vb_database

I've attached a version of edithistory.php where the above security holes have been fixed.

All users of PEH 1.2.2 (and below) are STRONGLY RECOMMENDED to apply this patch, or disable PEH.


PS: I noticed that there are more detailed instructions for installing PEH at http://www.my-vb.org/board/showthread.php?t=236 (fortunately I can read German, I'm worried about everybody else ). Could you also make the English instructions more detailed? Also, please include the instructions as a text file to the ZIP file, so that it would not be necessary to read this thread for the instructions.


Thank you, this is MY Mistake. I will attache a complete fixed Version in the first post, i inserted your name as co-author

I'll include the Installation Instructions,. but the Problem is, my English is too bad

I'll give my best

Greetings SUrviver
Reply With Quote
  #57  
Old 01-10-2007, 06:22 PM
Surviver's Avatar
Surviver Surviver is offline
 
Join Date: Feb 2006
Location: Bonn, Germany
Posts: 382
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Jackal von ?RF View Post
Code:
Database error in vBulletin 3.6.4:

Invalid SQL:
UPDATE vb_editlog SET reason = fda WHERE postid = 354660;

MySQL Error  : Unknown column 'fda' in 'field list'
Error Number : 1054
Date         : Monday, January 8th 2007 @ 11:59:09 PM
Script       : http://foorumit.fffin.com/edithistory.php?do=restore&editid=5
Referrer     : 
IP Address   : x.x.x.x
Username     : Jackal von ?RF
Classname    : vb_database
This has not yet been fixed in v1.2.2. Also, the value needs to be escaped. If only single quotes are added to the query, it will make the database vulnerable to SQL injection attack:
Code:
Database error in vBulletin 3.6.4:

Invalid SQL:
UPDATE vb_editlog SET reason = 'aa ' bee' WHERE postid = 354660;

MySQL Error  : You have an error in your SQL syntax.  Check the manual that corresponds to your MySQL server version for the right syntax to use near 'bee' WHERE postid = 354660' at line 1
Error Number : 1064
Date         : Tuesday, January 9th 2007 @ 12:03:10 AM
Script       : http://foorumit.fffin.com/edithistory.php?do=restore&editid=6
Referrer     : 
IP Address   : x.x.x.x
Username     : Jackal von ?RF
Classname    : vb_database
I also found that the rest of your the code is vulnerable to SQL injection attacks. You must ALWAYS escape EVERY parameter that is put to an SQL query:
Code:
Database error in vBulletin 3.6.4:

Invalid SQL:
INSERT INTO vb_editlog (postid, userid, username, dateline, reason) VALUES('354660', '468', 'Jackal von ?RF', '1168294059', 'a ' b');

MySQL Error  : You have an error in your SQL syntax.  Check the manual that corresponds to your MySQL server version for the right syntax to use near 'b')' at line 1
Error Number : 1064
Date         : Tuesday, January 9th 2007 @ 12:07:39 AM
Script       : http://foorumit.fffin.com/edithistory.php?do=restore&editid=12
Referrer     : 
IP Address   : x.x.x.x
Username     : Jackal von ?RF
Classname    : vb_database

I've attached a version of edithistory.php where the above security holes have been fixed.

All users of PEH 1.2.2 (and below) are STRONGLY RECOMMENDED to apply this patch, or disable PEH.


PS: I noticed that there are more detailed instructions for installing PEH at http://www.my-vb.org/board/showthread.php?t=236 (fortunately I can read German, I'm worried about everybody else ). Could you also make the English instructions more detailed? Also, please include the instructions as a text file to the ZIP file, so that it would not be necessary to read this thread for the instructions.
Update, Thanks again !
Reply With Quote
  #58  
Old 01-12-2007, 07:55 AM
Pottsy Pottsy is offline
 
Join Date: Sep 2006
Location: UK
Posts: 130
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I tried to update it to 1.2.3 (upload all new files and import xml with "allow overwrite") and got:

Database error in vBulletin 3.6.4:

Invalid SQL:
ALTER TABLE edithistory CHANGE reason oldreason varchar(200);

MySQL Error : Unknown column 'reason' in 'edithistory'
Error Number : 1054
Date : Friday, January 12th 2007 @ 09:50:17 AM
Script : xxxxxxplugin.php?do=productimport
Referrer : xxxxxxx?do=productadd
IP Address : xx.xx.xx.xx
Username : xxxxx
Classname : vb_database

EDIT: Got it working by running query

ALTER TABLE edithistory CHANGE oldreason reason varchar(255);

and then doing the import again.
Reply With Quote
  #59  
Old 01-12-2007, 10:21 AM
TrIn@dOr TrIn@dOr is offline
 
Join Date: Nov 2006
Location: South Bend, IN
Posts: 169
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Very nice, perhaps u can add in the explanations that by default NO usergroup can view the historys!! :P
Reply With Quote
  #60  
Old 01-12-2007, 11:18 AM
Surviver's Avatar
Surviver Surviver is offline
 
Join Date: Feb 2006
Location: Bonn, Germany
Posts: 382
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Pottsy View Post
I tried to update it to 1.2.3 (upload all new files and import xml with "allow overwrite") and got:

Database error in vBulletin 3.6.4:

Invalid SQL:
ALTER TABLE edithistory CHANGE reason oldreason varchar(200);

MySQL Error : Unknown column 'reason' in 'edithistory'
Error Number : 1054
Date : Friday, January 12th 2007 @ 09:50:17 AM
Script : xxxxxxplugin.php?do=productimport
Referrer : xxxxxxx?do=productadd
IP Address : xx.xx.xx.xx
Username : xxxxx
Classname : vb_database



EDIT: Got it working by running query

ALTER TABLE edithistory CHANGE oldreason reason varchar(255);

and then doing the import again.
I'll look at this

//I can nnot repoduce the Problem.
It works fine for me

Quote:
* Altering Table post ...Done!

* Altering Table usergroup ...Done!

* Creating Table edithistory ... Done!

* Altering Table edithistory ...Done!

* Altering Table edithistory ...Done!

* Altering Table edithistory ...Done!

* Altering Table edithistory ...Done!

* Altering Table forum ...Done!

* Altering Table edithistory ...Done!

* Altering Table edithistory ...Done!

* Adding Index postid ...Done!
Quote:
Originally Posted by TrIn@dOr View Post
Very nice, perhaps u can add in the explanations that by default NO usergroup can view the historys!! :P
This is Default
Reply With Quote
  #61  
Old 01-13-2007, 06:55 PM
Nathan2006's Avatar
Nathan2006 Nathan2006 is offline
 
Join Date: Feb 2006
Location: UK
Posts: 862
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks Surviver,

Updated and working
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:17 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05077 seconds
  • Memory Usage 2,369KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (12)bbcode_code
  • (15)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete