Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 2.x > vBulletin 2.x Full Releases
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Details »»

Version: 1.00, by Guru Guru is offline
Developer Last Online: Feb 2004 Show Printable Version Email this Page

Version: 2.2.x Rating:
Released: 02-23-2002 Last Update: Never Installs: 29
 
No support by the author.

I've hacked my attachment.php script to prevent users from posting an attachment on my board, and then using the HTML to display it somewhere else. This prevents people from posting a pic on your board, then using your bandwidth to place that pic elsewhere. It is a tiny code change.

I've substituted my own logo, (LOL), but you can replace that with anything, or just use the "exit;" line to eliminate the pic entirely.

In attachment.php, right after:
PHP Code:
require("./global.php"); 
Add the following code:
PHP Code:
// Cross-link hack by Guru 2/24/2002
// Check that we aren't linked somewhere else
$url parse_url($_SERVER['HTTP_REFERER']); 
$checkurl strtolower($url["host"]); 
if (! 
strstr($checkurl"yourdomain")) {

    
// Remove this code if you just want to break the image
    // Substitute my Logo
    
header("Content-Type: image/gif"); 
    
$filename "/usr/public_html/grafix/logo.gif";
    
$image fread(fopen($filename,"r"),100000); 
    echo 
$image
    
fclose($image);
    
// End Substitute my Logo

    
exit; 

Change yourdomain to your actual domain name, and the logo URL to what you want to replace the cross-linked image with.

NOTE: Changed to use the full path in "$filename = ..." to get this to work on some servers.

ANOTHER: See this post in this thread for a modification that works on Win32 servers: https://vborg.vbsupport.ru/showthrea...895#post297895

AGAIN: If you modify avatar.php similarly, you can prevent people from cross-linking your avatars: https://vborg.vbsupport.ru/showthrea...893#post303893

UPDATE: The parse_url line is slightly different to use the new PHP syntax.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #52  
Old 07-15-2002, 03:19 AM
Smoothie Smoothie is offline
 
Join Date: Oct 2001
Location: New York
Posts: 1,834
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Nice! The actual image doesn't show unless unregistered users click the attachment link. Is that how it should be?
Reply With Quote
  #53  
Old 07-16-2002, 11:05 AM
BabyU BabyU is offline
 
Join Date: Nov 2001
Posts: 32
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Will this work with smilies too? I have the worst time with people linking to them on other boards.
Reply With Quote
  #54  
Old 07-16-2002, 07:34 PM
chrissysdaddy's Avatar
chrissysdaddy chrissysdaddy is offline
 
Join Date: Mar 2002
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This looks like a great hack. I am having a major problem though. as soon as I add ANYTHING to the attachment.php script, I get broken links! I tryed lust adding this line;

echo "test";

but as soon as I do, I get broken links instead of the attachments.

I AM CONFUSED! Can someone help me pull my head out of my a**?
Reply With Quote
  #55  
Old 07-24-2002, 04:14 PM
BabyU BabyU is offline
 
Join Date: Nov 2001
Posts: 32
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

ugh
Reply With Quote
  #56  
Old 07-24-2002, 11:33 PM
Guru Guru is offline
 
Join Date: Nov 2001
Location: Pacific Northwet
Posts: 50
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This hack won't work for smilies. They are simply little gif files. You would have to use the .htaccess method for those.

Adding
PHP Code:
echo "test"
will break the mime type. It needs to be an image.

Follow the instructions, which will replace the image with the "broken" image, and end the script (and, it supplies the correct data for the type).
Reply With Quote
  #57  
Old 08-13-2002, 06:29 AM
wolffenstein's Avatar
wolffenstein wolffenstein is offline
 
Join Date: Jul 2002
Posts: 5
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

pardon my ignorance for not even looking at the code before i posted this, but does this work with the "attachments as files" hack?
Reply With Quote
  #58  
Old 08-13-2002, 11:43 PM
Guru Guru is offline
 
Join Date: Nov 2001
Location: Pacific Northwet
Posts: 50
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I don't know what that hack does, exactly, but given the name (... as files), it seems that it may not. Perhaps someone who knows more about that hack will comment?
Reply With Quote
  #59  
Old 08-14-2002, 02:41 AM
wolffenstein's Avatar
wolffenstein wolffenstein is offline
 
Join Date: Jul 2002
Posts: 5
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

this description should help. click here
Reply With Quote
  #60  
Old 09-08-2002, 09:19 PM
Rapdis's Avatar
Rapdis Rapdis is offline
 
Join Date: Mar 2002
Posts: 122
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

OK... im doing sumfing wrong, please help, i have ova 70 users linking one image, please help asap, costing me too much.

i added the code exactly,

and i am testing it at http://www.majorfm.com/testrapdis.htm

the image still shows, please explain?

I have attached my attachment.php for reference.
Reply With Quote
  #61  
Old 09-08-2002, 09:47 PM
Rapdis's Avatar
Rapdis Rapdis is offline
 
Join Date: Mar 2002
Posts: 122
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

wen i view the page in MS Frontpage, it shows the correct image i want it replaced with, but wen uploaded, it shows the attachment! this really should be standard in VB, what a security alert and a half, this mistake cost me £155, 12 gb off excess bandwidth, so what can i do? doesnt seem to work.

Check the attachment, for what i see in frontpage.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 09:00 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06889 seconds
  • Memory Usage 2,310KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (3)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete