Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > General > Member Archives
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Details »»

Version: , by G0D (Guest)
Developer Last Online: Jan 1970 Show Printable Version Email this Page

Version: Unknown Rating:
Released: 04-21-2001 Last Update: Never Installs: 0
 
No support by the author.

I made a new field in the table "session"
the field is called "location" (this is a field used in vbb 1.1.X but not in vbb 2)

The reason I need this field is for my "Spy on user" hack.
It tells us what other users are doing..(viewing what thread, forum, etc.)

I made some adjustment in session.php
example:

$DB_site->query("UPDATE session SET userid=$bbuserid,lastactivity=$datenow,location='".addslashes($scriptpath)."' WHERE sessionid=$session[sessionid]");

The code works fine

but...the location is showed as:

/vbb2/showthread.php?s=d10a266aeba10e516dc0707abc5c262f&threadid=2

the sessionid (d10a266aeba10e516dc0707abc5c262f) is also part of "location"..but I don't want that.
I want it to show :

/vbb2/showthread.php?threadid=2

Anyone here that can help me so I can use my hack?
better question: Does it mather when someone knows the session id of another user?

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #2  
Old 04-21-2001, 10:46 AM
G0D
Guest
 
Posts: n/a
Default

never mind..found the piece of code in newtread.php

Code:
$scriptpath=ereg_replace("sessionhash=[a-z0-9]{32}&","",$scriptpath);
  $scriptpath=ereg_replace("\\?sessionhash=[a-z0-9]{32}","",$scriptpath);
  $scriptpath=ereg_replace("s=[a-z0-9]{32}&","",$scriptpath);
  $scriptpath=ereg_replace("\\?s=[a-z0-9]{32}","",$scriptpath);
But still then..does it mather when users know other users sessionid?
Reply With Quote
  #3  
Old 04-21-2001, 02:05 PM
JamesUS's Avatar
JamesUS JamesUS is offline
 
Join Date: Oct 2001
Posts: 347
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It doesn't directly cause problems but it is a big security risk.
Just use the code you posted above to remove the sessionhashes from the urls.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:19 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06196 seconds
  • Memory Usage 2,203KB
  • Queries Executed 16 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (3)post_thanks_box
  • (3)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit_info
  • (2)postbit
  • (1)postbit_onlinestatus
  • (3)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • postbit_imicons
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete