Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 02-25-2015, 03:55 PM
Dr.CustUmz's Avatar
Dr.CustUmz Dr.CustUmz is offline
 
Join Date: Aug 2013
Location: USA
Posts: 647
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default modify table with external php

so me and KH99 got my confirm password working, but we were thinking, to make it more secure i need to have something that triggers it to change a table.

I have created the most simple product (for testing purposes) that only adds the column we need the install code is as follows:
Code:
$db->query("
					ALTER TABLE `" . TABLE_PREFIX . "session`
						ADD COLUMN `idle` smallint(5) DEFAULT '0'
				");
this create our column in the session table saying if the user is idle or not. Default being 0 (not idle) 1 (idle) ...so is the idea

ok from there, i created a script that triggers after set amount of time:
Code:
$.ajax({ url: 'script.php' });
once script.php is triggered it is suppose to modify the idle table and set it to 1. here's what script.php looks like:
PHP Code:
error_reporting(E_ALL & ~E_NOTICE & ~8192);
define('THIS_SCRIPT''idle');
define('CSRF_PROTECTION'true);
require_once(
'./global.php');
$vbulletin->db->query("
    UPDATE `" 
TABLE_PREFIX "session`
    SET idle = '1'
"
); 
this is somewhat new to me, and im shocked i got this far with it before asking for help.
in chrome while loading my page, (watching network tab in the console) i can see after set time script.php trigger, this leaves me to believe i fudged something up in the text of script.php cause after it triggers and refreshing the DB i see no change in the idle column.

later ill need to make it so submitting a form reverse's this back to 0 so if anyone can kill 2 birds with one stone im throwing that out there too.

--------------- Added [DATE]1424887890[/DATE] at [TIME]1424887890[/TIME] ---------------

i figured i'd update this since its still needed but the issue didnt lie in the php, it works great! the issue is in my ajax call

i need a way to trigger this file without reloading the page are there any other methods i can do THAT WONT RELOAD THE PAGE.

--------------- Added [DATE]1424888239[/DATE] at [TIME]1424888239[/TIME] ---------------

this is what i used when it set the idle column properly:
HTML Code:
$.ajax({
                type: "GET",
                url: "script.php" ,
                success : function() { 
location.reload();
                }
            });
it worked... but reloaded the page

removing:
Code:
 success : function() { 
location.reload();
                }
fixed the reload but now wont set the column in the table =/


also the script seems to execute every set interval this is partial of the full snippet, any way i can kill it after it runs once:
Code:
if (idleTime > 2) {
		$.ajax({
                type: "GET",
                url: "script.php"
            });
		$("#idle").removeClass("hide");
		$( ".background-image" ).removeClass("hide");
		idleTime = 0;
		$('body').children().each(function(){
			if($(this).attr('id')!="idle"){
				$(this).css("-webkit-filter","blur(15px)");
			}
		});	
	}
so script.php is being called every 3 seconds.... which is kind of a big deal, but not like ud actually have this set to 3 seconds in a real environment.

--------------- Added [DATE]1424888499[/DATE] at [TIME]1424888499[/TIME] ---------------

now even re adding the reload doesnt update the table -_- back to square one

--------------- Added [DATE]1424889825[/DATE] at [TIME]1424889825[/TIME] ---------------

ok i got it all working EXCEPT it re runs every 3 seconds(testing time) but still if i set it to not trigger for 5 minutes i only want it to trigger on the first 5 mins not every 5 mins after its already triggered

this is my javascript:
Code:
function timerIncrement() {
	idleTime++;
	if (idleTime > 2) {
		$.ajax({
			type: "GET", url: "script.php"
		});
		$("#idle").removeClass("hide");
		$( ".background-image" ).removeClass("hide");
		idleTime = 0;
		$('body').children().each(function(){
			if($(this).attr('id')!="idle"){
				$(this).css("-webkit-filter","blur(15px)");
			}
		});	
	}
}
the
Code:
$.ajax({
  type: "GET", url: "script.php"
});
is the part fetching the script, so when the idle triggers it shows a div, when that div is triggered it triggers the script... now the script should trigger again untill the div has been closed and reactivated after say another 5 minutes of inactivity. but what its doing is trigerring the script.php EVERY 5 minutes of inactivity. (in the code displayed the trigger is set to 3 secs for developing and not having to wait)
Reply With Quote
  #2  
Old 02-25-2015, 04:54 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I hardly know anything about jquery, but as for th query to modify the table, I think you'd want:

Code:
$vbulletin->db->query(" 
    UPDATE `" . TABLE_PREFIX . "session` 
    SET idle = '1' 
    WHERE dbsessionhash = {$vbulletin->session['vars']['dbsessionhash']}
");
otherwise you'll set idle in all sessions to 1. Also, you can check the value by checking $vbulletin->session['vars']['idle'] so you don't have to do a query.
Reply With Quote
  #3  
Old 02-25-2015, 05:35 PM
Dr.CustUmz's Avatar
Dr.CustUmz Dr.CustUmz is offline
 
Join Date: Aug 2013
Location: USA
Posts: 647
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

sweet thanks, as for the rest i got everything sorted out =) and ill probally start product fying this when i wake up.

thanks for all your help and suggestions kev, you better believe you'll have credit on this

--------------- Added [DATE]1424893001[/DATE] at [TIME]1424893001[/TIME] ---------------

oh heres a screen but the close button wont be there


--------------- Added [DATE]1424893035[/DATE] at [TIME]1424893035[/TIME] ---------------

still needs some work but its a pretty sexy screen to get trapped on lol

--------------- Added [DATE]1424920959[/DATE] at [TIME]1424920959[/TIME] ---------------

so ive been playing with this and seems like the session table is reset after some time, creating a vulnerability to this mod.

if i get the idle set to 1 after some time the table is creating a new table for my id with the default of idle being 0, I believe moving this column to user table will solve this problem, but im not sure if it will achieve the desired effect

--------------- Added [DATE]1424921132[/DATE] at [TIME]1424921132[/TIME] ---------------

also using
Code:
$vbulletin->db->query(" 
    UPDATE `" . TABLE_PREFIX . "session` 
    SET idle = '1' 
    WHERE dbsessionhash = {$vbulletin->session['vars']['dbsessionhash']}
");
doesnt seem to change the table at all
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:45 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04138 seconds
  • Memory Usage 2,198KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (8)bbcode_code
  • (1)bbcode_html
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (3)post_thanks_box
  • (3)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit_info
  • (3)postbit
  • (3)postbit_onlinestatus
  • (3)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete