Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 04-21-2002, 08:05 PM
voogru's Avatar
voogru voogru is offline
 
Join Date: Dec 2001
Location: Miami, FL
Posts: 104
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default trying to mod download.php

trying to mod this download.php to reject members who havent been authed by the email.

heres what i got:

PHP Code:
<?
############################################
# Hack by: GameZilla                       #
# E-mail: [email]gamezilla@socal.rr.com[/email]           #
# Forum: [url]http://www.otakuforums.com[/url]        #
############################################

$file_name = "".basename($file);
include("config.inc");
$mysql['user']   = "voogru";
$mysql['pass']   = "password";
$mysql['db']     = "voogru_website";
$mysql['table']  = "user";

$link = mysql_connect("localhost",$mysql['user'],$mysql['pass']);
mysql_select_db($mysql['db']);

$user = ($HTTP_COOKIE_VARS['user']) ? $HTTP_COOKIE_VARS['user'] : $HTTP_POST_VARS['user'];
$pass = ($HTTP_COOKIE_VARS['pass']) ? $HTTP_COOKIE_VARS['pass'] : $HTTP_POST_VARS['pass'];

$r  = mysql_query("SELECT userid,username,password,usergroupid FROM $mysql[table] WHERE username='$user'");
while ($row = mysql_fetch_array($r))
{
    if(strtolower($user) == strtolower($row['username']) && md5($pass) == $row['password'])
    {

    if ($usergroupid == '3') {
    exit;
 }

    else
        setcookie("user","$user",time() + (120 * 120));
        setcookie("pass","$pass",time() + (120 * 120));
        header("location: $file");
        exit();
    }

}
$data = addslashes(implode("",file("http://www.voogru.com/files/login.phtml")));
eval("echo stripslashes(\"$data\");");
exit();
?>
however when i do that i did a test user and i was still able to download the file.

any ideas?
Reply With Quote
  #2  
Old 04-21-2002, 08:16 PM
Steve Machol's Avatar
Steve Machol Steve Machol is offline
 
Join Date: Nov 2001
Posts: 1,896
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Out of curiousity why don't you just set the appropriate permissions for the 'Users Awaiting Email Confirmation' group? Just set 'Can download attachments' to 'No'.
Reply With Quote
  #3  
Old 04-21-2002, 08:20 PM
voogru's Avatar
voogru voogru is offline
 
Join Date: Dec 2001
Location: Miami, FL
Posts: 104
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

no, the download.php is an external file from vbulletin, my can download attachments is already at "no"
Reply With Quote
  #4  
Old 04-21-2002, 08:24 PM
Steve Machol's Avatar
Steve Machol Steve Machol is offline
 
Join Date: Nov 2001
Posts: 1,896
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ah, ok. I should have noticed this wasn't a normal vB file!
Reply With Quote
  #5  
Old 04-21-2002, 08:29 PM
voogru's Avatar
voogru voogru is offline
 
Join Date: Dec 2001
Location: Miami, FL
Posts: 104
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

especially with the
PHP Code:
############################################
# Hack by: GameZilla                       #
# E-mail: [email]gamezilla@socal.rr.com[/email]           #
# Forum: <a href="http://www.otakuforums.com" target="_blank">[url]http://www.otakuforums.com[/url]</a>        #
############################################ 
up top hehe

anyways still looking for a solution
Reply With Quote
  #6  
Old 04-22-2002, 12:37 AM
voogru's Avatar
voogru voogru is offline
 
Join Date: Dec 2001
Location: Miami, FL
Posts: 104
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I seemed to fix this by totally re-doing my download.php and putting it in my forums directory. anyways heres what i did:

PHP Code:
<?
require('global.php');
if ($bbuserinfo[usergroupid]==3) {
eval("dooutput(\"".show_nopermission()."\");");
exit;
}
if ($bbuserinfo[usergroupid]==0) {
eval("dooutput(\"".show_nopermission()."\");");
exit;
}
if ($bbuserinfo[userid]==0) {
eval("dooutput(\"".show_nopermission()."\");");
exit;
}
$file_name = "".basename($file);
echo "<META HTTP-EQUIV=\"refresh\" content=\"0;URL=http://www.voogru.com/files/$file\"> \n";
exit();
?>
i love meta refresh hehe anyways feel free to use it, just change the address, also the to link to the file:

Usage:

if you have www.domain.com/files/yap.zip you would make the link:
http://www.domain.com/forum/download.php?file=yap.zip
if you have a link like:
www.domain.com/files/coolstuff/yap.zip you would make the link:
http://forums.voogru.com/download.ph...lstuff/yap.zip and ect.

*wonder if this would qualify as a hack aranoid:
Reply With Quote
  #7  
Old 04-22-2002, 11:50 AM
Admin's Avatar
Admin Admin is offline
Coder
 
Join Date: Oct 2023
Location: Server
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What's the point in this hack if you can see the filename in the URL? You can just go straight to it without using download.php.
Reply With Quote
  #8  
Old 04-22-2002, 07:08 PM
voogru's Avatar
voogru voogru is offline
 
Join Date: Dec 2001
Location: Miami, FL
Posts: 104
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

you dont understand it, if you set the ure to refresh to like

PHP Code:
[b]echo "<META HTTP-EQUIV=\"refresh\" content=\"5;URL=http://www.voogru.com/files/secretfolderthatnoonewouldbeabletofigureout/$file\"> \n";[/b]
exit();
?> 
when you link to the file you would put.
download.php?file=yap.zip and it would access
Code:
files/secretfolderthatnoonewouldbeabletofigureout/yap.zip
i just put the main dir as an example, the file could be called from anywhere on the server only showing the path and file after the directory where the files are hiden, i cant really explain it that well :ermm:
Reply With Quote
  #9  
Old 04-23-2002, 12:00 PM
Admin's Avatar
Admin Admin is offline
Coder
 
Join Date: Oct 2023
Location: Server
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

In that case don't use META tags, it's very easy to find them out (just view the HTML source!). Use PHP's header() function. (i.e header('Location: yourfile');)
Reply With Quote
  #10  
Old 04-23-2002, 02:31 PM
voogru's Avatar
voogru voogru is offline
 
Join Date: Dec 2001
Location: Miami, FL
Posts: 104
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

yeah but they will have to be quick if u set the refresh to 0
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:12 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04009 seconds
  • Memory Usage 2,267KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (4)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete