IMHO.WS - Показать сообщение отдельно

Stasik · 09.06.2002, 22:03

вот те копия моего поста

Hi.... it is my first hack - phpProbe

here is it... it was tested under vbb2x RC2 and phpMyChat 0.14.4

News:
Updated on 19.07.01
- FAQ has been add

Updated on 18.07.01
The hack is compatible with version 0.14.5 of phpMyChat
- there is some javaScript code there, so the hack will not work with browsers without JS support (phpMyChat will not work with these browsers too

)
- the Exit link in chat works ok now

Hack:
Step 1:
open /lib/index.lib.php3 in yours phpMyChat Derictory
find:

PHP код:


			
// Fix some security holes

replace it with

PHP код:


			
//a VBB integration hack by Stasik (stasik@t-online.de)

//v0.1

//(C)2001



$exiturl = "http://www.blabla.com"; // the url the user will be redirected exiting the chat



if($Ver == ""){print "

<HTML>

<SCRIPT TYPE=\"text/javascript\" LANGUAGE=\"javascript\">

    <!--

    var NS4 = (document.layers) ? 1 : 0;

    var IE4 = ((document.all) && (parseInt(navigator.appVersion)>=4)) ? 1 : 0;

    var ver4 = (NS4 || IE4) ? \"H\" : \"L\";

function defineVerField()

    {

        if (document.images && ver4 == 'L')

            document.forms['Params'].elements['Ver'].value = 'M';    // js1.1 enabled browser

        else document.forms['Params'].elements['Ver'].value = ver4;

    }

 -->

</SCRIPT>

<FORM ACTION=\"index.php3\" METHOD=\"POST\" AUTOCOMPLETE=\"OFF\" NAME=\"Params\">

<INPUT TYPE=\"hidden\" NAME=\"Ver\" VALUE=\"L\">

</FORM>

<SCRIPT TYPE=\"text/javascript\" LANGUAGE=\"javascript\">

defineVerField();

document.forms.Params.submit();

</SCRIPT>

</HTML>

"; exit;}



chdir("/path/to/board/");

require("./global.php");

chdir("/path/to/chat/");



if ($bbuserid == 0) 

{ 

print "no"; //Message if the user has no cookie

exit; 

}

else

{

if ($bbusername == "" || (isset($bbusername))==0) 

{ 

$getusername=$DB_site->query_first("SELECT username FROM user WHERE userid=$bbuserid"); 

$username=$getusername[username]; 

$bbusername = $username; 

}

else 

{ 

$username = $bbusername; 

} }



$U = $username;



$pat = "[[:space:]]"; 

$repl = ""; 

$U = ereg_replace($pat,$repl,$U); 

$pat = ','; 

$U = ereg_replace($pat,$repl,$U); 

stripslashes($U); 



$N = 20; 

$D = 10; 

$Form_Send = 1; 



//Replace admin with your administration nick

if($U != "Admin")

{

$PASSWORD="1";

}



// Fix some security holes

Step 2:
open /lib/index.lib.php3 in yours phpMyChat Derictory
find:

PHP код:


			
$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($EN, '$E', 'SYS exit', '', ".time().", '', 'sprintf(L_EXIT_ROM, \"".special_char($U,$Latin1)."\")')");

        }

    }

replace it with:

PHP код:


			
$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($EN, '$E', 'SYS exit', '', ".time().", '', 'sprintf(L_EXIT_ROM, \"".special_char($U,$Latin1)."\")')");

        }

    }

if($exit == "1"){header ("Location: $exiturl"); exit;}

Step 3:
open /exit.php3 in yours phpMyChat Derictory
find:

PHP код:


			
<A HREF="<?php echo("$From?Ver=$Ver&L=$L&U=".urlencode(stripslashes($U))."&E=".urlencode(stripslashes($R))."&EN=$T"); ?>" TARGET="_parent"><?php echo(L_EXIT); ?></A>

replace it with:

PHP код:


			
<A HREF="<?php echo("$From?exit=1&Ver=$Ver&L=$L&U=".urlencode(stripslashes($U))."&E=".urlencode(stripslashes($R))."&EN=$T"); ?>" TARGET="_parent"><?php echo(L_EXIT); ?></A>

ENJOY

FAQ:
Q: I`m getting "no" every time.
A: You need to upgrade a cookie option in your VB control panel. Write under: Options->Change Options->[HTTP Headers and output]->Cookie Domain your domainname ONLY (blabla.com).

Q: I`m getting "you need to register" error.
A: Enable chat using for not registered users in your phpMyChat config (/config/config.lib.php3).

Q: I`m getting "wrong password" error.
A: Make shure you have deleted all user accounts in your chat and have only administrative one. If you are logging is as administrator note that you have to enter your password EVERY time you are logging in.

Questions or Bug reports?
Post it here I`ll answer ASAP.

09.06.2002, 22:03	# 7
Stasik Registered User Регистрация: 27.03.2002 Адрес: дома Сообщения: 1 660	вот те копия моего поста Hi.... it is my first hack - phpProbe here is it... it was tested under vbb2x RC2 and phpMyChat 0.14.4 News: Updated on 19.07.01 - FAQ has been add Updated on 18.07.01 The hack is compatible with version 0.14.5 of phpMyChat - there is some javaScript code there, so the hack will not work with browsers without JS support (phpMyChat will not work with these browsers too ) - the Exit link in chat works ok now Hack: Step 1: open /lib/index.lib.php3 in yours phpMyChat Derictory find: PHP код: `// Fix some security holes` replace it with PHP код: //a VBB integration hack by Stasik (stasik@t-online.de) //v0.1 //(C)2001 $exiturl = "http://www.blabla.com"; // the url the user will be redirected exiting the chat if($Ver == ""){print " <HTML> <SCRIPT TYPE=\"text/javascript\" LANGUAGE=\"javascript\"> <!-- var NS4 = (document.layers) ? 1 : 0; var IE4 = ((document.all) && (parseInt(navigator.appVersion)>=4)) ? 1 : 0; var ver4 = (NS4 \|\| IE4) ? \"H\" : \"L\"; function defineVerField() { if (document.images && ver4 == 'L') document.forms['Params'].elements['Ver'].value = 'M'; // js1.1 enabled browser else document.forms['Params'].elements['Ver'].value = ver4; } --> </SCRIPT> <FORM ACTION=\"index.php3\" METHOD=\"POST\" AUTOCOMPLETE=\"OFF\" NAME=\"Params\"> <INPUT TYPE=\"hidden\" NAME=\"Ver\" VALUE=\"L\"> </FORM> <SCRIPT TYPE=\"text/javascript\" LANGUAGE=\"javascript\"> defineVerField(); document.forms.Params.submit(); </SCRIPT> </HTML> "; exit;} chdir("/path/to/board/"); require("./global.php"); chdir("/path/to/chat/"); if ($bbuserid == 0) { print "no"; //Message if the user has no cookie exit; } else { if ($bbusername == "" \|\| (isset($bbusername))==0) { $getusername=$DB_site->query_first("SELECT username FROM user WHERE userid=$bbuserid"); $username=$getusername[username]; $bbusername = $username; } else { $username = $bbusername; } } $U = $username; $pat = "[[:space:]]"; $repl = ""; $U = ereg_replace($pat,$repl,$U); $pat = ','; $U = ereg_replace($pat,$repl,$U); stripslashes($U); $N = 20; $D = 10; $Form_Send = 1; //Replace admin with your administration nick if($U != "Admin") { $PASSWORD="1"; } // Fix some security holes Step 2: open /lib/index.lib.php3 in yours phpMyChat Derictory find: PHP код: `$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($EN, '$E', 'SYS exit', '', ".time().", '', 'sprintf(L_EXIT_ROM, \"".special_char($U,$Latin1)."\")')"); } }` replace it with: PHP код: `$DbLink->query("INSERT INTO ".C_MSG_TBL." VALUES ($EN, '$E', 'SYS exit', '', ".time().", '', 'sprintf(L_EXIT_ROM, \"".special_char($U,$Latin1)."\")')"); } } if($exit == "1"){header ("Location: $exiturl"); exit;}` Step 3: open /exit.php3 in yours phpMyChat Derictory find: PHP код: `<A HREF="<?php echo("$From?Ver=$Ver&L=$L&U=".urlencode(stripslashes($U))."&E=".urlencode(stripslashes($R))."&EN=$T"); ?>" TARGET="_parent"><?php echo(L_EXIT); ?></A>` replace it with: PHP код: `<A HREF="<?php echo("$From?exit=1&Ver=$Ver&L=$L&U=".urlencode(stripslashes($U))."&E=".urlencode(stripslashes($R))."&EN=$T"); ?>" TARGET="_parent"><?php echo(L_EXIT); ?></A>` ENJOY FAQ: Q: I`m getting "no" every time. A: You need to upgrade a cookie option in your VB control panel. Write under: Options->Change Options->[HTTP Headers and output]->Cookie Domain your domainname ONLY (blabla.com). Q: I`m getting "you need to register" error. A: Enable chat using for not registered users in your phpMyChat config (/config/config.lib.php3). Q: I`m getting "wrong password" error. A: Make shure you have deleted all user accounts in your chat and have only administrative one. If you are logging is as administrator note that you have to enter your password EVERY time you are logging in. Questions or Bug reports? Post it here I`ll answer ASAP.