vBulletın Webpage [3.0.x]

Dark_Angel · 01-09-2006, 04:37 AM

Modulu kurmadan once forumunuzun tum dosyalarının ve database ının yedegını almayı unutmayın...

1.Ekteki webgb_install.php dosyasını admincp klasörüne upload edin..

2.gbremove.gif ve gbedit.gif dosyalarını images/buttons klasorune upload edin.

3.webgbset.php dosyasını root dızınınıze upload edin (ör: forum/ ) klasörüne

4. www.siteniz.com/forum/admincp/webgb_install.php diyerek install a başlayın...

Eğer install yaptıktan sonra hack çalışmazsa Aşağıdaki editlemeleri yapın...

member.php dosyasında alttakini bulun;

PHP- Kodu:


			
$userperms = cache_permissions($userinfo, false);

hemen altına aşağıdakini ekleyin;

PHP- Kodu:


			
//####################################

//Webpage and Guestbook Addon - v1.0.4

//For vBulletin version 3.0.x

//####################################



//Required to force userid in a DEFINE. For some weird reason $userid sometimes changes value

if($u) { 

    DEFINE("GBUSERID", $u);

} elseif($userid) {

    DEFINE("GBUSERID", $userid);

} else {

    //Do something, but not sure what yet...

}



//THIS FILE CONTROLS COLORS AND LANGUAGE

require_once("./webgbset.php");



//Required for permissions check

require_once('./includes/functions_misc.php');



//WEBPAGE



//Quick edit feature for admins

if ($_POST['do'] == 'quickedit' && $permissions['adminpermissions']) {

    

    globalize($_POST, array('edit' => STR, 'message' => STR));

    

    if($edit == 1) {

        //Do database update

        $DB_site->query("UPDATE user_webpage SET name = '".addslashes($_POST['name'])."', description = '".addslashes($_POST['description'])."', text = '".addslashes($message)."' WHERE userid = '".GBUSERID."'");

        $url = "member.php?u=".GBUSERID."";

        eval(print_standard_redirect('redirect_updatethanks'));

    } else {

        //Display edit

        $sql = $DB_site->query("SELECT * FROM user_webpage WHERE userid = ".GBUSERID."");

        while($row = mysql_fetch_assoc($sql)) {

            $webpage['quickedit_form'] = "

            <div style=\"font-size:14pt\" align=center><strong>".$vbphrase['wg_quick_edit']."</strong></div>

            <table align=center border=0 cellspacing=0 cellpadding=5>

            <form action=\"".$_SERVER['PHP_SELF']."?u=".GBUSERID."\" method=\"post\">

            <input type=\"hidden\" name=\"do\" value=\"quickedit\">

            <input type=\"hidden\" name=\"edit\" value=\"1\">

            <tr><td class=\"wg_form\">

            <b>Webpage Name:</b><br>

            <input name=\"name\" size=60 value=\"".stripslashes($row['name'])."\"><br>

            <b>Description:</b><br>

            <input name=\"description\" size=60 value=\"".stripslashes($row['description'])."\"><br>

            <b>Webpage Content:</b><br>

            <textarea cols=60 rows=10 name=\"message\">".stripslashes($row['text'])." </textarea><br>

            <input type=\"submit\" value=\"".$vbphrase['wg_submit_edited']."\"> <a href=\"".$_SERVER['PHP_SELF']."?u=".GBUSERID."\">".$vbphrase['cancel']."</a>

            </td></tr>

            </form>

            </table>

            ";

        }

    }

}



//Check usergroup permissions, global and current browsing user's permissions to display content

if(iif($permissions['genericpermissions'] & CANVIEWWEBPAGE, 1, 0) == 1 && iif($userinfo['permissions']['genericpermissions'] & CANHAVEWEBPAGE, 1, 0) == 1 && $vboptions['allowwebpage'] == 1) {

    

    //Load vB's own parsing functions

    require_once('./includes/functions_bbcodeparse.php');

    

    //Bunch of functions needed further into the script

    function br2nl( $data ) {

        return preg_replace( '!<br.*>!iU', "\n", $data );

    }

    

    $sql = mysql_query("SELECT * FROM user_webpage WHERE userid = ".GBUSERID."");

    if(mysql_num_rows($sql) == 0) {

        

        //Create ext. profile

        $createsql = mysql_query("INSERT INTO user_webpage (userid,hits,vbcodeorhtml) VALUES (".GBUSERID.",'1','".$vboptions['webpagevbcodeorhtml']."')");

        //ladda om $sql värde

        $sql = mysql_query("SELECT * FROM user_webpage WHERE userid = ".GBUSERID."");

        

    }

    

    //Continue displaying what was found

        while($row = mysql_fetch_assoc($sql)) {

            

            //Content found, enable Webpage to be viewed only if something has been added...

            if(empty($row['text'])) {

                $webpage['webpage_onoff'] = "off"; //Disable Webpage

                $wghtml['webpagewidth'] =  "100%";

            } else {

                $webpage['webpage_onoff'] = "on"; //Enable Webpage

                

            $webpage['name'] = stripslashes($row['name']);

            if($row['lastupdate'] =="") {

                $webpage['lastupdate'] = $vbphrase['wg_never'];

            } else {

                $webpage['lastupdate'] = date("".$vboptions['dateformat']." ".$vboptions['timeformat']."", $row['lastupdate']);

            }

            $webpage['description'] = stripslashes($row['description']);

            

            $webpage['text'] = stripslashes($row['text']);

            

            //Check text-formatting settings

            $settingvbcode = iif($row['vbcodeorhtml'] == 'vbcode' AND $vboptions['webpageallowvbcode'] == '1', '1', '0');

            $settinghtml = iif($row['vbcodeorhtml'] == 'html' AND $vboptions['webpageallowhtml'] == '1', '1', '0');

            if($settinghtml == 0 AND $settingvbcode == 0) {

                $settingvbcode = 1;

            }

            

            if($vboptions['webpagesmilies'] == 1 and $row['usesmilies'] == 1) {

                $settingsmilies = 1; } else { $settingsmilies = 0; }

            

            if($settingvbcode == 1) {

                $webpage['text'] = parse_bbcode2($webpage['text'], $settinghtml, 1, $settingsmilies, $settingvbcode, 0);

            }

            if($settinghtml == 1) {

                //Remove scripts!!!

                $webpage['text'] = preg_replace("/(\<script)(.*?)(script>)/si", "", $webpage['text']);

                //Don't hide anything!

                $webpage['text'] = str_replace("<!--", "&lt;!--", $webpage['text']);

                //Allow specified tags (if empty in admin, ALL tags are allowed! SECURITY RISK!)

                if(!empty($vboptions['allowedhtmltags'])) {

                    $webpage['text'] = strip_tags($webpage['text'], $vboptions['allowedhtmltags']);

                }

                //Convert smilies

                $webpage['text'] = parse_bbcode2($webpage['text'], $settinghtml, 0, $settingsmilies, 0, 0, 0);

            }

            

            //Javascript will not be allowed

            $webpage['text'] = ereg_replace("~<script[^>]*>.+</script[^>]*>~isU", "", $webpage['text']); 

            

            $webpage['hits'] = $row['hits'];

            $webpage['bgcolor'] = $row['bgcolor'];

            $webpage['bordersize'] = $row['bordersize'];

            $webpage['bordercolor'] = $row['bordercolor'];

            $webpage['fontface'] = $row['fontface'];

            $webpage['fontsize'] = $row['fontsize'];

            $webpage['fontcolor'] = $row['fontcolor'];



            $webpage['header'] .= "

            <table width=100% border=0 cellspacing=0 cellpadding=3>

            <tr><td class=\"page\">

            <font size=\"".$wghtml['webpagetitletextsize']."\"><b>".$userinfo['username']."'s ".$vbphrase['wg_webpage']."</b>

            </td></tr>

            <tr><td bgcolor=\"".$wghtml['borderline']."\" height=1></td></tr>

            <tr><td class=\"wg_menu\">

            ";

            if(!empty($webpage['description'])) {

                $webpage['header'] .= "<b>Description:</b> $webpage[description]";

            }

            $webpage['header'] .= "</td></tr>

            <tr><td class=\"wg_menu\">

            <div class=\"smallfont\"><b>".$vbphrase['wg_last_update'].":</b> <font color=\"".$wghtml['lastupdatetextcolor']."\"><i>

            ";

            if(!empty($webpage['lastupdate'])) {

                $webpage['header'] .= $webpage['lastupdate'];

            }

            $webpage['header'] .= "

            </i></font></div>

            </td></tr>

            </table>

            ";

            

            //Check for admin rights (show quick edit button)

            if($permissions['adminpermissions']) {

                $webpage['quickedit_button'] = "

                <table border=0 cellspacing=0 cellpadding=0>

                <form action=\"".$_SERVER['PHP_SELF']."?u=".GBUSERID."\" method=\"post\">

                <input type=\"hidden\" name=\"do\" value=\"quickedit\">

                <tr><td><input type=\"image\" src=\"images/buttons/quickedit.gif\"></td></tr>

                </form>

                </table>

                ";

            }

            

            //Update hits

            $updsql = mysql_query("UPDATE user_webpage SET hits = $row[hits]+1 WHERE userid = $row[userid]");

            } //End check if content exist        

        } //End while

   

} //End of Webpage-script

else 

{ //Usergroup not allowed to use webpage, turn it off

    $webpage['webpage_onoff'] = "off";

    $wghtml['webpagewidth'] =  "100%";

}



//GUESTBOOK

if ($_POST['do'] == 'insert_gbentry')

{

    globalize($_POST, array('subject' => STR, 'message' => STR));

    

    //Insert

    $sql = mysql_query("SELECT * FROM user_guestbook WHERE userid = ".GBUSERID."");

    while($row = mysql_fetch_assoc($sql) and !empty($message)) {



        //Tune new message

        $subject = htmlspecialchars($subject, ENT_QUOTES);

        $message = htmlspecialchars($message, ENT_QUOTES);

        

        //Create new string

        $newtext = "".time()."%split%$bbuserinfo[userid]%split%$bbuserinfo[username]%split%".$subject."%split%".$message;

        $remoteIP = $_SERVER['REMOTE_ADDR']; 

        if (strstr($remoteIP, ', ')) { 

           $ips = explode(', ', $remoteIP); 

           $remoteIP = $ips[0]; 

        } 

        $fullhost = gethostbyaddr($remoteIP); 

        $newtext .= "%split%".$remoteIP;

        

        if(!empty($row['text'])) { 

            $newtext = $row['text']."%newmessage%".$newtext;

        }

        

        //Insert to db

        $DB_site->query("UPDATE user_guestbook SET text = '".$newtext."', lastentry = '".time()."' WHERE userid = '".GBUSERID."'");

        if(mysql_affected_rows()) {

            if($row['notification'] == "email") {

                //Send Email

                if($bbuserinfo['email'] == "") {

                    $sentbyemail = "";

                } else {

                    $sentbyemail = $bbuserinfo['email'];

                }

                $sendtosql = mysql_query("SELECT email FROM " . TABLE_PREFIX . "user WHERE userid = ".GBUSERID."");

                $sendtorow = mysql_fetch_array($sendtosql);

                $sendtoemail = $sendtorow['email'];

                

                $emailmessage = "".$vbphrase['wg_you_have_a_new_guestbook_entry_from']." ".$bbuserinfo['username']."!\n

                \n

                <a href=\"".$vboptions['bburl']."/member.php?u=".GBUSERID."\">".$vbphrase['wg_click_here_to_view_guestbook']."</a>";

                

                $headers = "To: The Receiver <recipient@some.net>\n" . 

                "From: The Sender <sender@some.net>\n" . 

                "MIME-Version: 1.0\n" . 

                "Content-type: text/html; charset=iso-8859-1";

                

                //Send email

                mail($sendtoemail, $vbphrase['wg_new_guestbook_entry'], 

                "<html><body><p>".$emailmessage."</p></body></html>", 

                "From: Webmaster <".$vboptions['webmasteremail'].">\n" . 

                "MIME-Version: 1.0\n" . 

                "Content-type: text/html; charset=iso-8859-1"); 

            }

            if($row['notification'] == "pm") {

                //Send PM

                $pm['s'] = "";

                $pm['do'] = "insertpm";

                $pm['pmid'] = "";

                $pm['forward'] = "";

                $pm['receipt'] = "0";

                $usersql = mysql_query("SELECT username FROM " . TABLE_PREFIX . "user WHERE userid = ".$row['userid']."");

                while ($userrow = mysql_fetch_array($usersql))

                {

                    $pm['recipients'] = $userrow['username'];

                }

                unset($usersql);

                if($bbuserinfo['userid'] == 0) {

                    $fromusername = $vbphrase['wg_an_unregistered_guest'];

                } else {

                    $fromusername = $bbuserinfo['username'];

                }

                $pm['title'] = $vbphrase['wg_pmtitle'];

                $pm['message'] = $vbphrase['wg_pmbody']. " ".$fromusername."

                

                [url]http://".$_SERVER['HTTP_HOST']."".$_SERVER['PHP_SELF']."?u=".GBUSERID."[/url]";

                

                // *************************************************************

                // PROCESS THE MESSAGE AND INSERT IT INTO THE DATABASE



                 $errors = array(); // catches errors

                 $recipients = array(); // people that $bbuserinfo has put into the recipient box

                 $notfound = array(); // people from the recipient box that are not found in the db

                 $checkedusers = array(); // people from the recipient box that were found in the db

                 $sendto = array(); // people that will actually receive this message

                 $tostring = array(); // the array of users who will appear in the pmtext record



                 // check for valid users

                 $pm['recipients'] = vbstrtolower(trim($pm['recipients']));



                 $recipients[] = addslashes(htmlspecialchars_uni($pm['recipients']));



                 // query recipients

                 $checkusers = $DB_site->query("

                     SELECT user.*, usertextfield.*

                     FROM " . TABLE_PREFIX . "user AS user

                     LEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid)

                     WHERE username='" . implode('\' OR username=\'', $recipients) . "'

                     ORDER BY user.username

                 ");



                 // build array of checked users

                 while ($checkuser = $DB_site->fetch_array($checkusers))

                 {

                     $checkuser = array_merge($checkuser, convert_bits_to_array($checkuser['options'], $_USEROPTIONS));

                     $arrkey = vbstrtolower($checkuser['username']);



                     $perms = fetch_permissions(0, $checkuser['userid'], $checkuser);

                     if ($perms['pmquota'] < 1) // can't use pms

                     {

                         if ($checkuser['options'] & $_USEROPTIONS['receivepm'])

                         {   // This will cause the 'can't receive pms' error below to be triggered

                             $checkuser['options'] -= $_USEROPTIONS['receivepm'];

                         }

                     }



                     $checkedusers["$arrkey"] = $checkuser;

                 }



                 // run through recipients to check if we can insert the message

                 foreach ($checkedusers AS $username => $user)

                 {

                     if (!($user['options'] & $_USEROPTIONS['receivepm']))

                     {

                         // recipient has private messaging disabled

                         eval('$errors[] = "' . fetch_phrase('pmrecipturnedoff', PHRASETYPEID_ERROR) . '";');

                     }

                     else

                     {

                         // don't allow a tachy user to sends pms to anyone other than himself

                         if (in_coventry($bbuserinfo['userid'], true) AND $user['userid'] != $bbuserinfo['userid'])

                         {

                             $tostring["$user[userid]"] = $user['username'];

                             continue;

                         }

                         else if (strpos(" $user[ignorelist] ", " $bbuserinfo[userid] ") !== false)

                         {

                             // recipient is ignoring sender

                             if ($permissions['adminpermissions'] & CANCONTROLPANEL)

                             {

                                 $sendto["$username"] = true;

                                 $tostring["$user[userid]"] = $user['username'];

                             }

                             else

                             {

                                 // bbuser is being ignored by recipient - do not send, but do not error

                                 $tostring["$user[userid]"] = $user['username'];

                                 continue;

                             }

                         }

                         else

                         {

                             cache_permissions($user, false);

                             if ($user['permissions'] < 1)

                             {

                                 // recipient has no pm permission

                                 eval('$errors[] = "' . fetch_phrase('pmusernotallowed', PHRASETYPEID_ERROR) . '";');

                             }

                             else

                             {

                                 if ($user['pmtotal'] >= $user['permissions']['pmquota'])

                                 {

                                     // recipient is over their pm quota, what access do they have?

                                     if ($permissions['adminpermissions'] & CANCONTROLPANEL)

                                     {

                                         $sendto["$username"] = true;

                                         $tostring["$user[userid]"] = $user['username'];

                                     }

                                     else if ($user['usergroupid'] != 3 AND $user['usergroupid'] != 4)

                                     {

                                         $touserinfo = &$user;

                           &nb


		914,174 Üyemiz , 471,775 Konumuz , 3,643,666 Mesajimiz ve 1610 Online Kullanicimiz ile Her Dakika Dahada Büyüyoruz...