Uptime and uname stats

why should it be in the user profile? its about the forum not the user

Yes Rickard is right. It's for users running Linux, Unix, BSD or Mac OS (10 or greater). Windows currently isn't supported but will be supported in the next version of this mod.

Also, I think you thought that it's a hack to display the servers uptime and uname data. I wouldn't put that in the profile. I already put this on my forum and stuck it on the index as the below image shows.

http://img183.exs.cx/img183/5973/untitled3gj.png

If you do look at the screenshot ignore the number of users online and the number of registered users online. I made that a random number each time the page is loaded this way people think our forums are big and are very active. They could always find out by clicking "Member list" at the top or take a look at how many topics we have.

Strange it works fine for me. You may want to try http://www.jelly-soft.com/~jordiej/Uptime%20Hack.zip if you live outside of the United States. For some reason people from some countries are having problems downloading it. If that still doesn't work then go to http://www.geocities.com/jordie0868/dow … ptime.html to download it from a geocities server and please let me know if the alternative url doesn't work above.

Btw, my longest uptime was only 5 days!

If you were to rate this hack on how secure it was on a scale of 1-10 (1 being insecure and 10 being secure) I would give it a 9. Two things should be changed in order to make it more secure.

1. The uptime, uname, userid, and password are all sent via the URL. The password is sent in plain text and then is converted to a hash on the server. You could fix this very easily. Here is how. Open uptime.php and go to line 15. You should see this:

 
$password = sha1($_GET['password']);

Modify this and remove the sha1() part so it should now look like this

$password = $_GET['password'];

Now save the file and you're done! Now instead of putting the plain text password in the shell script where it says password=FORUMPASSWORDHERE (instead of the plain text password as the script tells you to put) you need to place the sha1 hash of your plain text password. You can get the hash by downloading some kind of tool allowing you to convert plain text into a sha1 hash or you can use the below PHP script or check out snarkles.net.

<?php

if(isset($_GET['sha1']) { echo "Hash: ".sha1($_GET['sha1']); exit(); }  ?>

<html>
<head><title>Text to Sha1 Hash</title></head>
<body>
<form action="<?php echo __file__; ?>" method="get">
<p>Text to convert: <input type="text" name="sha1"></p>
<input type="submit" value="Submit"><input type="reset" value="Reset">
</form>
</body>
</html>

2.Due to the fact that the shell script source code can be viewed, some cheaters ( like me ) could modify thier uptime and uname data in their profile and make it appear like they have had their system running longer then it really has been. This really isn't a security risk and isn't really a problem at all really. You could fix this by making a C program to do the same job as the shell script. I like the shell script better though for several reasons and to be honest no one has really cheated with this script on the forums I have this installed on. I think most Linux users are honest. It's the BSD/Mac users you have to watch out for.

Really my script is very secure!