You are not logged in. Please login or register.
PunBB Forums → Posts by CodeXP
Sorry for the delay on the update. I'm about to change appartments right now, so I'm left without internet access at home until the end of this week.
I've already improved the plugin so that you will have to verify any demotions as well + hard-coded configuration in config.php
The next version is pretty much done, but I still need to write the documentation, and the updated install_mod.php
but you need admin access to change the groups, so if you can change the groups you can change the email
Shit, I kinda forgot about that... I'll have a new release ready tomorrow that'll fix that problem. I'll also add a function that does the same thing if trying to demote an admin..
## Affected files: some_script.php
## include/foo.php
Edit: And couldn't you just change the email in admin_options.php, overriding any security benefit this mod has?
Sure you could change the e-mail, but you'd have to get admin access before that could happen.. Something this should help prevent 
Just noticed a small error in the install_mod.php file. I've updated the archive with the new file.
I think about one thing ...
Allowing admin status only to a mail ?
I explain.
I have created the forum www.sortons.net/forum with sortons.net@wanadoo.fr
Why not protect this ??? If someone tries to hack, it sends a mail to the "admin" mail and accept or refuse.
In these case, it would be impossible to change level, and so ... to have possibility to hack.
I have had this idea because someone hacked my MSN (but I have not a msn email, but sortons.net@wanadoo.fr)
After hacking, I have asked to send a new password, and all was perfect, after.
Just finished writing the readme, so here's the mod 
http://punbb.org/forums/viewtopic.php?id=8544
##
##
## Mod title: Group Change Security MOD.
##
## Mod version: 1.0
## Works on PunBB: 1.2.6
## Release date: 2005-08-24
## Author: Öyvind A. Sörensen (oyvind.andre.sorensen@gmail.com)
##
## Description: Adds an additional security check when trying to
## add a user to the administrator or moderator groups.
##
## Affected files: some_script.php
## include/foo.php
##
## Affects DB: Yes
## Adds 2 columns to the users table, and adds a value
## to your config table
##
## Notes: This mod adds a security check when trying to the
## moderator or administrator user groups. It will mail a
## random 128 character verification key to the e-mail
## adresses specified in the admin user panel, after
## asking to change groups.
## It will only be valid for the time specified in the
## newly added option under "Time and timeouts" under
## admin options. Default is 600 sec (10 minutes).
## If the key don't get verified within that period, or if
## an invalid key gets entered, the user will stay within
## his/her current user group.
##
##
## DISCLAIMER: Please note that "mods" are not officially supported by
## PunBB. Installation of this modification is done at your
## own risk. Backup your forum database and any and all
## applicable files before proceeding.
##
##
#
#---------[ 1. UPLOAD ]-------------------------------------------------------
#
install_mod.php to /
verify_group_change.php /lang/English/
#
#---------[ 2. RUN ]----------------------------------------------------------
#
install_mod.php
#
#---------[ 3. DELETE ]-------------------------------------------------------
#
install_mod.php
#
#---------[ 4. OPEN ]---------------------------------------------------------
#
profile.php
#
#---------[ 5. FIND (line: 470) ]---------------------------------------------
#
else if (isset($_POST['update_group_membership']))
{
if ($pun_user['g_id'] > PUN_ADMIN)
message($lang_common['No permission']);
confirm_referrer('profile.php');
$new_group_id = intval($_POST['group_id']);
#
#---------[ 6. AFTER ADD ]-------------------------------------------------
#
if($new_group_id <= PUN_MOD)
{
require PUN_ROOT.'include/email.php';
// Get the username, current key & group change time of the user we want to add as a new mod or admin.
$result = $db->query('SELECT username, mod_groupchange_key, mod_groupchange_time FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
list($username, $GCKey, $GCTime) = $db->fetch_row($result);
$KeyToVerify = strip_tags(trim($_POST['activation_key'])); // The key we will try to verify
$TimeRightNow = time(); // Get the current time
$TimeOut = $pun_config['o_gc_key_timeout'];
switch($GCKey):
case NULL: // There are no current key in the database, so we'll generate a new one.
$randkey = random_pass(128); // Generate a random key, 128 characters in length
// Let's insert our key into the database
$db->query('UPDATE '.$db->prefix.'users SET mod_groupchange_key=\''.$randkey.'\', mod_groupchange_time=\''.$TimeRightNow.'\' WHERE id='.$id) or error('Unable to change user group', __FILE__, __LINE__, $db->error());
break;
case !NULL: // There are already a key in the DB, so we'll attempt to validated it + check the age of it. If OK, we'll accept the group change. If failed, well, erase the values so that you'll have to start all over again.
if(time()-$GCTime >= $TimeOut || $KeyToVerify !== $GCKey ) {
$db->query('UPDATE '.$db->prefix.'users SET mod_groupchange_key=\'\', mod_groupchange_time=\'\' WHERE id='.$id) or error('Unable to change user group', __FILE__, __LINE__, $db->error());
require PUN_ROOT.'lang/'.$pun_user['language'].'/verify_group_change.php';
redirect('profile.php?section=admin&id='.$id, $lang_verify_group_change['Verify failed']);
} else {
// Success! The key was validated, and the user can safely be added to his new group.
$db->query('UPDATE '.$db->prefix.'users SET group_id='.$new_group_id.', mod_groupchange_key=\'\', mod_groupchange_time=\'\' WHERE id='.$id) or error('Unable to change user group', __FILE__, __LINE__, $db->error());
require PUN_ROOT.'lang/'.$pun_user['language'].'/verify_group_change.php';
redirect('profile.php?section=admin&id='.$id, $lang_verify_group_change['Verify success']);
}
break;
endswitch;
switch($new_group_id):
case 1:
$ipAdress = get_remote_address();
require PUN_ROOT.'lang/'.$pun_user['language'].'/verify_group_change.php';
pun_mail($pun_config['o_mailing_list'], $lang_verify_group_change['Verify admin mailsubject'], $lang_verify_group_change['Verify admin mailbody']);
message($lang_verify_group_change['Verify groupchange']);
break;
case 2:
$ipAdress = get_remote_address();
require PUN_ROOT.'lang/'.$pun_user['language'].'/verify_group_change.php';
pun_mail($pun_config['o_mailing_list'], $lang_verify_group_change['Verify mod mailsubject'], $lang_verify_group_change['Verify mod mailbody']);
message($lang_verify_group_change['Verify groupchange']);
break;
endswitch;
}
else
{
#
#---------[ 7. FIND (line: 517) ]---------------------------------------------------------
#
redirect('profile.php?section=admin&id='.$id, $lang_profile['Group membership redirect']);
#
#---------[ 8. BEFORE, ADD ]---------------------------------------------
#
}
#
#---------[ 9. FIND (line: 1564) ]---------------------------------------------------
#
echo "\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n";
}
?>
</select>
#
#---------[ 10. AFTER ADD ]--------------------------------------------
#
<label><?php require PUN_ROOT.'lang/'.$pun_user['language'].'/verify_group_change.php'; echo $lang_verify_group_change['Verify key'] ?><br /><input type="text" name="activation_key" value="" size="60" maxlength="128" /><br /></label>
#
#---------[ 11. OPEN ]-------------------------------------------------
#
admin_options.php
#
#---------[ 13. FIND (line: 105) ]---------------------------------------------
#
$form['redirect_delay'] = intval($form['redirect_delay']);
#
#---------[ 14. AFTER ADD ]---------------------------------------------
#
$form['gc_key_timeout'] = intval($form['gc_key_timeout']); // Added for the group change security mod
#
#---------[ 15. FIND (line: 319) ]---------------------------------------------
#
<tr>
<th scope="row">Redirect time</th>
<td>
<input type="text" name="form[redirect_delay]" size="3" maxlength="3" value="<?php echo $pun_config['o_redirect_delay'] ?>" />
<span>Number of seconds to wait when redirecting. If set to 0, no redirect page will be displayed (not recommended).</span>
</td>
</tr>
#
#---------[ 16. AFTER ADD ]---------------------------------------------
#
<tr>
<th scope="row">Group change key timeout</th>
<td>
<input type="text" name="form[gc_key_timeout]" size="4" maxlength="4" value="<?php echo $pun_config['o_gc_key_timeout'] ?>" />
<span>Number of seconds the group change activation key will be valid. Defaults to 600 seconds (10 minutes).</span>
</td>
</tr>
#
#---------[ 17. SAVE/UPLOAD ]-------------------------------------------------
###
##
## Mod title: Group Change Security MOD.
##
## Mod version: 1.2
## Works on PunBB: 1.2.x (Tested on 1.2.6 -> 10)
## Release date: 2006-01-08
## Author: Öyvind A. Sörensen (oyvind.andre.sorensen@gmail.com)
##
## Description: Adds an additional security check when trying to
## add/remove a user to/from the administrator or
## moderator groups.
##
## Affected files: config.php
## profile.php
##
## Affects DB: Yes
## Adds 3 columns to the users table, and adds a value
## to your config table
##
## Notes: This mod adds a security check when trying to add/remove
## moderators or administrators. It will mail a
## random 128 character verification key to the e-mail
## adresses specified in the config.php file, after
## asking to change groups.
## It will only be valid for the time specified in the
## configuration file (default: 300 sec.) and only for the
## requested usergroup requested (meaning if you wanted to
## add a user to the moderator group, the key is *only*
## valid for said group. You can't add a user to the admin
## group with a key requested for adding/removing a user
## to/from the moderator group)
## If the key don't get verified within that period, if the
## key generated for another user group, or if an invalid
## key gets entered, the user will stay within
## his/her current user group.
##
##
## DISCLAIMER: Please note that "mods" are not officially supported by
## PunBB. Installation of this modification is done at your
## own risk. Backup your forum database and any and all
## applicable files before proceeding.
##
##No demo, as that would kinda defeat the purpose of this mod
CodeXP wrote:2. Find, line 93:
else if (isset($_POST['form_sent'])) {Are you sure that's line 93 ? Just checked original source of 1.2.6 and I think this is the line 80
It's not so important for you but it's very important for me where the code was customized so much. I have to locate the line in original source and compare to my code after thatThank you,
You're absolutely right
I've checked with the original source, and it's supposed to be line 80. Edited my post with the right line.
I think about one thing ...
Allowing admin status only to a mail ?
I explain.
I have created the forum www.sortons.net/forum with sortons.net@wanadoo.fr
Why not protect this ??? If someone tries to hack, it sends a mail to the "admin" mail and accept or refuse.
In these case, it would be impossible to change level, and so ... to have possibility to hack.
I have had this idea because someone hacked my MSN (but I have not a msn email, but sortons.net@wanadoo.fr)
After hacking, I have asked to send a new password, and all was perfect, after.
Great idea! I'll see if I can't do a mod for that tomorrow, if nobody beats me to it (and provided I'm up to the challenge)
might i ask what it does?
The same as when you're trying to post or change settings in your profile/admin panel. It checks if the form was submited from your own domain. Of course, seeing as that information comes from your own browser, it can be faked, but it's still a good idea to check for.
Here's another tweak, this time it's one that everyone should add(?):
1. Open register.php
2. Find, line 80:
else if (isset($_POST['form_sent']))
{3. After, add:
confirm_referrer('register.php');4. Save & upload.
The refferer is rather simple to fake, but it's still something to consider just the same.
CodeXP wrote:The mail adresses entered are mostly just a random bunch of characters, like d8jvackgi@ii7ia.org
Yes here, as quoted, just alphabetical nonesense names and addresses though of course for all I know that could be quite normal.
Here's a sample of 100 entires from my database, by that jackass (username | e-mail) to compare with:
cUOgLo3MK | vhcbejs@j4prhp.org
xTQ1SzVpy | lt9l@oeruvx.biz
QJYUTsfeUd | uwnx1t@zcjpcc.com
qpJuMVWGAwT | 3kctub3kx@aue1ryzhx.net
Mw1NPr9gg1BO8 | vhieb@1rojp.co.uk
EBzTqsnM | lrutd@qrooc6gz.co.uk
7kA6niwrZoiM1hGD | zv8zhyikzf@f3yu8mq.co.uk
zoNeTobw7l1II | w1mntdow@tj6lq7fcf.com
JLvnul24DKgQDfh | 8zpp@qmg5vc.biz
fpM77FeIGppB | 1hyfh2ezc@wbuirswgk.co.uk
6Q8SqlQpXVLAz | qbd6ue5og@eo5yz.net
CtXiGPlEywO | u7nn@cpbonduk.net
tlBWVGTLVQZGc | daeu9jk@woavajyon.org
cKU7Ntq | val6w9h@4gvybh.biz
lNUvH1DYsplz | pnr9c@g3rmueg.org
vnBHrykQnu | cfbwl@elk4vaxtn.org
uDnQQocw | slh1iwkerj@erzohgtlx.net
G98f51yKbm | 6xkklz7pm@ypl8atz3.co.uk
PSuoaWH | fvrztitc@m5prg.co.uk
aNTEFmP2hELzVzpD | aqmkd73uwr@uxchdguq.com
uDuhE7Dxha | ncni@l51visi2u.org
MyxqYbNslHoIW | k4qdxryjg@sulhbf.biz
K1eTbiMMRv | w8o5ybc@7u1r2ndd.net
fZixjaSaM | pjtq6sfj@xciiq.biz
GmHYjlbcVw | sldj4@eexoki.co.uk
_Cp1a_Vj5 | vhcv9bs@ltlokrv.net
5uMovdcbiIqLX | 2ji9@zvyqti.biz
ODpGf6friB5c | ovgyk@paztq8nu.co.uk
n1vfOdatp | ulwr3@uwghvj.com
WtoUJvDtgtuV | jn57qyldm@rcik1np.com
yIQpAll | sxw4tkhadl@mfvrzr.org
DMEhdEBu3O6Go8R9 | harf@xrtaoh8.co.uk
Mf1BlHzccQ3 | s9waxnv9as@zokzi.biz
ZsywjDUgCs3adGTe | qyzd4ttb@qxbtgzk.biz
awXQioI9fSkYDGP | 1qkeylgjsg@aclyhgm.org
O46NwUEp | h9f8hlysgl@uldmy.net
E5geR4HuU64f1Zb | ua3dtfzao@7dbkiwm.net
ks42kVQ1NgJm | tvnzmbas9@ellmrdk6w.org
ecIIu1xhKZNJXHv | a68agjk@soxuzvwwp.org
o53dtRKAhIKmW | bobv@dn2ar6.biz
mvDiP8a | n5cpka3vzi@rhfgam2w1.com
1SlsQMVXdAw9m | ovqnd5xgl@zyvjwfi.com
arCg83v7s_BO6 | n5igjz2s@gcewp.biz
4aqeqDlJWUMk2q | i_wths1o8n@a1jiwcs.com
hFON68A | m7crz6vnj@vaqpg.co.uk
q7HvhNcqfp2h8 | geplovud@qu5c9ilb.org
tn1iXhRv | ud2bg@nsa1pzcr.biz
2hfDQ3CZ6brhR3 | u_m6xd@idccqs8h.net
Wf3qccEnEu89 | vbuk83kv@osptb.org
njk7cOFSFk7dnB | 6tlqpj6k@2lhrf.org
wdJ1qIRclry | jiar@dhklp.biz
e4ySXroWii | nr7ffd8u@lvi8ue.net
6LfD3Nc462Ot | qovteh5j@enrkgebk.org
Hptf8WnrjoP_VJ6 | 2jszbpn_c@mep4uwg.org
koFzh5PMCWyXk | ufwki@aj93euqv.com
NmZCmbT | qg4fh3mo5t@msghn.co.uk
SOc6nRRsHbzX4A | 6itilcvkdd@vdnun4wek.biz
L6SkwZXPSIs | pzczx@rqjg9k.co.uk
WZxl6hnFeTN | do9vfov@jln6gwm.net
dH3wvM9F | aopm@ycpjyc.biz
phaN_dGm2Yadce | rzs_owkf@c6ounb3e.co.uk
TiMMmFDGCb | qqghqop9f@dkjaede.org
AN3ir_ADEE | pelqrrxyv@7ear3e.biz
wKs2mXQh3YIZ | mggfogz@m9jicx6yf.biz
i2CB8PlF | 3jtla@rqqadt.com
bZ7HX8kFcZ6VfFd | ahqf6ar@faib8iyzd.biz
LpN6mGvxXo_ | m4ditg2yss@8mixkpzf8.co.uk
hurNVQGjsHmi | n_r73@mwbbfexj6.org
cNeKIuMx6DGCgCS | 2kib@rsgjb1.biz
qBY_gcD | 1x4oy@avtfdg13r.org
ap1yfrvArdO | owjl@ukl8oays.biz
hX9vDOgEoIk1hxnk | 5_pb@c5pytn2e3.org
I5X46uqYL | rkqy4d@xbxwsvo5.co.uk
Nqk5fNXNch | h9w7@ogbn1j.org
Iz9oD_RYFzNIp | fh_knyul@ifhwxk.net
DrOWrnwRBuAvd | sl1fh@cejjwesib.biz
xYTXFT2Ny5 | c_u3vsr9hy@lpefac.net
DoBY8Pv | 9bnqur9@agrtj.net
ouqTanpv | zmmo3gd@ox8jnvl.org
RL4qwK1yI | nki2nie4_v@ydizgv6.com
Dy8dga2P | jbx2@6aes3px.biz
OJgb9wKMoDngiE | c_s1pjptdg@hxmsis.org
sGAeC979Xu | kimrojtobr@yxctt.biz
oIz4bTEd1c | oma8r_@kzi9gsxms.biz
bqcTNh7FoOWa | nkm6f3a@yfjdqacly.net
TKctvwwaKFI | sbg4brna@yufd5.net
yfMUeZYtSopMrZH_ | z79apomhs@udnayjzlm.biz
R4olUfJ2jA3l | oakmzafg_@q2fl51v9.org
uXEmyAa4FBYWGcw | lrxeyqq@b1mav.co.uk
DDOvzgsBjRRo_g | npe7@6wdngnp.co.uk
SZdh5xgZ | g2u338ymev@axnq4uflp.biz
DrOWd16 | lonp1ij@fv214w1.biz
r97StXvxOd4oeL | 5of6m@a1plm3l.com
H2YmWDbxJetTGeAe | fxbmop4@vjzprka.org
YufwTLBR8JctWH | yobmtfu@smtqdip.com
ZQpoCVLrYD | v5gx@oktwdev8.org
Ur9XsXnKyE3Kx | iq_2ljxfdd@ahql3hn.com
fMnxzsA11RK | bpttol2h5@bqbnvdr.net
naxqjQ57B4 | t7tum@ndko6w.org
pdQbdNt9 | 9of61myf5@6jeryevy.orgOk, here's a little mod of register.php & post.php that could help out a little (at least it would have in my scenario). It may still require a little tweaking, but still...
1. Open ./register.php
2. Find, on line 142:
else if ($pun_config['o_regs_verify'] == '1' && $email1 != $email2)
message($lang_register['E-mail not match']);3. After, add:
else if (!$gooddomain) {
$pos = strpos($email1, '@');
$server = substr($email1, $pos+1);
switch(gethostbyname($server)):
case $server:
message($lang_common['Invalid e-mail']);
break;
default:
$gooddomain = 1;
break;
endswitch;
}4. Open ./post.php
5. Find, on line 138:
if ($pun_config['p_force_guest_email'] == '1' || $email != '')
{
require PUN_ROOT.'include/email.php';
if (!is_valid_email($email))
$errors[] = $lang_common['Invalid e-mail'];
}6. After, add:
if (!$gooddomain) {
$pos = strpos($email, '@');
$server = substr($email, $pos+1);
switch(gethostbyname($server)):
case $server:
message($lang_common['Invalid e-mail']);
break;
default:
$gooddomain = 1;
break;
endswitch;
}7. Save & upload.
What this does, is check if the specified server responds to a "ping". If it doesn't, well, you'll get the invalid e-mail adress error message. It won't do much good if the "hacker" really specifies a real e-mail domain, but he didn't in this case, so then it would have blocked him
EDIT: Improved script a little.
CodeXP: Do you have access logs from it that I could take a look at?
Sure, I just downloaded the log for yesterday (apparently that's when it happened, I just noticed it earlier today):
Here's what keeps repeating over and over again:
206.51.233.215 - - [22/Aug/2005:18:27:40 -0500] "POST /register.php?action=register HTTP/1.1" 200 850 "-" "Java/1.5.0_03"
206.51.233.215 - - [22/Aug/2005:18:27:40 -0500] "POST /login.php?action=in HTTP/1.1" 200 894 "-" "Java/1.5.0_03"
206.51.233.215 - - [22/Aug/2005:18:27:40 -0500] "POST /post.php?action=post&fid=7 HTTP/1.1" 200 860 "-" "Java/1.5.0_03"Just with different fid every now and then. Let me know if you need the complete file.
I just realised that I have seven defaced/hacked installs. They are all old test versions which I was too lazy to delete. It is nice to know that some idiot hacker has totally wasted his time hacking a bunch of obsolete test boards.
Well, my test board was 1.2.6, so it's not just the obsolete versions though..
Until we figure out what's happening, I'd recommend anyone with apache to add the following to their .htaccess file:
<Files ~ "(config.php|register.php|.htaccess)$">
Order allow,deny
Deny from all
</Files>Rod, over the last few days I've seen quite a lot of new registrations on my forum.
So I went ahead and cleared those users out who have registered this month, just to be one the safe side. I figure if you register and never sign on and make a post, then why register.
The same thing happened to me earlier today on one of my test forums. The moron had also created around 13000 empty topics in the forum. He never managed to gain admin status though.. I did allow people to register without verification though.
The mail adresses entered are mostly just a random bunch of characters, like d8jvackgi@ii7ia.org
IP Adress: 206.51.233.215
He also create about 25380 fake user names.. All from the same IP.
No.
That's no real exploit.
I mean for this you need access to the board folder AND you have to know your userid.
This is not possible for people from the outside.What I was trying was to do that from a remote folder on another machine and withoutr the userid.
If this is not possible at all then we don't have a leakYour version is more like going to my board directory in the shell and type
# rm -Rf ./*It doesn't prove that the board is insecure...
Oh, absolutely not, but better safe than sorry I say
Oh, and about my previous method.. It works very well provided you can use it, but it will slow things down a bit if there's a lot of images in a post (after all, it will have to check each of them).
Here's a better method that adds the benefit of caching remote images for as longs as you want
1. Open includes/parser.php
2. Find, around line 282 (the line number in my previous post was wrong):
//
// Turns an URL from the [img] tag into an <img> tag or a <a href...> tag
//
function handle_img_tag($url, $is_signature = false)
{
global $lang_common, $pun_config, $pun_user;3. Replace with:
//
// Turns an URL from the [img] tag into an <img> tag or a <a href...> tag
//
function handle_img_tag($url, $is_signature = false)
{
global $lang_common, $pun_config, $pun_user;
$replace = array('%20',' '); // We don't want spaces in our filenames
$file = basename(str_replace($replace, '_', $url)); // Get remote filename, excluding pathname
$expire = '259200'; // How long should we wait to download the image again? Defaults to 3 days.
$hash = @md5($url); // Generate a MD5 hash of the file(s) URL. Helps prevent multiple copies of the same file.
$localfile = 'cache/img/'.$file.''; // This is the temp. filename of the local cached copy.
if(file_exists('cache/img/'.$hash.'_'.$file.'') && (time()-filemtime('cache/img/'.$hash.'_'.$file.'') < $expire)) { // Check it image exists, and if it's expired.
$url = 'cache/img/'.$hash.'_'.$file.''; // Local copy is OK, and not expired, thus we provide don't need to do anything more right now.
} else {
$fh = @fopen($localfile , 'w' ); // Prepare for writing
$remote = @file_get_contents($url); // Get the contents of the remote file
@fwrite ($fh, $remote); // Write the new file...
@fclose ($fh); // ...and now we close it.
rename($localfile, 'cache/img/'.$hash.'_'.$file.''); // The temp file is now uploaded, so let's just rename it before we continue
$secure = @getimagesize('cache/img/'.$hash.'_'.$file.''); // Check the image dimensions. If we can't find them, it's not an image!
if($secure == FALSE) {
@unlink('cache/img/'.$hash.'_'.$file.''); // The file was not an image, so we will have to delete it for security reasons.
$url = 'img/warning.png'; // We will also provide a warning image. This will show up for any invalid images, or even missing ones.
} else {
$url = 'cache/img/'.$hash.'_'.$file.''; // This is a valid image, so we provide the user with a cached copy.
}
}4. Create the following folder: cache/img & chmod it to 777
5. Create an .htaccess file in above folder with the following content:
<Limit GET POST>
Order Allow,Deny
Allow from All
</Limit>6. Create a image with your warning text, named warning.png & upload it to your img directory.
7. Save & upload.
This will be a *lot* faster than my previous "fix", seeing as files are cached and only local copies will be checked each X number of days
Edit: Fixed script.
I think this is potentially more serious than it looks.
Any url called will be identified by the cookie of the current user.
What if the current user has admin status? And the url does someting there?
Well, it's still a theory but there will always be an asshole finding a leak there.
So I guess CodeXPs workaround is something everybody should use.
It will not work on systems where file handling of urls is disabled but then - no pictures is still better than no databaseBtw I tried to hack myself with that method and it didn't work
Try creating a directory in your PunBB forum folder named something like "test.jpg", then create a index.php file with the following content:
<?php
header("Location: http://<yourdomain.com>/login.php?action=out&id=<your punbb userid>");
exit;
?>Then try posting it & refresh the page
Administration plugins
Administration plugins are drop-in modules for the PunBB administration interface. Install them by simply decompressing the archive into the directory /plugins. Uninstall by deleting the extracted files and folders.
I just tested this with my local PunBB installation, and it's certainly possible to e.g. log a user out by just naming a folder something like "test.jpg", then add a index file that logs you out.
It probably can't do much harm though, but here's a little fix that takes care of the problem permanently. I don't know if it'll work on every server, but it works on mine very well
Here's how to do it.
Open includes/parser.php
Find, around line 293:
//
// Turns an URL from the [img] tag into an <img> tag or a <a href...> tag
//
function handle_img_tag($url, $is_signature = false)
{
global $lang_common, $pun_config, $pun_user;After, add:
if(@getimagesize($url) == FALSE)
$url = 'img/warning.png';Just upload a warning image named "warning.png" to your img folder.
This tweak just checks if PHP can read the images filesize. If it can't, well, then it's not an image and should not be allowed.
Hi. Great product! Can you point me to the correct way to add some customised text to the email that is sent to the registrant's inbox with the password please?
Just edit the templates found in <forum>/lang/<language>/mail_templates/
Really nice gallery, and I can't wait to see how it turns out when it's done!
Also, as I'm working on a PunBB portal system, here's a block I wrote that you can use on your frontpage to display the latest X images from category Y.
<?php
/*************************************
Front page image block for PunBB by
Öyvind A. Sörensen
oyvind.andre.sorensen@gmail.com
REQUIRES the gallery mod by pokemon_jojo
Get it from:
http://www.punres.org/files.php?pid=70
**************************************/
// Configuration
$img_num = '5'; // Number of images to get
$cat = '1'; // Category to get images from
// Get the latest images from selected category function.
function get_latestimg($cat_id)
{
global $db, $pun_config, $img_num; // Global variables
// Select the latest images from the gallery
$result = $db->query('SELECT id, subject, posted, poster, poster_id FROM '.$db->prefix.'gallery_img WHERE cat_id='.$cat_id.' ORDER BY posted DESC LIMIT 0, '.$img_num.'') or error('Unable to fetch required information from gallery', __FILE__, __LINE__, $db->error());
echo '<ul>';
while ($img = $db->fetch_assoc($result))
{
if (file_exists(''.$pun_config['g_rep_upload'].'/'.$img['poster_id'].'_thumbs_'.$img['posted'].'.gif')) {
$ext = '.gif';
} else if (file_exists(''.$pun_config['g_rep_upload'].'/'.$img['poster_id'].'_thumbs_'.$img['posted'].'.jpg')) {
$ext = '.jpg';
} else if (file_exists(''.$pun_config['g_rep_upload'].'/'.$img['poster_id'].'_thumbs_'.$img['posted'].'.png')) {
$ext = '.png';
}
echo '<li><a href="gallery.php?pid='.$img['id'].'"><img src="'.$pun_config['g_rep_upload'].'/'.$img['poster_id'].'_thumbs_'.$img['posted'].''.$ext.'" alt="'.$img['subject'].'" /></a></li>';
}
echo '</ul>';
}
?>
<h2>Latest images</h2>
<div class="block">
<div class="box">
<div class="inbox">
<?php get_latestimg($cat) ?>
</div>
</div>
</div>Hope someone finds it useful
[Click here] to see it in action, along with a couple other block I'm working on.
Ah, ok.. Still don't think it's worth bothering with though.. If I were to do something like that, I'd use the IP adress to verify the user. You could modify PunBB so that when a user logs in, it stores the IP adress in both the database and the cookie. Then, in the .php files which checks the cookie, make the functions match the adresses. If they don't match, kill the cookie.
Should be pretty easy to do really
Just thought I'd mention it, seeing as in certain cases this is somewhat annoying. The problem is that when you're editing posts, the parser function preparse_bbcode doesn't work.
In most cases this isn't a major problem, but let's say that you're editing in a new URL (or any other tag for that matter) in a post, and use uppercase letters for the URL tag. What happens then is that it will just appear as regular text, instead of parsed.
This does not happen with post.php, just the edit.php file. If you want to test it, just post a reply to this topic and then try editing it, using any BB code with uppercase letters.
PunBB Forums → Posts by CodeXP
Powered by PunBB, supported by Informer Technologies, Inc.