Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
git-r-done
New Member
New Member


Joined: Jul 06, 2004
Posts: 9
Location: Huber Heights, Ohio

PostPosted: Fri Sep 17, 2004 5:50 pm Reply with quote

I originally posted this message on the phpbb.com support forums as that was where I Only registered users can see links on this board! Get registered or login! the hack, but I don't think they will help me because it is being used in PHPNuke.

I applied this hack to my phpNuke site's files. I still receive the email notification, and it has the edited text, but it is not adding the 2 new variables. I have PHPNuke 7.4 with PHPBB 2.0.8, and I was applying the Extended_PM_Notification_1.1.5 hack.

I will quote to you the parts of the code edited, and quote the email notification that the users of my site receive.

privmsg.php
Code:


                                $privmsg_message = prepare_message($HTTP_POST_VARS['message'], $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
                                //Extended_PM_Notification MOD
                                //Clean up all BBcode UID
                                $message_text = htmlspecialchars(trim(stripslashes($HTTP_POST_VARS['message'])));
                                $quote = $lang['Quote'];
                                $code = $lang['Code'];

                                //Clean up all BBcode tags
                                $bbcode_match = array('/\[quote=\&quot\;\w+\&quot\;\]/si', '/\[quote\]/si', '/\[\/quote\]/si', '/\[code\]/si', '/\[\/code\]/si', '/\[\w+\]/si', '/\[\/\w+\]/si', '/\[\w+=\w+\]/si', '/\[\/\w+=\w+\]/si','/\[\w+\]/si', '/\[\/\w+\]/si');
                                $bbcode_replace = array("\n$quote >>\n", "\n$quote >>\n","\n<< $quote\n", "\n$code >>\n","\n<< $code\n",'','','','','','');
                                $message_text = preg_replace($bbcode_match, $bbcode_replace, $message_text);


privmsg.php
Code:


                                $emailer->assign_vars(array(
                                        'USERNAME' => $to_username,
                                        'SENDER_USERNAME' => htmlspecialchars($userdata['username']),     //Extended_PM_Notification MOD
                                        'PM_MESSAGE' => $message_text,                                    //Extended_PM_Notification MOD
                                        'SITENAME' => $board_config['sitename'],
                                        'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '',
                                        'U_INBOX' => $server_protocol . $server_name . $server_port . $script_name . '?folder=inbox')
                                );


privmsg_notify.tpl
Code:


Subject: New Private Message has arrived
Charset: iso-8859-1

Hello {USERNAME},

The member, {SENDER_USERNAME} from "{SITENAME}" has just sent you a new private message, and you have requested that you be notified on this event. The content of the message is as follow:
{PM_MESSAGE}

You can view your new message by clicking on the following link:

{U_INBOX}

Remember that you can always choose not to be notified of new messages by changing the appropriate setting in your profile.

{EMAIL_SIG}


Now I am using WinSyntax 2.0 for a text editor, to avoid damaging the code with extra spaces.

Here is the email that the user receives:

Quote:
Hello [AAE]-=GIT-R-DONE=-,

The member, from "AmericasArmyElite.com" has just sent you a new private message, and you have requested that you be notified on this event. The content of the message is as follow:


You can view your new message by clicking on the following link:
Only registered users can see links on this board! Get registered or login!

Remember that you can always choose not to be notified of new messages by changing the appropriate setting in your profile.

--
Thanks, The Web Team @ AmericasArmyElite.com


Note the missing senders name and missing private message text.

Not sure what I did wrong, or if this hack even works with PHPNuke. I know that it is not really a support issue that you guys would support, but any help will be GREATLY appreciated.

----------------------------------------------------------
GIT-R-DONE Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message Visit poster's website
chatserv
Member Emeritus


Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico

PostPosted: Fri Sep 17, 2004 7:36 pm Reply with quote

The changes mentioned for privmsg.php must be performed on modules/Private_Messages/index.php instead.
 
View user's profile Send private message Visit poster's website
chatserv
PostPosted: Fri Sep 17, 2004 7:38 pm Reply with quote

Code:
# 

#-----[ OPEN ]------------------------------------------
#
modules/Private_Messages/index.php

#
#-----[ FIND ]------------------------------------------
#
            $privmsg_message = prepare_message($HTTP_POST_VARS['message'], $html_on, $bbcode_on, $smilies_on, $bbcode_uid);

#
#-----[ AFTER, ADD ]------------------------------------------
#
            //Extended_PM_Notification MOD
            //Clean up all BBcode UID
            $message_text = htmlspecialchars(trim(stripslashes($HTTP_POST_VARS['message'])));
            $quote = $lang['Quote'];
            $code = $lang['Code'];

            //Clean up all BBcode tags
            $bbcode_match = array('/\[quote=\&quot\;\w+\&quot\;\]/si', '/\[quote\]/si', '/\[\/quote\]/si', '/\[code\]/si', '/\[\/code\]/si', '/\[\w+\]/si', '/\[\/\w+\]/si', '/\[\w+=\w+\]/si', '/\[\/\w+=\w+\]/si','/\[\w+\]/si', '/\[\/\w+\]/si');
            $bbcode_replace = array("\n$quote >>\n", "\n$quote >>\n","\n<< $quote\n", "\n$code >>\n","\n<< $code\n",'','','','','','');
            $message_text = preg_replace($bbcode_match, $bbcode_replace, $message_text);

#
#-----[ FIND ]------------------------------------------
#
            $emailer->assign_vars(array(
               'USERNAME' => $to_username,

#
#-----[ AFTER, ADD ]------------------------------------------
#
               'SENDER_USERNAME' => htmlspecialchars($userdata['username']),   //Extended_PM_Notification MOD
               'PM_MESSAGE' => $message_text,   //Extended_PM_Notification MOD

#
#-----[ OPEN ]------------------------------------------
#
modules/Forums/language/lang_english/email/privmsg_notify.tpl

#
#-----[ FIND ]------------------------------------------
#
You have received a new private message to your account on "{SITENAME}" and you have requested that you be notified on this event. You can view your new message by clicking on the following link:

#
#-----[ REPLACE WITH ]------------------------------------------
#
Member {SENDER_USERNAME} from "{SITENAME}" have just send you a new private message to your account, and you have requested that you be notified on this event. The content of the message is as follow:
{PM_MESSAGE}

You can view your new message by clicking on the following link:

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
 
git-r-done
PostPosted: Fri Sep 17, 2004 7:47 pm Reply with quote

Chatserv, You are the best, my friend! I didn't even think about how Private Messages was ported into PHPNuke. I am assuming that you either found this install doc that you quoted from a Nuke Fix, or you just typed the changes into the doc from the phpbb hack. In either case, I have searched for hours tonight looking for this. I thank you greatly for this. Please keep dry!
 
chatserv
PostPosted: Fri Sep 17, 2004 10:11 pm Reply with quote

I edited the original install.txt, glad that it helped.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©