Modulu kurmadan once forumunuzun tum dosyalarının ve database ının yedegını almayı unutmayın...
1.Ekteki webgb_install.php dosyasını admincp klasörüne upload edin..
2.gbremove.gif ve gbedit.gif dosyalarını images/buttons klasorune upload edin.
3.webgbset.php dosyasını root dızınınıze upload edin (ör: forum/ ) klasörüne
4. www.siteniz.com/forum/admincp/webgb_install.php diyerek install a başlayın...
Eğer install yaptıktan sonra hack çalışmazsa Aşağıdaki editlemeleri yapın...
member.php dosyasında alttakini bulun;
PHP:
$userperms = cache_permissions($userinfo, false);hemen altına aşağıdakini ekleyin;
PHP:
//####################################
//Webpage and Guestbook Addon - v1.0.4
//For vBulletin version 3.0.x
//####################################
//Required to force userid in a DEFINE. For some weird reason $userid sometimes changes value
if($u) {
DEFINE("GBUSERID", $u);
} elseif($userid) {
DEFINE("GBUSERID", $userid);
} else {
//Do something, but not sure what yet...
}
//THIS FILE CONTROLS COLORS AND LANGUAGE
require_once("./webgbset.php");
//Required for permissions check
require_once('./includes/functions_misc.php');
//WEBPAGE
//Quick edit feature for admins
if ($_POST['do'] == 'quickedit' && $permissions['adminpermissions']) {
globalize($_POST, array('edit' => STR, 'message' => STR));
if($edit == 1) {
//Do database update
$DB_site->query("UPDATE user_webpage SET name = '".addslashes($_POST['name'])."', description = '".addslashes($_POST['description'])."', text = '".addslashes($message)."' WHERE userid = '".GBUSERID."'");
$url = "member.php?u=".GBUSERID."";
eval(print_standard_redirect('redirect_updatethanks'));
} else {
//Display edit
$sql = $DB_site->query("SELECT * FROM user_webpage WHERE userid = ".GBUSERID."");
while($row = mysql_fetch_assoc($sql)) {
$webpage['quickedit_form'] = "
<div style=\"font-size:14pt\" align=center><strong>".$vbphrase['wg_quick_edit']."</strong></div>
<table align=center border=0 cellspacing=0 cellpadding=5>
<form action=\"".$_SERVER['PHP_SELF']."?u=".GBUSERID."\" method=\"post\">
<input type=\"hidden\" name=\"do\" value=\"quickedit\">
<input type=\"hidden\" name=\"edit\" value=\"1\">
<tr><td class=\"wg_form\">
<b>Webpage Name:</b><br>
<input name=\"name\" size=60 value=\"".stripslashes($row['name'])."\"><br>
<b>Description:</b><br>
<input name=\"description\" size=60 value=\"".stripslashes($row['description'])."\"><br>
<b>Webpage Content:</b><br>
<textarea cols=60 rows=10 name=\"message\">".stripslashes($row['text'])." </textarea><br>
<input type=\"submit\" value=\"".$vbphrase['wg_submit_edited']."\"> <a href=\"".$_SERVER['PHP_SELF']."?u=".GBUSERID."\">".$vbphrase['cancel']."</a>
</td></tr>
</form>
</table>
";
}
}
}
//Check usergroup permissions, global and current browsing user's permissions to display content
if(iif($permissions['genericpermissions'] & CANVIEWWEBPAGE, 1, 0) == 1 && iif($userinfo['permissions']['genericpermissions'] & CANHAVEWEBPAGE, 1, 0) == 1 && $vboptions['allowwebpage'] == 1) {
//Load vB's own parsing functions
require_once('./includes/functions_bbcodeparse.php');
//Bunch of functions needed further into the script
function br2nl( $data ) {
return preg_replace( '!<br.*>!iU', "\n", $data );
}
$sql = mysql_query("SELECT * FROM user_webpage WHERE userid = ".GBUSERID."");
if(mysql_num_rows($sql) == 0) {
//Create ext. profile
$createsql = mysql_query("INSERT INTO user_webpage (userid,hits,vbcodeorhtml) VALUES (".GBUSERID.",'1','".$vboptions['webpagevbcodeorhtml']."')");
//ladda om $sql värde
$sql = mysql_query("SELECT * FROM user_webpage WHERE userid = ".GBUSERID."");
}
//Continue displaying what was found
while($row = mysql_fetch_assoc($sql)) {
//Content found, enable Webpage to be viewed only if something has been added...
if(empty($row['text'])) {
$webpage['webpage_onoff'] = "off"; //Disable Webpage
$wghtml['webpagewidth'] = "100%";
} else {
$webpage['webpage_onoff'] = "on"; //Enable Webpage
$webpage['name'] = stripslashes($row['name']);
if($row['lastupdate'] =="") {
$webpage['lastupdate'] = $vbphrase['wg_never'];
} else {
$webpage['lastupdate'] = date("".$vboptions['dateformat']." ".$vboptions['timeformat']."", $row['lastupdate']);
}
$webpage['description'] = stripslashes($row['description']);
$webpage['text'] = stripslashes($row['text']);
//Check text-formatting settings
$settingvbcode = iif($row['vbcodeorhtml'] == 'vbcode' AND $vboptions['webpageallowvbcode'] == '1', '1', '0');
$settinghtml = iif($row['vbcodeorhtml'] == 'html' AND $vboptions['webpageallowhtml'] == '1', '1', '0');
if($settinghtml == 0 AND $settingvbcode == 0) {
$settingvbcode = 1;
}
if($vboptions['webpagesmilies'] == 1 and $row['usesmilies'] == 1) {
$settingsmilies = 1; } else { $settingsmilies = 0; }
if($settingvbcode == 1) {
$webpage['text'] = parse_bbcode2($webpage['text'], $settinghtml, 1, $settingsmilies, $settingvbcode, 0);
}
if($settinghtml == 1) {
//Remove scripts!!!
$webpage['text'] = preg_replace("/(\<script)(.*?)(script>)/si", "", $webpage['text']);
//Don't hide anything!
$webpage['text'] = str_replace("<!--", "<!--", $webpage['text']);
//Allow specified tags (if empty in admin, ALL tags are allowed! SECURITY RISK!)
if(!empty($vboptions['allowedhtmltags'])) {
$webpage['text'] = strip_tags($webpage['text'], $vboptions['allowedhtmltags']);
}
//Convert smilies
$webpage['text'] = parse_bbcode2($webpage['text'], $settinghtml, 0, $settingsmilies, 0, 0, 0);
}
//Javascript will not be allowed
$webpage['text'] = ereg_replace("~<script[^>]*>.+</script[^>]*>~isU", "", $webpage['text']);
$webpage['hits'] = $row['hits'];
$webpage['bgcolor'] = $row['bgcolor'];
$webpage['bordersize'] = $row['bordersize'];
$webpage['bordercolor'] = $row['bordercolor'];
$webpage['fontface'] = $row['fontface'];
$webpage['fontsize'] = $row['fontsize'];
$webpage['fontcolor'] = $row['fontcolor'];
$webpage['header'] .= "
<table width=100% border=0 cellspacing=0 cellpadding=3>
<tr><td class=\"page\">
<font size=\"".$wghtml['webpagetitletextsize']."\"><b>".$userinfo['username']."'s ".$vbphrase['wg_webpage']."</b>
</td></tr>
<tr><td bgcolor=\"".$wghtml['borderline']."\" height=1></td></tr>
<tr><td class=\"wg_menu\">
";
if(!empty($webpage['description'])) {
$webpage['header'] .= "<b>Description:</b> $webpage[description]";
}
$webpage['header'] .= "</td></tr>
<tr><td class=\"wg_menu\">
<div class=\"smallfont\"><b>".$vbphrase['wg_last_update'].":</b> <font color=\"".$wghtml['lastupdatetextcolor']."\"><i>
";
if(!empty($webpage['lastupdate'])) {
$webpage['header'] .= $webpage['lastupdate'];
}
$webpage['header'] .= "
</i></font></div>
</td></tr>
</table>
";
//Check for admin rights (show quick edit button)
if($permissions['adminpermissions']) {
$webpage['quickedit_button'] = "
<table border=0 cellspacing=0 cellpadding=0>
<form action=\"".$_SERVER['PHP_SELF']."?u=".GBUSERID."\" method=\"post\">
<input type=\"hidden\" name=\"do\" value=\"quickedit\">
<tr><td><input type=\"image\" src=\"images/buttons/quickedit.gif\"></td></tr>
</form>
</table>
";
}
//Update hits
$updsql = mysql_query("UPDATE user_webpage SET hits = $row[hits]+1 WHERE userid = $row[userid]");
} //End check if content exist
} //End while
} //End of Webpage-script
else
{ //Usergroup not allowed to use webpage, turn it off
$webpage['webpage_onoff'] = "off";
$wghtml['webpagewidth'] = "100%";
}
//GUESTBOOK
if ($_POST['do'] == 'insert_gbentry')
{
globalize($_POST, array('subject' => STR, 'message' => STR));
//Insert
$sql = mysql_query("SELECT * FROM user_guestbook WHERE userid = ".GBUSERID."");
while($row = mysql_fetch_assoc($sql) and !empty($message)) {
//Tune new message
$subject = htmlspecialchars($subject, ENT_QUOTES);
$message = htmlspecialchars($message, ENT_QUOTES);
//Create new string
$newtext = "".time()."%split%$bbuserinfo[userid]%split%$bbuserinfo[username]%split%".$subject."%split%".$message;
$remoteIP = $_SERVER['REMOTE_ADDR'];
if (strstr($remoteIP, ', ')) {
$ips = explode(', ', $remoteIP);
$remoteIP = $ips[0];
}
$fullhost = gethostbyaddr($remoteIP);
$newtext .= "%split%".$remoteIP;
if(!empty($row['text'])) {
$newtext = $row['text']."%newmessage%".$newtext;
}
//Insert to db
$DB_site->query("UPDATE user_guestbook SET text = '".$newtext."', lastentry = '".time()."' WHERE userid = '".GBUSERID."'");
if(mysql_affected_rows()) {
if($row['notification'] == "email") {
//Send Email
if($bbuserinfo['email'] == "") {
$sentbyemail = "";
} else {
$sentbyemail = $bbuserinfo['email'];
}
$sendtosql = mysql_query("SELECT email FROM " . TABLE_PREFIX . "user WHERE userid = ".GBUSERID."");
$sendtorow = mysql_fetch_array($sendtosql);
$sendtoemail = $sendtorow['email'];
$emailmessage = "".$vbphrase['wg_you_have_a_new_guestbook_entry_from']." ".$bbuserinfo['username']."!\n
\n
<a href=\"".$vboptions['bburl']."/member.php?u=".GBUSERID."\">".$vbphrase['wg_click_here_to_view_guestbook']."</a>";
$headers = "To: The Receiver <[email protected]>\n" .
"From: The Sender <[email protected]>\n" .
"MIME-Version: 1.0\n" .
"Content-type: text/html; charset=iso-8859-1";
//Send email
mail($sendtoemail, $vbphrase['wg_new_guestbook_entry'],
"<html><body><p>".$emailmessage."</p></body></html>",
"From: Webmaster <".$vboptions['webmasteremail'].">\n" .
"MIME-Version: 1.0\n" .
"Content-type: text/html; charset=iso-8859-1");
}
if($row['notification'] == "pm") {
//Send PM
$pm['s'] = "";
$pm['do'] = "insertpm";
$pm['pmid'] = "";
$pm['forward'] = "";
$pm['receipt'] = "0";
$usersql = mysql_query("SELECT username FROM " . TABLE_PREFIX . "user WHERE userid = ".$row['userid']."");
while ($userrow = mysql_fetch_array($usersql))
{
$pm['recipients'] = $userrow['username'];
}
unset($usersql);
if($bbuserinfo['userid'] == 0) {
$fromusername = $vbphrase['wg_an_unregistered_guest'];
} else {
$fromusername = $bbuserinfo['username'];
}
$pm['title'] = $vbphrase['wg_pmtitle'];
$pm['message'] = $vbphrase['wg_pmbody']. " ".$fromusername."
[URL]http://".$_SERVER['HTTP_HOST']."".$_SERVER['PHP_SELF']."?u=".GBUSERID."[/URL]";
// *************************************************************
// PROCESS THE MESSAGE AND INSERT IT INTO THE DATABASE
$errors = array(); // catches errors
$recipients = array(); // people that $bbuserinfo has put into the recipient box
$notfound = array(); // people from the recipient box that are not found in the db
$checkedusers = array(); // people from the recipient box that were found in the db
$sendto = array(); // people that will actually receive this message
$tostring = array(); // the array of users who will appear in the pmtext record
// check for valid users
$pm['recipients'] = vbstrtolower(trim($pm['recipients']));
$recipients[] = addslashes(htmlspecialchars_uni($pm['recipients']));
// query recipients
$checkusers = $DB_site->query("
SELECT user.*, usertextfield.*
FROM " . TABLE_PREFIX . "user AS user
LEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid)
WHERE username='" . implode('\' OR username=\'', $recipients) . "'
ORDER BY user.username
");
// build array of checked users
while ($checkuser = $DB_site->fetch_array($checkusers))
{
$checkuser = array_merge($checkuser, convert_bits_to_array($checkuser['options'], $_USEROPTIONS));
$arrkey = vbstrtolower($checkuser['username']);
$perms = fetch_permissions(0, $checkuser['userid'], $checkuser);
if ($perms['pmquota'] < 1) // can't use pms
{
if ($checkuser['options'] & $_USEROPTIONS['receivepm'])
{ // This will cause the 'can't receive pms' error below to be triggered
$checkuser['options'] -= $_USEROPTIONS['receivepm'];
}
}
$checkedusers["$arrkey"] = $checkuser;
}
// run through recipients to check if we can insert the message
foreach ($checkedusers AS $username => $user)
{
if (!($user['options'] & $_USEROPTIONS['receivepm']))
{
// recipient has private messaging disabled
eval('$errors[] = "' . fetch_phrase('pmrecipturnedoff', PHRASETYPEID_ERROR) . '";');
}
else
{
// don't allow a tachy user to sends pms to anyone other than himself
if (in_coventry($bbuserinfo['userid'], true) AND $user['userid'] != $bbuserinfo['userid'])
{
$tostring["$user[userid]"] = $user['username'];
continue;
}
else if (strpos(" $user[ignorelist] ", " $bbuserinfo[userid] ") !== false)
{
// recipient is ignoring sender
if ($permissions['adminpermissions'] & CANCONTROLPANEL)
{
$sendto["$username"] = true;
$tostring["$user[userid]"] = $user['username'];
}
else
{
// bbuser is being ignored by recipient - do not send, but do not error
$tostring["$user[userid]"] = $user['username'];
continue;
}
}
else
{
cache_permissions($user, false);
if ($user['permissions'] < 1)
{
// recipient has no pm permission
eval('$errors[] = "' . fetch_phrase('pmusernotallowed', PHRASETYPEID_ERROR) . '";');
}
else
{
if ($user['pmtotal'] >= $user['permissions']['pmquota'])
{
// recipient is over their pm quota, what access do they have?
if ($permissions['adminpermissions'] & CANCONTROLPANEL)
{
$sendto["$username"] = true;
$tostring["$user[userid]"] = $user['username'];
}
else if ($user['usergroupid'] != 3 AND $user['usergroupid'] != 4)
{
$touserinfo = &$user;
eval(fetch_email_phrases('pmboxfull', $touserinfo['langageid'], '', 'email'));
vbmail($touserinfo['email'], $emailsubject, $emailmessage, true);
eval('$errors[] = "' . fetch_phrase('pmquotaexceeded', PHRASETYPEID_ERROR) . '";');
}
}
else
{
// okay, send the message!
$sendto["$username"] = true;
$tostring["$user[userid]"] = $user['username'];
}
}
}
}
}
// process errors if there are any
if (empty($errors)) {
// if there are no errors, insert the message(s)
if (!empty($sendto) OR $pm['savecopy'])
{
$pmtotalSql = array(); // users to update totals without pmpopup
$pmpopupSql = array(); // users to update totals with pmpopup
$receiptSql = array(); // receipts to insert
$title = addslashes(htmlspecialchars_uni(fetch_censored_text($pm['title'])));
$message = addslashes(fetch_censored_text($pm['message']));
$signature = intval($pm['signature']);
$iconid = intval($pm['iconid']);
$disablesmilies = iif($pm['disablesmilies'], 0, 1);
// insert private message text
$DB_site->query("INSERT INTO " . TABLE_PREFIX . "pmtext\n\t(fromuserid, fromusername, title, message, touserarray, iconid, dateline, showsignature, allowsmilie)\nVALUES\n\t($bbuserinfo[userid], '" . addslashes($bbuserinfo['username']) . "', '$title', '$message', '" . addslashes(serialize($tostring)) . "', $iconid, " . TIMENOW . ", $signature, $disablesmilies)");
// get the inserted private message id
$pmtextid = $DB_site->insert_id();
// save a copy into $bbuserinfo's sent items folder
if ($pm['savecopy'])
{
$DB_site->query("INSERT INTO " . TABLE_PREFIX . "pm (pmtextid, userid, folderid, messageread) VALUES ($pmtextid, $bbuserinfo[userid], -1, 1)");
$DB_site->shutdown_query("UPDATE " . TABLE_PREFIX . "user SET pmtotal=pmtotal+1 WHERE userid=$bbuserinfo[userid]");
}
foreach (array_keys($sendto) AS $username)
{
$user = &$checkedusers["$username"];
$DB_site->query("INSERT INTO " . TABLE_PREFIX . "pm (pmtextid, userid) VALUES ($pmtextid, $user[userid])");
if ($pm['receipt'])
{
$receiptSql[] = "(" . $DB_site->insert_id() . ", $bbuserinfo[userid], $user[userid], '" . addslashes($user['username']) . "', '$title', " . TIMENOW . ")";
}
if ($user['pmpopup'])
{
$pmpopupSql[] = $user['userid'];
}
else
{
$pmtotalSql[] = $user['userid'];
}
if ($user['emailonpm'] AND $user['usergroupid'] != 3 AND $user['usergroupid'] != 4)
{
$touserinfo = &$user;
eval(fetch_email_phrases('pmreceived', $touserinfo['langageid'], '', 'email'));
vbmail($touserinfo['email'], $emailsubject, $emailmessage);
}
}
// insert receipts
if (!empty($receiptSql) AND $cantrackpm)
{
$DB_site->query("INSERT INTO " . TABLE_PREFIX . "pmreceipt\n\t(pmid, userid, touserid, tousername, title, sendtime)\nVALUES\n\t" . implode(",\n\t", $receiptSql));
}
// update recipient pm totals (no pm-popup)
if (!empty($pmtotalSql))
{
$DB_site->shutdown_query("UPDATE " . TABLE_PREFIX . "user SET pmtotal=pmtotal+1, pmunread=pmunread+1 WHERE userid IN(" . implode(', ', $pmtotalSql) . ")");
}
// update recipient pm totals (with pm-popup)
if (!empty($pmpopupSql))
{
$DB_site->shutdown_query("UPDATE " . TABLE_PREFIX . "user SET pmtotal=pmtotal+1, pmunread=pmunread+1, pmpopup=2 WHERE userid IN(" . implode(', ', $pmpopupSql) . ")");
}
// update replied to / forwarded message 'messageread' status
if (!empty($pm['pmid']))
{
$DB_site->shutdown_query("UPDATE " . TABLE_PREFIX . "pm SET messageread=" . iif($pm['forward'], 3, 2) . " WHERE userid=$bbuserinfo[userid] AND pmid=" . intval($pm['pmid']));
}
}
}
}
$url = "member.php?u=".GBUSERID."";
eval(print_standard_redirect('redirect_updatethanks'));
}
}
}
if ($_POST['do'] == 'remove_gbentry')
{
globalize($_POST, array('page' => STR, 'gbtime' => STR, 'gbuserid' => STR));
//Removal and updating of information
$sql = mysql_query("SELECT * FROM user_guestbook WHERE userid = ".GBUSERID."");
while($row = @mysql_fetch_assoc($sql)) {
//Removal (loop array of message)
$entryarray = explode("%newmessage%", $row['text']);
for ($i = 0; $i <= count($entryarray)-1; $i++) {
$string = $entryarray[$i];
$pos = strpos($string, "$gbtime%split%$gbuserid");
if ($pos === false) {
$keepusing[] = $entryarray[$i];
//This is for grabbing the last entry time value and put it as "last entry" value.
$lastgbentry = explode("%split%", $entryarray[$i]);
$lastgbentry = $lastgbentry['0'];
}
}
for ($i = 0; $i <= count($keepusing)-1; $i++) {
if($i != 0) $newtext .= "%newmessage%";
$newtext .= $keepusing[$i];
}
//Update guestbook (last entry)
$DB_site->query("UPDATE user_guestbook SET lastentry = '".$lastgbentry."', text = '".$newtext."' WHERE userid = '".GBUSERID."'");
$url = "member.php?u=".GBUSERID."";
eval(print_standard_redirect('redirect_updatethanks'));
}
}
if ($_POST['do'] == 'update_gbentry')
{
globalize($_POST, array('gbtime' => STR, 'gbuserid' => STR, 'subject' => STR, 'message' => STR));
$subject = htmlspecialchars($subject, ENT_QUOTES);
$message = htmlspecialchars($message, ENT_QUOTES);
//Do Update
$sql = mysql_query("SELECT * FROM user_guestbook WHERE userid = ".GBUSERID."");
while($row = @mysql_fetch_assoc($sql)) {
//Removal (loop array of message)
$entryarray = explode("%newmessage%", $row['text']);
for ($i = 0; $i <= count($entryarray)-1; $i++) {
$string = $entryarray[$i];
$find = "$gbtime%split%$gbuserid";
$pos = strpos($string, $find);
if ($pos === false) {
//Do nothing.. how weird that === true don't work..hm. Check later
} else {
$entry = explode("%split%", $entryarray[$i]);
$entry['3'] = $subject;
$entry['4'] = $message;
$entryarray[$i] = implode("%split%", $entry);
}
}
//Bind together again
for ($i = 0; $i <= count($entryarray)-1; $i++) {
if($i != 0) $newtext .= "%newmessage%";
$newtext .= $entryarray[$i];
}
//Do update
$DB_site->query("UPDATE user_guestbook SET lastentry = '".$lastgbentry."', text = '".$newtext."' WHERE userid = '".GBUSERID."'");
$url = "member.php?u=".GBUSERID."";
eval(print_standard_redirect('redirect_updatethanks'));
}
}
if ($_POST['do'] == 'edit_gbentry')
{
globalize($_POST, array('page' => STR, 'gbtime' => STR, 'gbuserid' => STR));
$sql = mysql_query("SELECT * FROM user_guestbook WHERE userid = ".GBUSERID."");
while($row = @mysql_fetch_assoc($sql)) {
//Removal (loop array of message)
$entryarray = explode("%newmessage%", $row['text']);
for ($i = 0; $i <= count($entryarray)-1; $i++) {
$string = $entryarray[$i];
$find = "$gbtime%split%$gbuserid";
$pos = strpos($string, $find);
if ($pos === false) {
//Do nothing.. how weird that === true don't work..hm. Check later
} else {
$entry = explode("%split%", $entryarray[$i]);
$webpage['gb_editform'] .= "
<table align=center bgcolor=\"$webpage[webpagebordercolor]\" border=0 cellspacing=\"1\" cellpadding=2>
<form action=\"member.php?u=".GBUSERID."\" method=\"post\">
<input type=\"hidden\" name=\"do\" value=\"update_gbentry\">
<input type=\"hidden\" name=\"gbtime\" value=\"".$entry['0']."\">
<input type=\"hidden\" name=\"gbuserid\" value=\"".$entry['1']."\">
<tr><td class=\"page\">
<b>".$vbphrase['wg_edit_guestbook_entry']."</b><br>
</td></tr>
<tr><td class=\"wg_form\">
<table border=0 cellspacing=\"0\" cellpadding=5>
<tr><td><font color=black>
<b>".$vbphrase['wg_subject']."</b><br>
<input name=\"subject\" value=\"".unhtmlspecialchars(stripslashes($entry['3']))."\" size=25 maxlength=50><br>
<b>".$vbphrase['wg_message']."</b><br>
<textarea name=\"message\" cols=25 rows=4>".unhtmlspecialchars(stripslashes($entry['4']))."profile.php dosyasını açın ve alttakini bulun;
PHP:
// start the navbar
$navbits = array("usercp.php?$session[sessionurl]" => $vbphrase['user_control_panel']);hemen altına aşağıdakileri ekleyin;
PHP:
//#####################################
//Webpage and Guestbook Addon - v1.0.4
//For vBulletin version 3.0.x
//#####################################
if ($_POST['do'] == 'update_webpage')
{
construct_usercp_nav('webpage');
require_once('./includes/functions_editor.php');
$istyles_js = construct_editor_styles_js();
globalize($_POST, array('switch' => STR, 'switchto' => STR, 'usesmilies' => STR, 'bgcolor' => STR, 'fontface' => STR, 'fontsize' => STR, 'fontcolor' => STR, 'bordersize' => STR, 'bordercolor' => STR, 'name' => STR, 'description' => STR, 'message' => STR));
require_once("./webgbset.php");
if(!empty($switch)) {
//Only do switch over (any changes done is not saved)
mysql_query("UPDATE user_webpage SET vbcodeorhtml = '$switchto' WHERE userid = $bbuserinfo[userid]");
if(mysql_affected_rows() !== "-1") {
if($switchto == 'html') {
//Check if allow
$webprofile['vbcodeorhtml'] = iif($vboptions['webpageallowhtml'] == 1, 'html', 'vbcode');
}
if($switchto == 'vbcode') {
//Check if allow
$webprofile['vbcodeorhtml'] = iif($vboptions['webpageallowvbcode'] == 1, 'vbcode', 'html');
}
}
} else {
//Set values for On/Off checkboxes
if($usesmilies == 'on') $usesmilies = 1; else $usesmilies = 0;
//Do update of content
mysql_query("UPDATE user_webpage SET usesmilies = '$usesmilies', bgcolor = '".addslashes($bgcolor)."', fontface = '".addslashes($fontface)."', fontsize = '".addslashes($fontsize)."', fontcolor = '".addslashes($fontcolor)."', bordersize = '".addslashes($bordersize)."', bordercolor = '".addslashes($bordercolor)."', name = '".addslashes($name)."', description = '".addslashes($description)."', text = '".addslashes($message)."', lastupdate = '".time()."' WHERE userid = $bbuserinfo[userid]");
if(mysql_affected_rows() != -1) {
$webprofile['updated'] = 1;
}
}
$sql = mysql_query("SELECT * FROM user_webpage WHERE userid = $bbuserinfo[userid]");
if(mysql_num_rows($sql)) {
while ($row = mysql_fetch_assoc($sql)) {
$webprofile['name'] = stripslashes($row['name']);
$webprofile['description'] = stripslashes($row['description']);
$webprofile['message'] = stripslashes($row['text']);
$newpost['message'] = $webprofile['message'];
if($row['lastupdate'] !=='') {
$webprofile['lastupdate'] = date("".$vboptions['dateformat']." ".$vboptions['timeformat']."", $row['lastupdate']);
} else {
$webprofile['lastupdate'] = $vbphrase['wg_never'];
}
$webprofile['bgcolor'] = stripslashes($row['bgcolor']);
$webprofile['fontface'] = stripslashes($row['fontface']);
$webprofile['fontsize'] = stripslashes($row['fontsize']);
$webprofile['fontcolor'] = stripslashes($row['fontcolor']);
$webprofile['bordersize'] = stripslashes($row['bordersize']);
$webprofile['bordercolor'] = stripslashes($row['bordercolor']);
$webprofile['usesmilies'] = $row['usesmilies'];
$webprofile['show_switchto_vbcode'] = iif($vboptions['webpageallowvbcode'], 1, 0);
$webprofile['show_switchto_html'] = iif($vboptions['webpageallowhtml'], 1, 0);
if($vboptions['webpagesmilies'] != 1) $smilies = '';
if($row['vbcodeorhtml'] == 'html') { //Else switch
$webprofile['vbcodeorhtml'] = iif($vboptions['webpageallowhtml'] == 1, 'html', 'vbcode');
}
if($row['vbcodeorhtml'] == 'vbcode') { //Else switch
$webprofile['vbcodeorhtml'] = iif($vboptions['webpageallowvbcode'] == 1, 'vbcode', 'html');
}
}
$templatename = 'modify_webpage';
$url = "profile.php?do=editwebpage";
eval(print_standard_redirect('modify_webpage'));
}
}
if ($_REQUEST['do'] == 'editwebpage')
{
construct_usercp_nav('webpage');
$sql = mysql_query("SELECT * FROM user_webpage WHERE userid = $bbuserinfo[userid]");
if(@mysql_num_rows($sql) == 0) {
//Create a profile area
mysql_query("INSERT INTO user_webpage (userid,hits,vbcodeorhtml) VALUES ('$bbuserinfo[userid]','1','".$vboptions['webpagevbcodeorhtml']."')");
//Reload userinfo
$sql = mysql_query("SELECT * FROM user_webpage WHERE userid = $bbuserinfo[userid]");
}
while ($row = @mysql_fetch_assoc($sql)) {
$webprofile['name'] = stripslashes($row['name']);
$webprofile['description'] = stripslashes($row['description']);
$webprofile['message'] = stripslashes($row['text']);
$newpost['message'] = $webprofile['message'];
if($row['lastupdate'] !=='') {
$webprofile['lastupdate'] = date("".$vboptions['dateformat']." ".$vboptions['timeformat']."", $row['lastupdate']);
} else {
$webprofile['lastupdate'] = $vbphrase['wg_never'];
}
$webprofile['bgcolor'] = stripslashes($row['bgcolor']);
$webprofile['fontface'] = stripslashes($row['fontface']);
$webprofile['fontsize'] = stripslashes($row['fontsize']);
$webprofile['fontcolor'] = stripslashes($row['fontcolor']);
$webprofile['bordersize'] = stripslashes($row['bordersize']);
$webprofile['bordercolor'] = stripslashes($row['bordercolor']);
$webprofile['usesmilies'] = $row['usesmilies'];
$webprofile['show_switchto_vbcode'] = iif($vboptions['webpageallowvbcode'], 1, 0);
$webprofile['show_switchto_html'] = iif($vboptions['webpageallowhtml'], 1, 0);
if($row['vbcodeorhtml'] == 'html') {
//Check if allow
$webprofile['vbcodeorhtml'] = iif($vboptions['webpageallowhtml'] == 1, 'html', 'vbcode');
}
if($row['vbcodeorhtml'] == 'vbcode') {
//Check if allow
$webprofile['vbcodeorhtml'] = iif($vboptions['webpageallowvbcode'] == 1, 'vbcode', 'html');
}
if($webprofile['vbcodeorhtml'] == 'vbcode') {
//Construct Javascript editor
require_once('./includes/functions_newpost.php');
$htmlcodeon = iif($vboptions['webpageallowhtml'], $vbphrase['on'], $vbphrase['off']);
$bbcodeon = iif($vboptions['webpageallowvbcode'], $vbphrase['on'], $vbphrase['off']);
$imgcodeon = iif($vboptions['webpageallowvbcode'], $vbphrase['on'], $vbphrase['off']);
$smilieson = iif($vboptions['allowsmilies'], $vbphrase['on'], $vbphrase['off']);
require_once('./includes/functions_editor.php');
// set message box width to usercp size
$stylevar['messagewidth'] = $stylevar['messagewidth_usercp'];
construct_edit_toolbar(htmlspecialchars_uni($newpost['message']), 0, 0, $vboptions['webpagesmilies']);
//Load the javascripts
$onload = " onload=\"editInit();\"";
}
}
$templatename = 'modify_webpage';
}
if ($_POST['do'] == 'update_guestbook')
{
construct_usercp_nav('guestbook');
globalize($_POST, array('showavatar' => INT, 'usesmilies' => INT, 'status' => STR, 'position' => STR, 'notification' => STR));
require_once("./webgbset.php");
mysql_query("UPDATE user_guestbook SET status = '$status', showavatar = '$showavatar', usesmilies = '$usesmilies', position = '$position', notification = '$notification' WHERE userid = $bbuserinfo[userid]");
if(mysql_affected_rows() != -1) {
$guestbook['updated'] = 1;
}
$sql = mysql_query("SELECT * FROM user_guestbook WHERE userid = $bbuserinfo[userid]");
if(@mysql_num_rows($sql)) {
while ($row = mysql_fetch_assoc($sql)) {
$guestbook['name'] = $row['name'];
$guestbook['status'] = $row['status'];
$guestbook['position'] = $row['position'];
$guestbook['lastentry'] = $row['lastentry'];
$guestbook['usesmilies'] = $row['usesmilies'];
$guestbook['notification'] = $row['notification'];
$guestbook['showavatar'] = $row['showavatar'];
}
}
$templatename = 'modify_guestbook';
}
if ($_REQUEST['do'] == 'editguestbook')
{
construct_usercp_nav('guestbook');
require_once("./webgbset.php");
$sql = mysql_query("SELECT * FROM user_guestbook WHERE userid = ".$bbuserinfo['userid']."");
if(mysql_num_rows($sql) == 0) { //If guestbook don't exist, create it!
mysql_query("INSERT INTO user_guestbook (userid, usesmilies, status, position, notification) VALUES ('".$bbuserinfo['userid']."', '1', 'off', 'right', '".$vboptions['gb_notification']."')");
//Reload first $sql query
$sql = mysql_query("SELECT * FROM user_guestbook WHERE userid = ".$bbuserinfo['userid']."");
}
while ($row = mysql_fetch_assoc($sql)) {
$guestbook['name'] = $row['name'];
$guestbook['status'] = $row['status'];
$guestbook['position'] = $row['position'];
$guestbook['lastentry'] = $row['lastentry'];
$guestbook['usesmilies'] = $row['usesmilies'];
$guestbook['notification'] = $row['notification'];
$guestbook['showavatar'] = $row['showavatar'];
}
$templatename = 'modify_guestbook';
}
//#####################################
//END OF WEBPAGE & GUESTBOOK SCRIPT
//#####################################global.php dosyasını açın ve alltakini bulun;
PHP:
$show['wollink'] = iif($permissions['wolpermissions'] & CANWHOSONLINE, true, false);hemen altına ekleyin;
PHP:
$show['webpagecontent'] = iif($vboptions['allowwebpage'] && $permissions['genericpermissions'] & CANHAVEWEBPAGE, true, false);
$show['guestbooksettings'] = iif($vboptions['allowguestbook'] && $permissions['genericpermissions'] & CANHAVEGUESTBOOK, true, false);admincp/usergroup.php dosyasını açın ve alttakini bulun;
PHP:
// set default yes permissions (bitfields)
$ug_bitfield = array(hemen altına ekleyin;
PHP:
'canhaveguestbook' => 1,
'canhavewebpage' => 1,
'canviewguestbook' => 1,
'canviewwebpage' => 1,
'canpostguestbook' => 1,aynı dosyada alttakini bulun;
PHP:
print_table_header($vbphrase['general_permissions']);altına ekleyin;
PHP:
print_yes_no_row($vbphrase['can_have_guestbook'], 'usergroup[canhaveguestbook]', $ug_bitfield['canhaveguestbook']);
print_yes_no_row($vbphrase['can_have_webpage'], 'usergroup[canhavewebpage]', $ug_bitfield['canhavewebpage']);
print_yes_no_row($vbphrase['can_view_guestbook'], 'usergroup[canviewguestbook]', $ug_bitfield['canviewguestbook']);
print_yes_no_row($vbphrase['can_view_webpage'], 'usergroup[canviewwebpage]', $ug_bitfield['canviewwebpage']);
print_yes_no_row($vbphrase['can_post_guestbook'], 'usergroup[canpostguestbook]', $ug_bitfield['canpostguestbook']);/includes/function_user.php dosyasında alttakını bulun;
PHP:
'password',
'avatar',
'profilepic',hemen altına ekleyin;
PHP:
'webpage',
'guestbook',/includes/init.php dosyasında alttakını bulun;
PHP:
$_BITFIELD['usergroup']['genericpermissions'] = array(
'canviewmembers' => 1,
'canmodifyprofile' => 2,
'caninvisible' => 4,
'canviewothersusernotes' => 8,
'canmanageownusernotes' => 16,
'canseehidden' => 32,
'canbeusernoted' => 64,
'canprofilepic' => 128,
'canuseavatar' => 512,
'canusesignature' => 1024,
'canusecustomtitle' => 2048,
'canseeprofilepic' => 4096,
'canviewownusernotes' => 8192,
'canmanageothersusernotes' => 16384,
'canpostownusernotes' => 32768,
'canpostothersusernotes' => 65536,
'caneditownusernotes' => 131072,
'canseehiddencustomfields' => 262144,
// Reputation
'canseeownrep' => 256,
'canuserep' => 524288,
'canhiderep' => 1048576,
'cannegativerep' => 2097152,
'canseeothersrep' => 4194304,
'canhaverepleft' => 8388608,hemen altına ekleyin;
PHP:
'canhaveguestbook' => 16777216,
'canhavewebpage' => 33554432,
'canviewwebpage' => 67108864,
'canviewguestbook' => 134217728,
'canpostguestbook' => 268435456,Bu hack MaskeMaske arkadasımızın istegi üzerine eklenmiştir...
editlemeleride Yaptım