Jump to content
xisto Community

Larry Rosario

Members
  • Content Count

    10
  • Joined

  • Last visited

Everything posted by Larry Rosario

  1. whats the best best web filtering software? and why?
  2. It works, thank you very much.
  3. Thanks for the reply here's the code: <?phpif(!defined('IN_SUBDREAMER')) die('Hacking attempt!');// ###################### START WITH SESSION NOT CREATED #######################$sessioncreated = false;// ############################## FORUM SETTINGS ###############################$tableprefix = $usersystem['tblprefix'];$cookietimeout = $usersystem['cookietimeout'];$cookieprefix = $usersystem['cookieprefix'];$cookiedomain = '';$cookiepath = '/';//$vblicensenumber = $usersystem['extra']; // the extra column holds vb3's license number// ####################### FIX VBULLETIN 3 COOKIE PREFIX #######################// vbulletin 3 defaults to bb if a cookieprefix is blank, strange... but whatever!$cookieprefix = strlen($cookieprefix) ? $cookieprefix : 'bb';// ####################### GET VBULLETIN 3 SESSION LIMIT #######################// updating to the vbulletin3's session table will not take place if the limit has been reached$getsessionlimit = $DB->query_first("SELECT value FROM " . $tableprefix . "setting WHERE varname = 'sessionlimit'");$sessionlimit = $getsessionlimit['value']; // this value should be store in $usersystem['extra'], wasted query imo// ################################ FIND ALT IP ################################if(isset($_SERVER['HTTP_CLIENT_IP'])){ define('ALT_IP', $_SERVER['HTTP_CLIENT_IP']);}else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $matches)){ foreach($matches[0] AS $ip) { if(!preg_match("#^(10|172\.16|192\.168)\.#", $ip)) { define('ALT_IP', $ip); break; } }}else if(isset($_SERVER['HTTP_FROM'])){ define('ALT_IP', $_SERVER['HTTP_FROM']);}else{ define('ALT_IP', $_SERVER['REMOTE_ADDR']);}// ################################## DEFINES ##################################define('SESSION_IDHASH', md5($_SERVER['HTTP_USER_AGENT'] . ALT_IP )); // this should *never* change during a sessiondefine('USER_AGENT', $_SERVER['HTTP_USER_AGENT']);define('IPADDRESS', $_SERVER['REMOTE_ADDR']);define('SESSION_HOST', substr(IPADDRESS, 0, 15));// ############################### CREATE COOKIE ###############################function CreateCookie($name, $value = '', $permanent = 1){ global $_SERVER, $cookieprefix, $cookiepath, $cookiedomain; $name = $cookieprefix . $name; $expire = $permanent ? (TIMENOW + 60 * 60 * 24 * 365) : 0; $secure = $_SERVER['SERVER_PORT'] == '443' ? 1 : 0; // secure(1) = using SSL setcookie($name, $value, $expire, $cookiepath, $cookiedomain, $secure);}// ############################ CREATE SESSION HASH ############################function CreateSessionHash(){ return md5(TIMENOW . SESSION_IDHASH . SESSION_HOST . rand(1, 1000000));}// ############################## CREATE SESSION ###############################function CreateSession($userid = 0){ global $DB, $sessionlimit, $sessioncreated, $tableprefix; // setup the session $session = array('sessionhash' => CreateSessionHash(), 'userid' => intval($userid), 'host' => SESSION_HOST, 'useragent' => USER_AGENT, 'idhash' => SESSION_IDHASH, 'lastactivity' => TIMENOW); // return the session if the sessionlimit has exceeded if($sessionlimit > 0) { $sessions = $DB->query_first("SELECT COUNT(*) AS sessioncount FROM " . $tableprefix . "session"); if($sessions['sessioncount'] > $sessionlimit) { return $session; } } // return if we are logging in our logging out (since logging in and out already creates sessions) if(isset($_POST['login']) || isset($_GET['logout'])) { return; } // insert the session into the database $DB->query("INSERT INTO " . $tableprefix . "session (sessionhash, userid, host, useragent, idhash, lastactivity) VALUES ('" . addslashes($session['sessionhash']) . "', $session[userid], '" . addslashes($session['host']) . "', '" . addslashes($session['useragent']) . "', '" . addslashes($session['idhash']) . "', $session[lastactivity])"); // save the sessionhash CreateCookie('sessionhash', $session['sessionhash'], 0); // set sessioncreated to true so that we don't update this session later on in the script // (because it was just created) $sessioncreated = true; return $session;}// ######################### UPDATE LAST VISIT/ACTIVITY ########################function UpdateLastActivity($userid){ global $DB, $cookietimeout, $tableprefix; $lastactivity = $DB->query_first("SELECT lastactivity FROM " . $tableprefix . "user WHERE userid = $userid"); if (TIMENOW - $lastactivity[0] > $cookietimeout) { $DB->query("UPDATE " . $tableprefix . "user SET lastvisit = lastactivity, lastactivity = " . TIMENOW . " WHERE userid = $userid"); } else { $DB->query("UPDATE " . $tableprefix . "user SET lastactivity = " . TIMENOW . " WHERE userid = $userid"); }}// ############################# FIND SESSION HASH #############################if(!empty($_POST['s'])){ $sessionhash = $_POST['s'];}else if(!empty($_GET['s'])){ $sessionhash = $_GET['s'];}else{ $sessionhash = isset($_COOKIE[$cookieprefix . 'sessionhash']) ? $_COOKIE[$cookieprefix . 'sessionhash'] : $_COOKIE['sessionhash'];}// ############################# CONTINUE SESSION ##############################if(!empty($sessionhash)){ $session = $DB->query_first("SELECT * FROM " . $tableprefix . "session WHERE sessionhash = '" . addslashes(trim($sessionhash)) . "' AND lastactivity > " . (TIMENOW - $cookietimeout) . " AND host = '" . addslashes(SESSION_HOST) . "' AND idhash = '" . addslashes(SESSION_IDHASH) . "'");}// ############################### COOKIE LOGIN ################################// session has expired or does not exist, but the user might still have a userid and password cookies set:if(empty($session) OR $session['userid'] == 0){ if(!empty($_COOKIE[$cookieprefix . 'userid']) AND !empty($_COOKIE[$cookieprefix . 'password']) AND is_numeric($_COOKIE[$cookieprefix . 'userid'])) { $eraseusercookie = false; if($user = $DB->query_first("SELECT userid, password FROM " . $tableprefix . "user WHERE userid = '" . $_COOKIE[$cookieprefix . 'userid'] . "' LIMIT 1")) { if(md5($user['password']) == $_COOKIE[$cookieprefix . 'password']) { // combination is valid, // delete the old session hash and create a new one if(strlen($session['sessionhash'])) { // old session still exists; kill it $DB->query("DELETE FROM " . $tableprefix . "session WHERE sessionhash = '" . addslashes($session['sessionhash']). "' LIMIT 1"); } $session = CreateSession($user['userid']); } else { $eraseusercookie = true; } } else { $eraseusercookie = true; } if($eraseusercookie) { // cookie has false information *or maybe the user was deleted*, delete the cookies: CreateCookie('userid', '', 1); CreateCookie('password', '', 1); } }}// ########################### CREATE GUEST SESSION ############################if(empty($session)){ // still no session. the user is a guest, so try to find this guest's session $session = $DB->query_first("SELECT * FROM " . $tableprefix . "session WHERE userid = 0 AND host = '" . addslashes(SESSION_HOST) . "' AND idhash = '" . addslashes(SESSION_IDHASH) . "' LIMIT 1"); // still no session found, create a new one for the guest: if(empty($session)) { $session = CreateSession(0); }}// ############################ SETUP USER VARIABLE ############################if($session['userid'] == 0){ // fill in guest userinfo for subdreamer $user = array('userid' => 0, 'usergroupids' => 1, // vBulletin 3 - Unregistered / Not Logged In 'username' => '', 'loggedin' => 0, 'email' => '', 'timezoneoffset' => 0, 'dstonoff' => 0, 'dstauto' => 1);}else if($session['userid'] > 0){ $getuser = $DB->query_first("SELECT * FROM " . $tableprefix . "user WHERE userid = $session[userid]"); // fill in member userinfo for subdreamer $user = array('userid' => $getuser['userid'], 'usergroupids' => $getuser['usergroupid'], 'username' => $getuser['username'], 'loggedin' => 1, 'email' => $getuser['email'], 'timezoneoffset' => $getuser['timezoneoffset']); UpdateLastActivity($user['userid']); // bit values: 'dstauto' => 64, 'dstonoff' => 128, $user['dstonoff'] = (128 & $getuser['options']) ? 1 : 0; $user['dstauto'] = (64 & $getuser['options']) ? 1 : 0;}// ############################## UPDATE SESSION ###############################if(!$sessioncreated){ $DB->query("UPDATE " . $tableprefix . "session SET useragent = '" . addslashes(USER_AGENT) . "', lastactivity = " . TIMENOW . " WHERE sessionhash = '" . addslashes($session['sessionhash']) . "'");}// ################################### LOGIN ###################################if(isset($_POST['login'])){ // post data already cleaned $loginusername = $_POST['loginusername']; $loginpassword = $_POST['loginpassword']; if(strlen($loginusername)) { // get userid for given username if($getuser = $DB->query_first("SELECT * FROM " . $tableprefix . "user WHERE username = '" . addslashes($loginusername) . "'")) { if($getuser['password'] != md5(md5($loginpassword) . $getuser['salt']) ) { $loginerrors[] = $sdlanguage['wrong_password']; } else { // fill in member userinfo for subdreamer $user = array('userid' => $getuser['userid'], 'usergroupids' => $getuser['usergroupid'], 'username' => $getuser['username'], 'loggedin' => 1, 'email' => $getuser['email'], 'timezoneoffset' => $getuser['timezoneoffset']); // bit values: 'dstauto' => 64, 'dstonoff' => 128, $user['dstonoff'] = (128 & $getuser['options']) ? 1 : 0; $user['dstauto'] = (64 & $getuser['options']) ? 1 : 0; // a sessionhash was created before user logged in, so delete this sessionhash and create a new one $DB->query("DELETE FROM " . $tableprefix . "session WHERE sessionhash = '" . addslashes($session['sessionhash']) . "' LIMIT 1"); // insert new session $session['sessionhash'] = CreateSessionHash(); $DB->query("INSERT INTO " . $tableprefix . "session (sessionhash, userid, host, idhash, lastactivity, loggedin, useragent) VALUES ('" . addslashes($session['sessionhash']) . "', " . intval($getuser['userid']) . ", '" . addslashes(SESSION_HOST) . "', '" . addslashes(SESSION_IDHASH) . "', " . TIMENOW . ", 1, '" . addslashes(USER_AGENT) . "') "); // save the sessionhash in the cookie CreateCookie('sessionhash', $session['sessionhash'], 1); // save the userid and password if the user has selected the 'remember me' option if($_POST['rememberme']) { CreateCookie('userid', $getuser['userid'], 1); CreateCookie('password', md5($getuser['password']), 1); } } } else { $loginerrors[] = $sdlanguage['wrong_username']; } } else { $loginerrors[] = $sdlanguage['please_enter_username']; }}// ################################## LOGOUT ###################################if(isset($_GET['logout'])){ // clear all cookies beginning with COOKIE_PREFIX $prefix_length = strlen($cookieprefix); foreach($_COOKIE AS $key => $val) { $index = @strpos($key, $cookieprefix); if($index == 0 AND $index !== false) { $key = substr($key, $prefix_length); if(trim($key) == '') { continue; } CreateCookie($key, '', 1); } } if($user['userid'] > 0) { // delete all sessions that match the userid $DB->query("DELETE FROM " . $tableprefix . "session WHERE userid = $user[userid]"); } // delete all sessions that match the sessionhash $DB->query("DELETE FROM " . $tableprefix . "session WHERE sessionhash = '" . addslashes($session['sessionhash']) . "'"); $session['sessionhash'] = CreateSessionHash(); $DB->query("INSERT INTO " . $tableprefix . "session (sessionhash, userid, host, idhash, lastactivity, styleid, useragent) VALUES ('" . addslashes($session['sessionhash']) . "', 0, '" . addslashes($session['host']) . "', '" . addslashes($session['idhash']) . "', " . TIMENOW . ", 0, '" . addslashes(USER_AGENT) . "') "); CreateCookie('sessionhash', $session['sessionhash'], 0); $user = array('userid' => 0, 'usergroupids' => 1, // vBulletin 3 - Unregistered / Not Logged In 'username' => '', 'loggedin' => 0, 'email' => '', 'timezoneoffset' => 0, 'dstonoff' => 0, 'dstauto' => 1);}// ############################ ADD SESSION TO URL? ############################// write the session id/hash if a LOGGED IN USER does not have cookies in the url,if(sizeof($_COOKIE) > 0 OR preg_match("#(google|msnbot|yahoo! slurp)#si", $_SERVER['HTTP_USER_AGENT']) OR $user['userid'] == 0){ $user['sessionurl'] = '';}else if (strlen($session['sessionhash']) > 0){ $user['sessionurl'] = 's=' . $session['sessionhash'];}// ############################ DELETE OLD SESSIONS ############################$DB->query("DELETE FROM " . $tableprefix . "session WHERE lastactivity < " . intval(TIMENOW - $cookietimeout));// ###################### SUBDREAMER USER SETTINGS SETUP #######################$usersettings = array('userid' => $user['userid'], 'usergroupids' => $user['usergroupids'], 'username' => $user['username'], 'loggedin' => $user['loggedin'], 'email' => $user['email'], 'timezoneoffset' => $user['timezoneoffset'], 'dstonoff' => $user['dstonoff'], 'dstauto' => $user['dstauto'], 'sessionurl' => $user['sessionurl']);// ############################## FASHERMAN CODE ###############################// this code is submitted by fred (fasherman) and will help with the development of vbulletin 3 pluginsif($usersettings['userid'] != 0){ $vb3userinfo = $DB->query_first("SELECT * FROM " . $tableprefix . "user WHERE userid = '$usersettings[userid]'"); if(isset($_COOKIE['bbstyleid'])) { $vb3userinfo['styleid'] = $_COOKIE['bbstyleid']; } $vb3userinfo['logouthash'] = md5($vb3userinfo['userid'] . $vb3userinfo['salt']); if($vb3userinfo['styleid'] == 0 ) { $vb3foruminfo = $DB->query_first("SELECT * FROM " . $tableprefix . "setting WHERE varname = 'styleid'"); $vb3userinfo['styleid'] = $vb3foruminfo['value']; } $vb3styleinfo = $DB->query_first("SELECT * FROM " . $tableprefix . "style WHERE styleid = '$vb3userinfo[styleid]'");}else{ $vb3foruminfo = $DB->query_first("SELECT * FROM " . $tableprefix . "setting WHERE varname = 'styleid'"); $vb3styleinfo = $DB->query_first("SELECT * FROM " . $tableprefix . "style WHERE styleid = '$vb3foruminfo[value]'");}$vb3styleinfo['css'] = str_replace("url(images","url(".$sdurl.$usersystem['folderpath']."images", $vb3styleinfo['css']);$vb3stylevar = unserialize($vb3styleinfo['stylevars']);$getvb3settings = $DB->query("SELECT * FROM " . $tableprefix . "setting");while($vb3setting = $DB->fetch_array($getvb3settings)){ $vb3settings[$vb3setting['varname']] = $vb3setting['value'];}$getvb3datastores = $DB->query("SELECT * FROM " . $tableprefix . "datastore");while($vb3datastore = $DB->fetch_array($getvb3datastores)){ $vb3datastores[$vb3datastore['title']] = $vb3datastore['data'];}// ############################## UNSET VARIABLES ##############################unset($user, $session, $sessionhash,);// ############################## USER FUNCTIONS ##############################function IsIPBanned($clientip){ global $DB, $usersystem, $dbname; if($usersystem['dbname'] != $dbname) { // Subdreamer is being integrated with a Forum in a different database $DB->select_db($usersystem['dbname']); $getbanip = $DB->query_first("SELECT value FROM " . $usersystem['tblprefix'] . "setting WHERE varname = 'banip'"); $DB->select_db($dbname); } else { $getbanip = $DB->query_first("SELECT value FROM " . $usersystem['tblprefix'] . "setting WHERE varname = 'banip'"); } $banip = trim($getbanip[0]); /* This isn't the same code as VB because their code has a bug in it :) */ $addresses = explode(' ', preg_replace("/[[:space:]]+/", " ", $banip) ); $clientaddresses = explode('.', $clientip); foreach ($addresses AS $val) { if (strpos(' ' . $clientip, ' ' . trim($val)) !== false) { // Do we have a full match on last octet of ban IP $ban_ip_a = explode(".", trim($val)); if ($ban_ip_a[count($ban_ip_a) - 1] == $clientaddresses[count($ban_ip_a) - 1]) { return true; } } } return false;}// Returns the relevent forum link url// linkType// 1 - Register// 2 - UserCP// 3 - Recover Password// 4 - UserCP (requires $userid)// 5 - SendPM (requires $userid)function ForumLink($linkType, $userid = -1){ global $sdurl, $usersystem; switch($linkType) { case 1: $url = 'register.php'; break; case 2: $url = 'usercp.php'; break; case 3: $url = 'login.php?do=lostpw'; break; case 4: $url = 'member.php?u=' . $userid; break; case 5: $url = 'private.php?do=newpm&u=' . $userid; break; } return $sdurl . $usersystem['folderpath'] . $url;}function ForumAvatar($userid, $username){ global $DB, $dbname, $usersystem, $sdurl; $avatar = ''; // forum information $forumdbname = $usersystem['dbname']; $forumpath = $usersystem['folderpath']; $tableprefix = $usersystem['tblprefix']; // switch to forum database if($dbname != $forumdbname) { $DB->select_db($forumdbname); } if($userid > 0) { $extrasql = 'WHERE user.userid = ' . $userid; } else { $extrasql = 'WHERE user.username = "' . addslashes($username) . '"'; } $ver = $DB->query_first("SELECT value FROM " . $tableprefix . "setting WHERE varname = 'templateversion'"); $version = explode('.', $ver[0]); if($version[0] == 3) { if($version[1] < 5) { $query = "SELECT user.avatarid, user.avatarrevision, avatarpath, NOT ISNULL(avatardata) AS hascustom, customavatar.dateline, user.userid FROM " . $tableprefix . "user AS user LEFT JOIN " . $tableprefix . "avatar AS avatar ON avatar.avatarid = user.avatarid LEFT JOIN " . $tableprefix . "customavatar AS customavatar ON customavatar.userid = user.userid " . $extrasql; } else { $query = "SELECT user.avatarid, user.avatarrevision, avatarpath, NOT ISNULL(filedata) AS hascustom, customavatar.dateline, user.userid FROM " . $tableprefix . "user AS user LEFT JOIN " . $tableprefix . "avatar AS avatar ON avatar.avatarid = user.avatarid LEFT JOIN " . $tableprefix . "customavatar AS customavatar ON customavatar.userid = user.userid " . $extrasql; } } else { echo 'This doesn\'t appear to be vBulletin 3. The version number is ' . $ver[0]; } if ($avatarinfo = $DB->query_first($query)) { if (!empty($avatarinfo['avatarpath'])) { $avatar = '<img alt="avatar" src="' . $sdurl . $forumpath . $avatarinfo['avatarpath'] . '"/>'; } else if ($avatarinfo['hascustom']) { $usefileavatar = $DB->query_first("SELECT value FROM " . $tableprefix . "setting WHERE varname='usefileavatar'"); if(isset($usefileavatar[0]) && $usefileavatar[0]) { $avatarurl = $DB->query_first("SELECT value FROM " . $tableprefix . "setting WHERE varname='avatarurl'"); if(substr($avatarurl[0], 0, 1) == '/') { $avurl = $avatarurl[0]; } else { $avurl = $sdurl . $forumpath . $avatarurl[0]; } $avatar = '<img alt="avatar" src="' . $avurl . '/avatar' . $avatarinfo['userid'] . '_' . $avatarinfo['avatarrevision'] . '.gif" />'; } else { $avatar = '<img alt="avatar" src="' . $sdurl . $forumpath . 'image.php?u=' . $avatarinfo['userid'] . '&dateline=' . $avatarinfo['dateline'] . '"/>'; } } } // switch back to subdreamer database if($dbname != $forumdbname) { $DB->select_db($dbname); } return $avatar;}?>
  4. I'm getting error in forum integration Parse error: syntax error, unexpected ')', expecting T_VARIABLE or '$' in /home/public_html/xxxx/includes/usersystems/vbulletin3.php on line 488 Please help me..
  5. No Silver Bullet: Essence and Accidents of Software Engineering by Frederick P. Brooks, Jr. more here: http://forums.xisto.com/no_longer_exists/ Kindly give your reactions and comments about this topic. Well it's my class assignment and I want you to share your bright ideas regarding this. Thank you.
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.