41
wanikoo
Re: XOOPS PM(Private Message)-Hack
  • 2004/12/7 18:47

  • wanikoo

  • Not too shy to talk

  • Posts: 129

  • Since: 2003/12/27


Quote:

irmtfan wrote:
php debug give me this notices:
Notice [PHP]: Undefined indexuser_sort in file viewpmsg.php line 172
Notice 
[PHP]: Undefined indexsince in file viewpmsg.php line 184
Notice 
[PHP]: Undefined indexsearch_field in file viewpmsg.php line 187
Notice 
[PHP]: Undefined indexsearch_type in file viewpmsg.php line 190
Notice 
[PHP]: Use of undefined constant PHP_SELF assumed 'PHP_SELF' in file viewpmsg.php line 319

I know^^
(Umm...Just Notices^^;;)
But...I will remove them in the future version^^

42
Mithrandir
Re: XOOPS PM(Private Message)-Hack

When you are done with it (all known bugs fixed or you are simply stomped) slip me an email on Mithrandir atzie XOOPS dottie org and I will take a look at it.

Until now, there have been updates too often for me to take the time to look at it.

Regarding PHP_SELF, if you want a form to submit to the same page, please use $_SERVER['REQUEST_URI'] - that is set in include/common.php if missing and should be cross-platform. And yes, please eliminate notices wherever possible. They may be just notices, but they *will* confuse the casual user/webmaster, if they encounter a problem, as they will think that they have anything to do with the problem.

43
wanikoo
Re: XOOPS PM(Private Message)-Hack
  • 2004/12/8 12:52

  • wanikoo

  • Not too shy to talk

  • Posts: 129

  • Since: 2003/12/27


Updated to Ver2.85!
And
You must upgrade to this version!!!!


------Ver2.85-------(2004/12/8)
>>Security patched!!! You must upgrade to this version(2.85) if you use the previous version except Ver1.0.
(I had examined my PM-hack on secruty and found a serious vulnerability and could break this PM system for myself!(Very Sorry!)
Umm..although I'm not a top-level hacker,I could do it. That's why you must upgrade to this patched version!
>>NOTICE messages in the php-debug mode removed^^No more NOTICE!!
>>compatibility improved^^for other systems!
-----------------------------
How to upgrade 2.8->2.85
0, No change on PM table^^No touch^^
1, Overwrite All files into proper directories!!
2, That'a all! Enjoy this new PM system2.85!!

Demo:

http://kjw0815.codns.com/wanisys/japanese/xoops/html/modules/news/

Downloads:

http://www.wanisys.net/data/wanipmhack.zip

2004/12/8

From wani[wani@wanisys.net]

44
wanikoo
Re: XOOPS PM(Private Message)-Hack
  • 2004/12/10 3:55

  • wanikoo

  • Not too shy to talk

  • Posts: 129

  • Since: 2003/12/27


My Mistake fixed!!
Mr.Okatti,thanks for your report!!

In Ver2.85,I did a stupid mistake that I omitted some codes related with $_GET["mailbox"],$_GET["mailbox"],$_POST["mailbox"],$_POST["mailbox"]. It means...if your PHP is set as register_globals=Off,you can't read your PM.
Very Sorry..!!!
In the middle of working on Ver2.85,I tested it on the condition,register_globals=On. So..I didn't notice my stupid mistake. Very Sorry again!!

Umm..
btw,
if you use the previous version,you must upgrade to this patched version...because of it has a vulnerability.
I plan to disclose how to break Ver2.80....next week.
So..you must upgrade till next week.

Please replace your old readpmsg.php with this new readpmsg.php if you have never seen this message before!!!!

Please redownload this file(2.85mistake-fixed)!!

http://www.wanisys.net/data/wanipmhack.zip

45
wanikoo
Re: XOOPS PM(Private Message)-Hack
  • 2004/12/14 21:29

  • wanikoo

  • Not too shy to talk

  • Posts: 129

  • Since: 2003/12/27


Hi^^
Long time...Long Wait^^
Yeah!!
Finally...Upgraded to Ver3.0.
But...
this version is still unstable and possibly has a few bugs.^^Maybe..
So I recommend that you use this version on your test-server, not on your commercial or public server.
Umm...
btw, I really need your advices and bug-reports about this version to improve this PM-hack.
Any advice and any report welcomed...
please...help me^^

If you want the stable version of this PM-hack, Please download Ver2.85^^


------Ver3.0-------(2004/12/14)
>>With Ver3.0, You can set your own PM Config to customize interface and environment of your PM system.
I mean,
With your filter-setting,You can filter dirty and filthy messages.
With your reject-setting,You can reject all PM....explaining your reject reason to Your Partner.
With your blacklist, You can prevent someone(on your blacklist) from sending any PM to you.
With your pmsort-setting, pmorder-setting and pmlimit-setting, you can set default values of them(sort,order,limit).
With your trashbox-setting, you can determine whether trashboxes are displayed (or not). (default=no display)
With your mail-setting, you can determine whether you receive also a notification-mail when you receive any PM.
With your popup-setting, you can determine whether you are notified with an alert-window when you have a new PM during online.(limit:5 minutes after posting)
And
With rbox_max-setting and pbox_max-setting,
Only Admin can set rbox_max(inbox+readbox+rsavebox) and pbox_max(outbox+sentbox+psavebox) of All users.
>>Integration with my PM-partner search hack!
You can easily find your PM-partner with this hack.
-----------------------------

How to install[new install]

1, Open this file(/html/wanipmhack.sql) and execute the sql query on the file^^
( Use phpmyadmin...if you are DB-novice!!Please, watch out table prefix[xoops_])
2, Overwrite All files into proper directories!!
(You must back-up original files...before this hack!!!!)
3, Open this file(/html/language/{yourlanguage}/pmsg.txt)
Add the contents of pmsg.txt to pmsg.php.
4, Open this file(/html/include/common.txt)
Add the wanipmhack section(I mean ////////////////WANIPMHACK3.0) of common.txt to common.php.
5, That's all!! Enjoy this new PM system!!

How to upgrade 2.85->3.0
1, Open this file(/html/wanipmhack.sql) and execute the wanipmhack3.0 sql query on the file^^
I mean you have to make a new table,xoops_priv_msgs_config^^
( Use phpmyadmin...if you are DB-novice!!Please, watch out table prefix[xoops_])
2, Overwrite All files into proper directories!!
3, Open this file(/html/language/{yourlanguage}/pmsg.txt)
Add the upgraded contents( under//WANISYS.NET PM HACK3.0) of pmsg.txt to pmsg.php.
4, Open this file(/html/include/common.txt)
Add the wanipmhack section(I mean ////////////////WANIPMHACK3.0) of common.txt to common.php.
(You must back-up original file...before this hack!!!!)
3, That'a all! Enjoy this new PM system3.0!!

Demo:

http://kjw0815.codns.com/wanisys/japanese/xoops/html/modules/news/

Downloads:
-Stable Version => Ver2.85
http://www.wanisys.net/data/wanipmhack.zip
-Test Version => Ver3.0
http://www.wanisys.net/data/wanipmhack30.zip

2004/12/15

From wani[wani@wanisys.net]

46
irmtfan
Re: XOOPS PM(Private Message)-Hack
  • 2004/12/15 7:03

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


thanks wanikoo for the great work.
i install this hack in my test site and do 1,2,3 steps without problem. but in 4 step when i add your hack to common.php i get this warnning:
Errors
None
Warning 
[PHP]: Cannot modify header information headers already sent by (output started at /home/.../public_html/test/include/common.php:310in file index.php line 39


i use xoops2.0.9 beta and this is the line around 310 in common.php :
if(!$pmconfig_handlerpopup->forcemake($pmconfigpopup,$xoopsUser->getVar("uid"))) {
            echo 
$pmconfigpopup->getHtmlErrors();
    }

hope this can help you

47
wanikoo
Re: XOOPS PM(Private Message)-Hack
  • 2004/12/15 10:12

  • wanikoo

  • Not too shy to talk

  • Posts: 129

  • Since: 2003/12/27


Quote:

irmtfan wrote:
thanks wanikoo for the great work.
i install this hack in my test site and do 1,2,3 steps without problem. but in 4 step when i add your hack to common.php i get this warnning:
Errors
None
Warning [PHP]: Cannot modify header information - headers already sent by (output started at /home/.../public_html/test/include/common.php:310) in file index.php line 39

i use xoops2.0.9 beta and this is the line around 310 in common.php :
if(!$pmconfig_handlerpopup->forcemake($pmconfigpopup,$xoopsUser->getVar("uid"))) {
echo $pmconfigpopup->getHtmlErrors();
}

Umm...
Before I released this version 3.0, I had tested it on my test-server(XOOPS 2.0.7.3 and PHP4.XXX).
and confirmed it worked well....but....didn't tested it on some environment(XOOPS 2.0.9 and PHP5)..Sorry--;;

Anyway...
now...I tested it on XOOPS 2.0.9....
And...I confirmed it still worked well....(although it showed me some NOTICEs)

Umm...
So...
I think...you had such a warning because you used PHP5...or...some Protector Programs(ex..protector).
but...I guess..this problem can be solved easily....


Please,comment out that process like this^^I think it's still ok...because this process is redundant^^..
(Anyone who has a warning like him....Please...comment out like this^^)
// if(!$pmconfig_handlerpopup->forcemake($pmconfigpopup,$xoopsUser->getVar("uid"))) {
// echo $pmconfigpopup->getHtmlErrors();
// }
// else {
// $pmconfigpopup = & $pmconfig_handlerpopup->getbyuid($xoopsUser->getVar("uid"));
// }

Thanks for your report^^

48
wanikoo
Re: XOOPS PM(Private Message)-Hack
  • 2004/12/15 11:25

  • wanikoo

  • Not too shy to talk

  • Posts: 129

  • Since: 2003/12/27


Quote:

wanikoo wrote:

Please,comment out that process like this^^I think it's still ok...because this process is redundant^^..
(Anyone who has a warning like him....Please...comment out like this^^)
// if(!$pmconfig_handlerpopup->forcemake($pmconfigpopup,$xoopsUser->getVar("uid"))) {
// echo $pmconfigpopup->getHtmlErrors();
// }
// else {
// $pmconfigpopup = & $pmconfig_handlerpopup->getbyuid($xoopsUser->getVar("uid"));
// }


I feel I need to explain this code in detail.
...Umm...
If you make pmconfig-record of each user at the same time when you create his account(I mean user-info),
this process...is not needed!!!
but...
most of you already...have your members(without their pmconfig-record)...
so..the process that makes his/her pmconfig-record forcibly.....is needed...(Yeah..mysql is still cool^^)
Umm....
I inserted this process...into every file of this hack^^...So...I can...say..it's redundant...in common.php

if(!$pmconfig_handlerpopup->forcemake($pmconfigpopup,$xoopsUser->getVar("uid"))) {
echo $pmconfigpopup->getHtmlErrors();
}
else {
$pmconfigpopup = & $pmconfig_handlerpopup->getbyuid($xoopsUser->getVar("uid"));
}

And
Let me explain the modification of common.php...briefly.
All modification of common.php is for popup-alert notification function!
So...if you don't want your common.php modified and ..don't need this function, you can use your original common.php.
In that case, you can't take advantage of this cool(?--;;) function.

Anyway...explanation continues........
With this function.....
You can be notified with an alert-window(javascript)...
[when your partner sends you a PM while you are online.....(newpopup = 1)
&&
when your reload or move to any page within 5 minutes after posting.]

Umm...
I know it needs more upgrade or possibly moved into other file(header.php or foot.php etc..)

btw...
Which do you like better?
A: preventing any message with some filthy and dirty words from being posted.
B: replacing that words with some other characters(ex..d##g..) without preventing.

49
limecity
Re: XOOPS PM(Private Message)-Hack
  • 2004/12/15 12:26

  • limecity

  • Friend of XOOPS

  • Posts: 1602

  • Since: 2003/7/6 0


I am very interested in this.
i tried to register in your site to see how it looks like.
but can't.

So possibly make a screenshot and post it up?
thanks

50
wanikoo
Re: XOOPS PM(Private Message)-Hack
  • 2004/12/15 16:02

  • wanikoo

  • Not too shy to talk

  • Posts: 129

  • Since: 2003/12/27


Misspelled in configmsg.php
(rejcet_reason->reject_reason)
please correct this mistake^^

$reject_reason = new XoopsFormTextArea(_PM_REJECTREASON, 'reject_reason', $pmconfig->getVar('rejcet_reason'));

$reject_reason = new XoopsFormTextArea(_PM_REJECTREASON, 'reject_reason', $pmconfig->getVar('reject_reason'));

Quote:

limecity wrote:
I am very interested in this.
i tried to register in your site to see how it looks like.
but can't.

So possibly make a screenshot and post it up?
thanks

Ok^^
someday^^

Login

Who's Online

576 user(s) are online (139 user(s) are browsing Support Forums)


Members: 0


Guests: 576


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Oct 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits