vBulletin LTS

Back to vBulletin 3 Articles

[Tip] - Common Mistake when hacking your vb
by Dean C 03 Jan 2003
Well the most common mistake i made when i was new to install hacks was when it was long lines of code which performed a query.

Many hacks require you to edit the same line and add little fractions to it.

Ok so lets start out with a fresh install.

We install just a part of the 'away user hack'.

The instructions want us to replace this in user.php:

PHP Code:
$DB_site->query("UPDATE user SET birthday='$birthday',options='$options',usergroupid='$usergroupid',username='".addslashes(htmlspecialchars($ausername))."'$pwdinclude,email='".addslashes(htmlspecialchars($email))."',styleid='$userstyleid',parentemail='".addslashes(htmlspecialchars($parentemail))."',coppauser=$coppauser,homepage='".addslashes(htmlspecialchars($homepage))."',icq='".addslashes(htmlspecialchars($icq))."',aim='".addslashes(htmlspecialchars($aim))."',yahoo='".addslashes(htmlspecialchars($yahoo))."',signature='".addslashes($signature)."',adminemail=$adminemail,showemail=$showemail,invisible=$invisible,usertitle='".addslashes($usertitle)."',customtitle=$customtitle,joindate=$joindate,cookieuser=$cookieuser,nosessionhash=$nosessionhash,daysprune='$daysprune',lastvisit=$lastvisit,lastactivity=$lastactivity,lastpost=$lastpost,posts='$posts',timezoneoffset='$timezoneoffset',emailnotification=$emailnotification,receivepm='$receivepm',emailonpm='$emailonpm',ipaddress='".addslashes($aipaddress)."',pmpopup=IF(pmpopup=2 AND $pmpopup=1,pmpopup,'$pmpopup') WHERE userid=$userid"); 
With this:

PHP Code:
$DB_site->query("UPDATE user SET away='$away',awaydate=$awaydate,returndate='$returndate',awayreason='".addslashes(htmlspecialchars($awayreason))."',birthday='$birthday',options='$options',usergroupid='$usergroupid',username='".addslashes(htmlspecialchars($ausername))."'$pwdinclude,email='".addslashes(htmlspecialchars($email))."',styleid='$userstyleid',parentemail='".addslashes(htmlspecialchars($parentemail))."',coppauser=$coppauser,homepage='".addslashes(htmlspecialchars($homepage))."',icq='".addslashes(htmlspecialchars($icq))."',aim='".addslashes(htmlspecialchars($aim))."',yahoo='".addslashes(htmlspecialchars($yahoo))."',signature='".addslashes($signature)."',adminemail=$adminemail,showemail=$showemail,invisible=$invisible,usertitle='".addslashes($usertitle)."',customtitle=$customtitle,joindate=$joindate,cookieuser=$cookieuser,nosessionhash=$nosessionhash,daysprune='$daysprune',lastvisit=$lastvisit,lastactivity=$lastactivity,lastpost=$lastpost,posts='$posts',timezoneoffset='$timezoneoffset',emailnotification=$emailnotification,receivepm='$receivepm',emailonpm='$emailonpm',ipaddress='".addslashes($aipaddress)."',pmpopup=IF(pmpopup=2 AND $pmpopup=1,pmpopup,'$pmpopup') WHERE userid=$userid"); 
Ok that's not hard because what we need to replace will be there because the hack is made for a fresh install.

The problem comes when we have to edit that line again and it's different to the instructions. Most people will just look at the first 10 characters of that line and say well i should just replace it. Now if you do your 'away user hack' won't work.

Here's an example in the 'contributor lable' hack. It wants us again to replace this line in user.php:

PHP Code:
$DB_site->query("UPDATE user SET birthday='$birthday',options='$options',usergroupid='$usergroupid',username='".addslashes(htmlspecialchars($ausername))."'$pwdinclude,email='".addslashes(htmlspecialchars($email))."',styleid='$userstyleid',parentemail='".addslashes(htmlspecialchars($parentemail))."',coppauser=$coppauser,homepage='".addslashes(htmlspecialchars($homepage))."',icq='".addslashes(htmlspecialchars($icq))."',aim='".addslashes(htmlspecialchars($aim))."',yahoo='".addslashes(htmlspecialchars($yahoo))."',signature='".addslashes($signature)."',adminemail=$adminemail,showemail=$showemail,invisible=$invisible,usertitle='".addslashes($usertitle)."',customtitle=$customtitle,joindate=$joindate,cookieuser=$cookieuser,nosessionhash=$nosessionhash,daysprune='$daysprune',lastvisit=$lastvisit,lastactivity=$lastactivity,lastpost=$lastpost,posts='$posts',timezoneoffset='$timezoneoffset',emailnotification=$emailnotification,receivepm='$receivepm',emailonpm='$emailonpm',ipaddress='".addslashes($aipaddress)."',pmpopup=IF(pmpopup=2 AND $pmpopup=1,pmpopup,'$pmpopup') WHERE userid=$userid"); 
With this:

PHP Code:
$DB_site->query("UPDATE user SET birthday='$birthday',options='$options',usergroupid='$usergroupid',username='".addslashes(htmlspecialchars($ausername))."'$pwdinclude,email='".addslashes(htmlspecialchars($email))."',styleid='$userstyleid',parentemail='".addslashes(htmlspecialchars($parentemail))."',coppauser=$coppauser,homepage='".addslashes(htmlspecialchars($homepage))."',icq='".addslashes(htmlspecialchars($icq))."',aim='".addslashes(htmlspecialchars($aim))."',yahoo='".addslashes(htmlspecialchars($yahoo))."',signature='".addslashes($signature)."',adminemail=$adminemail,showemail=$showemail,invisible=$invisible,usertitle='".addslashes($usertitle)."',customtitle=$customtitle,joindate=$joindate,cookieuser=$cookieuser,nosessionhash=$nosessionhash,daysprune='$daysprune',lastvisit=$lastvisit,lastactivity=$lastactivity,lastpost=$lastpost,posts='$posts',timezoneoffset='$timezoneoffset',emailnotification=$emailnotification,receivepm='$receivepm',emailonpm='$emailonpm',ipaddress='".addslashes($aipaddress)."',donator='$donation',pmpopup=IF(pmpopup=2 AND $pmpopup=1,pmpopup,'$pmpopup') WHERE userid=$userid"); 
But because we've edited that line of code for another hack it isn't there. This leads many people to go into the support thread and say i haven't got that line of code in my user.php

Well in fact you have but it's slightly changed.

So what we do is look at the code that needs to be changed and we'll look up the line until we find what's different. Here's the code that was added to that line for the away hack:

PHP Code:
away='$away',awaydate=$awaydate,returndate='$returndate',awayreason='".addslashes(htmlspecialchars($awayreason))."'
So what we do is ignore this line of code and see what's different in the other hack:

PHP Code:
donator='$donation'
So we see where the bit of code was added after in the line which was:

PHP Code:
ipaddress='".addslashes($aipaddress)."'
Then we add the relevent code after it. And your final line of code should look like this:

PHP Code:
$DB_site->query("UPDATE user SET away='$away',awaydate=$awaydate,returndate='$returndate',awayreason='".addslashes(htmlspecialchars($awayreason))."',birthday='$birthday',options='$options',usergroupid='$usergroupid',username='".addslashes(htmlspecialchars($ausername))."'$pwdinclude,email='".addslashes(htmlspecialchars($email))."',styleid='$userstyleid',parentemail='".addslashes(htmlspecialchars($parentemail))."',coppauser=$coppauser,homepage='".addslashes(htmlspecialchars($homepage))."',icq='".addslashes(htmlspecialchars($icq))."',aim='".addslashes(htmlspecialchars($aim))."',yahoo='".addslashes(htmlspecialchars($yahoo))."',signature='".addslashes($signature)."',adminemail=$adminemail,showemail=$showemail,invisible=$invisible,usertitle='".addslashes($usertitle)."',customtitle=$customtitle,joindate=$joindate,cookieuser=$cookieuser,nosessionhash=$nosessionhash,daysprune='$daysprune',lastvisit=$lastvisit,lastactivity=$lastactivity,lastpost=$lastpost,posts='$posts',timezoneoffset='$timezoneoffset',emailnotification=$emailnotification,receivepm='$receivepm',emailonpm='$emailonpm',ipaddress='".addslashes($aipaddress)."',donator='$donation',pmpopup=IF(pmpopup=2 AND $pmpopup=1,pmpopup,'$pmpopup') WHERE userid=$userid"); 
And there we go. We've managed to get past one of the most commonest mistakes when editing your long query lines.

Regards

- miSt

vblts.ru supports vBulletin®, 2022-2024