vBulletın Webpage [3.0.x]

Dark_Angel · 9 Ocak 2006

Modulu kurmadan once forumunuzun tum dosyalarının ve database ının yedegını almayı unutmayın...

1.Ekteki webgb_install.php dosyasını admincp klasörüne upload edin..

2.gbremove.gif ve gbedit.gif dosyalarını images/buttons klasorune upload edin.

3.webgbset.php dosyasını root dızınınıze upload edin (ör: forum/ ) klasörüne

4. www.siteniz.com/forum/admincp/webgb_install.php diyerek install a başlayın...

Eğer install yaptıktan sonra hack çalışmazsa Aşağıdaki editlemeleri yapın...

member.php dosyasında alttakini bulun;

PHP:

$userperms = cache_permissions($userinfo, false);

hemen altına aşağıdakini ekleyin;

PHP:

//####################################
//Webpage and Guestbook Addon - v1.0.4
//For vBulletin version 3.0.x
//####################################

//Required to force userid in a DEFINE. For some weird reason $userid sometimes changes value
if($u) { 
    DEFINE("GBUSERID", $u);
} elseif($userid) {
    DEFINE("GBUSERID", $userid);
} else {
    //Do something, but not sure what yet...
}

//THIS FILE CONTROLS COLORS AND LANGUAGE
require_once("./webgbset.php");

//Required for permissions check
require_once('./includes/functions_misc.php');

//WEBPAGE

//Quick edit feature for admins
if ($_POST['do'] == 'quickedit' && $permissions['adminpermissions']) {
    
    globalize($_POST, array('edit' => STR, 'message' => STR));
    
    if($edit == 1) {
        //Do database update
        $DB_site->query("UPDATE user_webpage SET name = '".addslashes($_POST['name'])."', description = '".addslashes($_POST['description'])."', text = '".addslashes($message)."' WHERE userid = '".GBUSERID."'");
        $url = "member.php?u=".GBUSERID."";
        eval(print_standard_redirect('redirect_updatethanks'));
    } else {
        //Display edit
        $sql = $DB_site->query("SELECT * FROM user_webpage WHERE userid = ".GBUSERID."");
        while($row = mysql_fetch_assoc($sql)) {
            $webpage['quickedit_form'] = "
            <div style=\"font-size:14pt\" align=center><strong>".$vbphrase['wg_quick_edit']."</strong></div>
            <table align=center border=0 cellspacing=0 cellpadding=5>
            <form action=\"".$_SERVER['PHP_SELF']."?u=".GBUSERID."\" method=\"post\">
            <input type=\"hidden\" name=\"do\" value=\"quickedit\">
            <input type=\"hidden\" name=\"edit\" value=\"1\">
            <tr><td class=\"wg_form\">
            <b>Webpage Name:</b><br>
            <input name=\"name\" size=60 value=\"".stripslashes($row['name'])."\"><br>
            <b>Description:</b><br>
            <input name=\"description\" size=60 value=\"".stripslashes($row['description'])."\"><br>
            <b>Webpage Content:</b><br>
            <textarea cols=60 rows=10 name=\"message\">".stripslashes($row['text'])." </textarea><br>
            <input type=\"submit\" value=\"".$vbphrase['wg_submit_edited']."\"> <a href=\"".$_SERVER['PHP_SELF']."?u=".GBUSERID."\">".$vbphrase['cancel']."</a>
            </td></tr>
            </form>
            </table>
            ";
        }
    }
}

//Check usergroup permissions, global and current browsing user's permissions to display content
if(iif($permissions['genericpermissions'] & CANVIEWWEBPAGE, 1, 0) == 1 && iif($userinfo['permissions']['genericpermissions'] & CANHAVEWEBPAGE, 1, 0) == 1 && $vboptions['allowwebpage'] == 1) {
    
    //Load vB's own parsing functions
    require_once('./includes/functions_bbcodeparse.php');
    
    //Bunch of functions needed further into the script
    function br2nl( $data ) {
        return preg_replace( '!<br.*>!iU', "\n", $data );
    }
    
    $sql = mysql_query("SELECT * FROM user_webpage WHERE userid = ".GBUSERID."");
    if(mysql_num_rows($sql) == 0) {
        
        //Create ext. profile
        $createsql = mysql_query("INSERT INTO user_webpage (userid,hits,vbcodeorhtml) VALUES (".GBUSERID.",'1','".$vboptions['webpagevbcodeorhtml']."')");
        //ladda om $sql värde
        $sql = mysql_query("SELECT * FROM user_webpage WHERE userid = ".GBUSERID."");
        
    }
    
    //Continue displaying what was found
        while($row = mysql_fetch_assoc($sql)) {
            
            //Content found, enable Webpage to be viewed only if something has been added...
            if(empty($row['text'])) {
                $webpage['webpage_onoff'] = "off"; //Disable Webpage
                $wghtml['webpagewidth'] =  "100%";
            } else {
                $webpage['webpage_onoff'] = "on"; //Enable Webpage
                
            $webpage['name'] = stripslashes($row['name']);
            if($row['lastupdate'] =="") {
                $webpage['lastupdate'] = $vbphrase['wg_never'];
            } else {
                $webpage['lastupdate'] = date("".$vboptions['dateformat']." ".$vboptions['timeformat']."", $row['lastupdate']);
            }
            $webpage['description'] = stripslashes($row['description']);
            
            $webpage['text'] = stripslashes($row['text']);
            
            //Check text-formatting settings
            $settingvbcode = iif($row['vbcodeorhtml'] == 'vbcode' AND $vboptions['webpageallowvbcode'] == '1', '1', '0');
            $settinghtml = iif($row['vbcodeorhtml'] == 'html' AND $vboptions['webpageallowhtml'] == '1', '1', '0');
            if($settinghtml == 0 AND $settingvbcode == 0) {
                $settingvbcode = 1;
            }
            
            if($vboptions['webpagesmilies'] == 1 and $row['usesmilies'] == 1) {
                $settingsmilies = 1; } else { $settingsmilies = 0; }
            
            if($settingvbcode == 1) {
                $webpage['text'] = parse_bbcode2($webpage['text'], $settinghtml, 1, $settingsmilies, $settingvbcode, 0);
            }
            if($settinghtml == 1) {
                //Remove scripts!!!
                $webpage['text'] = preg_replace("/(\<script)(.*?)(script>)/si", "", $webpage['text']);
                //Don't hide anything!
                $webpage['text'] = str_replace("<!--", "<!--", $webpage['text']);
                //Allow specified tags (if empty in admin, ALL tags are allowed! SECURITY RISK!)
                if(!empty($vboptions['allowedhtmltags'])) {
                    $webpage['text'] = strip_tags($webpage['text'], $vboptions['allowedhtmltags']);
                }
                //Convert smilies
                $webpage['text'] = parse_bbcode2($webpage['text'], $settinghtml, 0, $settingsmilies, 0, 0, 0);
            }
            
            //Javascript will not be allowed
            $webpage['text'] = ereg_replace("~<script[^>]*>.+</script[^>]*>~isU", "", $webpage['text']); 
            
            $webpage['hits'] = $row['hits'];
            $webpage['bgcolor'] = $row['bgcolor'];
            $webpage['bordersize'] = $row['bordersize'];
            $webpage['bordercolor'] = $row['bordercolor'];
            $webpage['fontface'] = $row['fontface'];
            $webpage['fontsize'] = $row['fontsize'];
            $webpage['fontcolor'] = $row['fontcolor'];

            $webpage['header'] .= "
            <table width=100% border=0 cellspacing=0 cellpadding=3>
            <tr><td class=\"page\">
            <font size=\"".$wghtml['webpagetitletextsize']."\"><b>".$userinfo['username']."'s ".$vbphrase['wg_webpage']."</b>
            </td></tr>
            <tr><td bgcolor=\"".$wghtml['borderline']."\" height=1></td></tr>
            <tr><td class=\"wg_menu\">
            ";
            if(!empty($webpage['description'])) {
                $webpage['header'] .= "<b>Description:</b> $webpage[description]";
            }
            $webpage['header'] .= "</td></tr>
            <tr><td class=\"wg_menu\">
            <div class=\"smallfont\"><b>".$vbphrase['wg_last_update'].":</b> <font color=\"".$wghtml['lastupdatetextcolor']."\"><i>
            ";
            if(!empty($webpage['lastupdate'])) {
                $webpage['header'] .= $webpage['lastupdate'];
            }
            $webpage['header'] .= "
            </i></font></div>
            </td></tr>
            </table>
            ";
            
            //Check for admin rights (show quick edit button)
            if($permissions['adminpermissions']) {
                $webpage['quickedit_button'] = "
                <table border=0 cellspacing=0 cellpadding=0>
                <form action=\"".$_SERVER['PHP_SELF']."?u=".GBUSERID."\" method=\"post\">
                <input type=\"hidden\" name=\"do\" value=\"quickedit\">
                <tr><td><input type=\"image\" src=\"images/buttons/quickedit.gif\"></td></tr>
                </form>
                </table>
                ";
            }
            
            //Update hits
            $updsql = mysql_query("UPDATE user_webpage SET hits = $row[hits]+1 WHERE userid = $row[userid]");
            } //End check if content exist        
        } //End while
   
} //End of Webpage-script
else 
{ //Usergroup not allowed to use webpage, turn it off
    $webpage['webpage_onoff'] = "off";
    $wghtml['webpagewidth'] =  "100%";
}

//GUESTBOOK
if ($_POST['do'] == 'insert_gbentry')
{
    globalize($_POST, array('subject' => STR, 'message' => STR));
    
    //Insert
    $sql = mysql_query("SELECT * FROM user_guestbook WHERE userid = ".GBUSERID."");
    while($row = mysql_fetch_assoc($sql) and !empty($message)) {

        //Tune new message
        $subject = htmlspecialchars($subject, ENT_QUOTES);
        $message = htmlspecialchars($message, ENT_QUOTES);
        
        //Create new string
        $newtext = "".time()."%split%$bbuserinfo[userid]%split%$bbuserinfo[username]%split%".$subject."%split%".$message;
        $remoteIP = $_SERVER['REMOTE_ADDR']; 
        if (strstr($remoteIP, ', ')) { 
           $ips = explode(', ', $remoteIP); 
           $remoteIP = $ips[0]; 
        } 
        $fullhost = gethostbyaddr($remoteIP); 
        $newtext .= "%split%".$remoteIP;
        
        if(!empty($row['text'])) { 
            $newtext = $row['text']."%newmessage%".$newtext;
        }
        
        //Insert to db
        $DB_site->query("UPDATE user_guestbook SET text = '".$newtext."', lastentry = '".time()."' WHERE userid = '".GBUSERID."'");
        if(mysql_affected_rows()) {
            if($row['notification'] == "email") {
                //Send Email
                if($bbuserinfo['email'] == "") {
                    $sentbyemail = "";
                } else {
                    $sentbyemail = $bbuserinfo['email'];
                }
                $sendtosql = mysql_query("SELECT email FROM " . TABLE_PREFIX . "user WHERE userid = ".GBUSERID."");
                $sendtorow = mysql_fetch_array($sendtosql);
                $sendtoemail = $sendtorow['email'];
                
                $emailmessage = "".$vbphrase['wg_you_have_a_new_guestbook_entry_from']." ".$bbuserinfo['username']."!\n
                \n
                <a href=\"".$vboptions['bburl']."/member.php?u=".GBUSERID."\">".$vbphrase['wg_click_here_to_view_guestbook']."</a>";
                
                $headers = "To: The Receiver <[email protected]>\n" . 
                "From: The Sender <[email protected]>\n" . 
                "MIME-Version: 1.0\n" . 
                "Content-type: text/html; charset=iso-8859-1";
                
                //Send email
                mail($sendtoemail, $vbphrase['wg_new_guestbook_entry'], 
                "<html><body><p>".$emailmessage."</p></body></html>", 
                "From: Webmaster <".$vboptions['webmasteremail'].">\n" . 
                "MIME-Version: 1.0\n" . 
                "Content-type: text/html; charset=iso-8859-1"); 
            }
            if($row['notification'] == "pm") {
                //Send PM
                $pm['s'] = "";
                $pm['do'] = "insertpm";
                $pm['pmid'] = "";
                $pm['forward'] = "";
                $pm['receipt'] = "0";
                $usersql = mysql_query("SELECT username FROM " . TABLE_PREFIX . "user WHERE userid = ".$row['userid']."");
                while ($userrow = mysql_fetch_array($usersql))
                {
                    $pm['recipients'] = $userrow['username'];
                }
                unset($usersql);
                if($bbuserinfo['userid'] == 0) {
                    $fromusername = $vbphrase['wg_an_unregistered_guest'];
                } else {
                    $fromusername = $bbuserinfo['username'];
                }
                $pm['title'] = $vbphrase['wg_pmtitle'];
                $pm['message'] = $vbphrase['wg_pmbody']. " ".$fromusername."
                
                [URL]http://".$_SERVER['HTTP_HOST']."".$_SERVER['PHP_SELF']."?u=".GBUSERID."[/URL]";
                
                // *************************************************************
                // PROCESS THE MESSAGE AND INSERT IT INTO THE DATABASE

                 $errors = array(); // catches errors
                 $recipients = array(); // people that $bbuserinfo has put into the recipient box
                 $notfound = array(); // people from the recipient box that are not found in the db
                 $checkedusers = array(); // people from the recipient box that were found in the db
                 $sendto = array(); // people that will actually receive this message
                 $tostring = array(); // the array of users who will appear in the pmtext record

                 // check for valid users
                 $pm['recipients'] = vbstrtolower(trim($pm['recipients']));

                 $recipients[] = addslashes(htmlspecialchars_uni($pm['recipients']));

                 // query recipients
                 $checkusers = $DB_site->query("
                     SELECT user.*, usertextfield.*
                     FROM " . TABLE_PREFIX . "user AS user
                     LEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid)
                     WHERE username='" . implode('\' OR username=\'', $recipients) . "'
                     ORDER BY user.username
                 ");

                 // build array of checked users
                 while ($checkuser = $DB_site->fetch_array($checkusers))
                 {
                     $checkuser = array_merge($checkuser, convert_bits_to_array($checkuser['options'], $_USEROPTIONS));
                     $arrkey = vbstrtolower($checkuser['username']);

                     $perms = fetch_permissions(0, $checkuser['userid'], $checkuser);
                     if ($perms['pmquota'] < 1) // can't use pms
                     {
                         if ($checkuser['options'] & $_USEROPTIONS['receivepm'])
                         {   // This will cause the 'can't receive pms' error below to be triggered
                             $checkuser['options'] -= $_USEROPTIONS['receivepm'];
                         }
                     }

                     $checkedusers["$arrkey"] = $checkuser;
                 }

                 // run through recipients to check if we can insert the message
                 foreach ($checkedusers AS $username => $user)
                 {
                     if (!($user['options'] & $_USEROPTIONS['receivepm']))
                     {
                         // recipient has private messaging disabled
                         eval('$errors[] = "' . fetch_phrase('pmrecipturnedoff', PHRASETYPEID_ERROR) . '";');
                     }
                     else
                     {
                         // don't allow a tachy user to sends pms to anyone other than himself
                         if (in_coventry($bbuserinfo['userid'], true) AND $user['userid'] != $bbuserinfo['userid'])
                         {
                             $tostring["$user[userid]"] = $user['username'];
                             continue;
                         }
                         else if (strpos(" $user[ignorelist] ", " $bbuserinfo[userid] ") !== false)
                         {
                             // recipient is ignoring sender
                             if ($permissions['adminpermissions'] & CANCONTROLPANEL)
                             {
                                 $sendto["$username"] = true;
                                 $tostring["$user[userid]"] = $user['username'];
                             }
                             else
                             {
                                 // bbuser is being ignored by recipient - do not send, but do not error
                                 $tostring["$user[userid]"] = $user['username'];
                                 continue;
                             }
                         }
                         else
                         {
                             cache_permissions($user, false);
                             if ($user['permissions'] < 1)
                             {
                                 // recipient has no pm permission
                                 eval('$errors[] = "' . fetch_phrase('pmusernotallowed', PHRASETYPEID_ERROR) . '";');
                             }
                             else
                             {
                                 if ($user['pmtotal'] >= $user['permissions']['pmquota'])
                                 {
                                     // recipient is over their pm quota, what access do they have?
                                     if ($permissions['adminpermissions'] & CANCONTROLPANEL)
                                     {
                                         $sendto["$username"] = true;
                                         $tostring["$user[userid]"] = $user['username'];
                                     }
                                     else if ($user['usergroupid'] != 3 AND $user['usergroupid'] != 4)
                                     {
                                         $touserinfo = &$user;
                                         eval(fetch_email_phrases('pmboxfull', $touserinfo['langageid'], '', 'email'));
                                         vbmail($touserinfo['email'], $emailsubject, $emailmessage, true);
                                         eval('$errors[] = "' . fetch_phrase('pmquotaexceeded', PHRASETYPEID_ERROR) . '";');
                                     }
                                 }
                                 else
                                 {
                                     // okay, send the message!
                                     $sendto["$username"] = true;
                                     $tostring["$user[userid]"] = $user['username'];
                                 }
                             }
                         }
                     }
                 }

                 // process errors if there are any
                 if (empty($errors)) {
                     // if there are no errors, insert the message(s)
                     if (!empty($sendto) OR $pm['savecopy'])
                     {
                         $pmtotalSql = array(); // users to update totals without pmpopup
                         $pmpopupSql = array(); // users to update totals with pmpopup
                         $receiptSql = array(); // receipts to insert

                         $title = addslashes(htmlspecialchars_uni(fetch_censored_text($pm['title'])));
                         $message = addslashes(fetch_censored_text($pm['message']));
                         $signature = intval($pm['signature']);
                         $iconid = intval($pm['iconid']);
                         $disablesmilies = iif($pm['disablesmilies'], 0, 1);

                         // insert private message text
                         $DB_site->query("INSERT INTO " . TABLE_PREFIX . "pmtext\n\t(fromuserid, fromusername, title, message, touserarray, iconid, dateline, showsignature, allowsmilie)\nVALUES\n\t($bbuserinfo[userid], '" . addslashes($bbuserinfo['username']) . "', '$title', '$message', '" . addslashes(serialize($tostring)) . "', $iconid, " . TIMENOW . ", $signature, $disablesmilies)");

                         // get the inserted private message id
                         $pmtextid = $DB_site->insert_id();

                         // save a copy into $bbuserinfo's sent items folder
                         if ($pm['savecopy'])
                         {
                             $DB_site->query("INSERT INTO " . TABLE_PREFIX . "pm (pmtextid, userid, folderid, messageread) VALUES ($pmtextid, $bbuserinfo[userid], -1, 1)");
                             $DB_site->shutdown_query("UPDATE " . TABLE_PREFIX . "user SET pmtotal=pmtotal+1 WHERE userid=$bbuserinfo[userid]");
                         }

                         foreach (array_keys($sendto) AS $username)
                         {
                             $user = &$checkedusers["$username"];
                             $DB_site->query("INSERT INTO " . TABLE_PREFIX . "pm (pmtextid, userid) VALUES ($pmtextid, $user[userid])");
                             if ($pm['receipt'])
                             {
                                 $receiptSql[] = "(" . $DB_site->insert_id() . ", $bbuserinfo[userid], $user[userid], '" . addslashes($user['username']) . "', '$title', " . TIMENOW . ")";
                             }
                             if ($user['pmpopup'])
                             {
                                 $pmpopupSql[] = $user['userid'];
                             }
                             else
                             {
                                 $pmtotalSql[] = $user['userid'];
                             }
                             if ($user['emailonpm'] AND $user['usergroupid'] != 3 AND $user['usergroupid'] != 4)
                             {
                                 $touserinfo = &$user;
                                 eval(fetch_email_phrases('pmreceived', $touserinfo['langageid'], '', 'email'));
                                 vbmail($touserinfo['email'], $emailsubject, $emailmessage);
                             }
                         }

                         // insert receipts
                         if (!empty($receiptSql) AND $cantrackpm)
                         {
                             $DB_site->query("INSERT INTO " . TABLE_PREFIX . "pmreceipt\n\t(pmid, userid, touserid, tousername, title, sendtime)\nVALUES\n\t" . implode(",\n\t", $receiptSql));
                         }

                         // update recipient pm totals (no pm-popup)
                         if (!empty($pmtotalSql))
                         {
                             $DB_site->shutdown_query("UPDATE " . TABLE_PREFIX . "user SET pmtotal=pmtotal+1, pmunread=pmunread+1 WHERE userid IN(" . implode(', ', $pmtotalSql) . ")");
                         }

                         // update recipient pm totals (with pm-popup)
                         if (!empty($pmpopupSql))
                         {
                             $DB_site->shutdown_query("UPDATE " . TABLE_PREFIX . "user SET pmtotal=pmtotal+1, pmunread=pmunread+1, pmpopup=2 WHERE userid IN(" . implode(', ', $pmpopupSql) . ")");
                         }

                         // update replied to / forwarded message 'messageread' status
                         if (!empty($pm['pmid']))
                         {
                             $DB_site->shutdown_query("UPDATE " . TABLE_PREFIX . "pm SET messageread=" . iif($pm['forward'], 3, 2) . " WHERE userid=$bbuserinfo[userid] AND pmid=" . intval($pm['pmid']));
                         }
                     }
                 }
            }
        $url = "member.php?u=".GBUSERID."";
        eval(print_standard_redirect('redirect_updatethanks'));
        }
    }
}

if ($_POST['do'] == 'remove_gbentry')
{
    globalize($_POST, array('page' => STR, 'gbtime' => STR, 'gbuserid' => STR));
    
    //Removal and updating of information
    $sql = mysql_query("SELECT * FROM user_guestbook WHERE userid = ".GBUSERID."");
    while($row = @mysql_fetch_assoc($sql)) {

        //Removal (loop array of message)
        $entryarray = explode("%newmessage%", $row['text']);
 
        for ($i = 0; $i <= count($entryarray)-1; $i++) {       
            $string = $entryarray[$i];
            $pos = strpos($string, "$gbtime%split%$gbuserid");

            if ($pos === false) { 
                $keepusing[] = $entryarray[$i];  
                //This is for grabbing the last entry time value and put it as "last entry" value.
                $lastgbentry = explode("%split%", $entryarray[$i]);
                $lastgbentry = $lastgbentry['0'];
            }         
        }

        for ($i = 0; $i <= count($keepusing)-1; $i++) {
                if($i != 0) $newtext .= "%newmessage%";
                $newtext .= $keepusing[$i];
        }

        //Update guestbook (last entry)
        $DB_site->query("UPDATE user_guestbook SET lastentry = '".$lastgbentry."', text = '".$newtext."' WHERE userid = '".GBUSERID."'");

        $url = "member.php?u=".GBUSERID."";                        
        eval(print_standard_redirect('redirect_updatethanks'));
        
    }
}

if ($_POST['do'] == 'update_gbentry')
{
    globalize($_POST, array('gbtime' => STR, 'gbuserid' => STR, 'subject' => STR, 'message' => STR));

    $subject = htmlspecialchars($subject, ENT_QUOTES);
    $message = htmlspecialchars($message, ENT_QUOTES);

    //Do Update
    $sql = mysql_query("SELECT * FROM user_guestbook WHERE userid = ".GBUSERID."");
    while($row = @mysql_fetch_assoc($sql)) {   
        //Removal (loop array of message)
        $entryarray = explode("%newmessage%", $row['text']); 
        for ($i = 0; $i <= count($entryarray)-1; $i++) {
            
            $string = $entryarray[$i];
            $find = "$gbtime%split%$gbuserid";
            $pos = strpos($string, $find);
            
            if ($pos === false) { 
                //Do nothing.. how weird that === true don't work..hm. Check later
            } else {
                $entry = explode("%split%", $entryarray[$i]);
                $entry['3'] = $subject;
                $entry['4'] = $message;
                $entryarray[$i] = implode("%split%", $entry);
            }
        }
        //Bind together again
        for ($i = 0; $i <= count($entryarray)-1; $i++) {
        if($i != 0) $newtext .= "%newmessage%";
            $newtext .= $entryarray[$i];
        }       
        //Do update
        $DB_site->query("UPDATE user_guestbook SET lastentry = '".$lastgbentry."', text = '".$newtext."' WHERE userid = '".GBUSERID."'");
        
    $url = "member.php?u=".GBUSERID."";                        
    eval(print_standard_redirect('redirect_updatethanks'));   
    }
}

if ($_POST['do'] == 'edit_gbentry')
{
    globalize($_POST, array('page' => STR, 'gbtime' => STR, 'gbuserid' => STR));

    $sql = mysql_query("SELECT * FROM user_guestbook WHERE userid = ".GBUSERID."");
    while($row = @mysql_fetch_assoc($sql)) {
        //Removal (loop array of message)
        $entryarray = explode("%newmessage%", $row['text']);

        for ($i = 0; $i <= count($entryarray)-1; $i++) {
            $string = $entryarray[$i];
            $find = "$gbtime%split%$gbuserid";
            $pos = strpos($string, $find);
            
            if ($pos === false) { 
                //Do nothing.. how weird that === true don't work..hm. Check later
            } else {
                $entry = explode("%split%", $entryarray[$i]);
                $webpage['gb_editform'] .= "
                <table align=center bgcolor=\"$webpage[webpagebordercolor]\" border=0 cellspacing=\"1\" cellpadding=2>
                <form action=\"member.php?u=".GBUSERID."\" method=\"post\">
                <input type=\"hidden\" name=\"do\" value=\"update_gbentry\">
                <input type=\"hidden\" name=\"gbtime\" value=\"".$entry['0']."\">
                <input type=\"hidden\" name=\"gbuserid\" value=\"".$entry['1']."\">
                <tr><td class=\"page\">
                <b>".$vbphrase['wg_edit_guestbook_entry']."</b><br>
                </td></tr>
                <tr><td class=\"wg_form\">
                
                <table border=0 cellspacing=\"0\" cellpadding=5>
                <tr><td><font color=black>
                <b>".$vbphrase['wg_subject']."</b><br>
                <input name=\"subject\" value=\"".unhtmlspecialchars(stripslashes($entry['3']))."\" size=25 maxlength=50><br>
                <b>".$vbphrase['wg_message']."</b><br>
                <textarea name=\"message\" cols=25 rows=4>".unhtmlspecialchars(stripslashes($entry['4']))."

profile.php dosyasını açın ve alttakini bulun;

PHP:

// start the navbar
$navbits = array("usercp.php?$session[sessionurl]" => $vbphrase['user_control_panel']);

hemen altına aşağıdakileri ekleyin;

PHP:

//#####################################
//Webpage and Guestbook Addon - v1.0.4
//For vBulletin version 3.0.x
//#####################################

if ($_POST['do'] == 'update_webpage')
{
    construct_usercp_nav('webpage');
    require_once('./includes/functions_editor.php');
    $istyles_js = construct_editor_styles_js();
    globalize($_POST, array('switch' => STR, 'switchto' => STR, 'usesmilies' => STR, 'bgcolor' => STR, 'fontface' => STR, 'fontsize' => STR, 'fontcolor' => STR, 'bordersize' => STR, 'bordercolor' => STR, 'name' => STR, 'description' => STR, 'message' => STR));
    require_once("./webgbset.php");
    
    if(!empty($switch)) {
        //Only do switch over (any changes done is not saved)
        mysql_query("UPDATE user_webpage SET vbcodeorhtml = '$switchto' WHERE userid = $bbuserinfo[userid]");
        if(mysql_affected_rows() !== "-1") {
            if($switchto == 'html') {
                //Check if allow
                $webprofile['vbcodeorhtml'] = iif($vboptions['webpageallowhtml'] == 1, 'html', 'vbcode');
            }
            if($switchto == 'vbcode') {
                //Check if allow
                $webprofile['vbcodeorhtml'] = iif($vboptions['webpageallowvbcode'] == 1, 'vbcode', 'html');
            }
        }
    } else {
        //Set values for On/Off checkboxes
        if($usesmilies == 'on') $usesmilies = 1; else $usesmilies = 0;
        //Do update of content
        mysql_query("UPDATE user_webpage SET usesmilies = '$usesmilies', bgcolor = '".addslashes($bgcolor)."', fontface = '".addslashes($fontface)."', fontsize = '".addslashes($fontsize)."', fontcolor = '".addslashes($fontcolor)."', bordersize = '".addslashes($bordersize)."', bordercolor = '".addslashes($bordercolor)."', name = '".addslashes($name)."', description = '".addslashes($description)."', text = '".addslashes($message)."', lastupdate = '".time()."' WHERE userid = $bbuserinfo[userid]");
        if(mysql_affected_rows() != -1) {
            $webprofile['updated'] = 1;
        }
    }
    $sql = mysql_query("SELECT * FROM user_webpage WHERE userid = $bbuserinfo[userid]");
    if(mysql_num_rows($sql)) {
       while ($row = mysql_fetch_assoc($sql)) {
           $webprofile['name'] = stripslashes($row['name']);
           $webprofile['description'] = stripslashes($row['description']);
           $webprofile['message'] = stripslashes($row['text']);
           $newpost['message'] = $webprofile['message'];  
           if($row['lastupdate'] !=='') {
               $webprofile['lastupdate'] = date("".$vboptions['dateformat']." ".$vboptions['timeformat']."", $row['lastupdate']);
           } else {
               $webprofile['lastupdate'] = $vbphrase['wg_never'];
           }
           $webprofile['bgcolor'] = stripslashes($row['bgcolor']);
           $webprofile['fontface'] = stripslashes($row['fontface']);
           $webprofile['fontsize'] = stripslashes($row['fontsize']);
           $webprofile['fontcolor'] = stripslashes($row['fontcolor']);
           $webprofile['bordersize'] = stripslashes($row['bordersize']);
           $webprofile['bordercolor'] = stripslashes($row['bordercolor']);  
           $webprofile['usesmilies'] = $row['usesmilies']; 
           $webprofile['show_switchto_vbcode'] = iif($vboptions['webpageallowvbcode'], 1, 0);
           $webprofile['show_switchto_html'] = iif($vboptions['webpageallowhtml'], 1, 0);
           if($vboptions['webpagesmilies'] != 1) $smilies = ''; 
           if($row['vbcodeorhtml'] == 'html') { //Else switch
               $webprofile['vbcodeorhtml'] = iif($vboptions['webpageallowhtml'] == 1, 'html', 'vbcode');
           }
           if($row['vbcodeorhtml'] == 'vbcode') { //Else switch
               $webprofile['vbcodeorhtml'] = iif($vboptions['webpageallowvbcode'] == 1, 'vbcode', 'html');
           }
       }
       $templatename = 'modify_webpage';
       $url = "profile.php?do=editwebpage";
   	 eval(print_standard_redirect('modify_webpage'));
   }
}

if ($_REQUEST['do'] == 'editwebpage')
{
   construct_usercp_nav('webpage');
   
    $sql = mysql_query("SELECT * FROM user_webpage WHERE userid = $bbuserinfo[userid]");
    if(@mysql_num_rows($sql) == 0) {
        //Create a profile area
        mysql_query("INSERT INTO user_webpage (userid,hits,vbcodeorhtml) VALUES ('$bbuserinfo[userid]','1','".$vboptions['webpagevbcodeorhtml']."')");
        //Reload userinfo
        $sql = mysql_query("SELECT * FROM user_webpage WHERE userid = $bbuserinfo[userid]");
    }    
    while ($row = @mysql_fetch_assoc($sql)) {
        $webprofile['name'] = stripslashes($row['name']);
        $webprofile['description'] = stripslashes($row['description']);
        $webprofile['message'] = stripslashes($row['text']);
        $newpost['message'] = $webprofile['message'];
        
        if($row['lastupdate'] !=='') {
            $webprofile['lastupdate'] = date("".$vboptions['dateformat']." ".$vboptions['timeformat']."", $row['lastupdate']);
        } else {
            $webprofile['lastupdate'] = $vbphrase['wg_never'];
        }
        $webprofile['bgcolor'] = stripslashes($row['bgcolor']);
        $webprofile['fontface'] = stripslashes($row['fontface']);
        $webprofile['fontsize'] = stripslashes($row['fontsize']);
        $webprofile['fontcolor'] = stripslashes($row['fontcolor']);
        $webprofile['bordersize'] = stripslashes($row['bordersize']);
        $webprofile['bordercolor'] = stripslashes($row['bordercolor']);
        $webprofile['usesmilies'] = $row['usesmilies'];
        $webprofile['show_switchto_vbcode'] = iif($vboptions['webpageallowvbcode'], 1, 0);
        $webprofile['show_switchto_html'] = iif($vboptions['webpageallowhtml'], 1, 0);
        
        if($row['vbcodeorhtml'] == 'html') {
            //Check if allow
            $webprofile['vbcodeorhtml'] = iif($vboptions['webpageallowhtml'] == 1, 'html', 'vbcode');
        }
        if($row['vbcodeorhtml'] == 'vbcode') {
            //Check if allow
            $webprofile['vbcodeorhtml'] = iif($vboptions['webpageallowvbcode'] == 1, 'vbcode', 'html');
        }
        if($webprofile['vbcodeorhtml'] == 'vbcode') {
           //Construct Javascript editor
               require_once('./includes/functions_newpost.php');
            
            	$htmlcodeon = iif($vboptions['webpageallowhtml'], $vbphrase['on'], $vbphrase['off']);
            	$bbcodeon = iif($vboptions['webpageallowvbcode'], $vbphrase['on'], $vbphrase['off']);
            	$imgcodeon = iif($vboptions['webpageallowvbcode'], $vbphrase['on'], $vbphrase['off']);
            	$smilieson = iif($vboptions['allowsmilies'], $vbphrase['on'], $vbphrase['off']);
            
            	require_once('./includes/functions_editor.php');
            	
            	// set message box width to usercp size
            	$stylevar['messagewidth'] = $stylevar['messagewidth_usercp'];
            	construct_edit_toolbar(htmlspecialchars_uni($newpost['message']), 0, 0, $vboptions['webpagesmilies']);
            	
            	//Load the javascripts
            	$onload = " onload=\"editInit();\"";
         }       
    }
    $templatename = 'modify_webpage';
}

if ($_POST['do'] == 'update_guestbook')
{
    construct_usercp_nav('guestbook');
    globalize($_POST, array('showavatar' => INT, 'usesmilies' => INT, 'status' => STR, 'position' => STR, 'notification' => STR));
    
    require_once("./webgbset.php");
    mysql_query("UPDATE user_guestbook SET status = '$status', showavatar = '$showavatar', usesmilies = '$usesmilies', position = '$position', notification = '$notification' WHERE userid = $bbuserinfo[userid]");
    if(mysql_affected_rows() != -1) {
       $guestbook['updated'] = 1;
    }
    $sql = mysql_query("SELECT * FROM user_guestbook WHERE userid = $bbuserinfo[userid]");
    if(@mysql_num_rows($sql)) {
       while ($row = mysql_fetch_assoc($sql)) {
           $guestbook['name'] = $row['name'];
           $guestbook['status'] = $row['status'];
           $guestbook['position'] = $row['position'];
           $guestbook['lastentry'] = $row['lastentry'];
           $guestbook['usesmilies'] = $row['usesmilies'];
           $guestbook['notification'] = $row['notification'];
           $guestbook['showavatar'] = $row['showavatar'];        
       }
    }
    $templatename = 'modify_guestbook';
}

if ($_REQUEST['do'] == 'editguestbook')
{
    construct_usercp_nav('guestbook');
    require_once("./webgbset.php");
    
    $sql = mysql_query("SELECT * FROM user_guestbook WHERE userid = ".$bbuserinfo['userid']."");
    if(mysql_num_rows($sql) == 0) { //If guestbook don't exist, create it!
        mysql_query("INSERT INTO user_guestbook (userid, usesmilies, status, position, notification) VALUES ('".$bbuserinfo['userid']."', '1', 'off', 'right', '".$vboptions['gb_notification']."')");
        //Reload first $sql query
        $sql = mysql_query("SELECT * FROM user_guestbook WHERE userid = ".$bbuserinfo['userid']."");
    }
    
    while ($row = mysql_fetch_assoc($sql)) {
        $guestbook['name'] = $row['name'];
        $guestbook['status'] = $row['status'];
        $guestbook['position'] = $row['position'];
        $guestbook['lastentry'] = $row['lastentry'];
        $guestbook['usesmilies'] = $row['usesmilies'];
        $guestbook['notification'] = $row['notification'];
        $guestbook['showavatar'] = $row['showavatar'];
    }
    
    $templatename = 'modify_guestbook';

}

//#####################################
//END OF WEBPAGE & GUESTBOOK SCRIPT
//#####################################

global.php dosyasını açın ve alltakini bulun;

PHP:

$show['wollink'] = iif($permissions['wolpermissions'] & CANWHOSONLINE, true, false);

hemen altına ekleyin;

PHP:

$show['webpagecontent'] = iif($vboptions['allowwebpage'] && $permissions['genericpermissions'] & CANHAVEWEBPAGE, true, false);
$show['guestbooksettings'] = iif($vboptions['allowguestbook'] && $permissions['genericpermissions'] & CANHAVEGUESTBOOK, true, false);

admincp/usergroup.php dosyasını açın ve alttakini bulun;

PHP:

// set default yes permissions (bitfields)
            $ug_bitfield = array(

hemen altına ekleyin;

PHP:

            'canhaveguestbook' => 1,
            'canhavewebpage' => 1,
            'canviewguestbook' => 1,
            'canviewwebpage' => 1,
            'canpostguestbook' => 1,

aynı dosyada alttakini bulun;

PHP:

print_table_header($vbphrase['general_permissions']);

altına ekleyin;

PHP:

   print_yes_no_row($vbphrase['can_have_guestbook'], 'usergroup[canhaveguestbook]', $ug_bitfield['canhaveguestbook']);
   print_yes_no_row($vbphrase['can_have_webpage'], 'usergroup[canhavewebpage]', $ug_bitfield['canhavewebpage']);
   print_yes_no_row($vbphrase['can_view_guestbook'], 'usergroup[canviewguestbook]', $ug_bitfield['canviewguestbook']);
   print_yes_no_row($vbphrase['can_view_webpage'], 'usergroup[canviewwebpage]', $ug_bitfield['canviewwebpage']);
   print_yes_no_row($vbphrase['can_post_guestbook'], 'usergroup[canpostguestbook]', $ug_bitfield['canpostguestbook']);

/includes/function_user.php dosyasında alttakını bulun;

PHP:

       'password',
       'avatar',
       'profilepic',

hemen altına ekleyin;

PHP:

      'webpage',
      'guestbook',

/includes/init.php dosyasında alttakını bulun;

PHP:

$_BITFIELD['usergroup']['genericpermissions'] = array(
    'canviewmembers'           => 1,
    'canmodifyprofile'         => 2,
    'caninvisible'             => 4,
    'canviewothersusernotes'   => 8,
    'canmanageownusernotes'    => 16,
    'canseehidden'             => 32,
    'canbeusernoted'           => 64,
    'canprofilepic'            => 128,
    'canuseavatar'             => 512,
    'canusesignature'          => 1024,
    'canusecustomtitle'        => 2048,
    'canseeprofilepic'         => 4096,
    'canviewownusernotes'      => 8192,
    'canmanageothersusernotes' => 16384,
    'canpostownusernotes'      => 32768,
    'canpostothersusernotes'   => 65536,
    'caneditownusernotes'      => 131072,
    'canseehiddencustomfields' => 262144,

    // Reputation

    'canseeownrep'             => 256,
    'canuserep'                => 524288,
    'canhiderep'               => 1048576,
    'cannegativerep'           => 2097152,
    'canseeothersrep'          => 4194304,
    'canhaverepleft'           => 8388608,

hemen altına ekleyin;

PHP:

   'canhaveguestbook'         => 16777216,
   'canhavewebpage'           => 33554432,
   'canviewwebpage'           => 67108864,
   'canviewguestbook'         => 134217728,
   'canpostguestbook'         => 268435456,

Bu hack MaskeMaske arkadasımızın istegi üzerine eklenmiştir...

MaSKeMaSKe · 9 Ocak 2006

Dostum teşekkürler ellerine emeklerine sağlık..

ProwL · 9 Ocak 2006

Heh işte boyle bişeydi benim dediğm pager'da.. Teşekkürler daha ii miş..

phrisme · 5 Şub 2006

nasıL kuruLdugu hakkında biLgi arıyordum eLine sağLık hocam..

DeathSouL · 3 Mar 2006

Abi yaptım admincp de var ... ama siteyi acıom kontrol panelimde webpage contect Yok

editlemeleride Yaptım

SpYCeZa · 5 Mar 2006

saoLasın ßora aßi eLLerin Dert Görmesin

Sensiz_Gec · 23 Ağu 2006

Database error in vBulletin 3.0.0 Beta 6:

Invalid SQL: UPDATE usergroup SET

### UPDATE QUERY GENERATED BY fetch_query_sql() ###
title = 'Users Awaiting Email Confirmation',
description = '',
usertitle = '',
opentag = '',
closetag = '',
passwordexpires = '0',
passwordhistory = '0',
attachlimit = '0',
avatarmaxwidth = '80',
avatarmaxheight = '80',
avatarmaxsize = '20000',
profilepicmaxwidth = '100',
profilepicmaxheight = '100',
profilepicmaxsize = '65535',
pmquota = '50',
pmsendmax = '500',
forumpermissions = '4111',
pmpermissions = '3',
calendarpermissions = '0',
wolpermissions = '0',
adminpermissions = '0',
genericpermissions = '1031',
genericoptions = '8',
arcadepermissions = '0'
WHERE usergroupid=3
mysql error: Unknown column 'arcadepermissions' in 'field list'

mysql error number: 1054

Date: Wednesday 23rd of August 2006 05:20:15 PM
Script: http://www.herkez.net/forum1/admincp/usergroup.php
Referer: http://www.herkez.net/forum1/admincp/usergroup.php?s=&do=edit&usergroupid=3
Username: HackerBoyZ
IP Address: 85.98.66.96

Herşeyi Yaptım Bu Hatayı Verdi

DeLiCoCuK · 5 Mar 2008

yaf abi bu eklentileri nerden indircez biri yardim etsin lutfen

vBulletın Webpage [3.0.x]

Dark_Angel

Webmaster

Ekli dosyalar

MaSKeMaSKe

New member

ProwL

Gitarist

phrisme

New member

DeathSouL

New member

SpYCeZa

O Bir İdeoloji

Sensiz_Gec

New member

DeLiCoCuK

New member