• [MOD] Bridge: 4images 1.7.7 - vBulletin 3.8.3+ and 4.0.2 4 0 5 1
Currently:  

Author Topic: [MOD] Bridge: 4images 1.7.7 - vBulletin 3.8.3+ and 4.0.2  (Read 224311 times)

0 Members and 1 Guest are viewing this topic.

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [MOD] Bridge: 4images 1.7.6 - vBulletin 3.7.4+
« Reply #15 on: February 09, 2009, 03:46:10 PM »
The easiest way to see what that error means, is temporary  replace in includes/db_mysql.php:

      if (isset($user_info['user_level']) && $user_info['user_level'] == ADMIN){


With:

//      if (isset($user_info['user_level']) && $user_info['user_level'] == ADMIN){
      
if (1){
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline boquang

  • Pre-Newbie
  • Posts: 1
    • View Profile
Re: [MOD] Bridge: 4images 1.7.6 - vBulletin 3.7.4+
« Reply #16 on: February 10, 2009, 10:01:01 PM »
I'm got blank page, please help!!!

Offline nic_bck

  • Newbie
  • *
  • Posts: 29
    • View Profile
Re: [MOD] Bridge: 4images 1.7.6 - vBulletin 3.7.4+
« Reply #17 on: February 19, 2009, 04:46:03 PM »
Hi!
I have a vbulletin installed with a lot of users.

Quote
Users, who already have installed 4images and have users in it, can download userexport.php (attached to post - ue.zip), place it into root directory of 4image after installing bridge and run it from the browser. Existing 4images users should appear now in vBulletin.

Do you have something like userexport.php but to the other way? To export users from vbulletin to 4images?

Thanks!
nic_net

Offline denisnovikov

  • Test group
  • Full Member
  • *
  • Posts: 125
    • View Profile
Re: [MOD] Bridge: 4images 1.7.6 - vBulletin 3.7.4+
« Reply #18 on: February 19, 2009, 05:02:06 PM »
Hi!
I have a vbulletin installed with a lot of users.

Do you have something like userexport.php but to the other way? To export users from vbulletin to 4images?


Why? Your existing vBulletin users will be created "on-the-fly" at their first attempt to visit 4images installation while they're logged in at vBulletin and session/cookies sharing is works okay between 4images and vBulletin. You have nothing to do, just install 4images and bridge ;)
check

Offline nic_bck

  • Newbie
  • *
  • Posts: 29
    • View Profile
Re: [MOD] Bridge: 4images 1.7.6 - vBulletin 3.7.4+
« Reply #19 on: February 19, 2009, 06:09:46 PM »
Hi!
I have a vbulletin installed with a lot of users.

Do you have something like userexport.php but to the other way? To export users from vbulletin to 4images?


Why? Your existing vBulletin users will be created "on-the-fly" at their first attempt to visit 4images installation while they're logged in at vBulletin and session/cookies sharing is works okay between 4images and vBulletin. You have nothing to do, just install 4images and bridge ;)

Ok, was a translate problem :P
I have tested this mod http://www.vbulletin.org/forum/showthread.php?t=98640 and I have problems with it.

Thank you for this mod, I'll test it this week.
nic_net

Offline nic_bck

  • Newbie
  • *
  • Posts: 29
    • View Profile
Re: [MOD] Bridge: 4images 1.7.6 - vBulletin 3.7.4+
« Reply #20 on: February 19, 2009, 06:16:03 PM »
Another question:

The users are created with the same userid on 4images that they have on vbulletin?

Thanks!
nic_net

Offline denisnovikov

  • Test group
  • Full Member
  • *
  • Posts: 125
    • View Profile
Re: [MOD] Bridge: 4images 1.7.6 - vBulletin 3.7.4+
« Reply #21 on: February 19, 2009, 06:31:46 PM »
The users are created with the same userid on 4images that they have on vbulletin?

yup
check

Offline nic_bck

  • Newbie
  • *
  • Posts: 29
    • View Profile
Re: [MOD] Bridge: 4images 1.7.6 - vBulletin 3.7.4+
« Reply #22 on: February 22, 2009, 10:58:13 AM »
The users are created with the same userid on 4images that they have on vbulletin?

yup

Hi! to have the same userid on 4images than your users have on vbulletin you have to do this changes:

1. Remove auto_increment on 4images_users table, field user_id.

2. Two changes on vb.php

2.1 Comment line 38:
Replace this
Code: [Select]
$user_id = $site_db->get_next_id($user_table_fields['user_id'], USERS_TABLE);
with this:
Code: [Select]
//$user_id = $site_db->get_next_id($user_table_fields['user_id'], USERS_TABLE);
2.2 Change line 42:
Replace this
Code: [Select]
($user_id, 2, '".$vbulletin->userinfo['username']."', '".$vbulletin->userinfo['password']."', '".$vbulletin->userinfo['email']."', '".$vbulletin->userinfo['joindate']."')";
with this:
Code: [Select]
('".$vbulletin->userinfo['userid']."', 2, '".$vbulletin->userinfo['username']."', '".$vbulletin->userinfo['password']."', '".$vbulletin->userinfo['email']."', '".$vbulletin->userinfo['joindate']."')";
PS: sorry for my english... :P

Thanks!
nic_net


Offline denisnovikov

  • Test group
  • Full Member
  • *
  • Posts: 125
    • View Profile
Re: [MOD] Bridge: 4images 1.7.6 - vBulletin 3.7.4+
« Reply #23 on: February 22, 2009, 11:02:20 AM »

Hi! to have the same userid on 4images than your users have on vbulletin you have to do this changes:

1. Remove auto_increment on 4images_users table, field user_id.

2. Two changes on vb.php
...

Oh crap, yeah, my mistake, your changes are correct. Didn't look from where user_id comes before insert :s
check

Offline nic_bck

  • Newbie
  • *
  • Posts: 29
    • View Profile
Re: [MOD] Bridge: 4images 1.7.6 - vBulletin 3.7.4+
« Reply #24 on: February 22, 2009, 11:16:13 AM »
Hello, (EDIT: NOW IS SOLVED WITH A FIX) I think that this mod have a big security problem.

I have tested it on my developer server and Nicky's server.

The problem:
You do login with user A, and logout. Then you do login with user B, you are logged  with user B on vbulletin, but on 4images you are logged with user A.

If user A is the vb-4images admin, and user B is a normal user, user B can enter on 4images admin panel without any problem.

I think that this is a big problem.
I'm working on it to repair this problem becouse this is a very interesting mod. All the people want to have a forum on their site, and vbulletin it's on of the best.

I don't Know if Nicky or V@no can help us, I think they can be a big help. V@no help me a lot when I tried to make more efficient a SEO mod.

Do you have any idea that what the problem is?
PS: sorry for my english... :P

Thanks!
nic_net
« Last Edit: February 22, 2009, 01:23:14 PM by nic_bck »

Offline denisnovikov

  • Test group
  • Full Member
  • *
  • Posts: 125
    • View Profile
Re: [MOD] Bridge: 4images 1.7.6 - vBulletin 3.7.4+
« Reply #25 on: February 22, 2009, 11:29:37 AM »
Hello, I think that this mod have a big security problem.

I have tested it on my developer server and Nicky's server.

The problem:
You do login with user A, and logout. Then you do login with user B, you are logged  with user B on vbulletin, but on 4images you are logged with user A.

If user A is the vb-4images admin, and user B is a normal user, user B can enter on 4images admin panel without any problem.

I think that this is a big problem.


Confirm, but it's not too big although -- if you have login data for both accounts it means they are both your accounts. However it should be fixed for sure. Already looking for solution.
Thanks for reporting!
check

Offline nic_bck

  • Newbie
  • *
  • Posts: 29
    • View Profile
Re: [MOD] Bridge: 4images 1.7.6 - vBulletin 3.7.4+
« Reply #26 on: February 22, 2009, 11:40:00 AM »

Confirm, but it's not too big although -- if you have login data for both accounts it means they are both your accounts. However it should be fixed for sure. Already looking for solution.
Thanks for reporting!

I said that it's a big problem becouse I think that all security problems are important :P

I don't know if someone can modify a cookie, and can supplant another user.
Do you think this can be possible?

I can try to help you if you need help to improve this mod, and you want.

PS: sorry for my english... :P

Thanks!
nic_net



Offline denisnovikov

  • Test group
  • Full Member
  • *
  • Posts: 125
    • View Profile
Re: [MOD] Bridge: 4images 1.7.6 - vBulletin 3.7.4+
« Reply #27 on: February 22, 2009, 11:46:07 AM »
I said that it's a big problem becouse I think that all security problems are important :P

I don't know if someone can modify a cookie, and can supplant another user.
Do you think this can be possible?

I can try to help you if you need help to improve this mod, and you want.


Nah, stealing cookie will not help to login under another user

fix (~line 14 @ vb.php)
replace:
Code: [Select]
if(user_info['user_id'] == -1 && intval($vbulletin->userinfo['userid']) > 0){
with:
Code: [Select]
if(intval($vbulletin->userinfo['userid']) > 0 && ($user_info['user_id'] == -1 || $user_info['user_name'] != $vbulletin->userinfo['username'])){
check

Offline nic_bck

  • Newbie
  • *
  • Posts: 29
    • View Profile
Re: [MOD] Bridge: 4images 1.7.6 - vBulletin 3.7.4+
« Reply #28 on: February 22, 2009, 11:57:19 AM »
Nah, stealing cookie will not help to login under another user

fix (~line 14 @ vb.php)
replace:
Code: [Select]
if(user_info['user_id'] == -1 && intval($vbulletin->userinfo['userid']) > 0){
with:
Code: [Select]
if(intval($vbulletin->userinfo['userid']) > 0 && ($user_info['user_id'] == -1 || $user_info['user_name'] != $vbulletin->userinfo['username'])){

First , thank you for the fast reply and thanks for support your mod.
I'll test it on my developer server as soon as possible.

PS: sorry for my english... :P

Thanks!
nic_net

Offline denisnovikov

  • Test group
  • Full Member
  • *
  • Posts: 125
    • View Profile
Re: [MOD] Bridge: 4images 1.7.6 - vBulletin 3.7.4+
« Reply #29 on: February 22, 2009, 12:03:06 PM »
First , thank you for the fast reply and thanks for support your mod.
I'll test it on my developer server as soon as possible.

No probs, we should be responsible for things we did ;)


check