24.08.2016, 23:42
Witam,
Wpadł mi w oko plugin UA-MEssages: https://community.mybb.com/mods.php?action=view&pid=561
Niestety ma on lukę, która wysyła użytkownikom powiadomienia z działów, do których użytkownik nie ma dostępu. Czy ktoś mógłby mi pomóc to naprawić?
Kod pluginu:
Ten projekt, sądząc po komentarzach w kodzie i ostatniej aktualizacji kawał czasu temu, został najprawdopodobniej porzucony, a uważam, że jest bardzo ciekawy, dlatego chciałbym pozbyć się chociaż tego problemu. Wygodnie jest widzieć powiadomienia na pulpicie, że ktoś odpisał w naszym wątku, czy nas zacytował, gdy ma się włączoną przeglądarkę, ale nie śledzi strony.
PS: Pisałem już do autora, ale nie odzywa się.
Wpadł mi w oko plugin UA-MEssages: https://community.mybb.com/mods.php?action=view&pid=561
Niestety ma on lukę, która wysyła użytkownikom powiadomienia z działów, do których użytkownik nie ma dostępu. Czy ktoś mógłby mi pomóc to naprawić?
Kod pluginu:
Kod PHP:
<?php
/**
* You are now in the UA messages plugin file.
* Hello! Welcome!
*
* Nice you are interested to our code! Maybe you want to
* join the team?
*
* Go to:
* http://www.ua-plugins.com/Team/Join
*
* Problems or questions? Go to:
* www.ua-plugins.com
*
* ===============================================================
* ORGET !!!! DON'T FORGET !!!! DON'T FORGET !!!! DON
* ===============================================================
*
* Copyright (c) 2015 UA-PLUGINS.COM MIT-LICENCE
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use,
* copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following
* conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
* OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
*
* ===============================================================
* ORGET !!!! DON'T FORGET !!!! DON'T FORGET !!!! DON
* ===============================================================
*/
$plugins->add_hook('global_start', 'ua_messages_start');
$plugins->add_hook('xmlhttp', 'ua_messages_xmlhttp');
$plugins->add_hook('newreply_do_newreply_end', 'ua_messages_checkQuoted');
$plugins->add_hook('newreply_do_newreply_end', 'ua_messages_threadAuthor');
$plugins->add_hook("global_start", 'ua_messages_info');
$plugins->add_hook('newreply_do_newreply_end', 'ua_messages_getMentioned');
$plugins->add_hook('newthread_do_newthread_end', 'ua_messages_getMentioned');
$plugins->add_hook('private_do_send_end', 'ua_messages_privateMessage');
function ua_messages_info()
{
return array(
"name" => "UA Plugins - Messages",
"description" => "UA Messages sents ALERTS to people who got Quoted, Tagged, when someone replies to a thread of a person or sents a PM to someone.",
"website" => "http://www.ua-plugins.com/Plugins/1",
"author" => "UA-Plugins",
"authorsite" => "http://www.ua-plugins.com",
"version" => "1",
"guid" => "UAplugins87d887t46qst74sdhy",
"compatibility" => "18*"
);
}
function ua_messages_install()
{
global $db;
if (!$db->table_exists('ua_messages')) {
$db->write_query("
CREATE TABLE IF NOT EXISTS `" . TABLE_PREFIX . "ua_messages` (
`id` int(11) NOT NULL auto_increment,
`uid` int(11) NOT NULL,
`from_uid` int(11) NOT NULL,
`type` int(1) NOT NULL,
`msg_read` enum('1','0') NOT NULL DEFAULT '0',
`topic` int(11) DEFAULT NULL,
`pid` int(11) DEFAULT NULL,
`pm` int(11) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB " . $db->build_create_table_collation() . ";
");
}
}
function ua_messages_uninstall()
{
global $db;
$db->drop_table('ua_messages');
}
function ua_messages_is_installed()
{
global $db;
return $db->table_exists('ua_messages');
}
function ua_messages_activate()
{
global $db, $UA_userInfoNeeded, $plugins, $cache, $lang;
$information = ua_messages_info();
if(!isset($UA_userInfoNeeded) || $UA_userInfoNeeded == "") {
$UA_userInfoNeeded = '<script>var ua_messages_rooturl = \'{$mybb->asset_url}\'; var ua_messages_uid = {$mybb->user[\'uid\']};</script>';
}
require MYBB_ROOT.'/inc/adminfunctions_templates.php';
find_replace_templatesets('headerinclude', '#{\$stylesheets}#', '{$stylesheets}
<!-- UA - User Messages -->'. $UA_userInfoNeeded .'<script>
var ua_messages_language = {
browserUnsupported: \'{$lang->ua_messages_browserUnsupported}\',
permissionRequest: \'{$lang->ua_messages_permissionRequest}\',
permissionBlocked: \'{$lang->ua_messages_permissionBlocked}\',
permissionNoNotif: \'{$lang->ua_messages_permissionNoNotif}\',
permissionRequestNotif: \'{$lang->ua_messages_permissionRequestNotif}\',
blockedCloseMessage: \'{$lang->ua_messages_blockedCloseMessage}\',
information: \'{$lang->ua_messages_information}\',
requestTitle: \'{$lang->ua_messages_requestTitle}\'
};</script>
<script type="text/javascript" src="{$mybb->asset_url}/jscripts/ua-plugins/messages.js?v='. $information["version"] .'"></script><!-- /UA - User Messages -->');
// Create and activate the UA-Messages task
$taskExists = $db->simple_select(
'tasks',
'tid',
'file = \'ua_messages\'',
array('limit' => '1')
);
if ($db->num_rows($taskExists) == 0) {
require_once MYBB_ROOT . '/inc/functions_task.php';
$myTask = array(
'title' => "UA Messages: Removes messages",
'file' => 'ua_messages',
'description' => "All the messages that were read by the user will be deleted every night.",
'minute' => 0,
'hour' => 1,
'day' => '*',
'weekday' => '*',
'month' => '*',
'nextrun' => TIME_NOW + 3600,
'lastrun' => 0,
'enabled' => 1,
'logging' => 1,
'locked' => 0,
);
$task_id = $db->insert_query('tasks', $myTask);
$theTask = $db->fetch_array(
$db->simple_select('tasks', '*', 'tid = ' . (int) $task_id, 1)
);
$nextrun = fetch_next_run($theTask);
$db->update_query(
'tasks',
'nextrun = ' . $nextrun,
'tid = ' . (int) $task_id
);
$plugins->run_hooks('admin_tools_tasks_add_commit');
$cache->update_tasks();
} else {
require_once MYBB_ROOT . '/inc/functions_task.php';
$theTask = $db->fetch_array(
$db->simple_select('tasks', '*', 'file = \'ua_messages\'', 1)
);
$db->update_query(
'tasks',
array(
'enabled' => 1,
'nextrun' => fetch_next_run($theTask)
),
'file = \'ua_messages\''
);
$cache->update_tasks();
}
}
function ua_messages_deactivate()
{
global $db;
require MYBB_ROOT.'/inc/adminfunctions_templates.php';
find_replace_templatesets('headerinclude', '#\<!--\sUA - User Messages\s--\>(.+)\<!--\s/UA - User Messages\s--\>#is', '', 0);
// De-activate the UA-Messages task
$db->update_query('tasks', array('enabled' => 0), 'file = \'ua_messages\'');
}
function ua_messages_xmlhttp() {
global $mybb, $charset, $parser;
switch ($mybb->input['action']) {
case 'ua_createRequests':
header('Content-type: application/json');
echo ua_messages_getAll($mybb->user['uid']);
break;
}
}
/**
* =======================================================
*
* [LANGUAGE FILE]
* Searching for the language file, to translate it to
* your own language? No problem, simply copy:
*
* /inc/language/english/ua_messages.lang.php
*
* to:
*
* /inc/language/[YOUR LANGUAGE]/
*
* and edit the text.
*
* [BUGS]
* If there are any BUGS, you can report them to our
* website:
* www.ua-plugins.com
*
* /----------------------------------------------------\
* [COPYING]
* Like anyone knows, this plugin uses PHP, and it is
* very easy to copy this plugin, re-name it and say
* it is your own plugin. Hell… Please show some respect
* and don’t copy this :(
*
* We worked very hard to this plugin, and hope everyone
* like iit. But we don't want you to copy our scripts
* and use it as your own plugin. Thanks in advance
*
* IF you don't care, and still want to copy something,
* please set a link into the code to the website URL:
* http://www.ua-plugins.com
*
* When you do that, we'll be glad that you use our
* plugin :D
*
* ===============================================================
* ORGET !!!! DON'T FORGET !!!! DON'T FORGET !!!! DON
* ===============================================================
*
* Copyright (c) 2015 UA-PLUGINS.COM MIT-LICENCE
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use,
* copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following
* conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
* OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
*
* ===============================================================
* ORGET !!!! DON'T FORGET !!!! DON'T FORGET !!!! DON
* ===============================================================
*/
function ua_messages_start() {
global $lang;
$lang->load("ua_messages");
}
function ua_messages_getAll($userId) {
global $mybb, $db, $lang;
$lang->load('ua_messages');
$uaMessagesArray = array();
$createDBRequest = $db->query(" SELECT
id,
uid,
from_uid,
type,
topic,
pid,
pm
FROM
". TABLE_PREFIX ."ua_messages
WHERE
". TABLE_PREFIX ."ua_messages.uid = '". (int)$userId ."' AND
". TABLE_PREFIX ."ua_messages.msg_read = '0'
");
while($info = $createDBRequest->fetch_array()) {
$messageType = $info['type'];
$postID = $mybb->settings['bburl'] . "/showthread.php?pid=". $info["pid"] ."#pid". $info["pid"];
$topicID = $mybb->settings['bburl'] . "/showthread.php?tid=". $info["topic"];
$pmID = $mybb->settings['bburl'] . "/private.php?action=read&pmid=". $info["pm"];
$getUser = get_user($info['from_uid']);
// Update directly topic to READ
$db->query("UPDATE ". TABLE_PREFIX ."ua_messages SET msg_read = '1' WHERE id = '". $info["id"] ."'");
if($messageType == 1)
{
// Quoted
$msgQuery = $db->query("SELECT subject FROM ". TABLE_PREFIX ."threads WHERE tid = '". $info["topic"] ."' LIMIT 1");
$msgExtraInfo = $msgQuery->fetch_assoc();
$title = $lang->ua_messages_beenQuoted_title;
$message = $lang->ua_messages_beenQuoted_body;
$message = str_replace("{UA_USERNAME}", $getUser['username'], $message);
$message = str_replace("{UA_TOPICTITLE}", $msgExtraInfo['subject'], $message);
$url = $postID;
}
else if($messageType == 2)
{
// Tagget/Mentioned
$msgQuery = $db->query("SELECT subject FROM ". TABLE_PREFIX ."threads WHERE tid = '". $info["topic"] ."' LIMIT 1");
$msgExtraInfo = $msgQuery->fetch_assoc();
$title = $lang->ua_messages_beenTagged_title;
$message = $lang->ua_messages_beenTagged_body;
$message = str_replace("{UA_USERNAME}", $getUser['username'], $message);
$message = str_replace("{UA_TOPICTITLE}", $msgExtraInfo['subject'], $message);
$url = $postID;
}
else if($messageType == 3)
{
// Replied to your thread
$msgQuery = $db->query("SELECT subject FROM ". TABLE_PREFIX ."threads WHERE tid = '". $info["topic"] ."' LIMIT 1");
$msgExtraInfo = $msgQuery->fetch_assoc();
$title = $lang->ua_messages_beenReplied_title;
$message = $lang->ua_messages_beenReplied_body;
$message = str_replace("{UA_USERNAME}", $getUser['username'], $message);
$message = str_replace("{UA_TOPICTITLE}", $msgExtraInfo['subject'], $message);
$url = $postID;
}
else if($messageType == 4)
{
// Sent PM
$msgQuery = $db->query("SELECT subject FROM ". TABLE_PREFIX ."privatemessages WHERE pmid = '". $info["pm"] ."' LIMIT 1");
$msgExtraInfo = $msgQuery->fetch_assoc();
$title = $lang->ua_messages_beenPMed_title;
$message = $lang->ua_messages_beenPMed_body;
$message = str_replace("{UA_USERNAME}", $getUser['username'], $message);
$message = str_replace("{UA_PM_TITLE}", $msgExtraInfo['subject'], $message);
$url = $pmID;
}
else if($messageType == 5)
{
// Subscribed
/**
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* NOT WORKING YET
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$msgQuery = $db->query("SELECT subject FROM ". TABLE_PREFIX ."threads WHERE tid = '". $info["topic"] ."' LIMIT 1");
$msgExtraInfo = $msgQuery->fetch_assoc();
$title = $lang->ua_messages_beenSubs_title;
$message = $lang->ua_messages_beenSubs_body;
$message = str_replace("{UA_USERNAME}", $getUser['username'], $message);
$message = str_replace("{UA_TOPICTITLE}", $msgExtraInfo['subject'], $message);
$url = $postID;*/
}
else
{
$title = $lang->ua_messages_unknown_title;
$message = $lang->ua_messages_unknown_body;
//$url = 'javascript:void()';
}
$newMessage = array(
"title" => $title,
"icon" => "messages_img",
"body" => $message,
"webUrl" => $url
);
array_push($uaMessagesArray, $newMessage);
}
//return json_encode($uaMessagesArray);
return json_encode($uaMessagesArray);
}
function ua_message_createNewMessage($userId, $fromId, $type, $topic, $pid, $pm) {
global $db;
$db->query("
INSERT INTO ". TABLE_PREFIX ."ua_messages
(
uid,
from_uid,
type,
topic,
pid,
pm
)
VALUES
(
". (int)$userId .",
". (int)$fromId .",
". (int)$type .",
". (int)$topic .",
". (int)$pid .",
". (int)$pm ."
)");
}
// When someone got quoted by someone else.
function ua_messages_checkQuoted() {
global $post, $db, $mybb, $pid;
$message = $post["message"];
$patern = "#\\[quote=(?:\"|'|"|)(?<username>.*?)(?:\"|'|"|)(?: pid=(?:\"|'|"|)[\\d]*(?:\"|'|"|))?(?:\"|'|"|)(?: dateline=(?:\"|'|"|)[\\d]*(?:\"|'|"|))?(?:\"|'|"|)\](?<message>.*?)\\[\\/quote\\]#si";
preg_match($patern, $message, $matchArray);
$matchArray = array_filter($matchArray);
if (isset($matchArray['username'])) {
// Quote has username
$query = $db->simple_select('users', 'uid', 'LOWER(username)=\''.$matchArray['username'].'\'', array('limit' => '1'));
$uid = $db->fetch_field($query, 'uid');
ua_message_createNewMessage(
$uid,
$mybb->user['uid'],
1,
$post['tid'],
$pid,
0
);
}
}
// When someone replies to a topic, notify the topic author
function ua_messages_threadAuthor() {
global $post, $mybb, $db, $pid;
$query = $db->simple_select('threads', 'uid', 'tid=\''.$post['tid'] .'\'', array('limit' => '1'));
$threadAuthorId = $db->fetch_field($query, 'uid');
if ($threadAuthorId != $mybb->user['uid']) {
// Only other people, and not when the person itself replys to his/hers topic
$query2 = $db->query("SELECT id FROM ". TABLE_PREFIX ."ua_messages WHERE uid = '". $threadAuthorId ."' AND type = '3' AND msg_read = '0' AND topic = '". $post['tid'] ."' LIMIT 1");
if($query2->num_rows == 0) {
// User has no alert yet from that topic!
ua_message_createNewMessage(
$threadAuthorId,
$mybb->user['uid'],
3,
$post['tid'],
$pid, // Post ID of the NEWEST post
0
);
}
}
}
// Something like @Jasper in posts
function ua_messages_getMentioned() {
global $post, $mybb, $db, $pid;
$allreadyMentioned = array();
preg_match_all('/(^|\s)(@\w+)/', $post["message"], $matchArray);
foreach ($matchArray[2] as $getMentionedUsername) {
$getUsername = str_replace("@", "", $getMentionedUsername);
// User is not the user him/her-self
if($getUsername !== $post["username"] && !in_array($getUsername, $allreadyMentioned)) {
// Directly add to allreadyMentioned array
array_push($allreadyMentioned, $getUsername);
// Check username exists
$query = $db->simple_select('users', 'uid', 'LOWER(username)=\''.$getUsername.'\'', array('limit' => '1'));
// User exists
if($query->num_rows == 1) {
$uid = $db->fetch_field($query, 'uid');
ua_message_createNewMessage(
$uid,
$mybb->user['uid'],
2,
$post['tid'],
$pid,
0
);
}
}
}
}
// Get a PM
function ua_messages_privateMessage() {
global $mybb, $db, $pm, $pmhandler;
$pmCounter = 0;
if($pm['saveasdraft'] != 1) {
foreach($pmhandler->data["recipients"] as $value) {
ua_message_createNewMessage(
$value['uid'],
$mybb->user['uid'],
4,
0,
0,
$pmhandler->pmid[$pmCounter]
);
$pmCounter++;
}
}
}
?>
Ten projekt, sądząc po komentarzach w kodzie i ostatniej aktualizacji kawał czasu temu, został najprawdopodobniej porzucony, a uważam, że jest bardzo ciekawy, dlatego chciałbym pozbyć się chociaż tego problemu. Wygodnie jest widzieć powiadomienia na pulpicie, że ktoś odpisał w naszym wątku, czy nas zacytował, gdy ma się włączoną przeglądarkę, ale nie śledzi strony.
PS: Pisałem już do autora, ale nie odzywa się.