UBB.Developers Forums UBB.classic V6 MultiHack Mods [6.0x] ELY_M's Upload Modification

I forgot to add this in my instructions

it is just about cp_vars_misc.pl part in instructions.


Thanks again

the zip is updated

[ May 06, 2001 07:41 AM: Message edited by: ELY_M ]

hi ely,

nice work

but i got a little problem

the upload window shows me an error

do you have any clue why i can't see the upload window?

[ May 08, 2001 08:53 AM: Message edited by: cdr700 ]

I got 500 internal error.

I have no idea, but

you need to make sure the perl path is correct.

Which ubb files you are using on your server.

normal or local files ?


make sure you upload the upload files in ASCII mode in your ftp client.

make sure you chmmod the upload files and the upload folder to 777.

Looking good ELY_M

BTW, What happens if the user uploads .htpasswd and .htaccess files?

hi ely

i'm using normal files on my server

and i changed mod to 777 upload and the 2 cgi files

could it be that my server does not support if somebody tries to upload something??

but thanks anyways this hack is really cool
i can configure it in cp but it won't work

ok i think i need to work it out

if you got some clues plz tell me

Another thing, you can disable uploads in some forums, but if the user enters cgi-bin/upload_form.cgi, it will upload anyway; also unregistered users can upload, and I don't think I can disable it; and the same thing if I want only admins/mods.
What you can do is make it ultimatebb.cgi?ubb=upload_form (and to not make it confusing I think you should make the upload_form.cgi be ubb_upload_form.cgi and the other one ubb_upload.cgi), and then it will have all login information.
Also, when you'll do it, the CGI path will be in $vars_config{CGIPath} or something like that, so you can just make it automatically $vars_config{CGIPath}/uploads.

Now, your script doesn't work if Variables Path is different than cgi-bin; it will also be fixed after you'll do it if you'll do $vars_config{VariablesPath}.

[ May 07, 2001 10:11 AM: Message edited by: LK ]

hi again,

i found the problem

your path in upload_form.cgi

is #!/usr/bin/perl5

my is #!/usr/bin/perl


so it didn't match and i changed it and now it works

great work man

Thanks to LK again.

I added the CP hack that an Admin can decide if he or she wants to allow unregistered users to upload.

I also added some new codes and did recoding for the new topic and reply and pm forms.


The zip is updated.

ELY_M du you thing i have a chance to install it in a older Version of the UBB 6.x? I will test it but when you say no chance ..... that i don't install it!

Sorry for my English

SkipperII

Skipper II: Please read the instructions carefully. I have placed some instructions for people who want to keep older ubb versions.

I think you should upgrade your board to ubb 604d. It has more better security fixes than previous versions.

[ May 09, 2001 12:14 AM: Message edited by: ELY_M ]

Hello,

thank you i had a older File of your Upload hack! The New File Descrition for older UBB is very good! But i have one Problem all works in CP but when i save the Miscellaneous Settings, the Forum dosen't work the error is:

Any Idea?

SkipperII

[ May 10, 2001 02:55 PM: Message edited by: SkipperII ]

ELY: I think you should make that files have a random name, like a368dq46.jpg (8 random letters/numbers).

Reasons:

[*]If somebody posts something and I post another one with the sane name, it will overwrite the old one, and if it sucks they will blame the first one.

[*]Files like .htpasswd can cause a security risk, so now it will be a456f34g.htpasswd, which I think it's okay.

If you choose to do it, just make sure the file doesn't already exist, because there can be even 2 random things that are the same.


If you think it's too ugly/dumb for you, make directories by the member number, like /cgi-bin/00000001/file.ext, and guests have 00000000; but I think it's worse, because of the guests and some other reasons I forgot


LK.

@ELY_M

all the entrys of your hack in the vars_misc.cgi (After the when i Save the Settings in CP) beginn with and end with dosen't work and give this Error:

The chmod is ok!
The Perl is ok
The hack is corecked added (i hope)!

Can you help me?

SkipperII

[ May 11, 2001 02:44 PM: Message edited by: SkipperII ]

Possible big security risk?

When I specify that I want only jpg files to be uploaded, then go to post a file, such as regedit.exe, it says in the window that such a filename is not acceptable to upload, however it still uploads it to the directory.. So it wouldn't take much figuring out to upload a file and then find the url to get to it...

Ok, I changed some of the script, and seems to be working now.... here is what i did:

In upload.cgi

Find:


and move it directly under the lines:



Then find:


and replace it with:



This should make the script check the file type first, before uploading it.

As well, it will also generate a random filename so that one file upload will not overwrite one that is already in the directory.

I am pretty new at CGI, so someone may want to take a look at it..

yeah, need to add some code so the file wont be uploaded.

[ May 11, 2001 07:47 PM: Message edited by: ELY_M ]

MarkMac: Thanks for helping out with the security and file name thing.

Sorry, It took some time for me to read everything in here.

The only thing that I can see is a problem with what I did is that if someone uploads a file like joe.blow.jpg, then it will reject the file, because it thinks the file extension is .blow...... someone may be able to correct this for us tho... As I said, I am pretty green at CGI.

Cheers

@ELY_M

you have no idea to my problem with the vars_misc.cgi entrys?


SkipperII

make sure you do cp_lib.cgi part in instructions.
open cp_lib.cgi


## for ubb604b and ubb604c ##

find this line

print FILE qq!FloodCheck => "$in{FloodCheck}",n!;
print FILE qq!use_cache => "$in{use_cache}",n!;
print FILE qq!FloodCheckSpan => q~$FloodCheckSpan~,n!;
print FILE qq!runOnLimit => q~$runOnLimit~,n!;
print FILE qq!stringLengthLimit => q~$stringLengthLimit~,n!;

#############
#
# for people who use older version * less than ubb604b *
# 6.0 - 6.01 - 6.02 - 6.03
#
# find this code
#
# print FILE qq!FloodCheckSpan => q~$FloodCheckSpan~n!;
#
#
# in ubb604a find this
#
# print FILE qq!runOnLimit => q~$runOnLimit~,n!;
#
###

add this new code after this ^^^

print FILE qq!upload_in_pm => q~$in{upload_in_pm}~,n!;
print FILE qq!upload_by_unreg => q~$in{upload_by_unreg}~,n!;
print FILE qq!SAVE_DIRECTORY => q~$in{SAVE_DIRECTORY}~,n!;
print FILE qq!SAVE_URL => q~$in{SAVE_URL}~,n!;
print FILE qq!MAXIMUM_UPLOAD => q~$in{MAXIMUM_UPLOAD}~,n!;
print FILE qq!header_in => q~$in{header_in}~,n!;
print FILE qq!footer_in => q~$in{footer_in}~,n!;
print FILE qq!popup_width => q~$in{popup_width}~,n!;
print FILE qq!popup_height => q~$in{popup_height}~,n!;
print FILE qq!popup_left => q~$in{popup_left}~,n!;
print FILE qq!popup_top => q~$in{popup_top}~,n!;
print FILE qq!allowedfile1 => q~$in{allowedfile1}~,n!;
print FILE qq!allowedfile2 => q~$in{allowedfile2}~,n!;
print FILE qq!allowedfile3 => q~$in{allowedfile3}~,n!;
print FILE qq!allowedfile4 => q~$in{allowedfile4}~,n!;
print FILE qq!allowedfile5 => q~$in{allowedfile5}~,n!;
print FILE qq!allowedfile6 => q~$in{allowedfile6}~,n!;
print FILE qq!allowedfile7 => q~$in{allowedfile7}~,n!;
print FILE qq!allowedfile8 => q~$in{allowedfile8}~,n!;
print FILE qq!allowedfile9 => q~$in{allowedfile9}~,n!;
print FILE qq!allowedfile10 => q~$in{allowedfile10}~,n!;
print FILE qq!allowedfile11 => q~$in{allowedfile11}~,n!;
print FILE qq!allowedfile12 => q~$in{allowedfile12}~,n!;
print FILE qq!allowedfile13 => q~$in{allowedfile13}~,n!;
print FILE qq!allowedfile14 => q~$in{allowedfile14}~,n!;
print FILE qq!allowedfile15 => q~$in{allowedfile15}~,n!;
print FILE qq!allowedfile16 => q~$in{allowedfile16}~,n!;
print FILE qq!allowedfile17 => q~$in{allowedfile17}~,n!;
print FILE qq!allowedfile18 => q~$in{allowedfile18}~,n!;
print FILE qq!allowedfile19 => q~$in{allowedfile19}~,n!;
print FILE qq!allowedfile20 => q~$in{allowedfile20}~,n!;
print FILE qq!allowedfile21 => q~$in{allowedfile21}~,n!;
print FILE qq!allowedfile22 => q~$in{allowedfile22}~,n!;
print FILE qq!allowedfile23 => q~$in{allowedfile23}~,n!;
print FILE qq!allowedfile24 => q~$in{allowedfile24}~,n!;
print FILE qq!allowedfile25 => q~$in{allowedfile25}~,n!;
print FILE qq!allowedfile26 => q~$in{allowedfile26}~,n!;
print FILE qq!allowedfile27 => q~$in{allowedfile27}~,n!;
print FILE qq!allowedfile28 => q~$in{allowedfile28}~,n!;
print FILE qq!allowedfile29 => q~$in{allowedfile29}~,n!;
print FILE qq!allowedfile30 => q~$in{allowedfile30}~,n!;
print FILE qq!allowedfile31 => q~$in{allowedfile31}~,n!;

Okay i check it wait !


SkipperII

Yes i have it! look:

(UBB Version 6.0)

I don't understand where is the error?

SkipperII :rolleyes: :rolleyes:

This hack is very cool... I can't wait to get it working on my site!

What am I missing?? I'm using Win2000 / IIS...

When I try to upload I get the upload screen but then I select the file and press upload and get an Access Denied message...

Any help?
http://www.rockcrawlin.com/cgi-bin/ultimatebb.cgi?ubb=upload_form

Thanks!

@ELY_M

i have Checked all .... i installed all Hacks i'am sure (Hope so) ! Have you test it in 6.0? The hack don't work in my Forum! ....! I have the Star hack installed is that the Problem?

SkipperII

[ May 14, 2001 01:06 PM: Message edited by: SkipperII ]

why you cant upgrade to ubb604d ?

I never tested it in 6.0

it look like as you got it working.

I got this message


FYI
You are not logged in. You must be logged in (and registered) to perform this function.
Login or Register

» Please use your browser's back button to return.



BTW: if you want me to test it more. create temp account

Worked great, but one thing...
Can someone adjust it so that the uploads will show as avatars? I installed qusic's avatar_hack_ubb6_v0.0007, so can i make these two hacks coexist? I might have to edit the 'edit profile' somehow...
Thanks

raiyan, just make the uploads dir be the same as the avatars dir. I think it will be added automatically to the list.

I don't mean to be picky, but i need them to be uploaded as 00000012.gif or something to that effect and to have the option in the dropdown menu labeled 'uploaded avatar' and show what the user uploaded.

I have a many Hack's in my Forum and i must hack it all new or? That ist the Problem...


DerSkipper2000

Enyone have tested in a older Version?

[ May 17, 2001 11:30 AM: Message edited by: SkipperII ]

How much time does it take?
About 15 minutes... And 6.04e fixed many security issues...
If you think it will take more than 15mins, use Beyond Compare.

I can get people to upload avatars to the avatar directory, but i need basically what i said. A option in the menu for uploaded avatar and for it to be uploaded as xxxxx23.gif. I'm basically bumping this up.

and i would to have it like the 5 series version... to limit not only file size but how many files too.
the hack should create a folder for each members that upload something.

i don't want members thrash down my webspace with their pics...


anybody could make this?

I fixed the upload hack.

if the user happen to try to upload illegal format. the file wont be uploaded at all.

changed the code, so the files wont be copied over the other.

Thank to someone who posted the code.

I also added upload hack to public_edit_post.pl


Redownload the zip and read the instructions.

Hi, in your documentaion for installing this hack you refer to "public_edit_form.pl" as a file that needs to be edited. I have 6.04e and I do not see this file anywhere.

Am I missing a file or is this a typo?

Thanks,
Cobra

It's public_edit_post.pl

Thanks for pointing out to my typo in the instructions.

LK is right

I found something you left out of the hack.
This is for UBB 6.0, 6.01, 6.02, 6.03
open cp-lib.cgi
Find:
print FILE qq!FloodCheckSpan => q~$FloodCheckSpan~n!;

Replace with:
print FILE qq!FloodCheckSpan => q~$FloodCheckSpan~,n!;

Has the file been moved off Tripod I can't seem to download it.

Is this Hack available anywhere else?