UBB.Developers Forums UBB.classic V6.4 - 6.7 Modifications [6.7] [beta] UBB.Uploader

Modification Name: UBB.Uploader

Author(s): Brett

Description: Adds a link to topic forms to allow the user to upload files to the server. A link is also added the avatar popup to allow the user to upload a custom avatar. In the upload popup, the user has the ability to delete previously uploaded files through an 'upload manager'.

All of these settings are controlled through the CP. (primary settings -> general), where the admin can set what user groups can upload files and/or avatars, how big of files they can upload, and how many each group can store. The admin can also set the type of files/avatars that can be uploaded, and the upload paths.

Also added is a field to the properties of each forum details to allow or turn off file uploads. And a field is added to each profile to override user group settings to either allow or completely block a user.

Files are loaded to the uploads_dir/user_number. You can put it into a new directory, as it will attempt to create it, as long as the parent directory exists.


A little bonus, (gizzy's idea ), was the ability, through upload manager, to go into other user directories and delete files in there. Right now, only administrators have the privilages. To change it, go to the ManagePage function, and change the "$user_profile[8] eq 'Administrator'" part.

Demo: http://www.pavioni.com/ubb/ultimatebb.php

Download Link: https://www.ubbdev.com/ubb/upload/00006378/Uploader6.7.zip

If your behind a firewall/router; it may be blocking the ability for the server reading your referer, thus disabling the uploader. Click below for a version without the referer check.

[ link removed, link above does the job ]

Credits: Allen Ayres, LK and freeTV, and Ely_M, Ian Spence(for some of the manager code )

A somewhat strict security precaution was added to prevent users from impersonating fields, like forum numbers. This is done through the user referal. It will strip/shred it, and the user coming from the host or a valid forum number, it will give an error. If it smells a foreign host, it'll pull posthackdetails. You can't also just call ubb_upload.cgi through the address bar.

In other words, it won't function without a referer. If you encounter problems with it, when it's not supposed to error out. Please post here if you do.


To test it out on my board.
username: ubbtest
password: test

Brett,
Thanks for doing this hack. I tried to upload something (target.gif) at your site, but received the following error: "You are trying to upload something with an illegal extentsion. The currently allowed are: gif, and you tried to upload a zip, txt, tar.gz, tar file."

I used the login you provided and registered there to test it, but still received the same error.

I didn't have gif in my regular extentsion list. I just put it in there. Try it now.

Unable to parse your referer. Are you sure you clicked on it through the forums?

Quite sure, clicked through quick reply

I altered something that might have done that 10 minutes ago. Redownload ubb_upload.cgi, and reupload it.

hehe, idea by Gizzy :-x... I still say being able to publish extensions through a UI would be good .

reupload? This was on your forums, can't install this till tonight .

PS. No credit for the person who's file manager you said you based yours on?

Brett,
The upload worked great this time. Thanks again for doing the mod.

np,

Ian found a minor bug as it wouldn't parse through the extended spider links properly. I have updated ubb_upload.cgi. I have double checked all 3 kinds of spider options from the cp and all work correctly for me. The only file to upload is the ubb_upload.cgi.

Hi Brett,

when I want to upload somethin I get this error

Unable to detect referer. You must click the upload link directly to upload files.

What have I to do?

You can't go to the ubb_upload.cgi file directly. It has to be clicked from on the board. Like the reply/topic pages.

did you upload the new ubb_upload.cgi?

Hi Brett I have clicked at the link at the new topics page....

Ian I have uploaded the new file...

Could i get a link to your board w/test username & password?

I will let you know if this works with 6.6 hopefully tonight.

http://www.d-talk.tv/cgi-bin/ultimatebb.cgi

Username: Testuser

password: CCTK86

I was able to open it up without issues. Do you have a firewall installed?

Yes a router....

I get the same error at your board...

ok, what i can do is release a version without this check since i know some routers/firewalls can block servers from reading the referer. It will still have the same features.

I will still leave the original download available.

How long does it take to release this new version? :rolleyes:

http://pavioni.com/scripts/dl.php/Uploader6.7_2.zip

Just reupload ubb_upload.cgi.

Great Work Brett!

Thank you very much!!!

Thanks Brett for the great mod

Works great. I love the ability to delete other members files.

Dare I say it, I like it more than flare ... At least I'm already authenticated when I click upload file form :x...

Brett, something I added that really made the Admin manager easier was the following.

FIND:
REPLACE WITH:
That way you can see the public name of the member's who folder that is. I'm sure I'm not the only one who doesn't have member numbers memorized

Very nice. I like it

I just put it to grab the publics names list instead of opening each profile, because it would stress on a high board on getpubname, but added it. (Uploaded both zips, with only ubb_upload.cgi changed)

Is anyone else having problem using this with IE 6?

I get the referer error in IE, but not in Firefox

It works fine for me so far, however when I "Submit Changes" in Primary Settings, I get the error below at the top of the page and I need to submit twice before the changes take effect.

Error
Form validation errors:

: You did not enter a value for this field

I checked and the vars_misc.cgi file has undef instead of say no or 2 or some such for boxes I didn't check (like the fact I'm not using it for avatars). Is that the problem?

I also have the Recycle Bin hack installed, but I didn't have the problem before the Uploader hack.

I was using IE and got the error, so I used the non-referer version.

I'm starting to wonder if it's worth it, because some user out there is gonna have a firewall or router to block the ref. I think any future version will have it as an on/off switch, defaulted to off.

Great, finally!!

One detail - could you remove the case sensitivity? Or do i have to specify both in the config? (Haven´t installed it yet)

picture.jpg works but picture.JPG doesn´t

For my non-technical users.

That's standard with all unix hosts; where a letter makes it differant period.

IE:
PiCtUrE.jpg isn't the same as picture.jpg; should show with the same name as uploaded, if the extension is JPG theil need to rename it to jpg.

Form validation errors:

: You did not enter a value for this field
: You did not enter a value for this field

Is it typical to have these errors show up when making the changes in the control panel?

Even though the errors are there, the hack does work on the bulletin board. I'm just curious if I am missing something when I hacked the board.

Did you add/upload the changes in cp2_lib.cgi?

I'm having that error.

I just checked and rechecked with a fresh download of the hack, I did make the change to cp2_lib.cgi and I still get the error.

make sure you fill in EVERYTHING. Every textbox must be filled in, even if you just put 0 in it

Yes, every field has a value.

D'Oh! Now it all makes sense.

any possible updates on the errors we're getting?