MyBB Community Forums

MyBB Community Forums > 1.8 Support > General Support > Unknown Location
Full Version: Unknown Location
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Stage4000

2019-11-20, 02:23 AM
So I have a plugin that was developed by another person (namely mysubscriptions: https://community.mybb.com/mods.php?action=view&pid=458).

When someone is viewing the subscription page though it shows as the user being in an 'unknown location'. I found fixes for this in 1.6 and 1.4 but theybdont appear to work in 1.8. Can someone give me an easy fix for this please? (also please clarify if this fix will work for custom php pages that are not within mybb but still show up in the online list).


Thank you in advance.

.m.

2019-11-20, 03:41 AM
you can try using this jQuery based method

Stage4000

2019-11-20, 03:51 AM
Ok I'm not super familoar with jQuery but i see whats going on there in principle. How could i make this script differentiate between different pages instead of returning 'Home' for everything?

.m.

2019-11-20, 01:33 PM
^ please try it & check. it doesn't show Home for everything.

Stage4000

2019-11-20, 03:08 PM
Yeah i threw it in there and its pretty nice but it still does some stuff that im not thrilled with. I use our forums login system to manage logins for a piece of external software and the software sends the user and pass via GET variables which is what im trying to hide.

This worked perfect for the mysubscriptions though and thank you for that Smile
IDK if im making any sense so here is an example.
User opens our software and they must log in with their forum login to continue.
Software takes the username and password entered by the user and sends a curl to example.com/loader/api.php?username=(username)&password=(password)
On the who's online list it then shows the full URL that the user is at, exposing their password to anyone who has access to the whos online list.

For this reason I removed all access to whos online and even had to change the online members template to prevent it showing on the users profile as well.
just in case its needed, here is the login script being used at that location:

<?php
define('IN_MYBB', false);
require_once '../global.php';
		$query = $db->query("SELECT * FROM s4k_users WHERE username='".$db->escape_string($_GET['username'])."'");
		if($query->num_rows == 0)
		{
			echo "bad"; //user doesnt exist.
		} else {
			while($result = $db->fetch_array($query))
			{
				$end_password = $result['password'];
				
				if(md5(md5($result['salt']).md5($_GET["password"])) == $end_password)
				{
					$usergroup = $result['usergroup'];
					if($usergroup == 7)
					{
						echo "0"; //user is banned
					}
					else if($usergroup == 9)
					{
						echo "p".$result['uid']; //premium user
					}
					else if($usergroup == 5)
					{
						echo "0"; //user hasnt verified email
					}
					else
					{
						echo $result['uid']; //good login regular user
					}
				} else {
					echo "bad"; //wrong password
				}
			}
		}
?>
MyBB Community Forums > 1.8 Support > General Support > Unknown Location