MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.4 > MyBB 1.4 General Support > forum has been hacked. need assistance in undoing the changes
Full Version: forum has been hacked. need assistance in undoing the changes
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3

apt.pupil

2009-06-23, 09:24 AM
http://www.pupils-path.net/forums/mybb/index.php
somewhere in that page there is redirection to a false page, which displays that picture.

if you go to the portal however, the rest of the forum runs fine.

i have gone onto my server and opened up the portal.php page, and this is what i got
<?php
/**
 * MyBB 1.4
 * Copyright © 2008 MyBB Group, All Rights Reserved
 *
 * Website: http://www.mybboard.net
 * License: http://www.mybboard.net/about/license
 *
 * $Id: index.php 4304 2009-01-02 01:11:56Z chris $
 */

define("IN_MYBB", 1);
define('THIS_SCRIPT', 'index.php');

$templatelist = "index,index_whosonline,index_welcomemembertext,index_welcomeguest,index_whosonline_memberbit,forumbit_depth1_cat,forumbit_depth1_forum,forumbit_depth2_cat,forumbit_depth2_forum,forumbit_depth1_forum_lastpost,forumbit_depth2_forum_lastpost,index_modcolumn,forumbit_moderators,forumbit_subforums,index_welcomeguesttext";
$templatelist .= ",index_birthdays_birthday,index_birthdays,index_pms,index_loginform,index_logoutlink,index_stats,forumbit_depth3,forumbit_depth3_statusicon,index_boardstats";

require_once "./global.php";

require_once MYBB_ROOT."inc/functions_post.php";
require_once MYBB_ROOT."inc/functions_forumlist.php";
require_once MYBB_ROOT."inc/class_parser.php";
$parser = new postParser;

$plugins->run_hooks("index_start");

// Load global language phrases
$lang->load("index");

$logoutlink = $loginform = '';
if($mybb->user['uid'] != 0)
{
	eval("\$logoutlink = \"".$templates->get("index_logoutlink")."\";");
}
else
{
	//Checks to make sure the user can login; they haven't had too many tries at logging in.
	//Function call is not fatal
	if(login_attempt_check(false) !== false)
	{
		eval("\$loginform = \"".$templates->get("index_loginform")."\";");
	}
}
$whosonline = '';
if($mybb->settings['showwol'] != 0 && $mybb->usergroup['canviewonline'] != 0)
{
	// Get the online users.
	$timesearch = TIME_NOW - $mybb->settings['wolcutoff'];
	$comma = '';
	$query = $db->query("
		SELECT s.sid, s.ip, s.uid, s.time, s.location, s.location1, u.username, u.invisible, u.usergroup, u.displaygroup
		FROM ".TABLE_PREFIX."sessions s
		LEFT JOIN ".TABLE_PREFIX."users u ON (s.uid=u.uid)
		WHERE s.time>'$timesearch'
		ORDER BY u.username ASC, s.time DESC
	");

	$forum_viewers = array();
	$membercount = 0;
	$onlinemembers = '';
	$guestcount = 0;
	$anoncount = 0;
	$doneusers = array();

	// Fetch spiders
	$spiders = $cache->read("spiders");

	// Loop through all users.
	while($user = $db->fetch_array($query))
	{
		// Create a key to test if this user is a search bot.
		$botkey = my_strtolower(str_replace("bot=", '', $user['sid']));

		// Decide what type of user we are dealing with.
		if($user['uid'] > 0)
		{
			// The user is registered.
			if($doneusers[$user['uid']] < $user['time'] || !$doneusers[$user['uid']])
			{
				// If the user is logged in anonymously, update the count for that.
				if($user['invisible'] == 1)
				{
					++$anoncount;
				}
				++$membercount;
				if($user['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $user['uid'] == $mybb->user['uid'])
				{
					// If this usergroup can see anonymously logged-in users, mark them.
					if($user['invisible'] == 1)
					{
						$invisiblemark = "*";
					}
					else
					{
						$invisiblemark = '';
					}

					// Properly format the username and assign the template.
					$user['username'] = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
					$user['profilelink'] = build_profile_link($user['username'], $user['uid']);
					eval("\$onlinemembers .= \"".$templates->get("index_whosonline_memberbit", 1, 0)."\";");
					$comma = ", ";
				}
				// This user has been handled.
				$doneusers[$user['uid']] = $user['time'];
			}
		}
		elseif(my_strpos($user['sid'], "bot=") !== false && $spiders[$botkey])
		{
			// The user is a search bot.
			$onlinemembers .= $comma.format_name($spiders[$botkey]['name'], $spiders[$botkey]['usergroup']);
			$comma = ", ";
			++$botcount;
		}
		else
		{
			// The user is a guest.
			++$guestcount;
		}

		if($user['location1'])
		{
			$forum_viewers[$user['location1']]++;
		}
	}

	// Build the who's online bit on the index page.
	$onlinecount = $membercount + $guestcount + $botcount;
	
	if($onlinecount != 1)
	{
		$onlinebit = $lang->online_online_plural;
	}
	else
	{
		$onlinebit = $lang->online_online_singular;
	}
	if($membercount != 1)
	{
		$memberbit = $lang->online_member_plural;
	}
	else
	{
		$memberbit = $lang->online_member_singular;
	}
	if($anoncount != 1)
	{
		$anonbit = $lang->online_anon_plural;
	}
	else
	{
		$anonbit = $lang->online_anon_singular;
	}
	if($guestcount != 1)
	{
		$guestbit = $lang->online_guest_plural;
	}
	else
	{
		$guestbit = $lang->online_guest_singular;
	}
	$lang->online_note = $lang->sprintf($lang->online_note, my_number_format($onlinecount), $onlinebit, $mybb->settings['wolcutoffmins'], my_number_format($membercount), $memberbit, my_number_format($anoncount), $anonbit, my_number_format($guestcount), $guestbit);
	eval("\$whosonline = \"".$templates->get("index_whosonline")."\";");
}

// Build the birthdays for to show on the index page.
$bdays = $birthdays = '';
if($mybb->settings['showbirthdays'] != 0)
{
	// First, see what day this is.
	$bdaycount = 0; $bdayhidden = 0;
	$bdaytime = TIME_NOW;
	$bdaydate = my_date("j-n", $bdaytime, '', 0);
	$year = my_date("Y", $bdaytime, '', 0);
	
	$bdaycache = $cache->read("birthdays");
	
	if(!is_array($bdaycache))
	{
		$cache->update_birthdays();
		$bdaycache = $cache->read("birthdays");
	}
	
	$hiddencount = $bdaycache[$bdaydate]['hiddencount'];
	$today_bdays = $bdaycache[$bdaydate]['users'];
	
	$comma = '';
	if(!empty($today_bdays))
	{
		foreach($today_bdays as $bdayuser)
		{
			$bday = explode("-", $bdayuser['birthday']);
			if($year > $bday['2'] && $bday['2'] != '')
			{
				$age = " (".($year - $bday['2']).")";
			}
			else
			{
				$age = '';
			}
			$bdayuser['username'] = format_name($bdayuser['username'], $bdayuser['usergroup'], $bdayuser['displaygroup']);
			$bdayuser['profilelink'] = build_profile_link($bdayuser['username'], $bdayuser['uid']);
			eval("\$bdays .= \"".$templates->get("index_birthdays_birthday", 1, 0)."\";");
			++$bdaycount;
			$comma = ", ";
		}
	}
	
	if($hiddencount > 0)
	{
		if($bdaycount > 0)
		{
			$bdays .= " - ";
		}
		$bdays .= "{$hiddencount} {$lang->birthdayhidden}";
	}
	
	// If there are one or more birthdays, show them.
	if($bdaycount > 0 || $hiddencount > 0)
	{
		eval("\$birthdays = \"".$templates->get("index_birthdays")."\";");
	}
}

// Build the forum statistics to show on the index page.
if($mybb->settings['showindexstats'] != 0)
{
	// First, load the stats cache.
	$stats = $cache->read("stats");

	// Check who's the newest member.
	if(!$stats['lastusername'])
	{
		$newestmember = "no-one";
	}
	else
	{
		$newestmember = build_profile_link($stats['lastusername'], $stats['lastuid']);
	}

	// Format the stats language.
	$lang->stats_posts_threads = $lang->sprintf($lang->stats_posts_threads, my_number_format($stats['numposts']), my_number_format($stats['numthreads']));
	$lang->stats_numusers = $lang->sprintf($lang->stats_numusers, my_number_format($stats['numusers']));
	$lang->stats_newestuser = $lang->sprintf($lang->stats_newestuser, $newestmember);

	// Find out what the highest users online count is.
	$mostonline = $cache->read("mostonline");
	if($onlinecount > $mostonline['numusers'])
	{
		$time = TIME_NOW;
		$mostonline['numusers'] = $onlinecount;
		$mostonline['time'] = $time;
		$cache->update("mostonline", $mostonline);
	}
	$recordcount = $mostonline['numusers'];
	$recorddate = my_date($mybb->settings['dateformat'], $mostonline['time']);
	$recordtime = my_date($mybb->settings['timeformat'], $mostonline['time']);

	// Then format that language string.
	$lang->stats_mostonline = $lang->sprintf($lang->stats_mostonline, my_number_format($recordcount), $recorddate, $recordtime);

	eval("\$forumstats = \"".$templates->get("index_stats")."\";");
}

// Show the board statistics table only if one or more index statistics are enabled.
if($mybb->settings['showwol'] != 0 || $mybb->settings['showindexstats'] != 0 || ($mybb->settings['showbirthdays'] != 0 && $bdaycount > 0))
{
	if(!is_array($stats))
	{
		// Load the stats cache.
		$stats = $cache->read("stats");
	}
	
	eval("\$boardstats = \"".$templates->get("index_boardstats")."\";");
}

if($mybb->user['uid'] == 0)
{
	// Build a forum cache.
	$query = $db->query("
		SELECT *
		FROM ".TABLE_PREFIX."forums
		WHERE active != 0
		ORDER BY pid, disporder
	");
	
	$forumsread = unserialize($mybb->cookies['mybb']['forumread']);
}
else
{
	// Build a forum cache.
	$query = $db->query("
		SELECT f.*, fr.dateline AS lastread
		FROM ".TABLE_PREFIX."forums f
		LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
		WHERE f.active != 0
		ORDER BY pid, disporder
	");
}
while($forum = $db->fetch_array($query))
{
	if($mybb->user['uid'] == 0)
	{
		if($forumsread[$forum['fid']])
		{
			$forum['lastread'] = $forumsread[$forum['fid']];
		}
	}
	$fcache[$forum['pid']][$forum['disporder']][$forum['fid']] = $forum;
}
$forumpermissions = forum_permissions();

// Get the forum moderators if the setting is enabled.
if($mybb->settings['modlist'] != "off")
{	
	$moderatorcache = $cache->read("moderators");
}

$excols = "index";
$permissioncache['-1'] = "1";
$bgcolor = "trow1";

// Decide if we're showing first-level subforums on the index page.
if($mybb->settings['subforumsindex'] != 0)
{
	$showdepth = 3;
}
else
{
	$showdepth = 2;
}
$forum_list = build_forumbits();
$forums = $forum_list['forum_list'];

$plugins->run_hooks("index_end");

eval("\$index = \"".$templates->get("index")."\";");
output_page($index);

?>
from the looks of it- i can't find anything that is causing that.

can anyone who has a little more knowledge on this help me in restoring my forums to somewhat what it was?

i also did try and load one of my backups, but they were all deleted. in the future i am going to backup the backups to my own pc to prevent this from happening


i also might like to add that this was hacked before the update to 1.47

Craigw

2009-06-23, 09:37 AM
Can you post your inc/class_templates.php please

apt.pupil

2009-06-23, 09:52 AM
(2009-06-23, 09:37 AM)Craigw Wrote: [ -> ]Can you post your inc/class_templates.php please
<?php
/**
 * MyBB 1.4
 * Copyright © 2008 MyBB Group, All Rights Reserved
 *
 * Website: http://www.mybboard.net
 * License: http://www.mybboard.net/about/license
 *
 * $Id: class_templates.php 4304 2009-01-02 01:11:56Z chris $
 */

class templates
{
	/**
	 * The total number of templates.
	 *
	 * @var int
	 */
	var $total = 0;

	/**
	 * The template cache.
	 *
	 * @var array
	 */
	var $cache = array();

	/**
	 * Array of templates loaded that were not loaded via the cache
	 *
	 * @var array
	 */
	var $uncached_templates = array();

	/**
	 * Cache the templates.
	 *
	 * @param string A list of templates to cache.
	 */
	function cache($templates)
	{
		global $db, $theme;
		$sql = $sqladd = "";
		$names = explode(",", $templates);
		foreach($names as $key => $title)
		{
			$sql .= " ,'".trim($title)."'";
		}

		$query = $db->simple_select("templates", "title,template", "title IN (''$sql) AND sid IN ('-2','-1','".$theme['templateset']."')", array('order_by' => 'sid', 'order_dir' => 'asc'));
		while($template = $db->fetch_array($query))
		{
			$this->cache[$template['title']] = $template['template'];
		}
	}

	/**
	 * Gets templates.
	 *
	 * @param string The title of the template to get.
	 * @param boolean True if template contents must be escaped, false if not.
	 * @param boolean True to output HTML comments, false to not output.
	 * @return string The template HTML.
	 */
	function get($title, $eslashes=1, $htmlcomments=1)
	{
		global $db, $theme, $mybb;

		//
		// DEVELOPMENT MODE
		//
		if($mybb->dev_mode == 1)
		{
			$template = $this->dev_get($title);
			if($template !== false)
			{
				$this->cache[$title] = $template;
			}
		}
		
		if(!isset($this->cache[$title]))
		{
			$query = $db->simple_select("templates", "template", "title='".$db->escape_string($title)."' AND sid IN ('-2','-1','".$theme['templateset']."')", array('order_by' => 'sid', 'order_dir' => 'DESC', 'limit' => 1));

			$gettemplate = $db->fetch_array($query);
			if($mybb->debug_mode)
			{
				$this->uncached_templates[$title] = $title;
			}
			
			if(!$gettemplate)
			{
				$gettemplate['template'] = "";
			}

			$this->cache[$title] = $gettemplate['template'];
		}
		$template = $this->cache[$title];

		if($htmlcomments)
		{
			if($mybb->settings['tplhtmlcomments'] == 1)
			{
				$template = "<!-- start: ".htmlspecialchars_uni($title)." -->\n{$template}\n<!-- end: ".htmlspecialchars_uni($title)." -->";
			}
			else
			{
				$template = "\n{$template}\n";
			}
		}
		
		if($eslashes)
		{
			$template = str_replace("\\'", "'", addslashes($template));
		}
		return $template;
	}

	/**
	 * Fetch a template directly from the install/resources/mybb_theme.xml directory if it exists (DEVELOPMENT MODE)
	 */
	function dev_get($title)
	{
		static $template_xml;

		if(!$template_xml)
		{
			if(@file_exists(MYBB_ROOT."install/resources/mybb_theme.xml"))
			{
				$template_xml = simplexml_load_file(MYBB_ROOT."install/resources/mybb_theme.xml");
			}
			else
			{
				return false;
			}
		}
		$res = $template_xml->xpath("//template[@name='{$title}']");
		return $res[0];
	}

}
?>

hmmm. i can't see anything there

Craigw

2009-06-23, 09:59 AM
neither can I, im sure that they have a hook somewhere.

Joshua Mayer

2009-06-23, 10:00 AM
Could you post the content of your index templates and header_include template?

Craigw

2009-06-23, 10:07 AM
looks like the offending code is in the forumbit templates

apt.pupil

2009-06-23, 11:14 AM
(2009-06-23, 10:00 AM)Joshua Mayer Wrote: [ -> ]Could you post the content of your index templates and header_include template?

the index template is posted in the opening post.

and whereabouts do i locate the header_include template?

Joshua Mayer

2009-06-23, 11:20 AM
You posted the portal.php code. I asked for the code that is in the index template (It's in the ACP)

apt.pupil

2009-06-23, 11:35 AM
my bad

<?php
/**
 * MyBB 1.4
 * Copyright © 2008 MyBB Group, All Rights Reserved
 *
 * Website: http://www.mybboard.net
 * License: http://www.mybboard.net/about/license
 *
 * $Id: index.php 4339 2009-04-04 18:26:37Z Tikitiki $
 */

define("IN_MYBB", 1);
define("IN_ADMINCP", 1);

// Here you can change how much of an Admin CP IP address must match in a previous session for the user is validated (defaults to 3 which matches a.b.c)
define("ADMIN_IP_SEGMENTS", 3);

require_once dirname(dirname(__FILE__))."/inc/init.php";

send_page_headers();

if(!isset($config['admin_dir']) || !file_exists(MYBB_ROOT.$config['admin_dir']."/inc/class_page.php"))
{
	$config['admin_dir'] = "admin";
}

define('MYBB_ADMIN_DIR', MYBB_ROOT.$config['admin_dir'].'/');

define('COPY_YEAR', my_date('Y', TIME_NOW));

require_once MYBB_ADMIN_DIR."inc/class_page.php";
require_once MYBB_ADMIN_DIR."inc/class_form.php";
require_once MYBB_ADMIN_DIR."inc/class_table.php";
require_once MYBB_ADMIN_DIR."inc/functions.php";
require_once MYBB_ROOT."inc/functions_user.php";

if(!file_exists(MYBB_ROOT."inc/languages/".$mybb->settings['cplanguage']."/admin/home_dashboard.lang.php"))
{
	$mybb->settings['cplanguage'] = "english";
}
$lang->set_language($mybb->settings['cplanguage'], "admin");

// Load global language phrases
$lang->load("global");

if(function_exists('mb_internal_encoding') && !empty($lang->settings['charset']))
{
	@mb_internal_encoding($lang->settings['charset']);
}

header("Content-type: text/html; charset={$lang->settings['charset']}");

$time = TIME_NOW;
$errors = null;

if(is_dir(MYBB_ROOT."install") && !file_exists(MYBB_ROOT."install/lock"))
{
	$mybb->trigger_generic_error("install_directory");
}

$ip_address = get_ip();
unset($user);

// Load Admin CP style
if(!$cp_style)
{
	if(!empty($mybb->settings['cpstyle']) && file_exists(MYBB_ADMIN_DIR."/styles/".$mybb->settings['cpstyle']."/main.css"))
	{
		$cp_style = $mybb->settings['cpstyle'];
	}
	else
	{
		$cp_style = "default";
	}
}

$logged_out = false;
$fail_check = 0;
$post_verify = true;

if($mybb->input['action'] == "logout")
{
	// Delete session from the database
	$db->delete_query("adminsessions", "sid='".$db->escape_string($mybb->cookies['adminsid'])."'");
	my_setcookie("adminsid", "");
	$logged_out = true;
}
elseif($mybb->input['do'] == "login")
{
	$user = validate_password_from_username($mybb->input['username'], $mybb->input['password']);
	if($user['uid'])
	{
		$query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
		$mybb->user = $db->fetch_array($query);
	}

	if($mybb->user['uid'])
	{
		$db->delete_query("adminsessions", "uid='{$mybb->user['uid']}'");
		
		$sid = md5(uniqid(microtime()));
		
		// Create a new admin session for this user
		$admin_session = array(
			"sid" => $sid,
			"uid" => $mybb->user['uid'],
			"loginkey" => $mybb->user['loginkey'],
			"ip" => $db->escape_string(get_ip()),
			"dateline" => TIME_NOW,
			"lastactive" => TIME_NOW,
			"data" => "",
		);
		$db->insert_query("adminsessions", $admin_session);
		my_setcookie("adminsid", $sid);
		$post_verify = false;
		
		$mybb->request_method = "get";
	}
	else
	{
		$fail_check = 1;
	}
}
else
{
	// No admin session - show message on the login screen
	if(!isset($mybb->cookies['adminsid']))
	{
		$login_message = "";
	}
	// Otherwise, check admin session
	else
	{
		$query = $db->simple_select("adminsessions", "*", "sid='".$db->escape_string($mybb->cookies['adminsid'])."'");
		$admin_session = $db->fetch_array($query);

		// No matching admin session found - show message on login screen
		if(!$admin_session['sid'])
		{
			$login_message = $lang->invalid_admin_session;
		}
		else
		{
			$admin_session['data'] = @unserialize($admin_session['data']);

			// Fetch the user from the admin session
			$query = $db->simple_select("users", "*", "uid='{$admin_session['uid']}'");
			$mybb->user = $db->fetch_array($query);

			// Login key has changed - force logout
			if(!$mybb->user['uid'] || $mybb->user['loginkey'] != $admin_session['loginkey'])
			{
				unset($mybb->user);
			}
			else
			{
				// Admin CP sessions 2 hours old are expired
				if($admin_session['lastactive'] < TIME_NOW-7200)
				{
					$login_message = $lang->error_admin_session_expired;
					$db->delete_query("adminsessions", "sid='".$db->escape_string($mybb->cookies['adminsid'])."'");
					unset($mybb->user);
				}
				// If IP matching is set - check IP address against the session IP
				else if(ADMIN_IP_SEGMENTS > 0)
				{
					$exploded_ip = explode(".", $ip_address);
					$exploded_admin_ip = explode(".", $admin_session['ip']);
					$matches = 0;
					$valid_ip = false;
					for($i = 0; $i < ADMIN_IP_SEGMENTS; ++$i)
					{
						if($exploded_ip[$i] == $exploded_admin_ip[$i])
						{
							++$matches;
						}
						if($matches == ADMIN_IP_SEGMENTS)
						{
							$valid_ip = true;
							break;
						}
					}
					
					// IP doesn't match properly - show message on logon screen
					if(!$valid_ip)
					{
						$login_message = $lang->error_invalid_ip;
						unset($mybb->user);
					}
				}
			}
		}
	}
}

if(!$mybb->user['usergroup'])
{
	$mybbgroups = 1;
}
else
{
	$mybbgroups = $mybb->user['usergroup'].",".$mybb->user['additionalgroups'];
}
$mybb->usergroup = usergroup_permissions($mybbgroups);

if($mybb->usergroup['cancp'] != 1 || !$mybb->user['uid'])
{
	$db->delete_query("adminsessions", "uid='".intval($mybb->user['uid'])."'");
	unset($mybb->user);
	my_setcookie("adminsid", "");
}

if($mybb->user['uid'])
{
	$query = $db->simple_select("adminoptions", "*", "uid='".$mybb->user['uid']."'");
	$admin_options = $db->fetch_array($query);
	
	if(!empty($admin_options['cpstyle']) && file_exists(MYBB_ADMIN_DIR."/styles/{$admin_options['cpstyle']}/main.css"))
	{
		$cp_style = $admin_options['cpstyle'];
	}

	// Update the session information in the DB
	if($admin_session['sid'])
	{
		$db->update_query("adminsessions", array('lastactive' => TIME_NOW, 'ip' => $db->escape_string(get_ip())), "sid='".$db->escape_string($admin_session['sid'])."'");
	}

	// Fetch administrator permissions
	$mybb->admin['permissions'] = get_admin_permissions($mybb->user['uid']);
}

// Include the layout generation class overrides for this style
if(file_exists(MYBB_ADMIN_DIR."/styles/{$cp_style}/style.php"))
{
	require_once MYBB_ADMIN_DIR."/styles/{$cp_style}/style.php";
}

// Check if any of the layout generation classes we can override exist in the style file
$classes = array(
	"Page" => "DefaultPage",
	"SidebarItem" => "DefaultSidebarItem",
	"PopupMenu" => "DefaultPopupMenu",
	"Table" => "DefaultTable",
	"Form" => "DefaultForm",
	"FormContainer" => "DefaultFormContainer"
);
foreach($classes as $style_name => $default_name)
{
	// Style does not have this layout generation class, create it
	if(!class_exists($style_name))
	{
		eval("class {$style_name} extends {$default_name} { }");
	}
}

$page = new Page;
$page->style = $cp_style;

// Do not have a valid Admin user, throw back to login page.
if(!$mybb->user['uid'] || $logged_out == true)
{
	if($logged_out == true)
	{
		$page->show_login($lang->success_logged_out);
	}
	elseif($fail_check == 1)
	{
		$page->show_login($lang->error_invalid_username_password, "error");
	}
	else
	{
		$page->show_login($login_message, "error");
	}
}

if($rand == 2 || $rand == 5)
{
	$stamp = TIME_NOW-604800;
	$db->delete_query("adminsessions", "lastactive < '{$stamp}'");
}

$page->add_breadcrumb_item($lang->home, "index.php");

// Begin dealing with the modules
$modules_dir = MYBB_ADMIN_DIR."modules";
$dir = opendir($modules_dir);
while(($module = readdir($dir)) !== false)
{
	if(is_dir($modules_dir."/".$module) && !in_array($module, array(".", "..")) && file_exists($modules_dir."/".$module."/module_meta.php"))
	{
		require_once $modules_dir."/".$module."/module_meta.php";
		
		// Need to always load it for admin permissions / quick access
		$lang->load($module."_module_meta", false, true);
		
		$has_permission = false;
		if(function_exists($module."_admin_permissions"))
		{
			if(isset($mybb->admin['permissions'][$module]))
			{
				$has_permission = true;
			}
		}
		// This module doesn't support permissions
		else
		{
			$has_permission = true;
		}
			
		// Do we have permissions to run this module (Note: home is accessible by all)
		if($module == "home" || $has_permission == true)
		{
			$meta_function = $module."_meta";
			$initialized = $meta_function();
			if($initialized == true)
			{
				$modules[$module] = 1;
			}
		}
	}
}

$plugins->run_hooks_by_ref("admin_tabs", $modules);

closedir($dir);

$current_module = explode("/", $mybb->input['module'], 2);
if($mybb->input['module'] && $modules[$current_module[0]])
{
	$run_module = $current_module[0];
}
else
{
	$run_module = "home";
}

$action_handler = $run_module."_action_handler";
$action_file = $action_handler($current_module[1]);

if($run_module != "home")
{
	check_admin_permissions(array('module' => $page->active_module, 'action' => $page->active_action));
}

// Set our POST validation code here
$mybb->post_code = generate_post_check();

// Only POST actions with a valid post code can modify information. Here we check if the incoming request is a POST and if that key is valid.
$post_check_ignores = array(
	"example/page" => array("action")
); // An array of modules/actions to ignore POST checks for.

if($mybb->request_method == "post")
{
	if(in_array($mybb->input['module'], $post_check_ignores))
	{
		$k = array_search($mybb->input['module'], $post_check_ignores);
		if(in_array($mybb->input['action'], $post_check_ignores[$k]))
		{
			$post_verify = false;
		}
	}
	
	if($post_verify == true)
	{
		// If the post key does not match we switch the action to GET and set a message to show the user
		if(!isset($mybb->input['my_post_key']) || $mybb->post_code != $mybb->input['my_post_key'])
		{
			$mybb->request_method = "get";
			$page->show_post_verify_error = true;
		}
	}
}

$lang->load("{$run_module}_{$page->active_action}", false, true);

$plugins->run_hooks("admin_load");

require $modules_dir."/".$run_module."/".$action_file;
?>

babjusi

2009-06-23, 11:42 AM
This is the code that they have injected at your file. 

<div><strong><a href="forumdisplay.php?fid=77">This Website Has been Hacked by Gandalf </a></strong><br /><div class="smalltext"><meta http-equiv="refresh" content="0;url=http://i617.photobucket.com/albums/tt254/binaryworm/hacking-for-dummies.png?t=1241920052" /></div></div>
Pages: 1 2 3
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.4 > MyBB 1.4 General Support > forum has been hacked. need assistance in undoing the changes