Not Solved Unknown Location
#1
Not Solved
So I have a plugin that was developed by another person (namely mysubscriptions: https://community.mybb.com/mods.php?action=view&pid=458).

When someone is viewing the subscription page though it shows as the user being in an 'unknown location'. I found fixes for this in 1.6 and 1.4 but theybdont appear to work in 1.8. Can someone give me an easy fix for this please? (also please clarify if this fix will work for custom php pages that are not within mybb but still show up in the online list).


Thank you in advance.
Reply
#2
Not Solved
you can try using this jQuery based method
Reply
#3
Not Solved
Ok I'm not super familoar with jQuery but i see whats going on there in principle. How could i make this script differentiate between different pages instead of returning 'Home' for everything?
Reply
#4
Not Solved
^ please try it & check. it doesn't show Home for everything.
Reply
#5
Not Solved
Yeah i threw it in there and its pretty nice but it still does some stuff that im not thrilled with. I use our forums login system to manage logins for a piece of external software and the software sends the user and pass via GET variables which is what im trying to hide.

This worked perfect for the mysubscriptions though and thank you for that Smile

IDK if im making any sense so here is an example.
User opens our software and they must log in with their forum login to continue.
Software takes the username and password entered by the user and sends a curl to example.com/loader/api.php?username=(username)&password=(password)
On the who's online list it then shows the full URL that the user is at, exposing their password to anyone who has access to the whos online list.

For this reason I removed all access to whos online and even had to change the online members template to prevent it showing on the users profile as well.

just in case its needed, here is the login script being used at that location:

<?php
define('IN_MYBB', false);
require_once '../global.php';
		$query = $db->query("SELECT * FROM s4k_users WHERE username='".$db->escape_string($_GET['username'])."'");
		if($query->num_rows == 0)
		{
			echo "bad"; //user doesnt exist.
		} else {
			while($result = $db->fetch_array($query))
			{
				$end_password = $result['password'];
				
				if(md5(md5($result['salt']).md5($_GET["password"])) == $end_password)
				{
					$usergroup = $result['usergroup'];
					if($usergroup == 7)
					{
						echo "0"; //user is banned
					}
					else if($usergroup == 9)
					{
						echo "p".$result['uid']; //premium user
					}
					else if($usergroup == 5)
					{
						echo "0"; //user hasnt verified email
					}
					else
					{
						echo $result['uid']; //good login regular user
					}
				} else {
					echo "bad"; //wrong password
				}
			}
		}
?>
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)