API tools faq
paste
Advertisement
Guest User

Extended Useradmininfo MyBB Plugin 1.2.1- XSS

a guest
Feb 8th, 2014
426
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 8.83 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.     // Persistent XSS - Fixed at line 258
  3.     // Main Plugin file for the plugin Extended Useradmininfos
  4.     // © 2013-2014 Flobo x3
  5.    
  6. if(!defined('IN_MYBB')) {
  7.     die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
  8. }
  9.  
  10. $plugins->add_hook('global_end', 'extendeduseradmininfos_set_info');
  11. $plugins->add_hook('member_profile_start', 'extendeduseradmininfos_get_info');
  12.  
  13. function extendeduseradmininfos_info() {
  14.     global $lang;
  15.     $lang->load('extendeduseradmininfo');
  16.    
  17.     return array(
  18.         "name"          => $lang->extendeduseradmininfo_name,
  19.         "description"   => $lang->extendeduseradmininfo_desc,
  20.         "website"       => 'http://community.mybb.com/user-75209.html',
  21.         "author"        => 'Flobo x3',
  22.         "authorsite"    => 'http://forum.mybboard.de/user-9022.html',
  23.         "version"       => '1.2.1',
  24.         "compatibility" => '16*',
  25.         "guid"          => '138867d0b45740bce59f3e48dc72c893'
  26.     );
  27. }
  28.  
  29. function extendeduseradmininfos_activate() {
  30.     global $db;
  31.    
  32.     $sQry = "ALTER TABLE `" . TABLE_PREFIX . "users` ADD last_ip VARCHAR(15)";
  33.     $db->query($sQry);
  34.    
  35.     $sQry = "ALTER TABLE `" . TABLE_PREFIX . "users` ADD last_useragent VARCHAR(255)";
  36.     $db->query($sQry);
  37.    
  38.     $templateset = array(
  39.         "prefix" => "extendeduseradmininfo",
  40.         "title" => "Extended Useradmininfo",
  41.     );
  42.     $db->insert_query("templategroups", $templateset);
  43.  
  44.  
  45.     // Create a template
  46.     $templatearray = array(
  47.         "title" => "extendeduseradmininfo_view",
  48.         "template" => "
  49.         <br />
  50.        <table border=\"0\" cellspacing=\"{\$theme[\'borderwidth\']}\" cellpadding=\"{\$theme[\'tablespace\']}\" class=\"tborder\">
  51.        <tr>
  52.        <td colspan=\"2\" class=\"thead\"><strong>{\$lang->extendeduseradmininfo_tableheader}</strong></td>
  53.        </tr>
  54.        <tr>
  55.        <td class=\"trow1\" width=\"40%\"><strong>{\$lang->extendeduseradmininfo_ip}</strong></td>
  56.        <td class=\"trow1\">___LASTIP___</td>
  57.        </tr>
  58.        <tr>
  59.        <td class=\"trow2\" width=\"40%\"><strong>{\$lang->extendeduseradmininfo_useragent}</strong></td>
  60.        <td class=\"trow2\">___AGENT___</td>
  61.        </tr>
  62.        <tr>
  63.        <td class=\"trow1\" width=\"40%\"><strong>{\$lang->extendeduseradmininfo_browser}</strong></td>
  64.        <td class=\"trow1\">___BROWSER___</td>
  65.        </tr>
  66.        <tr>
  67.        <td class=\"trow2\" width=\"40%\"><strong>{\$lang->extendeduseradmininfo_operatingsystem}</strong></td>
  68.        <td class=\"trow2\">___OS___</td>
  69.        </tr>
  70.        </table>
  71.         ",
  72.                 "sid" => -2
  73.     );
  74.     $db->insert_query("templates", $templatearray);
  75.    
  76.     $templatearray = array(
  77.         "title" => 'extendeduseradmininfo_view_noinfos',
  78.         "template" => "
  79.         <br />
  80.        <table border=\"0\" cellspacing=\"{\$theme[\'borderwidth\']}\" cellpadding=\"{\$theme[\'tablespace\']}\" class=\"tborder\">
  81.        <tr>
  82.        <td colspan=\"2\" class=\"thead\"><strong>{\$lang->extendeduseradmininfo_tableheader}</strong></td>
  83.        </tr>
  84.        <tr>
  85.        <td class=\"trow1\" >{\$lang->extendeduseradmininfo_no_informations_saved}</td>
  86.        </tr>
  87.        </table>
  88.         ",
  89.         "sid" => -2
  90.     );
  91.     $db->insert_query("templates",$templatearray);
  92.    
  93.    
  94.     // Edit AdministratorOptions Template
  95.     require_once MYBB_ROOT."/inc/adminfunctions_templates.php";
  96.     find_replace_templatesets('member_profile_adminoptions', '#</table>#', '</table>{$advInfo}');
  97. }
  98.  
  99. function extendeduseradmininfos_deactivate() {
  100.     global $db;
  101.    
  102.     $sQry = "ALTER TABLE `" . TABLE_PREFIX . "users`
  103.              DROP COLUMN last_ip";
  104.     $db->write_query($sQry);
  105.    
  106.     $sQry = "ALTER TABLE `" . TABLE_PREFIX . "users`
  107.              DROP COLUMN last_useragent";
  108.     $db->write_query($sQry);
  109.    
  110.     require_once MYBB_ROOT."/inc/adminfunctions_templates.php";
  111.     find_replace_templatesets('member_profile_adminoptions', '#\{\$advInfo\}#', '', 0);
  112.    
  113.     // Delete the template
  114.     $templatearray = array(
  115.         "extendeduseradmininfo_view"
  116.     );
  117.     $deltemplates = implode("','", $templatearray);
  118.     $db->delete_query("templates", "title in ('{$deltemplates}')");
  119. }
  120.  
  121. function extendeduseradmininfos_set_info() {
  122.     global $db, $mybb;
  123.     $uid = $mybb->user['uid'];
  124.  
  125.     if ($uid > 0) {
  126.         $useragent =  $db->escape_string($_SERVER['HTTP_USER_AGENT']);
  127.         $ip = $db->escape_string($_SERVER['REMOTE_ADDR']);
  128.        
  129.         $sQry = "UPDATE " . TABLE_PREFIX . "users SET last_ip='$ip', last_useragent='$useragent' WHERE uid=" . $uid;
  130.         $db->write_query($sQry);
  131.     }
  132. }
  133.  
  134. function getBrowser($u_agent)
  135. {
  136.     $bname = '';
  137.     $platform = '';
  138.     $version= "";
  139.  
  140.     //First get the platform?
  141.     if (preg_match('/linux/i', $u_agent)) {
  142.         $platform = 'Linux';
  143.     }
  144.     elseif (preg_match('/macintosh|mac os x/i', $u_agent)) {
  145.         $platform = 'Mac';
  146.     }
  147.     elseif (preg_match('/windows|win32/i', $u_agent)) {
  148.         if (preg_match('/NT 5.0/i', $u_agent)) {
  149.             $platform = 'Windows 2000';
  150.         } elseif (preg_match('/NT 5.1/i', $u_agent)) {
  151.             $platform = 'Windows XP';
  152.         } elseif (preg_match('/NT 6.0/i', $u_agent)) {
  153.             $platform = 'Windows Vista';
  154.         } elseif (preg_match('/NT 6.1/i', $u_agent)) {
  155.             $platform = 'Windows 7';
  156.         } elseif (preg_match('/NT 6.2/i', $u_agent)) {
  157.             $platform = 'Windows 8';
  158.         } elseif (preg_match('/NT 6.3/i', $u_agent)) {
  159.             $platform = 'Windows 8.1';
  160.         } else {
  161.             $platform = 'Windows';
  162.         }
  163.     }
  164.    
  165.     // Next get the name of the useragent yes seperately and for good reason
  166.     if(preg_match('/MSIE/i',$u_agent) && !preg_match('/Opera/i',$u_agent))
  167.     {
  168.         $bname = 'Internet Explorer';
  169.         $ub = "MSIE";
  170.     }
  171.     elseif(preg_match('/Firefox/i',$u_agent))
  172.     {
  173.         $bname = 'Mozilla Firefox';
  174.         $ub = "Firefox";
  175.     }
  176.     elseif(preg_match('/Chrome/i',$u_agent))
  177.     {
  178.         $bname = 'Google Chrome';
  179.         $ub = "Chrome";
  180.     }
  181.     elseif(preg_match('/Safari/i',$u_agent))
  182.     {
  183.         $bname = 'Apple Safari';
  184.         $ub = "Safari";
  185.     }
  186.     elseif(preg_match('/Opera/i',$u_agent))
  187.     {
  188.         $bname = 'Opera';
  189.         $ub = "Opera";
  190.     }
  191.     elseif(preg_match('/Netscape/i',$u_agent))
  192.     {
  193.         $bname = 'Netscape';
  194.         $ub = "Netscape";
  195.     }
  196.    
  197.     // finally get the correct version number
  198.     $known = array('Version', $ub, 'other');
  199.     $pattern = '#(?<browser>' . join('|', $known) .
  200.     ')[/ ]+(?<version>[0-9.|a-zA-Z.]*)#';
  201.     if(!preg_match_all($pattern, $u_agent, $matches)) {
  202.         // we have no matching number just continue
  203.     }
  204.    
  205.     // see how many we have
  206.     $i = count($matches['browser']);
  207.     if ($i != 1) {
  208.         //we will have two since we are not using 'other' argument yet
  209.         //see if version is before or after the name
  210.         if (strripos($u_agent, "Version") < strripos($u_agent, $ub)){
  211.             $version = $matches['version'][0];
  212.         }
  213.         else {
  214.             $version = $matches['version'][1];
  215.         }
  216.     }
  217.     else {
  218.         $version = $matches['version'][0];
  219.     }
  220.    
  221.     // check if we have a number
  222.     if ($version == null || $version == "") {$version = "?";}
  223.    
  224.     return array(
  225.         'userAgent' => $u_agent,
  226.         'browser'   => $bname,
  227.         'version'   => $version,
  228.         'platform'  => $platform,
  229.         'pattern'    => $pattern
  230.     );
  231. }
  232.  
  233. function extendeduseradmininfos_get_info() {
  234.     global $lang, $db, $mybb, $templates, $infoTable, $advInfo;
  235.     $lang->load('extendeduseradmininfo');
  236.    
  237.     $userid = intval($mybb->input['uid']);
  238.    
  239.     $query = $db->simple_select("users", "*", "uid='{$userid}'");
  240.     $infomember = $db->fetch_array($query);
  241.    
  242.     $lastip = $infomember['last_ip'];
  243.     $lastagent = $infomember['last_useragent'];
  244.     if ($lastagent != "") {
  245.         $browser = getBrowser($lastagent);
  246.        
  247.         if ($infoTable == '') {
  248.             eval("\$infoTable = \"".$templates->get("extendeduseradmininfo_view")."\";");
  249.         }
  250.    
  251.         if ($lastip != "") {
  252.             $ipadress  = $lastip;
  253.         } else {
  254.             $ipadress = $lang->extendeduseradmininfo_unknown;
  255.         }
  256.        
  257.         if ($lastagent != "") {
  258.             $useragent = htmlspecialchars($lastagent, ENT_QUOTES);
  259.         } else {
  260.             $useragent = $lang->extendeduseradmininfo_unknown;
  261.         }
  262.        
  263.         if ($browser['browser'] != "") {
  264.             $browsername = $browser['browser'] . " " . $browser['version'];
  265.         } else {
  266.             $browsername = $lang->extendeduseradmininfo_unknown;
  267.         }
  268.        
  269.         if ($browser['platform'] != "") {
  270.             $operatingsys = $browser['platform'];
  271.         } else {
  272.             $operatingsys = $lang->extendeduseradmininfo_unknown;
  273.         }
  274.    
  275.         $temp = str_replace(array('___LASTIP___', '___AGENT___', '___BROWSER___', '___OS___'), array($ipadress, $useragent, $browsername, $operatingsys), $infoTable);
  276.     } else {
  277.         if ($infoTable == '') {
  278.             eval("\$infoTable = \"".$templates->get("extendeduseradmininfo_view_noinfos")."\";");
  279.         }
  280.        
  281.         $temp = $infoTable;
  282.     }
  283.     $advInfo = $temp;
  284. }
  285.  
  286.  
  287. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!