EP-Dev CMS Forum Member Hack 1.20 BETA

[Patrick]

After taking forever I have finally updated CMS Forum Member Hack. I stopped work on 2.x version of this a few weeks ago in plans to update 1.x version using existing framework.

Thus I have updated the hack to version 1.20 BETA. I still consider it a beta because I have not completed extensive testing on the new code (Never-the-less, I have done some basic testing with local installs).

If you wish to test this, I suggest making a backup of any files that this script tells you to chmod (with exception of script's own files). That way even if the uninstall fails for some reason, you are not screwed (where you then have to go and manually edit files). I also strongly recommend backing up your forum and cms database(s). If you do not, a botched merging of the users could leave you fairly angry.

What's New
- Restructured modules folder.
- Added support for IPB 2.1 and e107 0.7.5.
- Touched up install / uninstall displays and text. Also added database warning.
- Fixed search / replace text during install not properly converting html entities.
- Updated and added better detection of default configurations.
- Modified configuration to be class. Global no longer used.
- Updated MySQL access module to prevent sql injection attacks. Only e107 0.7.5 and IPB 2.1 have been updated to use safe access (other versions of CMS / Forum already suffer from multiple vulnerabilities).
- Renamed most general functions in CMS / Forum modules to be more programmer-friendly.

Things I need people to test
- Merging users for new modules.
- Forgot Password link (ensure that it updates password for both CMS and forum once password it is reset).

I have tested most of the other functionality and have had it working on local installs. However, each setup varies so who knows what could arise.

What about the planned redirection feature?
Many have asked for a redirection feature that would allow for redirection to previous e107 page after login (instead of redirecting to forum).

I decided I would provide separate hack code that you will be able to copy & paste rather than incorporate the feature into the script. The reason for this is that incorporating such a feature would require me to do even more research on older versions of software, edit all of the modules (each with varying search / replace points), and add additional functions into the script itself. That is a ton of work for such a small feature.

I will provide redirection code to be placed (most likely in index.php of forum and class2.php of e107) once the hack has been tested a bit and can be fully released.

EDIT:
Link updated (Beta 2) to include proper initializing of objects.

[Amel]

today is a good day

thank you Patiek, thank you God

now finally I can start updating my website

thanks!

[Raul_Fury]

WOW, I thank you a lot!!!!!!!!

I can finally integrate it!!

[Raul_Fury]

wow, it didn't work for me at all. when I click the settings or profile in cms it shows internal error. and also, it deleted all my users in the cms(thank god I did a backup).

In conclusion it didnt really work at all......

[Patrick]

wow, it didn't work for me at all. when I click the settings or profile in cms it shows internal error. and also, it deleted all my users in the cms(thank god I did a backup).

In conclusion it didnt really work at all......

I need more details (you didn't provide any really).

For example, this hack worked well for me on new (non-upgraded / non-modified installs) of IPB 2.1x and e107 0.7.5 .

a) What version of e107 are you using? Was that version originally installed or did you upgrade to that version? Have you made any modifications, particularly to the files that had to be chmod?
b) All of the same questions for (a) but instead of e107, answer them for IPB.
c) What was the output of the script when it started to combine members? Were there any errors? Did you see the various usernames of the members that were being removed?
d) Were there any errors during the install process? Were there any text errors in the hack itself?
e) Did you confirm that the script made changes to the files it asked to chmod (search for "ep-dev.com" in the files)?
f) Did you select the correct e107 version during the hack install process? Did you select the correct IPB version during the install process? Did you confirm that the details for the database(s) are correct?

This hack will never make it out of beta and I will never be able to fix any potential errors if I can't get that type of information.

As for specifics to your problems:
What is the setup that you are running (i.e. site.com => e107, site.com/forum => IPB)? Currently the hack will only work in similar setups to the above on some webservers due to php safe mode or directory restrictions, particularly when the forum exists on a separate subdomain site (i.e. forum absolute path is outside of e107 absolute path).

Also, the script's intent is to delete your CMS users. It deletes your CMS users (with the exception of administrator accounts). Then it creates new CMS user accounts for your forum members. This is the only way to ensure that overlapping CMS users are not a problem (especially for security).

[Raul_Fury]

ok here are the answers, and I'm sorry for not explaining myself before..


a) What version of e107 are you using? Was that version originally installed or did you upgrade to that version? Have you made any modifications, particularly to the files that had to be chmod?I'm using IPB version 1.3, and e107 is 0.7.5.
I freshly installed not upgraded. I have made no modifications to anyfile in e107 or in IPB. I did chmod all the files needed


b) All of the same questions for (a) but instead of e107, answer them for IPB.
All answered in A.

c) What was the output of the script when it started to combine members? Were there any errors? Did you see the various usernames of the members that were being removed?When I installed it told me no errors at all. Yes it told me the usernames erasing and my name skipped because I was Admin of course.

d) Were there any errors during the install process? Were there any text errors in the hack itself?no, nothing of that kind.

e) Did you confirm that the script made changes to the files it asked to chmod (search for "ep-dev.com" in the files)?Yes, it told me it modified it.

f) Did you select the correct e107 version during the hack install process? Did you select the correct IPB version during the install process? Did you confirm that the details for the database(s) are correct?Yes, I choose the correct software versions. Yes, I confirmed everything.

and to your last question there, I know what it was supposed to do, but it didnt do that, it DID erase my cms users but didnt put any users on the forums.

In conclusion-I'm sorry I didn't explain myself before.
And I hope you can fix this and I'll see if it was my fault.

[Raul_Fury]

and I also forgot to mention, but when I uninstalled, I dont think it did it correctly, because I had to overwrite the files it modified with my original file, but I still can't logout.
I havent asked my member to see if they can logout but I'll see now.

[Patrick]

and I also forgot to mention, but when I uninstalled, I dont think it did it correctly, because I had to overwrite the files it modified with my original file, but I still can't logout.
I havent asked my member to see if they can logout but I'll see now.

When the uninstall doesn't work that is a good sign that the modifications were not successful when originally installed. Please note that the script does not confirm modifications but rather just spits out its attempts during install process.

I will try with a fresh install of IPB 1.3x and see what happens. However, I think it is important to tell you that IPB 1.3x has many, many holes in it that will eventually lead to your forum being destroyed by a script kiddie.

[Raul_Fury]

Well anywayz, I'm going to change to php-nuke, e107 doesnt seem to be popular anymore....and php-nuke has way more mods and themes.

well thanks a lot for your assistance and good luck on the script

[Patrick]

Well anywayz, I'm going to change to php-nuke, e107 doesnt seem to be popular anymore....and php-nuke has way more mods and themes.

well thanks a lot for your assistance and good luck on the script

I am not going to try IPB 1.3x for several reasons. First it doesn't work with mysql 5.x and I do not feel like downgrading. Second, it has major security holes that allow total administrative access with readily available tools on the internet (some of them as simple as putting in the URL of a forum and the user id of an admin).

I think I will be officially dropping support for IPB 1.3x because of this, but I may consider picking up support of another forum script.