Bravo List - CodeX Installer v4

Bravo List (http://www.bvlist.com/index.php)

- Downloads (http://www.bvlist.com/forumdisplay.php?f=16)

- - CodeX Installer v4 (http://www.bvlist.com/showthread.php?t=1203)

I suggest that you join their demo site if you want to keep up with what is going on!

Link is in first post.

yeah well if i do that i must (unfurtanally) make a registration,(again)
i dont know how its with u but i have 285 sites that i'm currently regged on, round about..

Register again?? for a changelog??
knock it off will ya...

Never said there was a changelog on their! But there are some bug fixes etc...

I am Not speak English proficiently

I am Sorry

I am Not speak English proficiently

I have problam

When I install finish [Tbdev Official Modded Version By Big Joos (BETA) Includes Installer ]

I can't login this page by user: installer pass : codeman
and user : Admin pass : xxx
http://img194.imageshack.us/img194/170/001r.th.gif

I muddled on Setup .php files

I see readme.txt

What is disable hot-linking ?

I don't have secrets.php in include folder

I hope, I do not cause nuisance

Thanks.

owner account error

I've almost installed this engine.
I created my account, but when I want to login, it's impossible because:
Please enter password to access this page

Incorrect password.

What's wrong?:muscle:

Quote:

Originally Posted by Bigjoos (Post 10790)

If you get a bit code in the installer causing issue replace it with default code from 01.01.08 , thats the core of the installer - If your getting issues and dont understand how to work with the maxcoder function then comment the function out on bittorrent.php and then comment out all the

Code:

maxcoder():

Thats on every file and thats it job done no more banned for unauthorized staff :)

Hello, I would like to keep this function in for security, however is it at all possible you can inform me on what to edit in the maxcoder.php or bittorrent.php to stop the banning.

I have added all the relevant nicks into the maxcoder page which was written to staff names and id successfully and saved, but still I get the error.

I have tried to comment the whole block the function calls for in bittorrent.php and took the maxcoder file out of the picture. All i get is a white page.

BTW this code rocks :)

Some advice for a relative n00b would be great tyvm in advance.

swizzles

Linux or windows ? - Default userclasses or added anymore ? - As the function looks for your minimum staff class and also covers the max class on the site which prevents account hijack to super class or staff period if not authorized, which will be 4 and 7 on the default release which you set on bittorrent.php - If its saving those changes and you have the usernames for max class and userid's for under max class only then the system should work perfectly - The function can be changed - the ip ban can be removed from it by commenting it out and the disablement could be changed to a warning only by changing the query - Post the block if you dont understand the changes needed or even better join my test server - Fynnon posted the url few pages back - from there we can help you better and you learn more about the source direct from me.

Quote:

Originally Posted by Bigjoos (Post 11865)

Sorry, Its Linux, and ty for your prompt answer. I will attempt to interpret the code:

PHP Code:


		
			
function maxcoder ()
{
    global $CURUSER;
    $lmaxclass = 7;
    $filename = ROOT_PATH . "settings/STAFFNAMES";
    $filename2 = ROOT_PATH . "settings/STAFFIDS";
    if ($CURUSER['class'] >= $lmaxclass) {
        $fp = fopen($filename, 'r');
        while (!feof($fp)) {
            $staffnames = fgets($fp);
            $results = explode(' ', $staffnames);
        }
        $added = sqlesc(get_date_time());
        if (!in_array($CURUSER['username'], $results, true)) { // /////== true for strict comparison - super class detection .. not in array = disable the fuckers and ban the ip
            sql_query("UPDATE users set enabled='no' WHERE id=$CURUSER[id]");
            $ban_ip = sqlesc(trim(ip2long($_SERVER['REMOTE_ADDR'])));
            $comment = sqlesc('Super User Hack Attempt');
            $added = sqlesc(get_date_time());
            sql_query("INSERT INTO bans (added, addedby, first, last, comment) VALUES ($added, '0', $ban_ip, $ban_ip, $comment)") or sqlerr(__FILE__, __LINE__);
            $subject = sqlesc("Alert Super User Has been Detected");
            $body = sqlesc("User " . $CURUSER["username"] . " has attempted to hack the tracker using a super class - the account has been disabled");
            auto_post($subject , $body);
            $msg = "Hack Attempt Detected - now go to ip bans in staff tools and cache the ban : Username: " . $CURUSER["username"] . " - UserID: " . $CURUSER["id"] . " - UserIP : " . getip();
            sql_query("INSERT INTO messages (poster, sender, receiver, added, subject, msg) VALUES(0, 0, '1', '" . get_date_time() . "', " . $subject . " , " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__);
            write_log($msg);
            fclose($fp);
            stderr("Access Denied!", "Ha Ha you retard - Did you honestly think you could pull that one off !");
        }
        fclose($fp);
    }
    define ('UC_STAFF', 4); ///////== Minumum Staff Level (4=UC_MODERATOR)
    if ($CURUSER['class'] >= UC_STAFF) {
        $fp2 = fopen($filename2, 'r');
        while (!feof($fp2)) {
            $staffids = fgets($fp2);
            $results2 = explode(' ', $staffids);
        }
        if (!in_array($CURUSER['id'], $results2, true)) { // ////== true for strict comparison if there not in the array disable the fuckers and ban the ip :)
            sql_query("UPDATE users set enabled='no' WHERE id=$CURUSER[id]");
            $ban_ip = sqlesc(trim(ip2long($_SERVER['REMOTE_ADDR'])));
            $comment = sqlesc('Unauthorized Staff Account Hack');
            $added = sqlesc(get_date_time());
            sql_query("INSERT INTO bans (added, addedby, first, last, comment) VALUES ($added, '0', $ban_ip, $ban_ip, $comment)") or sqlerr(__FILE__, __LINE__);
            $subject = sqlesc("Staff Account Hack Detected");
            $body = sqlesc("User " . $CURUSER["username"] . " has attempted to hack the tracker using an unauthorized account- the account has been disabled");
            auto_post($subject , $body);
            $msg = "Fake Account Detected now go to ip bans in staff tools and cache the ban : Username: " . $CURUSER["username"] . " - UserID: " . $CURUSER["id"] . " - UserIP : " . getip();
            sql_query("INSERT INTO messages (poster, sender, receiver, added, subject, msg) VALUES(0, 0, '1', '" . get_date_time() . "', " . $subject . " , " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__);
            write_log($msg);
            fclose($fp2);
            stderr("Access Denied!", "Sorry but your not an authorized staff member - nice try your banned !");
        }
        fclose($fp2);
    }
    return true;
}

I know the next function called is if you try to login it'll issue the

Code:

403 ForbiddenUnauthorized IP address.

if the above is followed:

From what you are saying the function is still in default, so in theory it should work, however its still banning any user that gets promoted. My staff are logging as users and its when i try to promote that causes the problem. I have tried to change it in the Sql DB, but this as I suspected was also picked up as a hack..lol

Can you tell me whats needed, and yes i will join the test site ty.

swizzles

PHP Code:


		
			
function maxcoder ()
{
    global $CURUSER;
    $lmaxclass = 7;
    $filename = ROOT_PATH . "settings/STAFFNAMES";
    $filename2 = ROOT_PATH . "settings/STAFFIDS";
    if ($CURUSER['class'] >= $lmaxclass) {
        $fp = fopen($filename, 'r');
        while (!feof($fp)) {
            $staffnames = fgets($fp);
            $results = explode(' ', $staffnames);
        }
        $added = sqlesc(get_date_time());
        if (!in_array($CURUSER['username'], $results, true)) { // /////== true for strict comparison - super class detection .. not in array = warning issued ?
            sql_query("UPDATE users set warned='yes' WHERE id=$CURUSER[id]");
            $subject = sqlesc("Alert Super User Has been Detected");
            $body = sqlesc("User " . $CURUSER["username"] . " has attempted to hack the tracker using a super class - the account has been disabled");
            auto_post($subject , $body);
            $msg = "Hack Attempt Detected - Member has been warned : Username: " . $CURUSER["username"] . " - UserID: " . $CURUSER["id"] . " - UserIP : " . getip();
            sql_query("INSERT INTO messages (poster, sender, receiver, added, subject, msg) VALUES(0, 0, '1', '" . get_date_time() . "', " . $subject . " , " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__);
            write_log($msg);
            fclose($fp);
            stderr("Access Denied!", "Ha Ha  - Did you honestly think you could pull that one off !");
        }
        fclose($fp);
    }
    define ('UC_STAFF', 4); ///////== Minumum Staff Level (4=UC_MODERATOR)
    if ($CURUSER['class'] >= UC_STAFF) {
        $fp2 = fopen($filename2, 'r');
        while (!feof($fp2)) {
            $staffids = fgets($fp2);
            $results2 = explode(' ', $staffids);
        }
        if (!in_array($CURUSER['id'], $results2, true)) { // ////== true for strict comparison if there not in the array disable the fuckers and ban the ip :)
            sql_query("UPDATE users set warned='yes' WHERE id=$CURUSER[id]");
            $subject = sqlesc("Staff Account Hack Detected");
            $body = sqlesc("User " . $CURUSER["username"] . " has attempted to hack the tracker using an unauthorized account- the account has been disabled");
            auto_post($subject , $body);
            $msg = "Fake Account Detected - User warned : Username: " . $CURUSER["username"] . " - UserID: " . $CURUSER["id"] . " - UserIP : " . getip();
            sql_query("INSERT INTO messages (poster, sender, receiver, added, subject, msg) VALUES(0, 0, '1', '" . get_date_time() . "', " . $subject . " , " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__);
            write_log($msg);
            fclose($fp2);
            stderr("Access Denied!", "Sorry but your not an authorized staff member - nice try your banned !");
        }
        fclose($fp2);
    }
    return true;
}

Thats it altered now - querys i changed disabled = yes to warned = yes - I have removed the ip ban function from it, easy added back though its only a few lines you can see from comparing both blocks - Remember if any staff have fallen foul of it you need to delete those entrys from the bans table - See when it saves - if you refresh your page after the save using the refresh link does it show the new additions ?

upload files after 500 da internet service that can to do?