PunBB Resource

Your ultimate PunBB resource!

Keywords:

    (Extended)

You are not logged in.

#101 2009-04-16 04:22:31

doki
Member
Registered: 2007-04-30
Posts: 225

Re: Private Messaging System 1.2.x 1.2.3

@robert.szucs --- How to correct this bugs?

Offline

 

#102 2009-04-16 07:06:17

MattF
Member
From: South Yorkshire, England
Registered: 2007-03-16
Posts: 415

Re: Private Messaging System 1.2.x 1.2.3

Change this part:

Code:

$result = $db->query('SELECT posted FROM '.$db->prefix.'messages ORDER BY id DESC LIMIT 1')

to:


Code:

$result = $db->query('SELECT posted FROM '.$db->prefix.'messages WHERE sender_id='.$pun_user['id'].' ORDER BY id DESC LIMIT 1')

For the other problem, there should be an update in one of the threads for this mod either on here or punbb.org. I know I posted it somewhere. big_smile


Nice catch by the way, Robert. smile

Last edited by MattF (2009-04-16 07:08:09)

Offline

 

#103 2009-04-17 02:47:10

doki
Member
Registered: 2007-04-30
Posts: 225

Re: Private Messaging System 1.2.x 1.2.3

Thanks MattF .... I'll try to search it and post here what i've found

Offline

 

#104 2009-04-18 19:02:42

Koos
Administrator
Registered: 2007-01-14
Posts: 524
Website

Re: Private Messaging System 1.2.x 1.2.3

doki wrote:

Thanks MattF .... I'll try to search it and post here what i've found

Here it is:

http://www.punres.net/viewtopic.php?pid=20697#p20697

Basically all you have to do is:

Code:

#
#---------[ 1. OPEN ]--------------------------------------------------------
#

message_send.php


#
#---------[ 2. FIND (line: 90) ]---------------------------------------------
#

            $result = $db->query('SELECT count(*) FROM '.$db->prefix.'messages WHERE owner='.$id) or error('Unable to get message count for the receiver', __FILE__, __LINE__, $db->error());
            list($count) = $db->fetch_row($result);
            if($count >= $pun_user['g_pm_limit'])
                message($lang_pms['Inbox full']);


#
#---------[ 3. REPLACE WITH ]------------------------------------------------
#

            // Check receiver's box
            $result = $db->query('SELECT g_pm_limit FROM '.$db->prefix.'groups WHERE g_id='.$status) or error('Unable to get group PM limit', __FILE__, __LINE__, $db->error());
            list($limit) = $db->fetch_row($result);
            $result = $db->query('SELECT count(*) FROM '.$db->prefix.'messages WHERE owner='.$id) or error('Unable to get message count of the receiver', __FILE__, __LINE__, $db->error());
            list($count) = $db->fetch_row($result);
            if ($count >= $limit && $status > PUN_ADMIN)
                message($lang_pms['Inbox full']);

Last edited by Koos (2009-04-20 17:43:06)

Offline

 

#105 2009-04-18 23:49:00

doki
Member
Registered: 2007-04-30
Posts: 225

Re: Private Messaging System 1.2.x 1.2.3

Your help is appreciated koos ... Thanks a lot

Offline

 

#106 2009-04-20 17:50:07

Koos
Administrator
Registered: 2007-01-14
Posts: 524
Website

Re: Private Messaging System 1.2.x 1.2.3

I've updated my post above. There was a small change I had to make.

Offline

 

#107 2009-05-10 17:40:50

Koos
Administrator
Registered: 2007-01-14
Posts: 524
Website

Re: Private Messaging System 1.2.x 1.2.3

Private Messaging System 1.2.4c (2009-07-02)

The Private Messaging Mod must be the most popular mod for punbb 1.2, yet the latest version still contains many bugs and some vulnerabilities. While I was working on my own modifications to this mod (to allow users to create private message folders), I encountered and fixed many of these bugs and vulnerabilities. Since I was not able to get hold of the author of this mod, I am releasing an unofficial update of this mod here.

## CHANGELOG:

## v1.2.4c   :
1. Made compatible with Fluxbb 1.4

2. Replaced all addslashes with $db->escape

3. install_mod.php script now also works in PostgreSQL and SQLite

## v1.2.4b   :
1. Use lang file for all text in message_list.php, e.g.:
<th >Delete</th>
should be:
<th><?php echo $lang_pms['Delete'] ?></th>

2. Lang correction in message_list.php:

if ($pun_user['is_guest'])
    message($lang_common['Login required']);

should be

if ($pun_user['is_guest'])
    message($lang_common['Not logged in']);

(there is no 'Login required' lang entry in /lang/[Your language]/common.php)

3. Messages header and footer links now look like this:

Index » Private Messages » Inbox
instead of:
My board title » Private Messages » Inbox
   

4. Some changes in the readme.txt install instructions.

5. Some other minor changes.

## v1.2.4a   :
1. Multiple replies of PM's causes long subject lines:
RE: RE: RE: ...

Fix:
http://www.punres.net/viewtopic.php?pid=19466#p19466

2. Flood protection bug mentioned here:
http://www.punres.net/viewtopic.php?pid=25531#p25531

Fix based on:
http://www.punres.net/viewtopic.php?pid=25533#p25533

3. Receiver message status bug mentioned here:
http://www.punres.net/viewtopic.php?pid=25530#p25530

Fix based on:
http://www.punres.net/viewtopic.php?pid=20697#p20697

4. Security fix:
http://www.punres.net/viewtopic.php?pid=25488#p25488

5.
In include/pms/header_new_messages.php

$pun_config['o_pms_messages']

should be:

$pun_config['o_pms_enabled']

6. Security fix when deleting multiple messages in message_list.php

Fix based on:
http://www.punres.net/viewtopic.php?pid=22438#p22438

Details:

Find:
        // Delete messages

Before, add:

        if (@preg_match('/[^0-9,]/', $_POST['messages']))
            message($lang_common['Bad request']);


7. Made style changes to prevent overlapping of boxes in some stylesheets
e.g. overlapping when you modify style/Oxygen.css
from:
.pun {FONT-SIZE: 11px; LINE-HEIGHT: normal}
to:
.pun {FONT-SIZE: 12px; LINE-HEIGHT: normal}

Also fixed the style issue mentioned here:
http://punbb.informer.com/forums/post/73846/#p73846


8. There is no message limit for moderators, even though one can set a limit for moderators in the admin cp. Fixed.

9. Message box status not being displayed for moderators. Fixed.

10. If message box is full, messages that you are sending can still be saved in the Sent folder when sending the message to an administrator or moderator. Fixed.

Details:
in message_send.php
replace:
if($pun_user['g_pm_limit'] != 0 && $pun_user['g_id'] > PUN_GUEST && $status > PUN_GUEST)
with:
if ($pun_user['g_pm_limit'] != 0 && $pun_user['g_id'] > PUN_ADMIN)


11. In PM admin cp:
"This is the number of messages each user is allowed in their inbox."
should be:
"This is the number of messages users in this group are allowed to store. Set to 0 to allow unlimited messages."
(messages in the 'Sent' folder are also counted, not just messages in the 'Inbox')


12. Setting a usergroup's message limit to 0 gives that usergroup unlimited storage space for messages, but the "Your inbox is full!" message is still displayed in the header. Fixed.

Details:
In header_new_messages.php, replace:
if ($pun_config['o_pms_enabled'] != 0 && $pun_user['g_id'] > PUN_ADMIN)
with:
if ($pun_config['o_pms_enabled'] != 0 && $pun_user['g_pm_limit'] != 0 && $pun_user['g_id'] > PUN_ADMIN)


13. Fixed the PunBB (Private Messaging System 1.2.x) Multiple LFI Exploit exploit, as posted by athos at milw0rm here:
http://www.milw0rm.com/exploits/7159

Dante90 mentioned the same exploit at punbb.org here:
http://punbb.informer.com/forums/topic/ … i-exploit/

I even contacted the guy who discovered the exploit (athos) and asked him to test this update (v1.2.4) and see if the vulnerability is still present. I then got a reply back from him saying v1.2.4 fixed the exploit successfully.


14. Several other minor changes, e.g. spelling corrections, intval() instead of (int), rearrange code brackets etc.


Download Private Message Mod 1.2.4c

Upgrade instructions is included in the archive.

Last edited by Koos (2009-09-11 16:18:43)

Offline

 

#108 2009-05-11 16:47:39

Pame
Member
Registered: 2009-03-26
Posts: 19

Re: Private Messaging System 1.2.x 1.2.3

Big up!! for these various up-dates ;-)) Thanks a lot... Koos a new time for your great work

PS: test in progress with FluxBB 1.2.21 (php4, mysql5)

Offline

 

#109 2009-05-12 19:15:41

doki
Member
Registered: 2007-04-30
Posts: 225

Re: Private Messaging System 1.2.x 1.2.3

Thanks koos for compiling all the fix on this mod... By the way do you have plans to release "private message folders mod" for this mod? smile
Mod within the mod... smile

Offline

 

#110 2009-05-12 19:32:28

Koos
Administrator
Registered: 2007-01-14
Posts: 524
Website

Re: Private Messaging System 1.2.x 1.2.3

doki wrote:

By the way do you have plans to release "private message folders mod" for this mod?

Sure, will release it here on punres some time soon.

Offline

 

#111 2009-05-21 18:23:38

tusherdcc
Member
Registered: 2007-09-26
Posts: 10

Re: Private Messaging System 1.2.x 1.2.3

thanks for the new mod(1.2.4a). It works on 1.2.21 for me.

Offline

 

#112 2009-06-07 17:20:05

Koos
Administrator
Registered: 2007-01-14
Posts: 524
Website

Re: Private Messaging System 1.2.x 1.2.3

Private Messaging System 1.2.4b now available for download. See the changelog for all the new changes.

Offline

 

#113 2009-06-09 04:24:42

joe.banana
Member
From: ph
Registered: 2009-05-15
Posts: 30
Website

Re: Private Messaging System 1.2.x 1.2.3

Thanks a lot Koos for updating this one.. smile

Offline

 

#114 2009-06-11 18:55:31

MattF
Member
From: South Yorkshire, England
Registered: 2007-03-16
Posts: 415

Re: Private Messaging System 1.2.x 1.2.3

Koos. I meant to mention before and forgot. I wrote a script for my setup a while ago for exporting messages to a text flatfile on the users machine. Any chance you may want a copy to backport to this mod? Just thought it may make another possibly useful addition. smile

Last edited by MattF (2009-06-11 18:56:08)

Offline

 

#115 2009-06-11 21:53:56

Koos
Administrator
Registered: 2007-01-14
Posts: 524
Website

Re: Private Messaging System 1.2.x 1.2.3

Sure, I can possibly add it in a future version of my pm folders add-on mod.

Last edited by Koos (2009-06-30 20:50:44)

Offline

 

#116 2009-06-11 22:39:51

MattF
Member
From: South Yorkshire, England
Registered: 2007-03-16
Posts: 415

Re: Private Messaging System 1.2.x 1.2.3

I believe I've put everything, (other than the langfile array syntax), back into standard Pun/Flux syntax. Best to double check it just incase though. big_smile It's only a small script. Doesn't do any fancy features. Just exports all messages from the current box being displayed and prompts the user to save the textfile.

http://outgoing.bauchan.org/unix/message_export.txt

I've put all of the relevant code in that one file. If any of my descriptions are a tad vague, just give me a shout. big_smile

Offline

 

#117 2009-06-30 16:28:57

saxamo
New member
Registered: 2009-06-25
Posts: 4

Re: Private Messaging System 1.2.x 1.2.3

Hello there,

So nice to see people doing something cause they WANT too.  I was wondering if this mod would work well with 1.4b FluxBB?  I was also wondering how when a new version of Flux or Pun comes out, how do we upgrade the actual forums and not trash everything you need to change for the pm's?  I guess there is not a one click button and the mod installs itself like some other software's out there?  Just curious.. I don't mind doing the mods.. I just don't like doing them over and over and over and over.. If I give this to my forum then I have to keep up with it.  Hmmmmmm.

You know I always wanted to know how you guys do security checking?  How do you know if something you write will open doors to hackers later.  How do you deal with exploits?

Offline

 

#118 2009-07-02 23:54:31

Koos
Administrator
Registered: 2007-01-14
Posts: 524
Website

Re: Private Messaging System 1.2.x 1.2.3

Hi saxamo, I've updated my unofficial update of this mod to work in fluxbb 1.4:

Private Messaging System 1.2.4c now available for download.

saxamo wrote:

I was also wondering how when a new version of Flux or Pun comes out, how do we upgrade the actual forums and not trash everything you need to change for the pm's?

It won't be an issue. The pm mod only requires some minor modifications to existing files.

Offline

 

#119 2009-07-06 13:26:45

bgiddins
Member
Registered: 2009-07-06
Posts: 11

Re: Private Messaging System 1.2.x 1.2.3

I'm currently using Private_Message_Mod-1.2.4b (big thanks to the authors, and Koos for this update) on FluxBB 1.2.21, and am about to roll it out on a legacy PunBB 1.2.11 site (I know, I need to patch it!). Here's two mod requests for possible inclusion in a future version:

1. Encrypted message contents in database
2. Popup notification of new message

I've seen a lot of requests for email notifications, not sure it's worth repeating that request smile

One of my forums is a discussion site for precious metals - some of the users won't be interested in using the PM system for discussing buy/sell trades because of the lack of perceived privacy - if message contents were encrypted in the database it would add a little overhead at save & read time, but at least they wouldn't be exposed to me as an administrator inadvertantly seeing message contents while doing database backups etc.

A notification system is also needed - I would prefer a popup, but email would work too.

It's a great mod that adds a must-have feature to PunBB & FluxBB.

Offline

 

#120 2009-07-06 13:56:50

saxamo
New member
Registered: 2009-06-25
Posts: 4

Re: Private Messaging System 1.2.x 1.2.3

Hello there.. Thanks Koos!  Appreciate the time you put in..

Can anyone post an image of what this looks like in their forums?  or provide a link to some forums I can log in and see for myself? Is it true that there are no email notifications?  I don't really care about the popups.. I mean it is nice to have if you don't happen to look over at your inbox or whatever is there, but email notifications would be a great addition to this amazing MOD.

If anyone has any forums that implement this mod, please let me know a link.  Thanks!  I wanna see it in action..

Kind regards,
Saxamo

http://www.saxamo.com

Offline

 

#121 2009-07-06 14:00:40

bgiddins
Member
Registered: 2009-07-06
Posts: 11

Re: Private Messaging System 1.2.x 1.2.3

<deleted> has 1.2.4b - that's FluxBB 1.2.21

Feel free to message me at that forum to test.

Last edited by bgiddins (2009-08-29 13:31:23)

Offline

 

#122 2009-07-06 15:49:24

saxamo
New member
Registered: 2009-06-25
Posts: 4

Re: Private Messaging System 1.2.x 1.2.3

Thanks for that information bgiddins..

Koos, just wondering if you might have seen this post and the problem with logging out once the PM mod was added

http://fluxbb.org/forums/topic/2793/cannot-log-out/

Not sure if it applies but figured I would throw it out there..

Thanks

Kind regards,
Saxamo

http://www.saxamo.com

Offline

 

#123 2009-07-06 23:27:45

Koos
Administrator
Registered: 2007-01-14
Posts: 524
Website

Re: Private Messaging System 1.2.x 1.2.3

bgiddins wrote:

Encrypted message contents in database

I'll see if I can put something together for you when I get a chance.

bgiddins wrote:

I've seen a lot of requests for email notifications, not sure it's worth repeating that request smile

I've recently created and add-on to this mod which gives users to option to receive pm e-mail notifications. You can download it here.

Offline

 

#124 2009-07-06 23:28:51

Koos
Administrator
Registered: 2007-01-14
Posts: 524
Website

Re: Private Messaging System 1.2.x 1.2.3

saxamo wrote:

Koos, just wondering if you might have seen this post and the problem with logging out once the PM mod was added

http://fluxbb.org/forums/topic/2793/cannot-log-out/

Not sure if it applies but figured I would throw it out there..

You won't get this problem when installing my v1.2.4 update. It uses a better way of inserting the 'Messages' link in the navigation menu.

Offline

 

#125 2009-07-07 01:07:58

bgiddins
Member
Registered: 2009-07-06
Posts: 11

Re: Private Messaging System 1.2.x 1.2.3

Koos wrote:

I've recently created and add-on to this mod which gives users to option to receive pm e-mail notifications. You can download it here.

Fantastic!

Thanks - that was a breeze to implement. I did notice that I receive multiple email notifications between logins, and the email text indicates only a single notification will come ("You may have additional new private messages, but this is the only notification you will receive until you visit the forum again."). Are the multiple emails a bug?

cheers

Last edited by bgiddins (2009-07-07 01:17:26)

Offline

 

Board footer

Based on PunBB
© Copyright 2002–2005 Rickard Andersson

© Copyright 2004–2006 Kristoffer Jansson

User contributed files are property of their respective owners.