MyBB Hacks

Full Version: Admin Can Login as Any User
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7 8 9
(11-11-2012 07:54 PM)MyBB Ghost Wrote: [ -> ]
(08-24-2010 08:59 AM)ZiNgA BuRgA Wrote: [ -> ]Yes, you have to be very explicit when you say these things, or I won't be able to figure out what you want exactly.

If you want to exclude users to be hijackable, don't do the edit I said earlier, instead, find both instances:

PHP Code:
if(!$user) error('Invalid UserID supplied.');

for both, add after:

PHP Code:
if(in_array($user['uid'], array(1,2,3))) error('Cannot log in / clear key of this user.');


The link will still appear, but won't work.


Where would I put that code in here?

PHP Code:
<?php

if(!defined("IN_MYBB"))
	die("This file cannot be accessed directly.");

$plugins->add_hook('member_login', 'admhijack_login');
$plugins->add_hook('member_logout_start', 'admhijack_logout');
$plugins->add_hook('member_profile_end', 'admhijack_profile');

function admhijack_info()
{
	return array(
		'name'			=> 'Admins can log into Users\' accounts',
		'description'	=> 'Allows admins to log into another user\'s account via their profile, and quickly swap back to their account via the Logout link.',
		'website'		=> 'http://mybbhacks.zingaburga.com/',
		'author'		=> 'ZiNgA BuRgA',
		'authorsite'	=> 'http://zingaburga.com/',
		'version'		=> '1.2',
		'compatibility'	=> '1*',
		'guid'			=> '8a4c3db281e87508c50386874e650297'
	);
}

function admhijack_login()
{
	global $mybb;
	if(($mybb->usergroup['cancp'] != 'yes' && $mybb->usergroup['cancp'] != 1) || $mybb->input['do'] != 'hijack' || !$mybb->input['uid'])
		return;
	
	verify_post_check($mybb->input['my_post_key']);
	$user = get_user(intval($mybb->input['uid']));
	if(!$user) error('Invalid UserID supplied.');
	my_setcookie('mybbadminuser', $mybb->user['uid'].'_'.$mybb->user['loginkey'], null, true);
	my_setcookie('mybbuser', $user['uid'].'_'.$user['loginkey'], null, true);
	redirect('index.php', 'You have successfully logged in as '.htmlspecialchars_uni($user['username']).'<br />You will be redirected to the forum index...');
	exit;
}

function admhijack_logout()
{
	global $mybb, $lang;
	
	if(($mybb->usergroup['cancp'] == 'yes' || $mybb->usergroup['cancp'] == 1) && $mybb->input['do'] == 'regenkey' && $mybb->input['uid'])
	{
		verify_post_check($mybb->input['my_post_key']);
		$user = get_user(intval($mybb->input['uid']));
		if(!$user) error('Invalid UserID supplied.');
		update_loginkey($user['uid']);
		redirect('member.php?action=profile&uid='.$user['uid'], 'You have successfully forced the selected user to log out.');
		exit;
	}
	
	if($mybb->version_code >= 1400)
		$cookies =& $mybb->cookies;
	else
		$cookies =& $_COOKIE;
	
	if(!$cookies['mybbadminuser'])
		return;
	
	if(!$mybb->user['uid'])
		redirect('index.php', $lang->redirect_alreadyloggedout);
	// Check session ID if we have one
	if($mybb->input['sid'] && $mybb->input['sid'] != $session->sid)
		error($lang->error_notloggedout);
	// Otherwise, check logoutkey
	else if(!$mybb->input['sid'] && $mybb->input['logoutkey'] != $mybb->user['logoutkey'])
		error($lang->error_notloggedout);
	my_setcookie('mybbuser', $cookies['mybbadminuser'], null, true);
	my_unsetcookie('mybbadminuser');
	
	redirect('member.php?action=profile&uid='.$mybb->user['uid'], 'You have logged out of the hijacked account and will be logged back in to your admin account.');
	exit;
}

function admhijack_profile()
{
	global $templates, $mybb;
	if($mybb->usergroup['cancp'] != 'yes' && $mybb->usergroup['cancp'] != 1)
		return;
	
	if(!$templates->cache['member_profile'])
		$templates->cache('member_profile');
	
	$templates->cache['member_profile'] = str_replace('{$modoptions}','{$modoptions}<br /><table border="0" cellspacing="{$theme[\'borderwidth\']}" cellpadding="{$theme[\'tablespace\']}" width="100%" class="tborder">
<tr>
<td colspan="2" class="thead"><strong>Admin Options</strong></td>
</tr>
<tr>
<td class="trow1">
<ul>
<li><a href="{$mybb->settings[\'bburl\']}/member.php?action=login&amp;do=hijack&amp;uid={$uid}&amp;my_post_key={$mybb->post_code}">Log in as this user</a></li>
<li><a href="{$mybb->settings[\'bburl\']}/member.php?action=logout&amp;do=regenkey&amp;uid={$uid}&amp;my_post_key={$mybb->post_code}">Force this user to log out (if logged in)</a></li>
</ul>
</td>
</tr>
</table>',$templates->cache['member_profile']);
}

?>


(11-12-2012 12:02 PM)ZiNgA BuRgA Wrote: [ -> ]Where you were directed to put the code.

Which is where?
In fairyland!
Come on bro, just put the code in so I won't get hacked.
(11-13-2012 10:52 AM)MyBB Ghost Wrote: [ -> ]Come on bro, just put the code in so I won't get hacked.

Reread the bolded parts. Wink

(08-24-2010 08:59 AM)ZiNgA BuRgA Wrote: [ -> ]Yes, you have to be very explicit when you say these things, or I won't be able to figure out what you want exactly.

If you want to exclude users to be hijackable, don't do the edit I said earlier, instead, find both instances:

PHP Code:
if(!$user) error('Invalid UserID supplied.');

for both, add after:

PHP Code:
if(in_array($user['uid'], array(1,2,3))) error('Cannot log in / clear key of this user.');


The link will still appear, but won't work.

Aww, someone had to ruin the fun Frown

But he'll be back asking to be spoonfed, nevertheless.
(11-13-2012 02:08 PM)ZiNgA BuRgA Wrote: [ -> ]Aww, someone had to ruin the fun Frown

But he'll be back asking to be spoonfed, nevertheless.

No, but anyways, how do you block other admins from force logging you out.
Are you the ghost of Aastra?  Seabody just told you

(11-13-2012 01:08 PM)Seabody Wrote: [ -> ]
(11-13-2012 10:52 AM)MyBB Ghost Wrote: [ -> ]Come on bro, just put the code in so I won't get hacked.

Reread the bolded parts. Wink

(08-24-2010 08:59 AM)ZiNgA BuRgA Wrote: [ -> ]Yes, you have to be very explicit when you say these things, or I won't be able to figure out what you want exactly.

If you want to exclude users to be hijackable, don't do the edit I said earlier, instead, find both instances:

PHP Code:
if(!$user) error('Invalid UserID supplied.');

for both, add after:

PHP Code:
if(in_array($user['uid'], array(1,2,3))) error('Cannot log in / clear key of this user.');


The link will still appear, but won't work.






The choo choo train is coming to the tunnel.
(11-25-2012 12:16 PM)leefish Wrote: [ -> ]Are you the ghost of Aastra?  Seabody just told you

(11-13-2012 01:08 PM)Seabody Wrote: [ -> ]
(11-13-2012 10:52 AM)MyBB Ghost Wrote: [ -> ]Come on bro, just put the code in so I won't get hacked.

Reread the bolded parts. Wink

(08-24-2010 08:59 AM)ZiNgA BuRgA Wrote: [ -> ]Yes, you have to be very explicit when you say these things, or I won't be able to figure out what you want exactly.

If you want to exclude users to be hijackable, don't do the edit I said earlier, instead, find both instances:

PHP Code:
if(!$user) error('Invalid UserID supplied.');

for both, add after:

PHP Code:
if(in_array($user['uid'], array(1,2,3))) error('Cannot log in / clear key of this user.');


The link will still appear, but won't work.






The choo choo train is coming to the tunnel.

No, and that's for not logging in, with that code other admins can't log in as you, but they can force to log you out.
Tell em that the next asshat who forcibly logs you out gets demoted.
thanks for the plugin!!!
Pages: 1 2 3 4 5 6 7 8 9
Reference URL's