Software: Apache. PHP/5.5.15 uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 SYSTEM Safe-mode: OFF (not secure) C:\Intranet\C\xampp\htdocs\phpbb\ drwxrwxrwx |
Viewing file: readme.txt (6.35 KB) -rw-rw-rw- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) | I setup the hack so that only registered users would see the upload entry on the forms used to post. Also note, the hack requires that a directory be world writeable, preferably as a subdirectory of your phpBB directory. INSTALLATION: 1. Upload these two php files: process_upload.php upload_dir.php Drop the .txt extension when putting these in your main phpBB directory. 2. Edit config.php and include the following somewhere before the "?>": Code: -------------------------------------------------------------------------------- // upload hack $url_uploads = "./uploads"; // relative to $url_phpbb! $max_upload_size = "800000"; // in bytes $allow_uploads = 1; // allow uploads, easy on/off -------------------------------------------------------------------------------- 3. Edit reply.php: Find all instances of: (more than one!) Code: -------------------------------------------------------------------------------- <FORM ACTION="<?php echo $PHP_SELF?>" METHOD="POST"> -------------------------------------------------------------------------------- Replace with: Code: -------------------------------------------------------------------------------- <FORM ACTION="<?php echo $PHP_SELF?>" METHOD="POST" ENCTYPE="multipart/form-data"> -------------------------------------------------------------------------------- Find: Code: -------------------------------------------------------------------------------- // If it's been edited more than once, there might be old "edited by" strings with // escaped HTML code in them. We want to fix this up right here: $message = preg_replace("#<font size=-1>[ $edit_by(.*?) ]</font>#si", '<font size=-1>[ ' . $edit_by . ' ]</font>', $message); } } -------------------------------------------------------------------------------- Below add: Code: -------------------------------------------------------------------------------- // upload hack if($allow_uploads == 1) include('process_upload.'.$phpEx); -------------------------------------------------------------------------------- Find: Code: -------------------------------------------------------------------------------- <TD BGCOLOR="<?php echo $color1?>" width=25%><font size="<?php echo $FontSize2?>" face="<?php echo $FontFace?>"><b><?php echo $l_options?>:</b></TD> <TD BGCOLOR="<?php echo $color2?>" ><font size="<?php echo $FontSize2?>" face="<?php echo $FontFace?>"> -------------------------------------------------------------------------------- Below add: Code: -------------------------------------------------------------------------------- <?php // upload hack if($user_logged_in && $allow_uploads == 1) { ?> <INPUT TYPE="HIDDEN" NAME="MAX_FILE_SIZE" VALUE="$max_upload_size"> Upload File: <INPUT TYPE="FILE" NAME="file1" SIZE="30"> <?php echo "<BR><SMALL>Upload limit (bytes): $max_upload_size</SMALL><BR><BR>"; } // end file upload ?> -------------------------------------------------------------------------------- 4. Edit newtopic.php: Find: Code: -------------------------------------------------------------------------------- <FORM ACTION="<?php echo $PHP_SELF?>" METHOD="POST"> -------------------------------------------------------------------------------- Replace with: Code: -------------------------------------------------------------------------------- <FORM ACTION="<?php echo $PHP_SELF?>" METHOD="POST" ENCTYPE="multipart/form-data"> -------------------------------------------------------------------------------- Find: Code: -------------------------------------------------------------------------------- if($allow_html == 0 || isset($html)) { $message = htmlspecialchars($message); $is_html_disabled = true; } -------------------------------------------------------------------------------- Below add: Code: -------------------------------------------------------------------------------- // upload hack if($allow_uploads == 1) include('process_upload.'.$phpEx); -------------------------------------------------------------------------------- Find: Code: -------------------------------------------------------------------------------- <TD BGCOLOR="<?php echo $color1?>" width=25%><font size="<?php echo $FontSize2?>" face="<?php echo $FontFace?>"><b><?php echo $l_options?>:</b></TD> <TD BGCOLOR="<?php echo $color2?>" ><font size="<?php echo $FontSize2?>" face="<?php echo $FontFace?>"> -------------------------------------------------------------------------------- Below add: Code: -------------------------------------------------------------------------------- <?php // upload hack if($user_logged_in && $allow_uploads == 1) { ?> <INPUT TYPE="HIDDEN" NAME="MAX_FILE_SIZE" VALUE="$max_upload_size"> Upload File: <INPUT TYPE="FILE" NAME="file1" SIZE="30"> <?php echo "<BR><SMALL>Upload limit (bytes): $max_upload_size</SMALL><BR><BR>"; } //allow file upload ?> -------------------------------------------------------------------------------- 5. Edit viewtopic.php to allow moderators to easily delete uploaded files: Find: Code: -------------------------------------------------------------------------------- echo "<a href="$url_phpbb/topicadmin.$phpEx?mode=move&topic=$topic&forum=$forum"><IMG SRC="$movetopic_image" ALT="$l_movetopic" BORDER=0></a> "; echo "<a href="$url_phpbb/topicadmin.$phpEx?mode=del&topic=$topic&forum=$forum"><IMG SRC="$deltopic_image" ALT="$l_deletetopic" BORDER=0></a></CENTER>n"; -------------------------------------------------------------------------------- Below add: Code: -------------------------------------------------------------------------------- echo "<CENTER><FONT FACE=\"$FontFace\" SIZE=\"$FontSize1\" COLOR=\"$textcolor\">"; echo "<a href=\"$url_phpbb/upload_dir.$phpEx\">[Edit uploads]</a>"; echo "</FONT></CENTER>"; -------------------------------------------------------------------------------- I think that's about it. The trick to getting it to work is to make sure your directory is set correctly and writeable to world (chmod 1777 should work), and to make sure you add the ENCTYPE="multipart/form-data" to all the FORM tags. |
:: Command execute :: | |
--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0156 ]-- |