Text only | Text with Images

Simple Machines Community Forum

SMF Support => SMF 1.1.x Support => Topic started by: heavyccasey on August 06, 2007, 01:25:06 AM

Title: Hacking Attempt when Installing Mod
Post by: heavyccasey on August 06, 2007, 01:25:06 AM
I'm testing a mod I created (first try  :D) and when including code, the package parser returns a "Hacking Attempt" message.

I checked the Error Log, it seems this query is the problem:

Code Select
ALTER TABLE {$db_prefix}boards ADD hideBoard TINYINT NOT NULL DEFAULT '0';

Any help? Thanks :]
Title: Re: Hacking Attempt when Installing Mod
Post by: Sarge on August 06, 2007, 06:08:33 AM
What is the full error message in the error log?
Title: Re: Hacking Attempt when Installing Mod
Post by: heavyccasey on August 07, 2007, 12:52:32 AM
"Hacking attempt...

ALTER TABLE (my database prefix)_boards ADD hideBoard TINYINT NOT NULL DEFAULT '0';
File: /home/themfu5/public_html/test/Packages/temp/addSetting.php
Line: 10"
Title: Re: Hacking Attempt when Installing Mod
Post by: Kirby on August 07, 2007, 01:41:22 AM
Can I see the addSetting.php?
Title: Re: Hacking Attempt when Installing Mod
Post by: heavyccasey on August 07, 2007, 01:56:52 AM
It's just:

Code Select
<?php

   $result = db_query("
ALTER TABLE {$db_prefix}boards ADD hideBoard TINYINT NOT NULL DEFAULT '0';", __FILE__, __LINE__);
?>

Am I not supposed to do that? o_O
Title: Re: Hacking Attempt when Installing Mod
Post by: Kirby on August 07, 2007, 02:05:36 AM
Nope, you need to add this before the query so that SMF doesn't think some random hacker is doing it:
Code Select

// If SSI.php is in the same place as this file, and SMF isn't defined, this is being run standalone.
if (file_exists(dirname(__FILE__) . '/SSI.php') && !defined('SMF'))
require_once(dirname(__FILE__) . '/SSI.php');
// Hmm... no SSI.php and no SMF?
elseif (!defined('SMF'))
die('<b>Error:</b> Cannot install - please verify you put this in the same place as SMF\'s index.php.');

Check out the reference add_settings.php in the package SDK ;)
Title: Re: Hacking Attempt when Installing Mod
Post by: heavyccasey on August 07, 2007, 02:28:30 AM
Thanks. Now it looks like this:
Code Select
<?php
// If SSI.php is in the same place as this file, and SMF isn't defined, this is being run standalone.
if (file_exists(dirname(__FILE__) . '/SSI.php') && !defined('SMF'))
 require_once(dirname(__FILE__) . '/SSI.php');
// Hmm... no SSI.php and no SMF?
elseif (!defined('SMF'))
 die('<b>Error:</b> Cannot install - please verify you put this in the same place as SMF\'s index.php.');
   $result = db_query("
ALTER TABLE {$db_prefix}boards ADD hideBoard TINYINT NOT NULL DEFAULT '0';", __FILE__, __LINE__);
?>

but it still doesn't work.
Title: Re: Hacking Attempt when Installing Mod
Post by: Kirby on August 07, 2007, 02:43:40 AM
ok, just get rid of what i told you to add and throw this in:
Code Select

define('SMF');
Title: Re: Hacking Attempt when Installing Mod
Post by: heavyccasey on August 07, 2007, 03:07:34 AM
Sorry, but it still doesn't work.

I tried to shorten the query to:

      ALTER TABLE {$db_prefix}boards ADD hideBoard;

but it still doesn't work. I took the code out completely and it worked.
Title: Re: Hacking Attempt when Installing Mod
Post by: Sarge on August 07, 2007, 05:53:07 AM
You're using TINYINT (an integer type), not a varchar, so instead of this:
Code Select
TINYINT NOT NULL DEFAULT '0';
try using this:
Code Select
TINYINT NOT NULL DEFAULT 0;
Title: Re: Hacking Attempt when Installing Mod
Post by: heavyccasey on August 07, 2007, 11:18:24 PM
I figured out the problem: I removed the semicolon at the end.

Apparently this (Subs.php, line 303) was causing the problem:
Code Select
// Comments?  We don't use comments in our queries, we leave 'em outside!
elseif (strpos($clean, '/*') > 2 || strpos($clean, '--') !== false || strpos($clean, ';') !== false)
$fail = true;
Text only | Text with Images