News:

Wondering if this will always be free?  See why free is better.

Main Menu

Hacking Attempt when Installing Mod

Started by heavyccasey, August 06, 2007, 01:25:06 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

heavyccasey

August 06, 2007, 01:25:06 AM
I'm testing a mod I created (first try  :D) and when including code, the package parser returns a "Hacking Attempt" message.

I checked the Error Log, it seems this query is the problem:

Code Select
ALTER TABLE {$db_prefix}boards ADD hideBoard TINYINT NOT NULL DEFAULT '0';

Any help? Thanks :]

Sarge

#1
August 06, 2007, 06:08:33 AM
What is the full error message in the error log?

    Please do not PM me with support requests unless I invite you to.

http://www.zeriyt.com/   ~   http://www.galeriashqiptare.net/

Quote
<H> I had zero posts when I started posting

heavyccasey

#2
August 07, 2007, 12:52:32 AM
"Hacking attempt...

ALTER TABLE (my database prefix)_boards ADD hideBoard TINYINT NOT NULL DEFAULT '0';
File: /home/themfu5/public_html/test/Packages/temp/addSetting.php
Line: 10"

Kirby

#3
August 07, 2007, 01:41:22 AM
Can I see the addSetting.php?

heavyccasey

#4
August 07, 2007, 01:56:52 AM
It's just:

Code Select
<?php

   $result = db_query("
ALTER TABLE {$db_prefix}boards ADD hideBoard TINYINT NOT NULL DEFAULT '0';", __FILE__, __LINE__);
?>

Am I not supposed to do that? o_O

Kirby

#5
August 07, 2007, 02:05:36 AM
Nope, you need to add this before the query so that SMF doesn't think some random hacker is doing it:
Code Select

// If SSI.php is in the same place as this file, and SMF isn't defined, this is being run standalone.
if (file_exists(dirname(__FILE__) . '/SSI.php') && !defined('SMF'))
require_once(dirname(__FILE__) . '/SSI.php');
// Hmm... no SSI.php and no SMF?
elseif (!defined('SMF'))
die('<b>Error:</b> Cannot install - please verify you put this in the same place as SMF\'s index.php.');

Check out the reference add_settings.php in the package SDK ;)

heavyccasey

#6
August 07, 2007, 02:28:30 AM
Thanks. Now it looks like this:
Code Select
<?php
// If SSI.php is in the same place as this file, and SMF isn't defined, this is being run standalone.
if (file_exists(dirname(__FILE__) . '/SSI.php') && !defined('SMF'))
 require_once(dirname(__FILE__) . '/SSI.php');
// Hmm... no SSI.php and no SMF?
elseif (!defined('SMF'))
 die('<b>Error:</b> Cannot install - please verify you put this in the same place as SMF\'s index.php.');
   $result = db_query("
ALTER TABLE {$db_prefix}boards ADD hideBoard TINYINT NOT NULL DEFAULT '0';", __FILE__, __LINE__);
?>

but it still doesn't work.

Kirby

#7
August 07, 2007, 02:43:40 AM
ok, just get rid of what i told you to add and throw this in:
Code Select

define('SMF');

heavyccasey

#8
August 07, 2007, 03:07:34 AM
Sorry, but it still doesn't work.

I tried to shorten the query to:

      ALTER TABLE {$db_prefix}boards ADD hideBoard;

but it still doesn't work. I took the code out completely and it worked.

Sarge

#9
August 07, 2007, 05:53:07 AM
You're using TINYINT (an integer type), not a varchar, so instead of this:
Code Select
TINYINT NOT NULL DEFAULT '0';
try using this:
Code Select
TINYINT NOT NULL DEFAULT 0;

    Please do not PM me with support requests unless I invite you to.

http://www.zeriyt.com/   ~   http://www.galeriashqiptare.net/

Quote
<H> I had zero posts when I started posting

heavyccasey

#10
August 07, 2007, 11:18:24 PM
I figured out the problem: I removed the semicolon at the end.

Apparently this (Subs.php, line 303) was causing the problem:
Code Select
// Comments?  We don't use comments in our queries, we leave 'em outside!
elseif (strpos($clean, '/*') > 2 || strpos($clean, '--') !== false || strpos($clean, ';') !== false)
$fail = true;
Print
Go Up Pages1
User actions
Advertisement: