News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Hacking Attempt when Installing Mod

Started by heavyccasey, August 06, 2007, 01:25:06 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

heavyccasey

August 06, 2007, 01:25:06 AM
I'm testing a mod I created (first try  :D) and when including code, the package parser returns a "Hacking Attempt" message.

I checked the Error Log, it seems this query is the problem:

Code Select
ALTER TABLE {$db_prefix}boards ADD hideBoard TINYINT NOT NULL DEFAULT '0';

Any help? Thanks :]

Sarge

#1
August 06, 2007, 06:08:33 AM
What is the full error message in the error log?

    Please do not PM me with support requests unless I invite you to.

http://www.zeriyt.com/   ~   http://www.galeriashqiptare.net/

Quote
<H> I had zero posts when I started posting

heavyccasey

#2
August 07, 2007, 12:52:32 AM
"Hacking attempt...

ALTER TABLE (my database prefix)_boards ADD hideBoard TINYINT NOT NULL DEFAULT '0';
File: /home/themfu5/public_html/test/Packages/temp/addSetting.php
Line: 10"

Kirby

#3
August 07, 2007, 01:41:22 AM
Can I see the addSetting.php?

heavyccasey

#4
August 07, 2007, 01:56:52 AM
It's just:

Code Select
<?php

   $result = db_query("
ALTER TABLE {$db_prefix}boards ADD hideBoard TINYINT NOT NULL DEFAULT '0';", __FILE__, __LINE__);
?>

Am I not supposed to do that? o_O

Kirby

#5
August 07, 2007, 02:05:36 AM
Nope, you need to add this before the query so that SMF doesn't think some random hacker is doing it:
Code Select

// If SSI.php is in the same place as this file, and SMF isn't defined, this is being run standalone.
if (file_exists(dirname(__FILE__) . '/SSI.php') && !defined('SMF'))
require_once(dirname(__FILE__) . '/SSI.php');
// Hmm... no SSI.php and no SMF?
elseif (!defined('SMF'))
die('<b>Error:</b> Cannot install - please verify you put this in the same place as SMF\'s index.php.');

Check out the reference add_settings.php in the package SDK ;)

heavyccasey

#6
August 07, 2007, 02:28:30 AM
Thanks. Now it looks like this:
Code Select
<?php
// If SSI.php is in the same place as this file, and SMF isn't defined, this is being run standalone.
if (file_exists(dirname(__FILE__) . '/SSI.php') && !defined('SMF'))
 require_once(dirname(__FILE__) . '/SSI.php');
// Hmm... no SSI.php and no SMF?
elseif (!defined('SMF'))
 die('<b>Error:</b> Cannot install - please verify you put this in the same place as SMF\'s index.php.');
   $result = db_query("
ALTER TABLE {$db_prefix}boards ADD hideBoard TINYINT NOT NULL DEFAULT '0';", __FILE__, __LINE__);
?>

but it still doesn't work.

Kirby

#7
August 07, 2007, 02:43:40 AM
ok, just get rid of what i told you to add and throw this in:
Code Select

define('SMF');

heavyccasey

#8
August 07, 2007, 03:07:34 AM
Sorry, but it still doesn't work.

I tried to shorten the query to:

      ALTER TABLE {$db_prefix}boards ADD hideBoard;

but it still doesn't work. I took the code out completely and it worked.

Sarge

#9
August 07, 2007, 05:53:07 AM
You're using TINYINT (an integer type), not a varchar, so instead of this:
Code Select
TINYINT NOT NULL DEFAULT '0';
try using this:
Code Select
TINYINT NOT NULL DEFAULT 0;

    Please do not PM me with support requests unless I invite you to.

http://www.zeriyt.com/   ~   http://www.galeriashqiptare.net/

Quote
<H> I had zero posts when I started posting

heavyccasey

#10
August 07, 2007, 11:18:24 PM
I figured out the problem: I removed the semicolon at the end.

Apparently this (Subs.php, line 303) was causing the problem:
Code Select
// Comments?  We don't use comments in our queries, we leave 'em outside!
elseif (strpos($clean, '/*') > 2 || strpos($clean, '--') !== false || strpos($clean, ';') !== false)
$fail = true;
Print
Go Up Pages1
User actions
Advertisement: