Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Help Groups for Snitz Forums 2000 Users
 Help: General / Classic ASP versions(v3.4.XX)
 Admin errased post.. Help!!!!		  New Topic  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

Massimo
Junior Member

Italy
125 Posts
Posted - 06 May 2002 :  04:47:19  Show Profile  Visit Massimo's Homepage
Aid mine has cancelled me all post has cancelled all the post of the administrator....!

Massimo Farieri
===============
http://www.superdeejay.net/

HuwR
Forum Admin

United Kingdom
20595 Posts
Posted - 06 May 2002 :  05:26:04  Show Profile  Visit HuwR's Homepage
Could you try that again, with a little more of an explanation
Go to Top of Page

Massimo
Junior Member

Italy
125 Posts
Posted - 06 May 2002 :  05:32:18  Show Profile  Visit Massimo's Homepage
the so' they have not gone in my forum: http://www.superdeejay.net/forum it is I do not find all mine post. the post of the administrator! help!

Massimo Farieri
===============
http://www.superdeejay.net/
Go to Top of Page

Massimo
Junior Member

Italy
125 Posts
Posted - 06 May 2002 :  06:12:57  Show Profile  Visit Massimo's Homepage
there are explanations in order to resolve the bug of SNITZ HAKERATO!!!! 3.3 but for the version 3,1 sr4 which are the modifications help me!
:(


Massimo Farieri
===============
http://www.superdeejay.net/
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 06 May 2002 :  07:16:40  Show Profile  Send ruirib a Yahoo! Message
I hope that you had a backup of your database. To have your forum running while someone from the Dev team gives you a solution to the hack problem, you can disable access to everyone but the administrator to members.asp


In line 43 of members.asp, after the <% add:

If mlev < 4 then
   Response.Redirect "default.asp"
End if


Don't forget to change your admin and mods passwords.


-------------------------------------------------
Installation Guide | Do's and Dont's | MODs

Edited by - ruirib on 06 May 2002 07:17:20
Go to Top of Page

Massimo
Junior Member

Italy
125 Posts
Posted - 06 May 2002 :  07:31:02  Show Profile  Visit Massimo's Homepage
but I must make only that modification and all the other rows explain you for version 3.3? and for the 3,1 sr4? which are the rows to repair... here the code of mine memebers.asp:


quote:
<%
'#################################################################################
'## Copyright (C) 2000 Michael Anderson and Pierre Gorissen
'##
'## This program is free software; you can redistribute it and/or
'## modify it under the terms of the GNU General Public License
'## as published by the Free Software Foundation; either version 2
'## of the License, or any later version.
'##
'## All copyright notices regarding Snitz Forums 2000
'## must remain intact in the scripts and in the outputted HTML
'## The "powered by" text/logo with a link back to
'## http://forum.snitz.com in the footer of the pages MUST
'## remain visible when the pages are viewed on the internet or intranet.
'##
'## This program is distributed in the hope that it will be useful,
'## but WITHOUT ANY WARRANTY; without even the implied warranty of
'## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
'## GNU General Public License for more details.
'##
'## You should have received a copy of the GNU General Public License
'## along with this program; if not, write to the Free Software
'## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
'##
'## Support can be obtained from support forums at:
'## http://forum.snitz.com
'##
'## Correspondence and Marketing Questions can be sent to:
'## reinhold@bigfoot.com
'##
'## or
'##
'## Snitz Communications
'## C/O: Michael Anderson
'## PO Box 200
'## Harpswell, ME 04079
'#################################################################################
%>
<!--#INCLUDE FILE="config.asp" -->
<!--#INCLUDE FILE="inc_functions.asp" -->
<!--#INCLUDE FILE="inc_top.asp" -->
<script language="JavaScript">
function ChangePage(){
document.PageNum.submit();
}
</script>
<%

%>
<script>
function open_window(url)
{
mywin = window.open(url,"window",'toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=1,resizable=1,width=540,height=320');
}
</script>
<%

Dim srchUName
Dim srchFName
Dim srchLName
Dim srchState
Dim srchInitial


Function sGetColspan(lIN, lOUT)
if (strShowModerators = "1") Then lOut = lOut + 1
If (mlev = "4" or mlev = "3") then lOut = lOut + 1
If lOut > lIn then
sGetColspan = lIN
Else
sGetColspan = lOUT
End If
End Function

if Request.QueryString("method") <> "" then
SortMethod = Request.QueryString("method")
end if
SearchName = Request("M_NAME")
if SearchName = "" then
SearchName = Request.Form("M_NAME")
end if


srchUName = Request("UserName")
srchFName = Request("FirstName")
srchLName = Request("LastName")
srchInitial = Request("INITIAL")
if srchState <> "1" then
srchState = Request("State")
end if


mypage = request("whichpage")
if mypage = "" then
mypage = 1
end if


mySQL = request("strSql")
if mySQL = "" then
mySQL = SQLtemp
end if
'New Search Code
If Request("mode") = "search" and (srchUNAME = "1" or srchFNAme = "1" or srchLName = "1" or srchState = "1" or srchInitial = "1" ) then

strSql = "SELECT " & strMemberTablePrefix & "MEMBERS.MEMBER_id, " & strMemberTablePrefix & "MEMBERS.M_STATUS, " & strMemberTablePrefix & "MEMBERS.M_NAME, "
strSql = strSql & strMemberTablePrefix & "MEMBERS.M_LEVEL, " & strMemberTablePrefix & "MEMBERS.M_EMAIL, " & strMemberTablePrefix & "MEMBERS.M_COUNTRY, "
strSql = strSql & strMemberTablePrefix & "MEMBERS.M_HOMEPAGE, " & strMemberTablePrefix & "MEMBERS.M_ICQ, " & strMemberTablePrefix & "MEMBERS.M_YAHOO, "
strSql = strSql & strMemberTablePrefix & "MEMBERS.M_AIM, " & strMemberTablePrefix & "MEMBERS.M_TITLE, " & strMemberTablePrefix & "MEMBERS.M_POSTS, "
strSql = strSql & strMemberTablePrefix & "MEMBERS.M_LASTPOSTDATE, " & strMemberTablePrefix & "MEMBERS.M_LASTHEREDATE, " & strMemberTablePrefix & "MEMBERS.M_DATE, "
strSql = strSql & strMemberTablePrefix & "MEMBERS.M_COUNTRY "
strSql = strSql & " FROM " & strMemberTablePrefix & "MEMBERS "
if Request.querystring("link") <> "sort" then
whereSql = " WHERE ("
tmpSql = ""
if srchState <> "1" then
if srchUName = "1" then
tmpSql = tmpSql & strMemberTablePrefix & "MEMBERS.M_NAME LIKE '%" & SearchName & "%' OR "
tmpSql = tmpSql & strMemberTablePrefix & "MEMBERS.M_USERNAME LIKE '%" & SearchName & "%'"
end if
if srchFName = "1" then
if srchUName = "1" then
tmpSql = tmpSql & " OR "
end if
tmpSql = tmpSql & strMemberTablePrefix & "MEMBERS.M_FIRSTNAME LIKE '%" & SearchName & "%'"
end if
if srchLName = "1" then
if srchFName = "1" or srchUName = "1" then
tmpSql = tmpSql & " OR "
end if
tmpSql = tmpSql & strMemberTablePrefix & "MEMBERS.M_LASTNAME LIKE '%" & SearchName & "%' "
end if
if srchInitial = "1" then
tmpSQL = strMemberTablePrefix & "MEMBERS.M_NAME LIKE '" & SearchName & "%'"
end if
else
tmpSql = tmpSql & strMemberTablePrefix & "MEMBERS.M_COUNTRY LIKE '%" & SearchName & "%'"
end if
whereSql = whereSql & tmpSql &")"
Session(strCookieURL & "where_Sql") = whereSql
end if

if Session(strCookieURL & "where_Sql") <> "" then
whereSql = Session(strCookieURL & "where_Sql")
else
whereSql = ""
end if
strSQL = strSql & whereSql
else
'## Forum_SQL - Get all active topics from last visit
strSql = "SELECT " & strMemberTablePrefix & "MEMBERS.MEMBER_id, " & strMemberTablePrefix & "MEMBERS.M_STATUS, " & strMemberTablePrefix & "MEMBERS.M_NAME, "
strSql = strSql & strMemberTablePrefix & "MEMBERS.M_LEVEL, " & strMemberTablePrefix & "MEMBERS.M_EMAIL, " & strMemberTablePrefix & "MEMBERS.M_COUNTRY, "
strSql = strSql & strMemberTablePrefix & "MEMBERS.M_HOMEPAGE, " & strMemberTablePrefix & "MEMBERS.M_ICQ, " & strMemberTablePrefix & "MEMBERS.M_YAHOO, "
strSql = strSql & strMemberTablePrefix & "MEMBERS.M_AIM, " & strMemberTablePrefix & "MEMBERS.M_TITLE, " & strMemberTablePrefix & "MEMBERS.M_POSTS, "
strSql = strSql & strMemberTablePrefix & "MEMBERS.M_LASTPOSTDATE, " & strMemberTablePrefix & "MEMBERS.M_LASTHEREDATE, " & strMemberTablePrefix & "MEMBERS.M_DATE "
strSql = strSql & " FROM " & strMemberTablePrefix & "MEMBERS "
if mlev = 4 then
strSql = strSql & " WHERE " & strMemberTablePrefix & "MEMBERS.M_NAME <> 'n/a' "
else
strSql = strSql & " WHERE " & strMemberTablePrefix & "MEMBERS.M_STATUS = " & 1
end if
end if
select case SortMethod
case "nameasc"
strSql = strSql & " ORDER BY " & strMemberTablePrefix & "MEMBERS.M_NAME ASC"
case "namedesc"
strSql = strSql & " ORDER BY " & strMemberTablePrefix & "MEMBERS.M_NAME DESC"
case "levelasc"
strSql = strSql & " ORDER BY " & strMemberTablePrefix & "MEMBERS.M_TITLE ASC, " & strMemberTablePrefix & "MEMBERS.M_NAME ASC"
case "leveldesc"
strSql = strSql & " ORDER BY " & strMemberTablePrefix & "MEMBERS.M_TITLE DESC, " & strMemberTablePrefix & "MEMBERS.M_NAME ASC"
case "lastpostdateasc"
strSql = strSql & " ORDER BY " & strMemberTablePrefix & "MEMBERS.M_LASTPOSTDATE ASC, " & strMemberTablePrefix & "MEMBERS.M_NAME ASC"
case "lastpostdatedesc"
strSql = strSql & " ORDER BY " & strMemberTablePrefix & "MEMBERS.M_LASTPOSTDATE DESC, " & strMemberTablePrefix & "MEMBERS.M_NAME ASC"
case "lastheredateasc"
strSql = strSql & " ORDER BY " & strMemberTablePrefix & "MEMBERS.M_LASTHEREDATE ASC, " & strMemberTablePrefix & "MEMBERS.M_NAME ASC"
case "lastheredatedesc"
strSql = strSql & " ORDER BY " & strMemberTablePrefix & "MEMBERS.M_LASTHEREDATE DESC, " & strMemberTablePrefix & "MEMBERS.M_NAME ASC"
case "dateasc"
strSql = strSql & " ORDER BY " & strMemberTablePrefix & "MEMBERS.M_DATE ASC, " & strMemberTablePrefix & "MEMBERS.M_NAME ASC"
case "datedesc"
strSql = strSql & " ORDER BY " & strMemberTablePrefix & "MEMBERS.M_DATE DESC, " & strMemberTablePrefix & "MEMBERS.M_NAME ASC"
case "countryasc"
strSql = strSql & " ORDER BY " & strMemberTablePrefix & "MEMBERS.M_COUNTRY ASC, " & strMemberTablePrefix & "MEMBERS.M_NAME ASC"
case "countrydesc"
strSql = strSql & " ORDER BY " & strMemberTablePrefix & "MEMBERS.M_COUNTRY DESC, " & strMemberTablePrefix & "MEMBERS.M_NAME ASC"
case "postsasc"
strSql = strSql & " ORDER BY " & strMemberTablePrefix & "MEMBERS.M_POSTS ASC, " & strMemberTablePrefix & "MEMBERS.M_NAME ASC"
case else
strSql = strSql & " ORDER BY " & strMemberTablePrefix & "MEMBERS.M_POSTS DESC, " & strMemberTablePrefix & "MEMBERS.M_NAME ASC"
end select
if strDBType = "mysql" then 'MySql specific code
if mypage > 1 then
OffSet = CInt((mypage - 1) * strPageSize)
strSql = strSql & " LIMIT " & OffSet & ", " & strPageSize & " "
end if

'## Forum_SQL - Get the total pagecount
strSql2 = "SELECT COUNT(" & strMemberTablePrefix & "MEMBERS.MEMBER_id) AS PAGECOUNT "
strSql2 = strSql2 & " FROM " & strMemberTablePrefix & "MEMBERS "
if mlev = 4 then
strSql2 = strSql2 & " WHERE " & strMemberTablePrefix & "MEMBERS.M_NAME <> 'n/a' "
else
strSql2 = strSql2 & " WHERE " & strMemberTablePrefix & "MEMBERS.M_STATUS = " & 1
end if


set rsCount = my_Conn.Execute(strSql2)
if not rsCount.eof then
maxpages = (rsCount("PAGECOUNT") \ strPageSize )
if rsCount("PAGECOUNT") mod strPageSize <> 0 then
maxpages = maxpages + 1
end if
maxRecs = cint(strPageSize) * maxPages
else
maxpages = 0
end if

rsCount.close

set rs = Server.CreateObject("ADODB.Recordset")

rs.open strSql, my_Conn, 3

if not (rs.EOF or rs.BOF) then
rs.movefirst
end if

else 'end MySql specific code

Set rs = Server.CreateObject("ADODB.RecordSet")
rs.cachesize=20

rs.open strSql, my_conn, 3

if not (rs.EOF or rs.BOF) then '## No members found in DB
rs.movefirst
rs.pagesize = strPageSize
rs.cacheSize = strPageSize
maxPages = cint(rs.pageCount)
maxRecs = cint(rs.pageSize)
rs.absolutePage = myPage
maxpages = cint(rs.pagecount)
end if
end if
%>
<table width="95%" border="0">
<tr>
<td>
<font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>"><img src="images/icon_folder_open.gif" border="0"> <a href="default.asp">Tutti i Forums</a><br>
<img src="images/icon_bar.gif" border="0"><img src="images/icon_folder_open_topic.gif" border="0"> Informazioni sugli utenti</font>
</td>
<td align="right">
<% if maxpages > 1 then %>
<table border=0 align="right">
<tr>
<td valign="top"><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>"><b>Vai alla pagina:</b>   </font></td>
<td valign="top"><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>"><% Call Paging2() %></font></td>
</tr>
</table>
<% else %>
 
<% end if %>
</td>
</tr>
</table>

<table border="0" width="95%" cellspacing="1" cellpadding="3" align="center" bgcolor="<% =strTableBorderColor %>">
<tr bgcolor="<% =strTableBorderColor %>">
<form action="members.asp?method=<%=SortMethod %>" method="post" name="SearchMembers">
<td bgcolor="<% =strPopUpTableColor %>"><font colour="<% =strDefaultFontColor %>" face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>"><b>CERCA UTENTE:</b> 
<br><input type="checkbox" name="UserName" value="1" <% if srchUName <> "" then response.write "checked" %> >Nome Utente
  <input type="checkbox" name="FirstName" value="1" <% if srchFName <> "" then response.write "checked" %> >Nome
  <input type="checkbox" name="LastName" value="1" <% if srchLName <> "" then response.write "checked" %>>Cognome
<% if Trim(strState) = "1" then %>
  <input type="checkbox" name="State" value="1" <% if srchState <> "" then response.write "checked" %>>Stato
<% End If %>
</font></td>
<td bgcolor="<% =strPopUpTableColor %>"><font colour="<% =strDefaultFontColor %>" face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>"><b>Trova:</b> 
<br><input type="text" name="M_NAME" size="20" value="<%= SearchName %>"></font></td>
<input type="hidden" name="mode" value="search">
<input type="hidden" name="initial" value="0">
<td bgcolor="<% =strPopUpTableColor %>">
<INPUT src=images/button_go.gif alt="Cerca" type="image" value="search" id=submit1 name=submit1 border=0>
</td>
</tr>
</form>
<tr bgcolor="<% =strPopUpTableColor %>">
<td colspan="3" align="center" valign="top"><font colour="<% =strDefaultFontColor %>" face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>">
<a href="members.asp?mode=search&M_NAME=&initial=1&method=<%=SortMethod %> ">Tutti</a>
<a href="members.asp?mode=search&M_NAME=A&initial=1&method=<%=SortMethod %> ">A</a>
<a href="members.asp?mode=search&M_NAME=B&initial=1&method=<%=SortMethod %> "">B</a>
<a href="members.asp?mode=search&M_NAME=C&initial=1&method=<%=SortMethod %> "">C</a>
<a href="members.asp?mode=search&M_NAME=D&initial=1&method=<%=SortMethod %> "">D</a>
<a href="members.asp?mode=search&M_NAME=E&initial=1&method=<%=SortMethod %> "">E</a>
<a href="members.asp?mode=search&M_NAME=F&initial=1&method=<%=SortMethod %> "">F</a>
<a href="members.asp?mode=search&M_NAME=G&initial=1&method=<%=SortMethod %> "">G</a>
<a href="members.asp?mode=search&M_NAME=H&initial=1&method=<%=SortMethod %> "">H</a>
<a href="members.asp?mode=search&M_NAME=I&initial=1&method=<%=SortMethod %> "">I</a>
<a href="members.asp?mode=search&M_NAME=J&initial=1&method=<%=SortMethod %> "">J</a>
<a href="members.asp?mode=search&M_NAME=K&initial=1&method=<%=SortMethod %> "">K</a>
<a href="members.asp?mode=search&M_NAME=L&initial=1&method=<%=SortMethod %> "">L</a>
<a href="members.asp?mode=search&M_NAME=M&initial=1&method=<%=SortMethod %> "">M</a>
<a href="members.asp?mode=search&M_NAME=N&initial=1&method=<%=SortMethod %> "">N</a>
<a href="members.asp?mode=search&M_NAME=O&initial=1&method=<%=SortMethod %> "">O</a>
<a href="members.asp?mode=search&M_NAME=P&initial=1&method=<%=SortMethod %> "">P</a>
<a href="members.asp?mode=search&M_NAME=Q&initial=1&method=<%=SortMethod %> "">Q</a>
<a href="members.asp?mode=search&M_NAME=R&initial=1&method=<%=SortMethod %> "">R</a>
<a href="members.asp?mode=search&M_NAME=S&initial=1&method=<%=SortMethod %> "">S</a>
<a href="members.asp?mode=search&M_NAME=T&initial=1&method=<%=SortMethod %> "">T</a>
<a href="members.asp?mode=search&M_NAME=U&initial=1&method=<%=SortMethod %> "">U</a>
<a href="members.asp?mode=search&M_NAME=V&initial=1&method=<%=SortMethod %> "">V</a>
<a href="members.asp?mode=search&M_NAME=W&initial=1&method=<%=SortMethod %> "">W</a>
<a href="members.asp?mode=search&M_NAME=X&initial=1&method=<%=SortMethod %> "">X</a>
<a href="members.asp?mode=search&M_NAME=Y&initial=1&method=<%=SortMethod %> "">Y</a>
<a href="members.asp?mode=search&M_NAME=Z&initial=1&method=<%=SortMethod %> "">Z</a><br>
</font></td>
</tr>
</table>
<br>
<table border="0" width="95%" cellspacing="0" cellpadding="0" align="center">
<tr>
<td bgcolor="<% =strTableBorderColor %>">
<table border="0" width="100%" cellspacing="1" cellpadding="3">
<tr>
<td align="center" bgcolor="<% =strHeadCellColor %>">  </td>
<td align="center" bgcolor="<% =strHeadCellColor %>"><a href="members.asp?link=sort&mode=search&M_NAME=<%=SearchName %>&method=<% if Request.QueryString("method") = "nameasc" then Response.Write("namedesc") else Response.Write("nameasc") end if %>"><b><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>" color="<% =strHeadFontColor %>">Nome Utente</font></b></a></td>
<td align="center" bgcolor="<% =strHeadCellColor %>"><a href="members.asp?link=sort&mode=search&M_NAME=<%=SearchName %>&method=<% if Request.QueryString("method") = "levelasc" then Response.Write("leveldesc") else Response.Write("levelasc") end if %>"><b><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>" color="<% =strHeadFontColor %>">Titolo</font></b></a></td>
<td align="center" bgcolor="<% =strHeadCellColor %>"><a href="members.asp?link=sort&mode=search&M_NAME=<%=SearchName %>&method=<% if Request.QueryString("method") = "postsdesc" then Response.Write("postsasc") else Response.Write("postsdesc") end if %>"><b><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>" color="<% =strHeadFontColor %>">Messaggi</font></b></a></td>
<td align="center" bgcolor="<% =strHeadCellColor %>"><a href="members.asp?link=sort&mode=search&M_NAME=<%=SearchName %>&method=<% if Request.QueryString("method") = "lastpostdatedesc" then Response.Write("lastpostdatedasc") else Response.Write("lastpostdatedesc") end if %>"><b><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>" color="<% =strHeadFontColor %>">Ultimo Messaggio</font></b></a></td>
<td align="center" bgcolor="<% =strHeadCellColor %>"><a href="members.asp?link=sort&mode=search&M_NAME=<%=SearchName %>&method=<% if Request.QueryString("method") = "datedesc" then Response.Write("dateasc") else Response.Write("datedesc") end if %>"><b><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>" color="<% =strHeadFontColor %>">Utente dal</font></b></a></td>
<td align="center" bgcolor="<% =strHeadCellColor %>"><a href="members.asp?link=sort&mode=search&M_NAME=<%=SearchName %>&method=<% if Request.QueryString("method") = "countryasc" then Response.Write("countrydesc") else Response.Write("countryasc") end if %>"><b><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>" color="<% =strHeadFontColor %>">Stato</font></b></a></td>
<% if mlev = 4 or mlev = 3 then %>
<td align="center" bgcolor="<% =strHeadCellColor %>"><a href="members.asp?method=<% if Request.QueryString("method") = "lastheredatedesc" then Response.Write("lastheredatedasc") else Response.Write("lastheredatedesc") end if %>"><b><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>" color="<% =strHeadFontColor %>">Ultima visita</font></b></a></td>
<% end if %>
<% if mlev = 4 then %>
<td align="center" bgcolor="<% =strHeadCellColor %>"><b><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>" color="<% =strHeadFontColor %>"> </font></b></td>
<% end if %>
</tr>
<% if rs.EOF or rs.BOF then '## No Members Found in DB %>
<tr>
<td colspan="<%=sGetColspan(9, 7)%>" bgcolor="<% =strForumCellColor %>" ><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>"><b>Nessun Iscritto Trovato</b></font></td>
</tr>
<% else %>
<% currMember = 0 %>
<%
i = 0
howManyRecs = 0
rec = 1
do until rs.Eof or rec = (strPageSize + 1)
if i = 1 then
CColor = strAltForumCellColor
else
CColor = strForumCellColor
end if
%>
<tr>
<td bgcolor="<% =CColor %>" align=left>
<% if strUseExtendedProfile then %>
<a href="pop_profile.asp?mode=display&id=<% =rs("MEMBER_id") %>">
<% else %>
</a>
<a href="JavaScript:openWindow3('pop_profile.asp?mode=display&id=<% =rs("MEMBER_id") %>')">
<% end if %>
<% if rs("M_STATUS") = 0 then
%><img src="images/icon_profile_locked.gif" alt="Visualizza il profilo di <% =ChkString(rs("M_NAME"),"display") %>" height=15 width=15 border=0 hspace="0"><%
else
%><img src="images/icon_profile.gif" alt="Visualizza il profilo di <% =ChkString(rs("M_NAME"),"display") %>" height=15 width=15 border=0 hspace="0"><%
end if
%></a>
<% if strICQ = "1" and Trim(rs("M_ICQ")) <> "" then %>
<a href="JavaScript:openWindow('pop_messengers.asp?mode=ICQ&ICQ=<% =ChkString(rs("M_ICQ"), "JSurlpath") %>&M_NAME=<% =ChkString(rs("M_NAME"),"display") %>')"><img src="http://wwp.icq.com/scripts/online.dll?icq=<% =chkstring(rs("M_ICQ"), "urlpath") %>&img=5" height=15 width=15 alt="Invia a <% =ChkString(rs("M_NAME"),"display") %> un messaggio su ICQ" border="0" align="absmiddle" hspace="0"></a>
<% end if %>
<a href="buddy.asp?mode=add&ID=<% =rs("MEMBER_ID") %>"><img src="icon_add_buddy.gif" height="14" width="16" alt="Aggiungi questo utente lista dei tuoi amici" border="0" align="absmiddle" hspace="0"></a>
<% if strYAHOO = "1" and Trim(rs("M_YAHOO")) <> "" then %>
<a href="JavaScript:openWindow('http://edit.yahoo.com/config/send_webmesg?.target=<% =ChkString(rs("M_YAHOO"), "JSurlpath") %>&.src=pg')"><img src="images/icon_yahoo.gif" height=15 width=15 alt="Invia <% =ChkString(rs("M_NAME"),"display") %> un Messaggio su Yahoo!" border="0" align="absmiddle" hspace="0"></a>
<% end if %>
<% if strAIM = "1" and Trim(rs("M_AIM")) <> "" then %>
<a href="JavaScript:openWindow('pop_messengers.asp?mode=AIM&AIM=<% =ChkString(rs("M_AIM"), "JSurlpath") %>&M_NAME=<% =ChkString(rs("M_NAME"),"JSurlpath") %>')"><img src="images/icon_aim.gif" height=15 width=15 alt="Invia <% =ChkString(rs("M_NAME"),"display") %> un messaggio all'istante" border="0" align="absmiddle" hspace="0"></a>
<% end if %>
<a href="javascript:open_window('messenger_invia.asp?nome=<%=rs("M_NAME")%>')">
<img border="0" src="images/send.gif" alt="Manda un Messaggio Privato a <% =ChkString(rs("M_NAME"),"display") %>">

</a>

</td>
<td bgcolor="<% =CColor %>"><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>">
<% if strUseExtendedProfile then %>
<a href="pop_profile.asp?mode=display&id=<% =rs("MEMBER_id") %>">
<% else %>
</a>
<a href="JavaScript:openWindow3('pop_profile.asp?mode=display&id=<% =rs("MEMBER_id") %>')">
<% end if %>
<% =ChkString(rs("M_NAME"),"display") %></a></font></td>
<td bgcolor="<% =CColor %>"><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>"><% =ChkString(getMember_Level(rs("M_TITLE"), rs("M_LEVEL"), rs("M_POSTS")),"display") %></font></td>
<td bgcolor="<% =CColor %>" align=center><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>" color="<% =strForumFontColor %>">
<% if IsNull(rs("M_POSTS")) then %>
-
<% else %>
<% =rs("M_POSTS") %>
<% if strShowRank = 2 or strShowRank = 3 then
%>
<br><% Response.write(getStar_Level(rs("M_LEVEL"), rs("M_POSTS"))) %>
<% end if %>
<% end if %>
</font></td>
<% if IsNull(rs("M_LASTPOSTDATE")) or Trim(rs("M_LASTPOSTDATE")) = "" then%>
<td bgcolor="<% =CColor %>" align=center nowrap><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>" color="<% =strForumFontColor %>">-</font></td>
<% else %>
<td bgcolor="<% =CColor %>" align=center nowrap><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>" color="<% =strForumFontColor %>"><% =ChkDate(rs("M_LASTPOSTDATE")) %></font></td>
<% end if %>

<td bgcolor="<% =CColor %>" align=center nowrap><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>" color="<% =strForumFontColor %>"><% =ChkDate(rs("M_DATE")) %></font></td>
<td bgcolor="<% =CColor %>" align=center><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>"><% =rs("M_COUNTRY") %> </font></td>
<% if mlev = 4 or mlev = 3 then %>
<td bgcolor="<% =CColor %>" align=center nowrap><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>" color="<% =strForumFontColor %>"><% =ChkDate(rs("M_LASTHEREDATE")) %></font></td>
<% end if %>
<% if mlev = 4 then %>
<td bgcolor="<% =CColor %>" align=center><b><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>">
<% if rs("MEMBER_id") <> 1 then %>
<% if rs("M_STATUS") <> 0 then %>
<a href="JavaScript:openWindow('pop_lock.asp?mode=Member&MEMBER_id=<% =rs("MEMBER_id") %>')"><img src="images/icon_lock.gif" alt="Blocca Membro" border="0" hspace="0"></a>
<% else %>
<a href="JavaScript:openWindow('pop_open.asp?mode=Member&MEMBER_id=<% =rs("MEMBER_id") %>')"><img src="images/icon_unlock.gif" alt="Sblocca Membro" border="0" hspace="0"></a>
<% end if %>
<% end if
if strUseExtendedProfile then %>
<a href="pop_profile.asp?mode=Modify&id=<% =rs("MEMBER_id") %>&name=<% =ChkString(rs("M_NAME"),"urlpath") %>"><img src="images/icon_pencil.gif" alt="Edita Membro" border="0" hspace="0"></a>
<% else %>
<a href="JavaScript:openWindow3('pop_profile.asp?mode=Modify&id=<% =rs("MEMBER_id") %>&name=<% =ChkString(rs("M_NAME"),"urlpath") %>')"><img src="images/icon_pencil.gif" alt="Edita Membro" border="0" hspace="0"></a>
<% end if
if rs("MEMBER_id") = 1 then %>
<% '## Do Nothing %>
<% else %>
<a href="JavaScript:openWindow('pop_delete.asp?mode=Member&MEMBER_id=<% =rs("MEMBER_id") %>')"><img src="images/icon_trashcan.gif" alt="Elimina Membro" border="0" hspace="0"></a>
<% end if
' ################ Ban IP Mod ##################
if rs("MEMBER_ID") = 1 then %>
<% '## Do nothing %>
<% else %>
<a href="Javascript:openWindow('pop_ban_ip.asp?mode=Member&MEMBER_ID=<% =rs("MEMBER_ID") %>')"><img src="icon_ban.gif" alt="Ban Member" border="0" hspace="0"></a>
<% end if
' ##############################################
if rs("M_LEVEL") = 1 then %>
<a href="pop_profile.asp?mode=Modify&id=<% =rs("MEMBER_id") %>"><img src="images/icon_mod.gif" alt="Modifica a Moderatore" border="0" hspace="0"></a>
<% Elseif rs("M_LEVEL") = 2 then%>
<a href="pop_profile.asp?mode=Modify&id=<% =rs("MEMBER_id") %>"><img src="images/icon_delmod.gif" alt="Remove Moderator" border="0" hspace="0"></a>
<% End If %>
</font></b></td>
<% end if %>
</tr>
<%
currMember = rs("MEMBER_id")
rs.MoveNext
i = i + 1
if i = 2 then i = 0
rec = rec + 1
loop
end if
%>
</table>

</td>
</tr>
<tr>
<td colspan="2">
<table border="0" width="100%">
<tr>
<td>
<% if maxpages > 1 then %>
<table border=0>
<tr>
<td valign="top"><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>"><b>Le
pagine complessive sono <% =maxpages %>  altrimenti visualizza per pagina:</b>   </font></td>
<td valign="top"><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>"><% Call Paging() %></font></td>
</tr>
</table>
<% else %>
 
<% end if %>
</td>
</tr>
</table>
</td>
</tr>
</table>
<!--#INCLUDE FILE="inc_footer.asp" -->
<%
sub Paging2()
if maxpages > 1 then
if Request.QueryString("whichpage") = "" then
sPageNumber = 1
else
sPageNumber = Request.QueryString("whichpage")
end if
if Request.QueryString("method") = "" then
sMethod = "postsdesc"
else
sMethod = Request.QueryString("method")
end if

sScriptName = Request.ServerVariables("script_name")
Response.Write("<form name=""PageNum"" action=""members.asp?method=" & sMethod & """>")
Response.Write("<select name=""whichpage"" size=""1"" onchange=""ChangePage()"">")
for counter = 1 to maxpages
if counter <> cint(sPageNumber) then
Response.Write "<OPTION VALUE=""" & counter & """>" & counter
else
Response.Write "<OPTION SELECTED VALUE=""" & counter & """>" & counter
end if
next
Response.Write("</select>")

end if
end sub

sub Paging()
if maxpages > 1 then
if Request.QueryString("whichpage") = "" then
sPageNumber = 1
else
sPageNumber = Request.QueryString("whichpage")
end if
if Request.QueryString("method") = "" then
sMethod = "postsdesc"
else
sMethod = Request.QueryString("method")
end if

sScriptName = Request.ServerVariables("script_name")
Response.Write("<table border=0 width=100% cellspacing=0 cellpadding=1 align=top><tr>")
for counter = 1 to maxpages
if counter <> cint(sPageNumber) then
sNum = "<td align=right bgcolor=" & strPageBGColor & "><font face=" & strDefaultFontFace & " size=" & strDefaultFontSize & ">" & " " & widenum(counter) & "<a href=""" & sScriptName
sNum = sNum & "?whichpage=" & counter
'sNum = sNum & "&pagesize=" & mypagesize
sNum = sNum & "&method=" & sMethod
sNum = sNum & """>" & counter & "</a></font></td>"
Response.Write sNum
else
Response.Write("<td align=right bgcolor=" & strPageBGColor & "><font face=" & strDefaultFontFace & " size=" & strDefaultFontSize & ">" & " " & widenum(counter) & "<b>" & counter & "</b></font></td>")
end if
if counter mod strPageNumberSize = 0 then
Response.Write("</tr><tr>")
end if
next
Response.Write("</tr></table>")
end if
end sub
%>





Grazie ! :'(

Massimo Farieri
===============
http://www.superdeejay.net/

Edited by - www.superdeejay.net on 06 May 2002 07:33:20
Go to Top of Page

Gremlin
General Help Moderator

New Zealand
7528 Posts
Posted - 06 May 2002 :  07:37:28  Show Profile  Visit Gremlin's Homepage
Weird, he says the forums is 3.1SR4 yet he appears to be running the members.asp from 3.3.03 (and it isn't patched either). In conjuction with the sql injection problem with the 3.3 members.asp there was also a 'hack' for 3.1 that was known to a few people.

It would seem to me however, that someone is monitoring the Show off your Forum forum, and hacking sites shortly after they've been published there.

www.daoc-halo.com
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 06 May 2002 :  07:38:47  Show Profile  Send ruirib a Yahoo! Message
Add the code where shown. This won't fix the security bug, it will just stop people to access members.asp, so that they cannot take advantage of the bug to get the passwords in the database.

It is a temporary measure and I'm admiting that the hack used in your site was the members.asp hack.
quote:

but I must make only that modification and all the other rows explain you for version 3.3? and for the 3,1 sr4? which are the rows to repair... here the code of mine memebers.asp:


[quote] <%
'#################################################################################
%>
<!--#INCLUDE FILE="config.asp" -->
<!--#INCLUDE FILE="inc_functions.asp" -->
<!--#INCLUDE FILE="inc_top.asp" -->


If mlev < 4 then
   Response.Redirect "default.asp"
End if




-------------------------------------------------
Installation Guide | Do's and Dont's | MODs

Edited by - ruirib on 06 May 2002 07:39:39
Go to Top of Page

Gremlin
General Help Moderator

New Zealand
7528 Posts
Posted - 06 May 2002 :  07:54:20  Show Profile  Visit Gremlin's Homepage
why not just download 3.3.03 and replace your members.asp with the one from the download ? will fix it nice and quick for now.

www.daoc-halo.com
Go to Top of Page

Massimo
Junior Member

Italy
125 Posts
Posted - 06 May 2002 :  08:51:25  Show Profile  Visit Massimo's Homepage
thanks but the code does not act as visualizes me simply the line like text in the browser well or changed my rows with version 3,3,03 (without bug) sperimao! you are many kind thanks

Massimo Farieri
===============
http://www.superdeejay.net/
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.44 seconds. Powered By: Snitz Forums 2000 Version 3.4.07