You will go profile invision power board. Hack competition: an easy way to cause DoS in IPB

Versions

  • 1.x.x, latest version - 1.3.1 , support has been discontinued.
  • 2.0.x, latest version - 2.0.4: May 4
  • 2.1.x, latest version - 2.1.7: July 13
  • 2.2.x, latest version - 2.2.2: February 22
  • 2.3.x, latest version - 2.3.6: October 2
  • 3.0.x, latest version - 3.0.5: December 8
  • 3.1.x, latest version - 3.1.4: November 18
  • 3.2.x, latest version - 3.2.3: September 9
  • 3.3.x, latest version - 3.3.4: July 11

History of development

Invision Power Services (IPS) was founded by two programmers, Matt Mecham and Charles Warner, in 2002, shortly after they left Jarvis Entertainment Group (the company behind the Ikonboard forums). Their very first product was IPB, which attracted the attention of many Ikonboard users.

Although the developers of Invision Power Services initially preferred free distribution source code forum, in 2004 IPB stopped publishing free versions. It was decided to leave the trial version of Invision Power Board 2.0.0 for free download, but on September 27, 2004 this opportunity was also closed due to the introduction of a free demo version, which had restrictions on 5000 messages, 1000 topics and 200 users. With this, Invision Power Services puts an end to the claims that IPB will always be free. On July 1, 2005, IPS introduced a new limit to the demo version - no more than 15 days of use (in some cases, up to 5 days) and a few months later, this period was limited to 24 hours.

Version IPB 2.0.4 became the first version that began to be officially sold in Russia and the CIS countries. The Russian-speaking community has received official permission from IPS to sell a localized version of IP.Board in the Russian-language segment.

Version 1.3

The IPB forums version 1.3 is the latest freely distributed version of the engine and is still allowed by IPS for use, although it is no longer supported by the developers and access to downloading on the official resource has already been stopped. Despite the outdated nature of this version of the forum and the presence of known security holes in it, many people still use it and do not express any desire to update. IPS continued to release security updates until version 2.1 was announced for development in 2005, after which it stopped supporting this version of the forum. Some sites continue to release security updates and updates to run this version of the forum on PHP5, but these updates are not supported by IPS. Using these versions is illegal if you did not download it from the official website.

Version 2.0

IPB 2.0 forums are very similar to 2.1. This version is the latest version and can be downloaded for free from the IPS official website. Just like with version 1.3, many users still continue to use it, using unlimited trial versions of 2.0 PDR (Under Development Version), PF (English. Pre-Final; version, which is in the testing and development stage, is released before the final release) and Final, which also have their own security holes and are no longer supported by the developers. Final version 2.0 could be downloaded for free in the first hours after its official release from the developer’s official website.

Version 2.1

IPB 2.1 has significant advantages over its predecessors, such as: the latest security updates, Rich Text Editor as a user message editor and many moderation tools, including using AJAX technology. The administrative part in IPB 2.1 has been completely redesigned. All versions of IPB 2.1 are commercial software; there is no possibility to download a demo version on the official website.

Version 2.2.7

Invision Power Board 2.2 has been tested for safety third party company, which made it possible to find dangerous vulnerabilities in the forum script even before the release of the final version. Immediately after the release of version 2.2, version 2.2.1 was released, which fixed many bugs.

Version 2.3

This version includes multiple code changes that improve system performance on large forums. From version 2.3 the forum comes complete with two styles (classic blue and Pro style). The latter is positioned by the developer as lightweight and can be easily used as a basis for developing their own styles, or, for example, as a style for forums with high traffic. In this version, IPS has expanded the capabilities of the forum admin panel by adding an intelligent help system and providing a dashboard as the main page of the admin center. Among the new features of the forum, it is worth noting the appearance of style reassignment (URL Mapping). Thanks to this setting, it is possible to assign custom styles to specific URLs: for example, make a different style than the forums style for the profile view page.

Version 3.0

This version has extensive changes, including the introduction of a new template engine, a new design, increased ease of editing templates, improvements to BB codes, its own reputation system and much more... Also, version 3 requires PHP5. Oracle databases are no longer supported. The main innovation was the appearance of hooks, with which you can change and/or add new functionality without changing the source code of the forum. To install hooks, the administrator just needs to download xml file hook in the admin center. Unfortunately, creating any hooks is only possible in development mode and requires a huge amount of manual work (much of this work can be automated using the IPB3 Toolkit).

All hooks are divided into following types(the names of the hooks are taken from the Russian version from IBR, the original name is indicated in brackets):

  • Action overloader - allows you to extend the specified controller class with your own class;
  • Skin overloader - allows you to extend the specified template class with your own class (applies to all skins);
  • Template modification (Template hook) - allows you to add arbitrary code (mostly HTML) to Right place template.

Version 3.1

The hook system also received further development - new types of hooks were added:

  • Template hook (previously - Template modification, Template hook) - expanded, you can replace blocks and get the values ​​of variables passed to the template;
  • Data hook - allows you to process data before inserting (receiving) it into (from) the database;
  • Library hook - allows you to override many system classes.

Version 3.2

Notes

see also

  • Ikonboard - A forum script originally developed by Matt Mecham.

Links

Official

  • Invision Power Board Documentation - official English documentation for Invision Power Board
Web forums


act. So here it is act action", which means "action". (hereinafter in the text instead of act will be said action) action act=Online or act=UserCP

act=idx
First find this code:
if (! isset($choice[ $ibforums->input["act"] ])) ( $ibforums-> idx idx on portal OR on home


$choice = array("idx" => "Boards", "SC" => "Boards", "SF" => "Forums", "SR" => "Forums", "ST" => "Topics", "Login" => "Login", "Post" => "Post", "Poll" => "lib/add_poll", "Reg" => "Register", "Online" => "Online", "Members" => "Memberlist", "Help" => "Help", "Search" => "Search", "Mod" => "Moderate", "Print" => "misc/print_page", "Forward" => " misc/forward_page", "Mail" => "misc/contact_member", "Invite" => "misc/contact_member", "ICQ" => "misc/contact_member", "AOL" => "misc/contact_member", " YAHOO" => "misc/contact_member", "MSN" => "misc/contact_member", "report" => "misc/contact_member", "chat" => "misc/contact_member", "integ" => "misc /contact_member", "Msg" => "Messenger", "UserCP" => "Usercp", "Profile" => "Profile", "Track" => "misc/tracker", "Stats" => "misc/ stats", "Attach" => "misc/attach", "ib3" => "misc/ib3", "legends" => "misc/legends", "modcp" => "mod_cp", "calendar" => "calendar", "buddy" => "browsebuddy", "boardrules" => "misc/contact_member", "mmod" => "misc/multi_moderate", "warn" => "misc/warn", "home" = > "dynamiclite/csite", "module" => action "warn" => "misc/warn",, then this means for act=warn
sources sources

lang And skin. We find accordingly:
$ibforums->lang = $std->load_words($ibforums->lang, "lang_post" , $ibforums->lang_id); $ibforums->lang = $std->load_words($ibforums->lang, "lang_ucp" , $ibforums->lang_id); And
$this->html = $std-> lang_post.php And lang_ucp.php skin_ucp.php

Here's what's connected with it:

"idx" =>
"SC" =>
"SF" =>
"SR" =>
"ST" =>
"Login" =>
"Post" =>
"Poll" =>
"Reg" =>
"Online" =>
"Members" =>
"Help" =>
"Search" =>
"Mod" =>
"Print" =>
"Forward" =>
"Mail" =>
"Invite" =>
"ICQ" => Sending a message to ICQ
"AOL" => Sending a message to AOL
"YAHOO" => Sending a message to YAHOO
"MSN" => Send message to MSN
"report" =>
"chat" =>
"integ" =>
"Msg" =>
"UserCP" =>
"Profile" =>
"Track" => Subscribe to topic/forum
"Stats" =>
"Attach" =>
"ib3" =>
"legends" => Emoticons, bbcode help
"modcp" =>
"calendar" =>
"buddy" =>
"boardrules" =>
"mmod" =>
"warn" =>
"home" =>
"module" =>


act

You may have a question, what is: "idx" => "Boards", "SC" => "Boards", "SF" => "Forums", "SR" => "Forums", "ST" => "Topics",








if ($ibforums->input["showforum"] != "") ( $ibforums->input["act"] = "SF"; $ibforums->input["f"] = intval($ibforums-> input["showforum"]); ) else if ($ibforums->input["showtopic"] != "") ( $ibforums->input["act"] = "ST"; $ibforums->input[" t"] = intval($ibforums->input["showtopic"]); // Grab and cache the topic now as we need the "f" attr for // the skins... $DB->query("SELECT t.*, f.topic_mm_id, f.name as forum_name, f.quick_reply, f.id as forum_id, f.read_perms, f.reply_perms, f.parent_id, f.use_html, f.start_perms, f.allow_poll, f. password, f.posts as forum_posts, f.topics as forum_topics, f.upload_perms, f.show_rules, f.rules_text, f.rules_title, c.name as cat_name, c.id as cat_id FROM ibf_topics t, ibf_forums f , ibf_categories c WHERE t.tid=".$ibforums->input["t"]." and f.id = t.forum_id and f.category=c.id"); $ibforums->topic_cache = $DB->fetch_row( ); $ibforums->input["f"] = $ibforums->topic_cache["forum_id"]; ) else if ($ibforums->input["showuser"] != "") ( $ibforums->input[ "act"] = "Profile"; $ibforums->input["MID"] = intval($ibforums->input["showuser"]); )

Structure and paths in IPB

IBResource Forums


There are no answers in this thread

IBResource

  • City: 99|rus

Many people probably have a question:
"Why are there so many files in IPB? After all, the paths always go to one index.php file, and only the parameters change."

So this short article on IPB files should help you understand IPB better. What to look for where. Where to change what.

Almost all pages in IPB have a parameter in the address act. So here it is act is an abbreviation for the English word " action", which means "action". (hereinafter in the text instead of act will be said action) So this is the main component of dividing by files. Almost every action value has its own file with functions + its own file with templates + its own language file. Why almost? Because there are small actions, naturally on different values action, but they are all combined into one file with functions + also a combined language file + also a combined file with templates. For example, there are large act=Online or act=UserCP. They each have their own service files with functions, etc.
So how do you understand which action applies to which files?

To do this, go to index.php. Everything is written out there. Let me tell you right away that index.php? act=idx is the address of the main page of the forum where all categories and forums are presented.
First find this code:
if (! isset($choice[ $ibforums->input["act"] ])) ( $ibforums->input["act"] = "idx"; ) This entry means that if the action parameter is not specified, then it is equal by default idx. So that's why when you start the forum it just opens at the address home page forum with a list of forums. By changing the value here idx on portal(for a forum where IBF Portal 3.2 or 4.0 is installed) OR on home(if you have 1.2 and the IPDynamic Lite portal is installed), then you will get that by default it will not be the forum that will load, but the portal.

Now go a little higher and find something like this:
$choice = array("idx" => "Boards", "SC" => "Boards", "SF" => "Forums", "SR" => "Forums", "ST" => "Topics", "Login" => "Login", "Post" => "Post", "Poll" => "lib/add_poll", "Reg" => "Register", "Online" => "Online", "Members" => "Memberlist", "Help" => "Help", "Search" => "Search", "Mod" => "Moderate", "Print" => "misc/print_page", "Forward" => " misc/forward_page", "Mail" => "misc/contact_member", "Invite" => "misc/contact_member", "ICQ" => "misc/contact_member", "AOL" => "misc/contact_member", " YAHOO" => "misc/contact_member", "MSN" => "misc/contact_member", "report" => "misc/contact_member", "chat" => "misc/contact_member", "integ" => "misc /contact_member", "Msg" => "Messenger", "UserCP" => "Usercp", "Profile" => "Profile", "Track" => "misc/tracker", "Stats" => "misc/ stats", "Attach" => "misc/attach", "ib3" => "misc/ib3", "legends" => "misc/legends", "modcp" => "mod_cp", "calendar" => "calendar", "buddy" => "browsebuddy", "boardrules" => "misc/contact_member", "mmod" => "misc/multi_moderate", "warn" => "misc/warn", "home" = > "dynamiclite/csite", "module" => "modules",); And here is a list of all values action(left) and a list of file names (without the php extension) what they refer to (right). If the line is like this - "warn" => "misc/warn",, then this means for act=warn service file is located at
Why is the directory not specified in the line? sources, and I indicated it? Because all service files (almost) are located in the folder sources(translated from English - source codes).
How can I find out where the language files and templates for a given file are located?
Just. We go into the file, for example we selected UserCP.php. There we are looking for words lang And skin. We find accordingly:
$ibforums->lang = $std->load_words($ibforums->lang, "lang_post" , $ibforums->lang_id); $ibforums->lang = $std->load_words($ibforums->lang, "lang_ucp" , $ibforums->lang_id); And
$this->html = $std->load_template("skin_ucp"); From which it is not difficult to understand that 2 language files are used lang_post.php And lang_ucp.php. And only one template file is used skin_ucp.php

Here's what's connected with it:

"idx" => index - Forum main page
"SC" => Show Category - Displays a list of forums of the selected category
"SF" => Show Forum - Shows a list of topics for the selected forum!
"SR" => Show Rules - Shows the rules of the selected forum (you can create your own for each forum)
"ST" => Show Topic - Shows the selected topic (list of all messages in the selected topic)
"Login" => Serves authorization (login to the forum under your account)
"Post" => Serves publishing messages, creating topics, polls
"Poll" => Serves adding votes to a poll
"Reg" => Registration, password recovery...
"Online" => List of active users (those who are online)
"Members" => List of all users, different sorting...
"Help" => Maintenance of help files (FAQ, viewing, sorting)
"Search" => Search the forum. Advanced Search. View new messages since last visit, active topics.
"Mod" => Moderation. Moderator actions. Transfer topics. Division, etc.
"Print" => View of the theme for printing, saving the theme in HTML, Ms Word...
"Forward" => Sending a link to a topic to a friend by e-mail.
"Mail" => Writing and sending a letter to the user by e-mail.
"Invite" => There is no such function yet. But the developers are already making preparations for themselves in advance
"ICQ" => Sending a message to ICQ
"AOL" => Sending a message to AOL
"YAHOO" => Sending a message to YAHOO
"MSN" => Send message to MSN
"report" => Report to moderator (serving a link to the report to the moderator by e-mail about the message)
"chat" => Chat module. Invision Power Chat paid chat. That's why it's not in the set
"integ" => Sending a message to Integrity Messenger
"Msg" => Personal Mailbox Maintenance. Reception of sending and other actions with PMs (messages in Privat)
"UserCP" => Large script for working with "Profile". This includes managing subscriptions and forum settings, etc...
"Profile" => View user profile...
"Track" => Subscribe to topic/forum
"Stats" => 10 best authors, 10 best authors today and a link to the Administration
"Attach" => Downloading an attached file to a message (attachment)
"ib3" => Forum login module for Ikonboard 3. Related to conversion from IkonBoard3
"legends" => Emoticons, bbcode help
"modcp" => Moderator control panel. And everything connected with it
"calendar" => Calendar. publishing, changing calendar events...
"buddy" => User contact list. Adding a user to contacts, etc.
"boardrules" => General rules for the entire forum. From viewing.
"mmod" => Multimoderation. Creation general rules to moderate forums
"warn" => Rating/warning system
"home" => View the IPDynamic Lite portal. This link makes it clear why act=home is a portal
"module" => Additional synchronization modules. Appeared only in 1.2


So if you want to change something, take a look at address bar browser, see what the parameter is equal to act, and you will immediately know where to look. And the place that you are looking for can be found by some text that is not dynamic (does not change). And since the text is static, it means it is probably in the language files. This means that having found it through a search in the language files, you can see which variable corresponds to this entry and already look for the right place by the name of the variable, which will usually lead you to templates with the already familiar HTML language There, having basic English skills (usually variables are called simple in clear words on English language) you can find what you need there and understand without language translations which is which.

You may have a question, what is: "idx" => "Boards", "SC" => "Boards", "SF" => "Forums", "SR" => "Forums", "ST" => "Topics",
idx - index - forum main page
SC - Show Category - view the selected category (list of forums of the selected category)
SF - Show Forum - View the forum (list of topics for the selected forum)
SR - Show Rules - View forum rules (you can add your own to each forum via AdminCP)
ST - Show Topic - View topic (list of messages of the selected topic)

also in latest version 1.2 introduced several more abbreviated types of links that mimic these regular ones. This
index.php?showforum=3 - this entry is identical to index.php?act=SF&f=3
index.php?showtopic=33234 - this entry is identical to index.php?act=ST&f=forum_number&t=33234
index.php?showuser=343 - this entry is identical to index.php?act=Profile&CODE=03&MID=343

These three shortcuts are implemented by the code that is written in index.php:
if ($ibforums->input["showforum"] != "") ( $ibforums->input["act"] = "SF"; $ibforums->input["f"] = intval($ibforums-> input["showforum"]); ) else if ($ibforums->input["showtopic"] != "") ( $ibforums->input["act"] = "ST"; $ibforums->input[" t"] = intval($ibforums->input["showtopic"]); // Grab and cache the topic now as we need the "f" attr for // the skins... $DB->query("SELECT t.*, f.topic_mm_id, f.name as forum_name, f.quick_reply, f.id as forum_id, f.read_perms, f.reply_perms, f.parent_id, f.use_html, f.start_perms, f.allow_poll, f. password, f.posts as forum_posts, f.topics as forum_topics, f.upload_perms, f.show_rules, f.rules_text, f.rules_title, c.name as cat_name, c.id as cat_id FROM ibf_topics t, ibf_forums f , ibf_categories c WHERE t.tid=".$ibforums->input["t"]." and f.id = t.forum_id and f.category=c.id"); $ibforums->topic_cache = $DB->fetch_row( ); $ibforums->input["f"] = $ibforums->topic_cache["forum_id"]; ) else if ($ibforums->input["showuser"] != "") ( $ibforums->input[ "act"] = "Profile"; $ibforums->input["MID"] = intval($ibforums->input["showuser"]); )

In general, everything you want to change can be found by searching in the forum files. Therefore, always keep a copy of all forum files on your hard drive. After all, searching files on the server via ftp is simply impossible. But this is a topic for another article. So The End. Good luck

All comments and questions about the article please! If there are changes or any important questions and answers, I will add them here to the topic!

In my opinion, as a site admin, that"s not personal information. Plus that information lives in many places besides your profile. It shows in forum topics, in your user popup, it defines what permissions you have, etc. So hiding it on your profile is a false sense of privacy.

To me it just does not make sense to introduce a false sense of security by "hiding things in my profile" when everything you put in your profile on a community forum is by its nature public to all those in said community.

Put another way: on Facebook your profile is all about you. On a community your profile is about what you have done in that community. It's the opposite viewpoint.

I think your opinion of forum profiles is dated. It might apply to quite a few forums, but you claim to be an enterprise solution, so that is what I am addressing this as. My site might be small potatoes, but it is becoming one of the most popular in its niche.

Profiles on my site have a lot of potential. But because my members are a mixture of professionals within my industry niche and consumers/DIYers who aren't, the power of my member profiles as a whole can be seriously diluted with miscellaneous information that has nothing at all to do with my industry. Take , for instance, the 2 members whose profile pages I use to illustrate my point.

This user, MarmoMan, is a pro in his field. The information he provides is relevant to the industry and can be used as a kind of business listing. Anyone who visits the site can view his profile and see his industry status, work history and achievements and contact him in various manners that can be very beneficial to him. This kind of profile is an asset to my site.

This user, arrowpawn, is a consumer who came to us about flooring issues he/she was having, got answers and hasn't returned since. But the member made sure to leave a lasting impression I only discovered tonight. In addition to all the non-industry related information on the About Me tab, there is contact information, including a link to a website, on the Contact Info tab. This is not good for my site and is considered spam - even though they are a legitimate company. They have taken advantage of the disability I have to make certain profile information and certain user groups hidden from search spiders and non-members.

IPS4.x has great potential to turn profile pages into an asset for many forums. It could have the ability to add fields relevant to the site"s focus, turn privacy on and off for certain of those fields, make some/all fields admin controllable and add SEO to the profile, among other options. The user popup in other areas of the site should include only information the admin deems important on a user category basis and also allow some user configuration.

The point I want to make to you is that everything put in a profile does NOT have to be public, especially if you want to have more control over the relevant content of your website. And I am not one that will compare this feature to facebook. My hope is that it will be incomparable to any other forum product available. You have the resources, the skill and the potential to develop IPS profiles into more than just a miscellaneous forum feature.

There was a database error on the Invision Power Board (IPB) forum, as a result of which the forum began to slow down quite decently. The ibf_profile_portal_views table turned out to be damaged, and it is necessary to check the tables. On the forum it is displayed as follows: you cannot log into the user profile:

Also, the forum does not display visitor statistics:

Go to the IPBoard Admin Center and look at the system properties:

Go to the section: Support > Diagnostics > System status > System overview > Check the database structure.

We find the error: ibf_profile_portal_views. Click here to fix the table or you can run the following queries manually.
- ALTER TABLE ibf_profile_portal_views ADD views_member_id int(10) NOT NULL default "0".


Attention: Errors found. Errors have been detected in the database. And to fix them, click on the link: Do you want to try to fix everything automatically?


And opposite the ibf_profile_portal_views table (profile and number of views) we get a green flag:


But after logging out and logging into the admin area, the error appears again. Therefore, go to Support > SQL Management > Tools > SQL Management Tools.


And click on the ibf_profile_portal_views table.

We read the information. Results of the manual query: Can't find file: "ibf_profile_portal_views" (errno: 2). Next, enter in the Run field:
CREATE TABLE ibf_profile_portal_views (
views_member_id int(10) NOT NULL default "0"
);
And click on the button: Run a new request.


The error changed to: Table "ibf_profile_portal_views" already exists. Those. doesn't let me create new table, since it already exists.


Let's try the following option: repair table ibf_profile_portal_views;

The same error when working with the database is displayed when trying to delete a user through the admin center (although this does not interfere with creating a user, as well as moving him among groups).


The function of this table is as follows - user profile views are accumulated there, then they are counted and updated in another table, and this table is cleared.
To work with the database, you can also use either Sypex Dumper or phpMyAdmin web application with open source, written in PHP and is a web interface for administering the MySQL DBMS. PHPMyAdmin allows you to administer the MySQL server through a browser, run SQL commands and view the contents of tables and databases. The application is very popular among web developers, as it allows you to manage the MySQL DBMS without directly entering SQL commands, providing a user-friendly interface.