[BETA] New PHPBB User Upload ToolKit! v0.3

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment! No new topics are allowed in this forum.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: MOD Development Forum rules

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
Post Reply
starfoxtj
Registered User
Posts: 3714
Joined: Tue Jul 29, 2003 2:01 am
Contact:

[BETA] New PHPBB User Upload ToolKit! v0.3

Post by starfoxtj »

Do NOT post support questions here!
This thread is abandoned as all support and releases are done at the toolkit forums!


Official Upload toolkit support forum:
http://starfoxtj.no-ip.com/forum

If you cannot access the support forums, feel free to email me: starfoxtj@yahoo.com
Starfoxtj wrote: MOD Title: PHPBB User Upload Toolkit
MOD Description: Allows users to upload files onto the server where phpbb is hosted. Users can delete and rename their uploaded files. Configurable disk quota, file size, and types. Very easy to install, just copy index.php into a folder and its ready to go.
MOD Version: 0.3a

MOD Download: http://starfoxtj.no-ip.com/phpBB/uploadtoolkit/v0.3a
Last Stable version: 0.3a

Demo Board: N/A at this time
Demo Username: N/A at this time
Demo Password: N/A at this time

Starfoxtj wrote: PHPBB User Upload ToolKit v0.3a released!

This release addresses some minor bugs and also changes the license slightly.

Changes in Version 0.3a:
1: Added index.html to the hidden files array
I have recived tons of emails about users deleting the index.html file.
Although this file is not actually used, it prevents directory listing on servers that have it enabled (tsk tsk tsk).
Users will no longer be able to view, rename or delete the index.php file from their directory.

2: Changed auto-rename format
The toolkit would automatically rename the file if one already exists using this format: $filename($file_sfx) Where $filename is the original name, and $file_sfx is a number (which is increased untill the full name is uniqe).
However, phpbb and some other forums and applications do not support parentheses in hyperlinks. The link stops right before the left parenthesis.
I changed the format to: $filename_$file_sfx.
If the file "dog.jpg" already exists, it will rename it to "dog_1.jpg", "dog_2.jpg", 3, 4 etc.
This should make the renamed files compatible for phpbb's hyperlinks.

3: Added PHP version check for escaping.
It still seems that some users are still running older versions of php. (I know...most shared hosts dont update php often if at all)
These users get errors about the mysql_real_escape_string function not being defined. I added a check to see which version of php is installed, and to use that function only if their installation supports it. Otherwise it uses the depreciated mysql_escape_string function.

4: Included .flmod in the approved extensions list.
I deal with alot of users who write mods for Microsoft's Freelancer game.
This game generally uses mod files ending in the .flmod extension. These are normal zip files with a different extension, but many users have been complaining about compatibility and having to rename each file twice.
If you dont use freelancer mods, it is up to you to leave or remove this extension. It will not affect the toolkit in any way.

5: License agreement.
Alot of users have been asking to make changes to this toolkit to fine tune it for their site. As you know the original agreement prevented changes to the script without permission. I have decided to release this script as fully customizable, as long as it is not distributed in its modified version. You can change anything you want in the script, for business or personal use. I dont want to get into the realm of people distributing modified copies and then attempt to sue me because the modder messed up the security and authentication functions. :shock:

Download:
You may download the toolkit from here: http://starfoxtj.no-ip.com/phpBB/uploadtoolkit/v0.3a


Previous releases:
Starfoxtj wrote: PHPBB User Upload ToolKit v0.3 released!

After a much anticipated and long wait, version 0.3 is out!
This address mostly features on a per-user basis, something I know many of you have been dying for.

New features in Version 0.3:
1: User Specific Quota and Maxupload size.
Now admins can specify all the above on a per-user basis.
Each user can use the general/default settings, or have their quota increased/reduced to any amount.
Admins can also specify the maxsize of each uploaded file on a per user basis. (See the instructions for detailed info).

2: Disable specific users.
This allows you to disable access to the upload toolkit for specific users. With previous versions unless their account was banned or inactive, they would always have access.
When disabled, their files are left intact, but the user is unable to login to add, manage, or delete them.

3: Admin Panel.
Added an admin panel for user's with admin rights, and if the option is enabled in the toolkit. This allows admins to login as other users IN the toolkit by entering their username, or user ID. They can then manage their files as if they were that user.
Useful for deleting/altering files that do not comply with the rules. Much easier then cross-referencing user IDs and digging around with ftp.

4: Email Notification of user actions.
This is a neat addition that emails the admin of any uploads, renames, or deletion of user files. This allows the admin to easily track any uploaded files that do not comply with the rules, even if the user claims he never uploaded it.
What notifications the admin receives is fully customizable, either/or: upload, delete, rename.

5: Added potential exploit notification and checks.
Some users may attempt to move outside their upload directory by altering the file path. The toolkit will now detect such modifications by the user, email the admin of the attempt with the user's info, and terminate execution. The admin may then review the email, contact the user and determine if it was a mistake or intentional attempt.

6: Includes an optional "Hotlink Add-on".
This addon is used to prevent hotlinking of user uploaded files from remote servers. Most admins dont mind users uploading an image etc and posting it all over their foum. However, some users think its ok (or know its not ok), to link it all over the internet; on other forums, their homepage etc. This addon uses .htaccess to examine each accessed file and determine if it was linked locally, or remotely.
It also goes one step further in notifying the admin by email of all hotlink attempts, including the time, user, file that was linked, and site that it was linked on.
It also includes an option to allow hotlinking for specified users. (See Hotlink_add-on.zip for details).


7: Instructions!
Yes I know this is a long overdue addition. I assumed it was just easy to determine how to use the toolkit once its installed. However I have received many questions about how to use it.
v0.3 includes very detailed and specific instructions on how to use all the features of the toolkit, as well as the hotlink addon.

Download:
You may download the toolkit from here: http://starfoxtj.no-ip.com/phpBB/uploadtoolkit/v0.3


And as always, feedback is appriciated! :D
Enjoy!
Starfoxtj wrote: PHPBB User Upload ToolKit v0.2 released!

A few key features have been added to v0.2 that I think should be very helpful to many admins.

New features in Version 0.2:
1: Auto-Detection of Domain & Script Folder.
You no longer have to manually specify the domain and script folder as this script will determine all that information automatically.

2: Disk Quota.
The admin can set a disk quota limit on the amount of disk space users may consume. I have gotten a number of request to add this feature as some users have been uploading much more information then expected.

3: Full thumbnail support.
Very handy when trying to quickly pick out a single image among a group. All thumbnails are 100px in width to prevent filling the entire page.
Admins may also change which extensions will be recognized when in thumbnail mode.

4: Auto-Append extension on rename.
I know that alot of users (like me) dont like to specify the extension every time they rename a file. In v0.2, if an extension is not specified, it is automatically append to the filename when submitted./

5: Banned/Inactive User Awareness.
Banned and inactive users are no longer able to login/upload/modify their files.

5: Added Partial CHMOD support.
This version of the toolkit will automatically attempt to CHMOD any files that are renamed/uploaded to 777.


Changes in Version 0.2:
1: Changed file size computation.
Changed the file size computation to truncate the size two characters after the decimal instead of rounding the value two decimal places.
This allows for more accurate file sizes.

2: Removed SWF files from the approved extensions list.
I have received an email from a user claming that swf files can be written to alter files on the drive in which they reside in.
I do know that swf files are powerful, but am not yet positive that this claim is accurate. Just to be safe, I have decided to remove access to this file type until this information can be validated.
Note: Admins can still add these files in the approved list if they choose to. But it will be at their own risk.

3: Fixed a "blank filename" bug.
Users are able to upload files with the approved extension, but with no filename. While not a security risk, it may break compatibility.
This would occur if the file did not have a name when being uploaded, or the name consisted entirely of illegal characters which were stripped.
For example, uploading a file named: !!!!!!.txt would be converted to: .txt
Now any files which may contain no name, are renamed to file.(the extension).
Example: !!!.txt would be: file.txt

4: Auto-Focus Rename Field.
Just a minor change. When renaming a file the rename field is automatically selected, therefore it does not have to be clicked.
Allows for slightly faster renames.


Planned Features for future releases:
1: Notify admin of each upload.
For security purposes, the admin would be notified of each upload a user makes including the username, time, IP and file.

2: Sub-Directory Support.
users can create rename and delete their own subdirectories to make file management easier.

3: User based quota.
Allowing the admin to set a limit to the total number of files on a user-by-user bases.

5: Admin Control Panel.
Currently very sketchy, but I would like to implement some sort of admin control panel. This would allow admins to at the very least, login as other users (in the toolkit only!) so they can manage their files.
Useful if certain users do not follow the agreement.

6: Full CHMOD Support.
I think it would be very helpful for alot of admins if the script would chmod the folders automatically. This way the admin would not have to worry about changing the file permissions.
(Note: The ONLY files/folders that will be modified are the ones in the toolkit directory.)


Installation:
1: Download the script and you may change the following six optional settings:
  • 1. The folder your forum is located in. (90% of forums us the default setting)
    2. The max size allowed for each file uploaded.
    3. The disk quota allocated for each user.
    4. You may add/remove extensions allowed to be uploaded.
    5. The extensions used for displaying thumbnails.
2: Upload the script to a folder in the same directory that your phpbb folder is located (not IN the phpbb folder).

2: CHMOD the folder to 777.

3: Enjoy


Download:
You may download the toolkit from here: http://starfoxtj.no-ip.com/phpBB/uploadtoolkit/v0.2


As usual feedback is greatly appreciated. :D



Previous releases:
Starfoxtj wrote: This toolkit allows any board user to upload their own files for use with the PHPBB forum.

I wrote this script to be both easy to use, and most importantly, easy to install. I know alot of board admins simply dont want/have the time to install such a large mod as the Attachment mod.

I have needed an attachment like mod for my board so users could upload their own avatars, signatures etc. I just did not feel like installing the entire attachment mod because of the time involved.
And I had to do the same thing for each board I had.

This toolkit, which allows users to upload their own files can be install by simply uploading a SINGLE file to a folder on you webserver. 8)

Features in Version 0.1:
1: Easy to install.
Just upload ONE file to your webserver and specify three options and your done.

2: Does NOT require any modifications to PHPBB or the database.
This script was designed to work without any modification of your existing PHPBB installation or database. Even after the script has been installed it does not modify anything in your database.

3: Each user can upload files of their choice.
If a user have an image, a wav file, or a movie clip they want to share with others, they simply login to the toolkit and upload their file.

3: Upload Size Limit.
Admins can specify the max size for uploaded files. The default is 1megabye, but it can be changed.

4: Auto-Renames files with an existing name.
If a user already has a file named "image.jpg" and attempts to upload another file with the same name, it will automatically be renamed to "image(1).jpg". The number will increase if a file with the new name already exists.

5: Only allows files with certain extensions to be uploaded.
For security, the script only allows files with certain extensions to be uploaded by users. The allowed extensions are:
avi, doc, gif, jpeg, jpeg, jpg, mp3, mpe, mpeg, mpg, pdf, png, rar, rtf, swf, txt, wav, wma, wmv, zip
This list is customizable. The admin may deny any of these extensions or add additional ones.

6: Users can rename their own files once uploaded.
Any file a user uploads can be renamed by that user. And for security, a user cannot change the file extension to an unapproved type.

7: Only certain characters are allowed in the filename.
This is both for security and compatibility. If a filename contains unapproved characters, they are automatically stripped.
The allowed characters are:
a-z, 0-9, ()_-

8: All user files remain separate.
The files for each user are stored in their own upload folder based on their user ID.

9: Users can delete their own files once uploaded.
If a user no longer wants a file, they may simply delete it.

10: Uses the existing user database of your forum.


Planned Features for future releases:
1: Notify admin of each upload.
For security purposes, the admin would be notified of each upload a user makes including the username, time, IP and file.

2: Sub-Directory Support.
users can create rename and delete their own subdirectories to make file management easier.

3: Banned User Awareness.
Banned users will not be able to login/upload/modify their files.

4: User based size limit for total uploaded files.
Allowing the admin to set a limit to the total number of files on a user-by-user bases.
Last edited by starfoxtj on Tue Sep 05, 2006 6:16 pm, edited 18 times in total.
Admin ToolKit v2.1a - An Admins most helpful tool for user management. Now Supports Mass User Deletion!
Change User's: names, passwords, emails, active status and avatar/pm permissions.
Ban/Unban Users, change Post and Resync Counts, and promote/demote users to admin.
Completely independent from your phpbb user account settings. No installation required, just upload one file.
User Upload ToolKit Beta - A quick and easy, 30 second-install, attachment mod. Now Supports Dynamic Thumbnails!

A.I. BOT
Registered User
Posts: 1848
Joined: Thu Apr 17, 2003 11:43 pm
Location: Newfoundland, Canada
Contact:

Post by A.I. BOT »

looks sexy :) gj i loves the idea :)

DmcMan
Registered User
Posts: 48
Joined: Sat Jan 01, 2005 5:23 am

Post by DmcMan »

Looks good but I have a question. Could someone write a malicious script, change the extension to let's say .jpg, upload it and execute it? Or is that not possible?

starfoxtj
Registered User
Posts: 3714
Joined: Tue Jul 29, 2003 2:01 am
Contact:

Post by starfoxtj »

Nope, that is in feature 6.
It only allows people to rename a file to a valid extention. 8)
Admin ToolKit v2.1a - An Admins most helpful tool for user management. Now Supports Mass User Deletion!
Change User's: names, passwords, emails, active status and avatar/pm permissions.
Ban/Unban Users, change Post and Resync Counts, and promote/demote users to admin.
Completely independent from your phpbb user account settings. No installation required, just upload one file.
User Upload ToolKit Beta - A quick and easy, 30 second-install, attachment mod. Now Supports Dynamic Thumbnails!

DmcMan
Registered User
Posts: 48
Joined: Sat Jan 01, 2005 5:23 am

Post by DmcMan »

Ok, thanks. Also what's the difference between these two jpeg settings?

Code: Select all

"jpeg",	// JPEG Image
	"jpeg",	// JPEG Image

starfoxtj
Registered User
Posts: 3714
Joined: Tue Jul 29, 2003 2:01 am
Contact:

Post by starfoxtj »

Thanks for pointing that out.

I had exe there for some testing and replaced it with a jpeg.
The second entry has been removed.
Admin ToolKit v2.1a - An Admins most helpful tool for user management. Now Supports Mass User Deletion!
Change User's: names, passwords, emails, active status and avatar/pm permissions.
Ban/Unban Users, change Post and Resync Counts, and promote/demote users to admin.
Completely independent from your phpbb user account settings. No installation required, just upload one file.
User Upload ToolKit Beta - A quick and easy, 30 second-install, attachment mod. Now Supports Dynamic Thumbnails!

DmcMan
Registered User
Posts: 48
Joined: Sat Jan 01, 2005 5:23 am

Post by DmcMan »

There's a line toward the end that contains these spaces but I think you forgot a semicolon at the end. I'm not sure since I'm no code expert.

Code: Select all

        &nbsp

starfoxtj
Registered User
Posts: 3714
Joined: Tue Jul 29, 2003 2:01 am
Contact:

Post by starfoxtj »

Yep thanks, I missed that one. It looked fine when the page was parsed that I overlooked it.
Admin ToolKit v2.1a - An Admins most helpful tool for user management. Now Supports Mass User Deletion!
Change User's: names, passwords, emails, active status and avatar/pm permissions.
Ban/Unban Users, change Post and Resync Counts, and promote/demote users to admin.
Completely independent from your phpbb user account settings. No installation required, just upload one file.
User Upload ToolKit Beta - A quick and easy, 30 second-install, attachment mod. Now Supports Dynamic Thumbnails!

DmcMan
Registered User
Posts: 48
Joined: Sat Jan 01, 2005 5:23 am

Post by DmcMan »

Sorry, I'm a novice at this stuff and I don't know how to tell you which line it's at. I use the GVIM editor, and when I searched for the code above it found it. You could try just searching for it.

Anyhow, I tried using it and got the error below. I probably didn't do something right.

Code: Select all

Warning: opendir(./3): failed to open dir: No such file or directory in /home/enterm2/public_html/testforum/uptool.php on line 206

Warning: readdir(): supplied argument is not a valid Directory resource in /home/enterm2/public_html/testforum/uptool.php on line 209

Warning: closedir(): supplied argument is not a valid Directory resource in /home/enterm2/public_html/testforum/uptool.php on line 232
No files have been uploaded.

starfoxtj
Registered User
Posts: 3714
Joined: Tue Jul 29, 2003 2:01 am
Contact:

Post by starfoxtj »

No that is a notification that you will get untill you upload at least one file with the current user.

It is giving you that error because the user folder has not been created yet and it is trying to open it.

Since it was only a notification, I decided to release the beta before that little issue was fixed. I simply need to add a folder existance check before I try to open the folder.

I will have that check in the next release.
Admin ToolKit v2.1a - An Admins most helpful tool for user management. Now Supports Mass User Deletion!
Change User's: names, passwords, emails, active status and avatar/pm permissions.
Ban/Unban Users, change Post and Resync Counts, and promote/demote users to admin.
Completely independent from your phpbb user account settings. No installation required, just upload one file.
User Upload ToolKit Beta - A quick and easy, 30 second-install, attachment mod. Now Supports Dynamic Thumbnails!

DmcMan
Registered User
Posts: 48
Joined: Sat Jan 01, 2005 5:23 am

Post by DmcMan »

Works great. Just one thing I noticed, when I tried to upload a .txt file (extension not allowed in my script) it gave me the notice that it's not allowed. But it didn't give me the notice for an .avi file which I also didn't allow.

Besides, that and the folder thingy, I can't wait for the final release of this script.

Thanks for this easy to use/install script!

starfoxtj
Registered User
Posts: 3714
Joined: Tue Jul 29, 2003 2:01 am
Contact:

Post by starfoxtj »

Hmmm....I cant seem to duplicate the problem your having.

I just indtalled the script from the same version I have for download. Works fine for txt files.
I also removed the avi extention and it no longer allows those.
Im assuming when you edited the section something was omitted/added by accident.

Could you post your allowed extentions section?
Admin ToolKit v2.1a - An Admins most helpful tool for user management. Now Supports Mass User Deletion!
Change User's: names, passwords, emails, active status and avatar/pm permissions.
Ban/Unban Users, change Post and Resync Counts, and promote/demote users to admin.
Completely independent from your phpbb user account settings. No installation required, just upload one file.
User Upload ToolKit Beta - A quick and easy, 30 second-install, attachment mod. Now Supports Dynamic Thumbnails!

DmcMan
Registered User
Posts: 48
Joined: Sat Jan 01, 2005 5:23 am

Post by DmcMan »

Code: Select all

	// Images:

	"gif",	// GIF Image
	"jpg",	// JPEG Image
	"jpeg",	// JPEG Image
	"png"	// PNG Image

	
	);
Do you plan on integrating the script in the phpbb forum or will it be a separate tool kit? There's a similar script here http://www.phpbbhacks.com/download/4394 which fits nicely with phpbb but much less advanced.

starfoxtj
Registered User
Posts: 3714
Joined: Tue Jul 29, 2003 2:01 am
Contact:

Post by starfoxtj »

Thanks for the link, ill check into what that offers.

I may add an option to intergrate it with phpbb itself in the furture.
But for version 1.0 at least it will be stand alone.

I have used the exact same section you posted after the opening array brace.
It worked fine for me on two different servers.

Is there anything before the gif extention?
And did you end with the png?
Admin ToolKit v2.1a - An Admins most helpful tool for user management. Now Supports Mass User Deletion!
Change User's: names, passwords, emails, active status and avatar/pm permissions.
Ban/Unban Users, change Post and Resync Counts, and promote/demote users to admin.
Completely independent from your phpbb user account settings. No installation required, just upload one file.
User Upload ToolKit Beta - A quick and easy, 30 second-install, attachment mod. Now Supports Dynamic Thumbnails!

Darkmonkey
Former Team Member
Posts: 1707
Joined: Fri Oct 24, 2003 3:48 pm
Location: Where the trout streams flow and the air is nice

Post by Darkmonkey »

starfoxtj, looks good, but could you please provide a prefix to the MOD thread subject. (More info here: http://www.phpbb.com/ph ... p?t=266307)

Thanks :D

Post Reply

Return to “[2.0.x] MODs in Development”