User emails

Discussion forum for MOD Writers regarding MOD Development.
Locked
User avatar
Pardis
Translator
Posts: 108
Joined: Sat Jun 21, 2008 11:14 pm

User emails

Post by Pardis » Fri Sep 19, 2008 1:51 pm

Hi

As I have many problems im mass emailing in phpBB 3,I found this php-script that alows me to get my forum user emails from database.

But anyone can run this script in my forum and rubbing users emails too if know filename ! So I want make changes on it so only ADMIN that logged in ACP can run this script,what changes should be make in this script to do it ?

Code: Select all

<?php
//Downloaded from www.Maghsad.com
// Do not change this part

if (!defined('IN_PHPBB'))
{
	exit;
}

$phpbb_root_path = './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);

if ($_GET['fid']) { $fid = $_GET['fid']; }
	
    $sql = 'SELECT user_email FROM phpbb_users';
    $result = $db->sql_query($sql);
    while ($data = $db->sql_fetchrow($result)) {
		echo ','.$data['user_email'].',';
		echo '<br>';
    }

?>

User avatar
david63
Registered User
Posts: 16409
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: User emails

Post by david63 » Fri Sep 19, 2008 2:13 pm

Pardis wrote:But anyone can run this script in my forum
Only if they know about it and where it is. Do not tell them then you do not have a problem.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
Pardis
Translator
Posts: 108
Joined: Sat Jun 21, 2008 11:14 pm

Re: User emails

Post by Pardis » Fri Sep 19, 2008 2:36 pm

Yes,I dont twll anyone but I want not let anyone to steal emails

User avatar
Technocrat
Registered User
Posts: 25
Joined: Sat Nov 20, 2004 12:46 am
Location: California
Contact:

Re: User emails

Post by Technocrat » Fri Sep 19, 2008 3:22 pm

Code: Select all

    <?php
    //Downloaded from www.Maghsad.com
    // Do not change this part

    if (!defined('IN_PHPBB'))
    {
       exit;
    }

    $phpbb_root_path = './';
    $phpEx = substr(strrchr(__FILE__, '.'), 1);
    include($phpbb_root_path . 'common.' . $phpEx);
    include($phpbb_root_path . 'includes/functions_display.' . $phpEx);

    $user->session_begin();
    $auth->acl($user->data);
    $user->setup('acp/common');
    $user->setup('acp/cms');

    // Have they authenticated (again) as an admin for this session?
    if (!isset($user->data['session_admin']) || !$user->data['session_admin'])
    {
	//Change to redirect or what ever you want it to do if they are not admin.
	die();
    }

    if ($_GET['fid']) { $fid = $_GET['fid']; }
       
        $sql = 'SELECT user_email FROM phpbb_users';
        $result = $db->sql_query($sql);
        while ($data = $db->sql_fetchrow($result)) {
          echo ','.$data['user_email'].',';
          echo '<br>';
        }

?>

User avatar
Pardis
Translator
Posts: 108
Joined: Sat Jun 21, 2008 11:14 pm

Re: User emails

Post by Pardis » Fri Sep 19, 2008 4:39 pm

Thanks alot,dear Technocrat,But have you tested this ? And how can I use it ?

I was saved your codes in a file and try to run,but when I try to run nothing happened !


What should I do If I want to add this script such as a module in ACP ?

raybeam
Registered User
Posts: 123
Joined: Sat Apr 19, 2008 9:13 am

Re: User emails

Post by raybeam » Wed Dec 31, 2008 5:39 am

I tried the script but it doesn't seem to do anything...

User avatar
Nelsaidi
Registered User
Posts: 525
Joined: Mon Feb 11, 2008 1:59 pm
Location: London, UK
Contact:

Re: User emails

Post by Nelsaidi » Wed Dec 31, 2008 9:10 pm

It doesnt work because of

Code: Select all

    if (!defined('IN_PHPBB'))
    {
       exit;
    }
Thats means if the script is not running from WITHIN phpbb, it will not run.

What he meant to do was

Code: Select all

define('IN_PHPBB', true);
So try this script here

Code: Select all

    <?php

define('IN_PHPBB', true);
    $phpbb_root_path = './';
    $phpEx = substr(strrchr(__FILE__, '.'), 1);
    include($phpbb_root_path . 'common.' . $phpEx);
    include($phpbb_root_path . 'includes/functions_display.' . $phpEx);

    if ($_GET['fid']) { $fid = $_GET['fid']; }
       
        $sql = 'SELECT user_email FROM phpbb_users';
        $result = $db->sql_query($sql);
        while ($data = $db->sql_fetchrow($result)) {
          echo ','.$data['user_email'].',';
          echo '<br>';
        }

    ?>
Image
Click here to find out what eRepublik is.

User avatar
Pardis
Translator
Posts: 108
Joined: Sat Jun 21, 2008 11:14 pm

Re: User emails

Post by Pardis » Thu Feb 26, 2009 4:12 pm

This code runs too even I never logged in phpBB !

I want ONLY ADMIN of forum can run it

User avatar
Nelsaidi
Registered User
Posts: 525
Joined: Mon Feb 11, 2008 1:59 pm
Location: London, UK
Contact:

Re: User emails

Post by Nelsaidi » Thu Feb 26, 2009 4:42 pm

Code: Select all

<?php
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();

// Enter your username below, ie $username = 'Nelsaidi'
$username = '<username>';

if($user->data['username'] == $username){   
    $sql = 'SELECT user_email FROM phpbb_users';
    $result = $db->sql_query($sql);
    while ($data = $db->sql_fetchrow($result)) {
      echo ','.$data['user_email'].',';
      echo '<br>';
    }
}else{
    header("HTTP/1.0 404 Not Found");
    exit;
}
?>
Using that, you can have it only YOU can run it, NO ONE ELSE, this is based on phpbb3 login.
Image
Click here to find out what eRepublik is.

farrington
Registered User
Posts: 18
Joined: Wed May 16, 2007 6:23 am
Location: Skövde, Sweden
Name: Marcus Farrington
Contact:

Re: User emails

Post by farrington » Fri Feb 27, 2009 10:31 am

I think that a better solution is to use the permission system. You can let all users with administration permission use the script or limit it down to the FOUNDER.

FOUNDERS ONLY

Code: Select all

<?php
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();

if (!$user->data['is_registered'])
{
   if ($user->data['is_bot'])
   {
      redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
   }
   login_box('', 'LOGIN');
}
else if ($user->data['user_type'] != USER_FOUNDER)
{
   trigger_error('NOT_AUTHORISED');
}

$sql = 'SELECT user_email FROM phpbb_users';
$result = $db->sql_query($sql);
while ($data = $db->sql_fetchrow($result))
{
   echo $data['user_email'].'<br />';
}
?>
To grant access for administrators, change the line:

Code: Select all

else if ($user->data['user_type'] != USER_FOUNDER)
For all administators to this:

Code: Select all

else if (!$auth->acl_get('a_'))
For user administrators to this:

Code: Select all

(!$auth->acl_get('a_user'))
/marcus

User avatar
Pardis
Translator
Posts: 108
Joined: Sat Jun 21, 2008 11:14 pm

Re: User emails

Post by Pardis » Fri Feb 27, 2009 6:32 pm

Dear nelsaidi and farrington thanks alot of your great helps.

I think how can use this script as a Module in ACP ?

Locked

Return to “[3.0.x] MOD Writers Discussion”