User emails

Discussion forum for MOD Writers regarding MOD Development.
User avatar
Pardis
Registered User
Posts: 108
Joined: Sat Jun 21, 2008 11:14 pm

User emails

Post by Pardis »

Hi

As I have many problems im mass emailing in phpBB 3,I found this php-script that alows me to get my forum user emails from database.

But anyone can run this script in my forum and rubbing users emails too if know filename ! So I want make changes on it so only ADMIN that logged in ACP can run this script,what changes should be make in this script to do it ?

Code: Select all

<?php
//Downloaded from www.Maghsad.com
// Do not change this part

if (!defined('IN_PHPBB'))
{
	exit;
}

$phpbb_root_path = './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);

if ($_GET['fid']) { $fid = $_GET['fid']; }
	
    $sql = 'SELECT user_email FROM phpbb_users';
    $result = $db->sql_query($sql);
    while ($data = $db->sql_fetchrow($result)) {
		echo ','.$data['user_email'].',';
		echo '<br>';
    }

?>
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: User emails

Post by david63 »

Pardis wrote:But anyone can run this script in my forum
Only if they know about it and where it is. Do not tell them then you do not have a problem.
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
User avatar
Pardis
Registered User
Posts: 108
Joined: Sat Jun 21, 2008 11:14 pm

Re: User emails

Post by Pardis »

Yes,I dont twll anyone but I want not let anyone to steal emails
User avatar
Technocrat
Registered User
Posts: 25
Joined: Sat Nov 20, 2004 12:46 am
Location: California

Re: User emails

Post by Technocrat »

Code: Select all

    <?php
    //Downloaded from www.Maghsad.com
    // Do not change this part

    if (!defined('IN_PHPBB'))
    {
       exit;
    }

    $phpbb_root_path = './';
    $phpEx = substr(strrchr(__FILE__, '.'), 1);
    include($phpbb_root_path . 'common.' . $phpEx);
    include($phpbb_root_path . 'includes/functions_display.' . $phpEx);

    $user->session_begin();
    $auth->acl($user->data);
    $user->setup('acp/common');
    $user->setup('acp/cms');

    // Have they authenticated (again) as an admin for this session?
    if (!isset($user->data['session_admin']) || !$user->data['session_admin'])
    {
	//Change to redirect or what ever you want it to do if they are not admin.
	die();
    }

    if ($_GET['fid']) { $fid = $_GET['fid']; }
       
        $sql = 'SELECT user_email FROM phpbb_users';
        $result = $db->sql_query($sql);
        while ($data = $db->sql_fetchrow($result)) {
          echo ','.$data['user_email'].',';
          echo '<br>';
        }

?>
User avatar
Pardis
Registered User
Posts: 108
Joined: Sat Jun 21, 2008 11:14 pm

Re: User emails

Post by Pardis »

Thanks alot,dear Technocrat,But have you tested this ? And how can I use it ?

I was saved your codes in a file and try to run,but when I try to run nothing happened !


What should I do If I want to add this script such as a module in ACP ?
raybeam
Registered User
Posts: 123
Joined: Sat Apr 19, 2008 9:13 am

Re: User emails

Post by raybeam »

I tried the script but it doesn't seem to do anything...
User avatar
Nelsaidi
Registered User
Posts: 525
Joined: Mon Feb 11, 2008 1:59 pm
Location: London, UK

Re: User emails

Post by Nelsaidi »

It doesnt work because of

Code: Select all

    if (!defined('IN_PHPBB'))
    {
       exit;
    }
Thats means if the script is not running from WITHIN phpbb, it will not run.

What he meant to do was

Code: Select all

define('IN_PHPBB', true);
So try this script here

Code: Select all

    <?php

define('IN_PHPBB', true);
    $phpbb_root_path = './';
    $phpEx = substr(strrchr(__FILE__, '.'), 1);
    include($phpbb_root_path . 'common.' . $phpEx);
    include($phpbb_root_path . 'includes/functions_display.' . $phpEx);

    if ($_GET['fid']) { $fid = $_GET['fid']; }
       
        $sql = 'SELECT user_email FROM phpbb_users';
        $result = $db->sql_query($sql);
        while ($data = $db->sql_fetchrow($result)) {
          echo ','.$data['user_email'].',';
          echo '<br>';
        }

    ?>
Image
Click here to find out what eRepublik is.
User avatar
Pardis
Registered User
Posts: 108
Joined: Sat Jun 21, 2008 11:14 pm

Re: User emails

Post by Pardis »

This code runs too even I never logged in phpBB !

I want ONLY ADMIN of forum can run it
User avatar
Nelsaidi
Registered User
Posts: 525
Joined: Mon Feb 11, 2008 1:59 pm
Location: London, UK

Re: User emails

Post by Nelsaidi »

Code: Select all

<?php
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();

// Enter your username below, ie $username = 'Nelsaidi'
$username = '<username>';

if($user->data['username'] == $username){   
    $sql = 'SELECT user_email FROM phpbb_users';
    $result = $db->sql_query($sql);
    while ($data = $db->sql_fetchrow($result)) {
      echo ','.$data['user_email'].',';
      echo '<br>';
    }
}else{
    header("HTTP/1.0 404 Not Found");
    exit;
}
?>
Using that, you can have it only YOU can run it, NO ONE ELSE, this is based on phpbb3 login.
Image
Click here to find out what eRepublik is.
farrington
Registered User
Posts: 18
Joined: Wed May 16, 2007 6:23 am
Location: Skövde, Sweden
Name: Marcus Farrington

Re: User emails

Post by farrington »

I think that a better solution is to use the permission system. You can let all users with administration permission use the script or limit it down to the FOUNDER.

FOUNDERS ONLY

Code: Select all

<?php
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();

if (!$user->data['is_registered'])
{
   if ($user->data['is_bot'])
   {
      redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
   }
   login_box('', 'LOGIN');
}
else if ($user->data['user_type'] != USER_FOUNDER)
{
   trigger_error('NOT_AUTHORISED');
}

$sql = 'SELECT user_email FROM phpbb_users';
$result = $db->sql_query($sql);
while ($data = $db->sql_fetchrow($result))
{
   echo $data['user_email'].'<br />';
}
?>
To grant access for administrators, change the line:

Code: Select all

else if ($user->data['user_type'] != USER_FOUNDER)
For all administators to this:

Code: Select all

else if (!$auth->acl_get('a_'))
For user administrators to this:

Code: Select all

(!$auth->acl_get('a_user'))
/marcus
User avatar
Pardis
Registered User
Posts: 108
Joined: Sat Jun 21, 2008 11:14 pm

Re: User emails

Post by Pardis »

Dear nelsaidi and farrington thanks alot of your great helps.

I think how can use this script as a Module in ACP ?

Return to “[3.0.x] MOD Writers Discussion”