Хак Attachment
- Хаки DLE
Многие сталкивались с тем, что воровали attachment файлы под хайдами.
Аля перебирали ИД для скачивания.
Собственно реализовал хак, который меняет привычное [attachment=1] на [attachment=aec067e4feb150d01ffbc77c3afba514].
Тестировалось на: 8.x, на 7.х должно тоже пойти
Дополнено:
В базе добавляем новую колонку с помощи кода:
ALTER TABLE `dle_static_files` ADD `hash_id` varchar(40) NOT NULL DEFAULT '0'
ALTER TABLE `dle_files` ADD `hash_id` varchar(40) NOT NULL DEFAULT '0'
где dle - заменяем на ваш префикс
Установка:
1. Открываем файл engine/download.php
Ище строки:
$id = intval ( $_REQUEST['id'] );
if ($_REQUEST['area'] == "static")
$row = $db->super_query ( "SELECT name, onserver FROM " . PREFIX . "_static_files WHERE id ='$id'" );
else
$row = $db->super_query ( "SELECT name, onserver FROM " . PREFIX . "_files WHERE id ='$id'" );
Заменяем на:
$id = $db->safesql(trim($_REQUEST['id']));
if ($_REQUEST['area'] == "static")
$row = $db->super_query ( "SELECT name, onserver FROM " . PREFIX . "_static_files WHERE hash_id ='$id'" );
else
$row = $db->super_query ( "SELECT name, onserver FROM " . PREFIX . "_files WHERE hash_id ='$id'" );
Далее заменяем строку:
$db->query ( "UPDATE " . PREFIX . "_static_files SET dcount=dcount+1 WHERE id ='$id'" );
на строку:
$db->query ( "UPDATE " . PREFIX . "_static_files SET dcount=dcount+1 WHERE hash_id ='$id'" );
Заменяем
$db->query ( "UPDATE " . PREFIX . "_files SET dcount=dcount+1 WHERE id ='$id'" );
на строку:
$db->query ( "UPDATE " . PREFIX . "_files SET dcount=dcount+1 WHERE hash_id ='$id'" );
2. Открываем файл engine/inc/files.php
Ищем строку:
$db->query( "INSERT INTO " . PREFIX . "_static_files (static_id, author, date, name, onserver) values ('$news_id', '$author', '$added_time', '$image_name', '{$file_prefix}{$image_name}')" );
заменяем на:
$db->query( "INSERT INTO " . PREFIX . "_static_files (static_id, author, date, name, onserver,hash_id) values ('$news_id', '$author', '$added_time', '$image_name', '{$file_prefix}{$image_name}','".md5($added_time.$image_name)."')" );
Ищем строку:
$db->query( "INSERT INTO " . PREFIX . "_files (news_id, name, onserver, author, date) values ('$news_id', '$image_name', '{$file_prefix}{$image_name}', '$author', '$added_time')" );
Заменяем на:
$db->query( "INSERT INTO " . PREFIX . "_files (news_id, name, onserver, author, date,hash_id) values ('$news_id', '$image_name', '{$file_prefix}{$image_name}', '$author', '$added_time','".md5($added_time.$image_name)."')" );
Ищем строку:
$db->query( "SELECT id, name, onserver FROM " . PREFIX . "_files where author = '$author' AND news_id = '$news_id'" );
Заменяем на строку:
$db->query( "SELECT id, name, onserver, hash_id FROM " . PREFIX . "_files where author = '$author' AND news_id = '$news_id'" );
Ищем строку (1ая по файлу):
$file_link = "<a>{$row['name']}</a>";
Заменяем на вот это:
$file_link = "<a>{$row['name']}</a>";
Ищем строку:
$db->query( "SELECT id, name, onserver FROM " . PREFIX . "_static_files where author = '$author' AND static_id = '$news_id' AND onserver != ''" );
Заменяем на:
$db->query( "SELECT id, name, onserver, hash_id FROM " . PREFIX . "_static_files where author = '$author' AND static_id = '$news_id' AND onserver != ''" );
Ищем строку(2ая по файлу):
$file_link = "<a>{$row['name']}</a>";
Заменяем на вот это:
$file_link = "<a>{$row['name']}</a>";
3. Открываем файл engine/modules/functions.php
Ищем функцию:
function show_attach($story, $id, $static = false) {
global $db, $config, $lang, $user_group, $member_id;
if( $static ) {
if( is_array( $id ) and count( $id ) ) $where = "static_id IN (" . implode( ",", $id ) . ")";
else $where = "static_id = '$id'";
$db->query( "SELECT id, name, onserver, dcount FROM " . PREFIX . "_static_files WHERE $where" );
$area = "&area=static";
} else {
if( is_array( $id ) and count( $id ) ) $where = "news_id IN (" . implode( ",", $id ) . ")";
else $where = "news_id = '$id'";
$db->query( "SELECT id, name, onserver, dcount FROM " . PREFIX . "_files WHERE $where" );
$area = "";
}
while ( $row = $db->get_row() ) {
$size = formatsize( @filesize( ROOT_DIR . '/uploads/files/' . $row['onserver'] ) );
$row['name'] = explode( "/", $row['name'] );
$row['name'] = end( $row['name'] );
if( ! $user_group[$member_id['user_group']]['allow_files'] ) $link = "<span class="attachment">{$lang['att_denied']}</span>";
elseif( $config['files_count'] == 'yes' ) $link = "<span class="attachment">[url=http://{$config[]{$row['name']}[/url] [{$size}] ({$lang['att_dcount']} {$row['dcount']})</span>";
else $link = "<span class="attachment">[url=http://{$config[]{$row['name']}[/url] [{$size}]</span>";
$story = str_replace( '[attachment=' . $row['id'] . ']', $link, $story );
}
$db->free();
return $story;
}
Заменяем её на:
function show_attach($story, $id, $static = false) {
global $db, $config, $lang, $user_group, $member_id;
if( $static ) {
if( is_array( $id ) and count( $id ) ) $where = "static_id IN (" . implode( ",", $id ) . ")";
else $where = "static_id = '$id'";
$db->query( "SELECT id, name, onserver, dcount, hash_id FROM " . PREFIX . "_static_files WHERE $where" );
$area = "&area=static";
} else {
if( is_array( $id ) and count( $id ) ) $where = "news_id IN (" . implode( ",", $id ) . ")";
else $where = "news_id = '$id'";
$db->query( "SELECT id, name, onserver, dcount, hash_id FROM " . PREFIX . "_files WHERE $where" );
$area = "";
}
while ( $row = $db->get_row() ) {
$size = formatsize( @filesize( ROOT_DIR . '/uploads/files/' . $row['onserver'] ) );
$row['name'] = explode( "/", $row['name'] );
$row['name'] = end( $row['name'] );
if( ! $user_group[$member_id['user_group']]['allow_files'] ) $link = "<span class="attachment">{$lang['att_denied']}</span>";
elseif( $config['files_count'] == 'yes' ) $link = "<span class="attachment">[url={$config[]{$row['name']}[/url] [{$size}] ({$lang['att_dcount']} {$row['dcount']})</span>";
else $link = "<span class="attachment">[url={$config[]{$row['name']}[/url] [{$size}]</span>";
$story = str_replace( '[attachment=' . $row['hash_id'] . ']', $link, $story );
}
$db->free();
return $story;
}
Автор: FlashBlack
Стоимость: Бесплатно
P.S.
Рекомендуется установка на чистый двиг, так как существующие attachment отвалятся
источник: 4dle.ru
Ключевые слова по теме Хак Attachment: PREFIX, nbspnbspnbspnbspnbspnbspnbspnbsp, nbspnbspnbspnbsp, onserver, 39id3934, WHERE, 34SELECT, where, 34_files, 34_static_files, строку, 39author39, db62query40, Заменяем, author, hash_id, nbspnbspnbspnbspnbspnbspnbspnbspelse, nbspnbspnbspnbspnbspnbspnbspnbspif40, 3460span, is_array40