THT Community

Full Version: Theme Uploader - Upload Themes Directly From Admin CP
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
This plugin allows you to upload and use themes directly from the admin CP without Backend access.

Instructions:


1. Upload and unzip the attached file to your THT includes directory.
2. ChMod your "themes" Directory to 0777 (or 777)
3: Edit your settings.php file in "yourthtadmindirectory/pages" with the following

Find:
PHP Code:
    echo $style->replaceVar("tpl/themesettings.tpl"$array); 

And After it add:
PHP Code:
include LINK."upload.php"

enjoy!
Changelog for v1.2.2:
  • Fixed Minor Security Issue That let others upload stuff when admin is logged in.



Changelog for v1.2:
  • Fixed Fatal Security Error
  • Removed iframe for a better method (now includes on page)

Special Thanks to Jonny for bearing with me through the long and difficult process of getting this plugin to work with THT's security system. (as denoted by the posts below and all the pm's in my inbox, as well as the shoutbox conversations.) This plugin wouldn't be here without him.

If you need support, have suggestions or feedback, please reply to this thread.
Download Unnaproved
Reason: Major security flaw, basically anyone could upload a zip with any contents in and put it on the server. The upload.php needs to check if the staff member is logged in.
Thanks, I should remember that in the future. Will fix and release v1.2
Fixed. I added the following at the top of upgrade.php to check if the script was called by THT. I will wait for confirmation of scripts security before re-uploading.

PHP Code:
if(THT != 1){die();} 

1.2 Release Delayed to to a slight error that causes in-operability of themes.
Still won't work, I don't think. You need to check that $_SESSION['logged'] exists.
Okay, I came up with this:

PHP Code:
if(!$_SESSION['logged']) {die();}; 
That should work yeah. Raptor, instead of using a iframe do this:
PHP Code:
include LINK."../upload.php"
the if(!$_SESSION['logged']) is not working correctly. The script dies every time. I have tried if(!isset($SESSION['logged']) too with same results.
(01-07-2009, 07:19 PM)TheRaptor Wrote: [ -> ]the if(!$_SESSION['logged']) is not working correctly. The script dies every time. I have tried if(!isset($SESSION['logged']) too with same results.
Use the include as I quote, don't use a iframe..
(01-08-2009, 09:11 AM)Jonny Wrote: [ -> ]
(01-07-2009, 07:19 PM)TheRaptor Wrote: [ -> ]the if(!$_SESSION['logged']) is not working correctly. The script dies every time. I have tried if(!isset($SESSION['logged']) too with same results.
Use the include as I quote, don't use a iframe..

Okay, here is what I get with that:

I put upload.php and pclzip.lib.php in the includes folder. I inlcude the file like you mentioned. But for some reason, the form keeps trying to post to admin/upload.php. (action=upload.php)... hmmm. Maybe if i replace "action=upload.php" with "action=.../includes/upload.php" it might work. Will try that next chance I get.
Okay... Changing the form "action" to "../upload.php" works. But the security thing is still dieing. The script works fine without the !_$SESSION['logged'], so i know that that is the problem.
Just leave the action as ""
Pages: 1 2