THT Community
Theme Uploader - Upload Themes Directly From Admin CP - Printable Version

+- THT Community (https://thehostingtool.com/forum)
+-- Forum: THT Resource Center (https://thehostingtool.com/forum/forum-13.html)
+--- Forum: Plugin Center (https://thehostingtool.com/forum/forum-15.html)
+--- Thread: Theme Uploader - Upload Themes Directly From Admin CP (/thread-136.html)

Pages: 1 2


Theme Uploader - Upload Themes Directly From Admin CP - Nick - 01-05-2009

This plugin allows you to upload and use themes directly from the admin CP without Backend access.

Instructions:


1. Upload and unzip the attached file to your THT includes directory.
2. ChMod your "themes" Directory to 0777 (or 777)
3: Edit your settings.php file in "yourthtadmindirectory/pages" with the following

Find:
PHP Code:
    echo $style->replaceVar("tpl/themesettings.tpl"$array); 

And After it add:
PHP Code:
include LINK."upload.php"

enjoy!
Changelog for v1.2.2:
  • Fixed Minor Security Issue That let others upload stuff when admin is logged in.



Changelog for v1.2:
  • Fixed Fatal Security Error
  • Removed iframe for a better method (now includes on page)

Special Thanks to Jonny for bearing with me through the long and difficult process of getting this plugin to work with THT's security system. (as denoted by the posts below and all the pm's in my inbox, as well as the shoutbox conversations.) This plugin wouldn't be here without him.

If you need support, have suggestions or feedback, please reply to this thread.


RE: Theme Uploader - Upload Themes Directly From Admin CP - Jonny - 01-05-2009

Download Unnaproved
Reason: Major security flaw, basically anyone could upload a zip with any contents in and put it on the server. The upload.php needs to check if the staff member is logged in.


RE: Theme Uploader - Upload Themes Directly From Admin CP - Nick - 01-05-2009

Thanks, I should remember that in the future. Will fix and release v1.2
Fixed. I added the following at the top of upgrade.php to check if the script was called by THT. I will wait for confirmation of scripts security before re-uploading.

PHP Code:
if(THT != 1){die();} 

1.2 Release Delayed to to a slight error that causes in-operability of themes.


RE: Theme Uploader - Upload Themes Directly From Admin CP - Jonny - 01-05-2009

Still won't work, I don't think. You need to check that $_SESSION['logged'] exists.


RE: Theme Uploader - Upload Themes Directly From Admin CP - Nick - 01-05-2009

Okay, I came up with this:

PHP Code:
if(!$_SESSION['logged']) {die();}; 



RE: Theme Uploader - Upload Themes Directly From Admin CP - Jonny - 01-07-2009

That should work yeah. Raptor, instead of using a iframe do this:
PHP Code:
include LINK."../upload.php"



RE: Theme Uploader - Upload Themes Directly From Admin CP - Nick - 01-07-2009

the if(!$_SESSION['logged']) is not working correctly. The script dies every time. I have tried if(!isset($SESSION['logged']) too with same results.


RE: Theme Uploader - Upload Themes Directly From Admin CP - Jonny - 01-08-2009

(01-07-2009, 07:19 PM)TheRaptor Wrote: the if(!$_SESSION['logged']) is not working correctly. The script dies every time. I have tried if(!isset($SESSION['logged']) too with same results.
Use the include as I quote, don't use a iframe..


RE: Theme Uploader - Upload Themes Directly From Admin CP - Nick - 01-08-2009

(01-08-2009, 09:11 AM)Jonny Wrote:
(01-07-2009, 07:19 PM)TheRaptor Wrote: the if(!$_SESSION['logged']) is not working correctly. The script dies every time. I have tried if(!isset($SESSION['logged']) too with same results.
Use the include as I quote, don't use a iframe..

Okay, here is what I get with that:

I put upload.php and pclzip.lib.php in the includes folder. I inlcude the file like you mentioned. But for some reason, the form keeps trying to post to admin/upload.php. (action=upload.php)... hmmm. Maybe if i replace "action=upload.php" with "action=.../includes/upload.php" it might work. Will try that next chance I get.
Okay... Changing the form "action" to "../upload.php" works. But the security thing is still dieing. The script works fine without the !_$SESSION['logged'], so i know that that is the problem.


RE: Theme Uploader - Upload Themes Directly From Admin CP - Jonny - 01-09-2009

Just leave the action as ""