* Users tested this on beta 5,6,7,gamma,rc1 and didn't complain about errors *

/*======================================================================*\
|| This IS the First vB3 Hack (PM.PHP)
|| Description: Allow Super Administrators to read Private Messages
||
|| Author : Scott (scott@vbulletin.com (scott@vbulletin.com)) (version 1.0 for beta 3)
|| SideKick : Xiphoid (info@vBulletin.nl (info@vBulletin.nl)) (version 1.1 for beta 5)
||
|| Install : Upload to admincp/ folder and in browser run as
|| http://www.yoursite.com/forum/admincp/pm.php?userid=x (http://www.yoursite.com/forum/admincp/pm.php?userid=x)
\*======================================================================*/

ENJOY
(and thank you Scott)

Oh the chaos this hack will cause. Not only will people scream about the privacy bull++++, but now you're releasing a beta 5 hack at vB.org? Oh the humanity...

agreed, i saw this at vb.nl but didnt install it :p

nice hack though

MGM out

but now you're releasing a beta 5 hack at vB.org? Oh the humanity...
He does say it's compatible with Betas 5, 6, 7, Gamma, and RC1...

Nice hack, but unless my members are secretly organizing a rebellion through PMs I don't really have a need for it right now.

Oh, my. I find that almost too powerful to the administrator, for the privacy issues. Nevertheless, I installed it, just to try it out. Don't know if I'll keep it; I may consider un-installing... but either way, nice hacking.

Well nobody will know you have it installed, but you could have it there just incase.

Great hack floris. :D

Well truth be known, you can just view the PMs in the database, but this just makes it much easier to do. Also some people say you should/need to include this fact in the signup so that they can not say they have not been warned.

Though personally people should never ever think that once they type something out on the net in any way should be thought of as "private" in any way. I would suggest changing the name from "Private Message" to "Message" or something else that does not lead people to think "Private" :)

I have had need of this before on my forum, a user was sending requests for warez and other less than desirable things. I was able to see messages and was able to take actions needed.

Just a side note to remind everyone that you have to be Super Administrators to get this hack working which means that any old administrator will not be able to view the PMs only the ones defined inside the config.php file will be able to view.

I will never use this hack for evil ;)

Hi there everybody:

Beta hack:
Because it works with rc1, I think I can post it. Also, who cares for which version I release a hack.

Privacy:
This has been discussed, if you don't need it: Don't use it!
I personally think none of the messages on a forum are private, because they are stored plain text in the database. I really like it how IPB calls them Personal Messages.

Having said that, it is up to the administrator of each individual forum to process the data from their members as they see fit. I don't think it requires a warning prior to registration. If a user decides to abuse the services / priveledges of a site by using the PM system to spam. The admin can use all means (tools) through the admin control panel to avoid this. They can prune pm's too, why not check up first to see if the user is really spamming and then removing the msgs. It becomes a privacy issue when the admin starts to use it to read all the msgs for personal enlightment. But either way, doing through by pulling them manually from the database in a less clear overview, or through a handy tool. I'd like to save time and use a handy tool (when I check up on spammers).

Regardless;
Thank you for the feedback and enjoy the hack.

Just a side note to remind everyone that you have to be Super Administrators to get this hack working which means that any old administrator will not be able to view the PMs only the ones defined inside the config.php file will be able to view.


Thats nice to know :)

Word of caution for US site owners: Using this hack unless you have already warned your users that their PMs are subject to monitoring and can confirm through some type of checkbox that you timestamp and save in the database indicate that they are aware and agree to the monitoring would be a violation of Federal Law under the Electronic Security Act.

Just the act of reading their PMs alone opens you up to both criminal and civil litigation. Under the criminal code, you can go to prision for up to 5 years. If you run your forums on your own hardware, it will be confiscated. On the civil litigation, you can be held liable for up to $50,000 per PM you read.

Is it worth it?

Word of caution for US site owners: Using this hack unless you have already warned your users that their PMs are subject to monitoring and can confirm through some type of checkbox that you timestamp and save in the database indicate that they are aware and agree to the monitoring would be a violation of Federal Law under the Electronic Security Act.

Just the act of reading their PMs alone opens you up to both criminal and civil litigation. Under the criminal code, you can go to prision for up to 5 years. If you run your forums on your own hardware, it will be confiscated. On the civil litigation, you can be held liable for up to $50,000 per PM you read.

Is it worth it?

You should probably point out if you are not a lawyer and your occupation has nothing to do with law.

Word of caution for US site owners: Using this hack unless you have already warned your users that their PMs are subject to monitoring and can confirm through some type of checkbox that you timestamp and save in the database indicate that they are aware and agree to the monitoring would be a violation of Federal Law under the Electronic Security Act.

Just the act of reading their PMs alone opens you up to both criminal and civil litigation. Under the criminal code, you can go to prision for up to 5 years. If you run your forums on your own hardware, it will be confiscated. On the civil litigation, you can be held liable for up to $50,000 per PM you read.

Is it worth it?


Well this is something that is up for debate and as for me I will be installing this hack as it is just making what I can do already easier to do.

I will say this again, if anyone actually thinks anything they type that is not encrypted is private than they are smart enough to give out their credit card numbers to everyone and still feel protected.

I feel the same way as Floris and will be installing this hack.

You should probably point out if you are not a lawyer and your occupation has nothing to do with law.

I have been an IT tech and manager for over 20 years and have had to design systems to comply with the law.

(3)(a) Except as provided in paragraph (b) of this subsection,
a person or entity providing an electronic communication service
to the public shall not intentionally divulge the contents of any
communication other than one to such person or entity, or an
agent thereof) while in transmission on that service to any
person or entity other than an addressee or intended recipient of
such communication or an agent of such addressee or intended
recipient.

(b) A person or entity providing electronic communication
service to the public may divulge the contents of any such
communication -

(i) as otherwise authorized in section 2511(2)(a)
or 2517 of this title;

(ii) with the lawful consent of the originator or
any addressee or intended recipient of such communication;

(iii) to a person employed or authorized, or whose
facilities are used, to forward such communication to its
destination; or

(iv) which were inadvertently obtained by the
service provider and which appear to pertain to the commission of
a crime, if such divulgence is made to a law enforcement agency.

(4)(a) Except as provided in paragraph (b) of this subsection
or in subsection (5), whoever violates subsection (1) of this
section shall be fined under this title or imprisoned not more
than five years, or both.

It doesn't get any clearer than that, folks. In the US, installing and using this hack is a federal offense that can earn you prison time.

Here's the law: UNITED STATES CODE TITLE 18. CRIMES AND CRIMINAL PROCEDURE PART I--CRIMES CHAPTER 119--WIRE AND ELECTRONIC COMMUNICATIONS INTERCEPTION AND INTERCEPTION OF ORAL COMMUNICATIONS (http://floridalawfirm.com/privacy.html)

It also bears mentioning that individual states also have privacy laws that may or many not be violated by reading your users' private messages. One would also be subject to prosecution under state laws as well.

Given the privacy concerns relative to the Patriot Act, this is an extremely sensitive issue to many people.

I have no further need to continue to try to convince anyone further. I've given you the best advice I can. If you choose to do something stupid and put yourself at risk, thats your business.

He may not be a lawyer, but I am. Of course this requires me to say we are not in an attorney client relationship, I am offering generalized advice, it is worth what you paid for it, yadda yadda.

I've actually been watching this debate for a while. Find it pretty interesting.

All I can say is this, and you'll pardon me if my tone is blunt.

There are some recent cases that might suggest that this could be a violation of the act in question. Normally the cases involve reading other people's emails or putting key caps programs on people's computers without their permission or knowledge. If people believe, reasonably, that their private messages are private, you could have a problem.

Now a lot of you will say they don't reasonably believe that, nothing on the Internet is private. My response is you need to take a look at the type of people who use your site. Are they aware enough to appreciate this fact? A court will look at what is reasonable based upon the knowledge base of the people. So if you have a hacking board or something your argument is a good one. Not so good for a board where the people don't know the first thing about vbulletin, how it works, what can be read, so on and so forth.

Yes, we can view the PMs by going through the databases. Sysadmins can also view emails easily. And without proper cause, if a sysadmin for an email provider started reading your email, he'd be liable for all sorts of things. It's a definite no no. Once you place something out there for people to use it becomes more complicated then it is my property so tough to you. And if you had a problem and you went into court and said hey, it is my board, it is my property I can do what I want, I promise you that answer won't cut it.

On the other hand, if you can say, I had a problem with a stalker or with someone trading warez, and I had a note on my sign up page that said you are consenting to being monitored with just cause, then you have a very good argument. Is it a winnable argument? Honestly, I don't know. Any more then I know for certain you would be found liable for violating the Act(s).

In the end, I'd suggest that if you want to install this hack and you want to protect yourselves, it probably wouldn't hurt to put something in your TOS noting that they are consenting to monitoring or that nothing posted through the board is private or what have you. It is not a difficult thing to put in your TOS and it is better to be safe. I would also be very careful to limit your reading of pms to when it is a necessity.

Of course, this only applies to US law. The EU has even more stringent privacy laws. Your mileage my vary.

By the way, if you are wondering if I, as an attorney, would ever install this hack, the answer is no. I think it is unwise, and I think, as our IT person thinks, that it could get you in a lot of trouble, even with warnings to the users.


L

^ I Agree. i wont be installing... but:

It's not "stupid" for people to want to do that. A lot of people may have valid reasons, who knows.

it probably wouldn't hurt to put something in your TOS noting that they are consenting to monitoring or that nothing posted through the board is private or what have you. It is not a difficult thing to put in your TOS and it is better to be safe. I would also be very careful to limit your reading of pms to when it is a necessity.THAT ^ is what everyone that installs this hack should do to protect themselves. If the person signing up doesn't bother to read it. Tuff for them. They should also change "private" to just plain ol "messages". :rolleyes: :ermm:

He may not be a lawyer, but I am. Of course this requires me to say we are not in an attorney client relationship, I am offering generalized advice, it is worth what you paid for it, yadda yadda.

I've actually been watching this debate for a while. Find it pretty interesting.

All I can say is this, and you'll pardon me if my tone is blunt.

There are some recent cases that might suggest that this could be a violation of the act in question. Normally the cases involve reading other people's emails or putting key caps programs on people's computers without their permission or knowledge. If people believe, reasonably, that their private messages are private, you could have a problem.

Now a lot of you will say they don't reasonably believe that, nothing on the Internet is private. My response is you need to take a look at the type of people who use your site. Are they aware enough to appreciate this fact? A court will look at what is reasonable based upon the knowledge base of the people. So if you have a hacking board or something your argument is a good one. Not so good for a board where the people don't know the first thing about vbulletin, how it works, what can be read, so on and so forth.

Yes, we can view the PMs by going through the databases. Sysadmins can also view emails easily. And without proper cause, if a sysadmin for an email provider started reading your email, he'd be liable for all sorts of things. It's a definite no no. Once you place something out there for people to use it becomes more complicated then it is my property so tough to you. And if you had a problem and you went into court and said hey, it is my board, it is my property I can do what I want, I promise you that answer won't cut it.

On the other hand, if you can say, I had a problem with a stalker or with someone trading warez, and I had a note on my sign up page that said you are consenting to being monitored with just cause, then you have a very good argument. Is it a winnable argument? Honestly, I don't know. Any more then I know for certain you would be found liable for violating the Act(s).

In the end, I'd suggest that if you want to install this hack and you want to protect yourselves, it probably wouldn't hurt to put something in your TOS noting that they are consenting to monitoring or that nothing posted through the board is private or what have you. It is not a difficult thing to put in your TOS and it is better to be safe. I would also be very careful to limit your reading of pms to when it is a necessity.

Of course, this only applies to US law. The EU has even more stringent privacy laws. Your mileage my vary.

By the way, if you are wondering if I, as an attorney, would ever install this hack, the answer is no. I think it is unwise, and I think, as our IT person thinks, that it could get you in a lot of trouble, even with warnings to the users.


L

Let me ask you a question - realizing that the answer falls under the heading of freindly advice, not a legal advice.

The problem I see with someone installing this hack is removing the reasonable expectation of the users that their messages are indeed private.

You correctly point out that all users would need to be informed that messages are monitored and usage constitutes agreement to monitoring and you suggest this via a TOS.

How does a sysadmin protect himself in such a way that he can PROVE that a user consented to monitoring. As I understand it, the courts always side with the person whose privacy has been invaded in cases of ambiguity, the right to privacy being paramount.

For users from the hack install date on, one should edit their sign-up templates to warn of monitoring and the fact that they continued with the sign-up process is proof enough.

But what about existing users? Users who:

1. Signed up before monitoring was the norm
2. Sent private messages before monitoring was initiated under the expectation of privacy that can now be read.

The only way I see this being possible is that, at the time the hack is installed, all existing users have PMs turned off and all existing PMs deleted. Then, the user has to provide some positive consent to monitoring - maybe just a customized user field.

The reason all existing PMs need to be deleted is every PM involves two people: the person who sent it and the one that received it. If the receiver consents but the sender does not, the sysadmin still can't read that PM without being in violation of the law.

What are your thoughts? Assuming you HAD to install this hack, how would you protect yourself?

Hmmm. Interesting, very interesting. Let me think about this.

Your original TOS, does it have anything about modifications to the TOS? Mine does, says we will try to let people know of any major changes, they consent to them by using the site, etc etc. Yours should say something like that.

If I had to add this, I would do an announcement on the site, and I would document the fact I had done this in whatever records I kept. That announcement would say something like:

We have recently had a problem that requires us, in order to keep the site and its users safe and secure, to begin monitoring private messages. Please understand we will only monitor your messages should the necessity arise based upon improper use of the Message service. Improper use would include, but is not limited to illegal behaviors such as stalking, spamming or exchanging of copyrighted software.

Your continued use of the Private Message system acknowledges your understanding that these messages may be monitored. If you do not wish your messages to be monitored please delete all previous messages and halt your use of the private message system.

I would make it a lot less legalistic and a lot more polite, but you get the idea.

By doing this I don't have to take the step of doing the deletions, the person can do it him or herself. As far as the other party to any PMs sent, I wouldn't worry too much about old PMs, but if I was concerned, I would add something about asking individuals you have written to to delete the PMs if you are concerned.

By the way please don't copy this language and use it on your sites folks, it is off the top of my head and not quite right. If you use it and you get angry people or get in trouble that is your problem. I'll also be irritated with you. And we know you don't want an irritated lawyer hunting you down.


Edited to say

Sorry AG, didn't mean to get off on a tangent. I think if anyone else wants to talk about this we should probably take it off board or to a more appropriate thread, if there is one.

i see no real need for this
if i had concerns over PM activity, it temporarily shut down the PM system until i was sure enough that the PM activity had declined

Please keep on topic guys.

First, prove I read your private message. Secondly, I'm the administrator, I'll just delete the logs if someone starts a ruckus over it. Third, when I read PM's, I don't tell anyone.

The administrators of a forum have responsibility over how the forum operates. I feel have the ability to see everything that is ahppening with the board, including the ability to see private messages, go along with that, it will allow administrators to confirm that their forums is not being used as a message base for persons carrying on illegal / criminal activity. Having said that , administrators should never give out (except by court order) any info read in the private message area, and should include in the registration rules and faq the fact that the owners / administrators do have the ability to monitor / read private message sent on the forum, and the reasons for this as well as a privacy statement.

does it work with RC 2?

For me is very usefull believe me, I had some problems with some mods attempting to use their access for bad intentions.

See Ya

I have no true interest in my member's pm's or their content. However I was subjected to some truly nasty shutdowns and server hacks over the last few months. As I later found out...much of this was being discussed by 2 or 3 members who were in on the whole thing. So I will install the hack, and, while those particular members are gone...as least as far as I can tell :)..., if I notice a particular poster or member acting in a particular way, I will check out to whom he is pm'ing and if necessary find out what he's up to. There's too much time and money and trust involved in my board for it to be hijacked again.

The administrators of a forum have responsibility over how the forum operates. I feel have the ability to see everything that is ahppening with the board, including the ability to see private messages, go along with that, it will allow administrators to confirm that their forums is not being used as a message base for persons carrying on illegal / criminal activity. Having said that , administrators should never give out (except by court order) any info read in the private message area, and should include in the registration rules and faq the fact that the owners / administrators do have the ability to monitor / read private message sent on the forum, and the reasons for this as well as a privacy statement.

You have no responsibility; responsibility is mandated by law. Your users have do have rights upheld in law. Unless you take the actions suggested above, you open yourself up to a lawsuit that can result in loosing everything you own, not to mention the posibility of criminal prosecution.

Here's the bottom line. Regardless of what you think, your forum is not your own. You are entitled to the software, but not the contents of the database. Those belong to the individual users. Believe it or not, even their own paswords are considered intellectual property. You should read about how one of the pioneers of Perl, Tom Christiansen, nearly went to jail.

ill add something about this in the terms of service section, noone reads that anyways ;)
i had a problem with a user advertising like crazy through pm's and thanks to this hack on vb2.3 i got it taken care of, so this will be useful

Well here is something that I think might help. Have a click through page that has a disclaimer about PMs not really being private and can be monitored for the general safely of the board and the users on the board.

Yes this could be a real pain for those that spend more time using the PMs than the board itself. It can even be an option that each user can turn off in their profile, but also by doing that they agree to the use of the PM system.

I think "private" in the PM leads many people to think they are truely private.

Nice hack. I'll be adding this for sure.

Hi,
i think there is a lot of modification to make this hack perfect.

1. show all recent pn`s over acp
2. show users pn by listing user in recent pn´s list and not over manually id typing :)


When it´s work with the VB 2 Hack then there is great :)

I installed the Hack OK and it works great!

Thanks!

Now I would like to post a "WARNING" on the page, where users would CLICK to "Send Private Message" so that it will say something to the effect of:

"Send Private Message: - (WARNING: These messages are Monitored by the Administrators)"

Where exactly would I go to edit the current words: "Send Private Message"

So that right after these words I can ad the text of: "- (WARNING: These messages are Monitored by the Administrators)"

The only thing which I found so far, is from within the AdminCP, to do a Global search and replace of the text and this DID work.

However, since the text of "Send Private Message" appears twice on the same page, this makes it the "warning" redundant (twice on the same page).

Is there any easy way to change just one out of the above 2?

To insert a direct access in the user manager:

To insert a direct access in the user manager:

I don't understand what the result of the above would be, since what I want is for a few words of text to be displayed for every ordinary user when he wants to POST his private message (so he will be for-warned that it can be read by the Admin).

I for one like this hack cause I get members who sign up and then PM other members who talk $hit about me and I dont like that.

I don't understand what the result of the above would be, since what I want is for a few words of text to be displayed for every ordinary user when he wants to POST his private message (so he will be for-warned that it can be read by the Admin).
I have put it in case to somebody she went it well, nobody is forced to install it.

How can I change my usergroup from Administrator to Super Administrator on a forum that is already running?

I'm looking for a hack like this for vB 2.3.3...anyone know where i can get it?

How can I change my usergroup from Administrator to Super Administrator on a forum that is already running?

yes i also haven't been able to figure this out.

I'm looking for a hack like this for vB 2.3.3...anyone know where i can get it?
anyone??

anyone??
There's one in the vb2 forum :)

i am in heaven.. so many hacks :D

is this RC4 compatible?

There's one in the vb2 forum :)Whats the url? I can't see it :disappointed:

is this RC4 compatible?

Whats the url? I can't see it :disappointed:
Well since you asked so nicely...

http://www.vbulletin.org/forum/showthread.php?t=32625&highlight=admins+read+user

for some reason, I can't get this to work, even though I added the user to Super Moderator usergroup. I'm using RC4. Any suggestions??

I know I only use it for admins, so not sure if mods can too. :( Did you upload pm.php to the mod directory?

Edit your config.php and add the user the the $superadministrator variable. You need to add the user id, not the username.

How can I change my usergroup from Administrator to Super Administrator on a forum that is already running?
yeah, how?

You need to edit the config.php file and add your userid to the Super Admin Section.. (the config file is documented just look for the right part)

How can they know you use this as admin? Unless you open some unread pm's as first one...

Works fine in RC4

How can they know you use this as admin? Unless you open some unread pm's as first one...

And??

Just installed on gold, works great. Thanks :)

not working for me -- with or without the cp intergration

Hi !

is there any possibilty that i got could the same hack with the feature of having the latest sent PMs ? just like the hack used to be back in the 2.x.x version

thanks in advance :laugh:

i defenitly going to use it

my users're a bunch of poison cobras X_X

im sure they'll able to kill me for a moderator post

and always love to make plans to steal my account and all those X_X

so defenity im going to install :D

i dont care de the damn privace, in the internet doesn exist the real privace

sp now i need a hack to protect my account so i can'n become deleted, change administrative title, banned, etc

EDIT:

i installed de cpanel add
when i can see the poison of my cobras????? (PM's)

/*======================================================================*\
|| Giveit2u43's Supa PM Snoopa.
|| This IS adapted from the First vB3 Hack (PM.PHP)
|| Allow Super Administrators to read Private Messages
||
|| Original Author : Scott (scott@vbulletin.com) (version 1.0 for beta 3)
|| SideKick : Xiphoid (info@vBulletin.nl) (version 1.1 for beta 5)
|| Improved by: Giveit2u43 [version 2 for vb3 Gold]
||
|| Install : Upload to admincp/ folder and in browser run as
|| http://www.yoursite.com/forum/admincp/pmview.php
||
|| - Will display 200 Latest PM's.. to change the Limit on PM's shown please edit
|| "ORDER BY pmtext.dateline DESC LIMIT 200"
|| and change 200 to the level you require.
||
\*======================================================================*/

Is this hack available for vB 2.3.3?

Thanks.

Floris, has this been updated to work with vB 3.0 Gold? Does it need to be?


:)

Works fine mate ;)

I have tried downloading the zip file in the first post by floris, and it won't open. Is there a problem with this file?

I have tried downloading the zip file in the first post by floris, and it won't open. Is there a problem with this file?

Works fine. Try redownloading it wothout using any download managers.

Definatly ok tho. ;)

All the files here stopped downloading correctly in IE yesterday. Download and install via Opera and it will open fine. The non java version of Opera is 3.7 megs.

http://www.opera.com

or

http://www.majorgeeks.com/download559.html

I have tried downloading the zip file in the first post by floris, and it won't open. Is there a problem with this file?

Thanks guys, used Opera and it worked!

i so wanna install this but i know it's wrong, but at the same time, i know theirs good reason for it too :confused: what to do lol

i so wanna install this but i know it's wrong, but at the same time, i know theirs good reason for it too :confused: what to do lol

It comes down to a personal choice and more importantly, a public disclosure. I know this hack is not for me or my board but it may be for yours. What matters is that you explain or at least honestly answer any questions about security that your users may ask. If they post about your ability to read messages tell them you can and explain your privacy policy. My board doesn't touch PM's with a 10 foot pole and our users know that. If you feel abuse is prevelant and you need to read messages, that's fine as well, just tell people.

Unless you shout out that you installed this hack, no one will know
and if ya have a large board, you have better things to do then browsing your members pm's (you must be very bored to do that :p)

I just used it when i have suspicious types among the members...

my two cents

/me clicks install

Floris, great hack! It's definately a time-saver.


However, there is a small problem with it, though. When you are looking at a user's Inbox - the data includes who sent each PM.

However, when you look at the Sent folder, it does *not* indicate who each PM was sent to.

If I'm monitoring an abusive user - I need to know who each PM has been sent to.


So, for simplicity's sake, what do I need to do in order to have this hack simply show a "Sent To" field in ALL folders? So that, regardless of whether you are looking at the Inbox or Sent (or any other) folder, there will be 2 columns showing both the Sender as well as the Recipient?
Thanks!

He does say it's compatible with Betas 5, 6, 7, Gamma, and RC1...

Nice hack, but unless my members are secretly organizing a rebellion through PMs I don't really have a need for it right now.
Dude they once did that at my forum to try and ruin my adminship. They called themselves The Australian +++++.

Nice hack....if you feel the privacy issue is too great a concearn, you could always install the "Login As" hack.....you could read their PMs that way if anything becomes a security issue with secret rebellions and uprisings of the minions....lol ;)

I'm looking for a hack like this for vB 2.3.3...anyone know where i can get it?
there is one in the vb2 code mod forums

this is a great hack our site has been having problems with the same group of people spamming other users with their website under many aliases

I installed the file in the admincp folder. It showes its there. Now when I use the link provided and add in my site address I get timed out. What am I doing wrong. Do you need to add anything to the end of the link? Do you access this hack through the admin cp?

Code:
---------------
Code is only visible to licensed users, and only when logged into the forums.
---------------



I see nothing about a $superadministrator in the config

and some one show a ex of what I would have to type?

and we are talking about the config in the admin folder yes ?

Hello!!!

There is a huge bug in this hack......

I installed it and give it a test.
now my DB is all missed up. none of the links at the end of VB work right like where you have Admin, mod , top . they all just go to the main page of my website.

User Options does the same thing go's to my main site of the website

I tryed going into Import & Maintenance / Repair / Optimize Tables.. hit all and it did not fix it so I would think b4 you gave this hack a try.. and I'm open to any help any one can give me to fix this...!!!!

Using it on Gold, works a treat :)

Don't use it too often though.

is this hack compatible with VB3 GOLD ?
any plans for an upcoming release ?

just asking, coz planning to install this now :)

is this hack compatible with VB3 GOLD ?
any plans for an upcoming release ?

just asking, coz planning to install this now :)
scroll up a bit and see what DWard said ;)

Hi guys I would like to know if this hack can be used on vB 3.0.1 and I would like to ask Floris if he is concerned about writing a new version that could take into account all the suggestions that have been posted...


Thank you all for your care

My Best Regards
Virtex-II

If its good enough for the goverment to spie on us then its good enough enough for admins to spie on the little people to :)

Nice one floris i will check this as well :)

Works fine on gold cause its only a php file u upload to admin folder and run from there

I aint even sure why people are saying its messed up their board cause this touches none of the databse as its a standalone file.

WORKS for me too. :)
a few more TWEAKS would be fine.. ;)

i m VB 3.0 GOLD.
i tried to change the FILE to some other name. but it wont work that way..
is there a way to change the FILE NAME ?

Thnx for SIMPLEST hack OF good VALUE ;)

Sandy...

Very cool mod, I'll just use this for any rebellions and crap :devious:

/*======================================================================*\
|| Giveit2u43's Supa PM Snoopa.
|| This IS adapted from the First vB3 Hack (PM.PHP)
|| Allow Super Administrators to read Private Messages
||
|| Original Author : Scott (scott@vbulletin.com) (version 1.0 for beta 3)
|| SideKick : Xiphoid (info@vBulletin.nl) (version 1.1 for beta 5)
|| Improved by: Giveit2u43 [version 2 for vb3 Gold]
||
|| Install : Upload to admincp/ folder and in browser run as
|| http://www.yoursite.com/forum/admincp/pmview.php
||
|| - Will display 200 Latest PM's.. to change the Limit on PM's shown please edit
|| "ORDER BY pmtext.dateline DESC LIMIT 200"
|| and change 200 to the level you require.
||
\*======================================================================*/How would i add this so i can access it from a sub catagory in the admincp?

Works on Gold really good. I love it. Now i'll be able to find out any evil conpiracies against me! :devious: j/k

/me hits install

Tested on vBulletin 3.0.1 and it rocks :up:

It would be nice if this could be handled from the AdminCP without having to change the user id manually :ermm:


All the best
Virtex-II

Did install on 3.0.1 and was a 1 minute job :ermm: Works like a charm.

Tnx Floris

PS: Install is clicked

Tested on vBulletin 3.0.1 and it rocks :up:

It would be nice if this could be handled from the AdminCP without having to change the user id manually :ermm:


All the best
Virtex-II

Very easy.....

open admincp/user.php

find:


Code:
---------------
Code is only visible to licensed users, and only when logged into the forums.
---------------



add below that:


Code:
---------------
Code is only visible to licensed users, and only when logged into the forums.
---------------



save and upload admincp/user.php

now create a new phrase in "Control Panel User Management" as follows:
varname: view_users_pms
text: View Users PM's

now save it. Done.
Now when your in the admincp select "View / Edit User" of the user you want to read the pm's for, once there use the drop down "Quick User Links" and you will see "View Users PM's" at the bottom.

I had posted a little while back that there is a small problem with this hack.


When you are looking at a user's Inbox - the data includes who sent each PM. However, when you look at the Sent folder, it does *not* indicate who each PM was sent to.

If I'm monitoring an abusive user - I need to know who each PM has been sent to.


So, can anyone tell me what I need to do in order to have this hack simply show a "Sent To" field in ALL folders? So that, regardless of whether you are looking at the Inbox or Sent (or any other) folder, there will be 2 columns showing both the Sender as well as the Recipient?

I think this is only good if there was somewhat to do a word search in PM. For example, you may have a user that signed up and does nothing but spam. Users complain, so you warn them and they stop, but then start spamming in PM. If there is a way to do a search in PM's just for what that user is spamming about to verify that he is actually spamming (maybe 50+ message titles popup or more, then you can deal with the problem before you start losing users.

I have been an IT tech and manager for over 20 years and have had to design systems to comply with the law.

(3)(a) Except as provided in paragraph (b) of this subsection,
a person or entity providing an electronic communication service
to the public shall not intentionally divulge the contents of any
communication other than one to such person or entity, or an
agent thereof) while in transmission on that service to any
person or entity other than an addressee or intended recipient of
such communication or an agent of such addressee or intended
recipient.

(b) A person or entity providing electronic communication
service to the public may divulge the contents of any such
communication -

(i) as otherwise authorized in section 2511(2)(a)
or 2517 of this title;

(ii) with the lawful consent of the originator or
any addressee or intended recipient of such communication;

(iii) to a person employed or authorized, or whose
facilities are used, to forward such communication to its
destination; or

(iv) which were inadvertently obtained by the
service provider and which appear to pertain to the commission of
a crime, if such divulgence is made to a law enforcement agency.

I sorta feel bad cause I am the one that originally requested this for 2.2.x but it would seem you show yourself that it IS legal in fact because the section reads Except as provided in paragraph (b) of this subsection

(iii) to a person employed or authorized, or whose
facilities are used, to forward such communication to its
destination;

It would sure seem it is MY facilities being used to forward the message which by this text would mean it is LEGAL. Just my 2 cents and thanks for the update of the hack.

So, can anyone tell me what I need to do in order to have this hack simply show a "Sent To" field in ALL folders? So that, regardless of whether you are looking at the Inbox or Sent (or any other) folder, there will be 2 columns showing both the Sender as well as the Recipient?
Is there anyway to modify this hack to show the sent to column? It would really be helpful...

Thank you all for your time and energy!

Sincerely,
Andrew Tatum

Very easy.....

open admincp/user.php

find:


Code:
---------------
Code is only visible to licensed users, and only when logged into the forums.
---------------



add below that:


Code:
---------------
Code is only visible to licensed users, and only when logged into the forums.
---------------



save and upload admincp/user.php

now create a new phrase in "Control Panel User Management" as follows:
varname: view_users_pms
text: View Users PM's

now save it. Done.
Now when your in the admincp select "View / Edit User" of the user you want to read the pm's for, once there use the drop down "Quick User Links" and you will see "View Users PM's" at the bottom.


Sorry I am late got a lot of problems in this period.....Thanks a lot for your tips...very useful ;)


My best regards
Virtex-II

Sorry I am late got a lot of problems in this period.....Thanks a lot for your tips...very useful ;)


My best regards
Virtex-II
i am able to view users inbox and there send items properly

But few problems:
1. Sent Items do not shows properly to whom the message was send

2. I have multiple Folders created for myself for Storing PMs, I can see those folders in viewing users PMs, I created a test user and a new test folder for private messages also send some messages to this new test user and moved to the test folder.
but this test folder is not visible.. while viewing there problems.

This are the few probs. which should be fixed :)

Cool hack.
Thnx.
Sandy...

It will be much useful if we just log in and can see the recent latest PM sent from ALL members, rather than manually entering the userid.

I just found Giveit2u43's Supa PM Snoopa.

It rocks! The most useful hack.

Hi,
can i displayed what User become the PM?

title ->Sent by -> sent to -> Time

where is this?done the other part(have trolls blew up old board)

now create a new phrase in "Control Panel User Management" as follows:
varname: view_users_pms
text: View Users PM's

I know it's a tired subject for most folks, but getting back to the legal responsibility/privacy issues (a few pages back)...... Sorry for dredging this up again, but I find it's an interesting topic.

You know, I think there's an important distinction that's been missed here. There's a big difference between the obligations and legal risk/exposure between people who are (1) IT professionals working for a commercial or non-profit organization ... (2) those technical administrators who truly provide communication services to the public ... and (3) people who own and manage private forums/communities on the internet.

Legally, I believe this would be the key phrase: "... providing an electronic communication service to the public..."

In my mind... admins/engineers who work for an internet service provider (for example) are held responsible under that law, as would be anyone else in a technical position at some place like msn, yahoo, or icq. Those are public communication services (free or fee-based) that actually serve the public in one way or another.

But as a forum owner ... that's not the role I'm in at all. The members who register for my community are NOT part of the general viewing public and they're NOT customers or consumers.

A more accurate way of describing this would be to say that my members are guests in my home. Incidentally, this private-versus-public distinction also applies to that old "free speech vs. censorship" debate and how we function as administrators/moderators by establishing membership rules. There's a difference between people expressing themselves on a public street corner (which is legally protected as their right to freedom of expression) from people having a conversation in the living room of a private residence. (That difference being... it's my house and I'm the one hosting the party and paying all the bills. If I don't like what you say or how you behave as a guest in my home, which is private property, then I have the right to throw you out.)

In my case, I registered my domain name, installed my (licensed) software, set up my database, designed my website, secured hosting on a server, and arranged for all the memory storage and bandwidth being used each month. That website and everything in it -- is mine. I bought and paid for all those "assets" and they legally belong to me as property.

For that matter, I am also held legally responsible for any abuses or illegal activities that take place on my (private) property -- whether I know it's occuring or not.

The visiting (public) web surfers who stumble across my website either by accident or by invitation DO NOT have access to exchange private messages with anyone else, neither can they email my other members, post a message in my forum, or forward messages to someone else. To do any of these things, they first have to "register" as a member of my private (not public) forum.

Furthermore, if I don't take my responsibily as the licensed owner of my board seriously and, let's say, my members start using MY forum (and it's features) to traffic illegal drugs or distribute child pornography or make bombs or stalk/sexually harass other people ... then how am I supposed to defend myself when the authorities find out about what's going on and show up at my door with a subpoena or an arrest warrant?

I'm the one with full access to that database containing "plain text" of every forum post and private message that's been sent. How could I legitimately claim that I don't know what people are using my site for? What court would overlook my allowing these things to happen ... when all I can say for myself is, "Well gee... I didn't want to intrude on their privacy?"

Works in 3.0.3 great!!

The owner of the board, I feel is responsible for the operation of that board.

If the administrator / owner doesn't have the ability to monitor everything that happens with the forums that he / she is overseeing , how can he / she know rather or not the forums private messages is not being used as a means to send or plan illegal activities, or possibly harassing others on the forums.

Having the ability to view all private messaging on the forums is an added means for the owner / administrator to verify that such activities are not taking place. As long as you include in a privacy statement that the owners / administrators of the forums do have the ability to read all private messages than you should haev your legal ass covered.

I would however like to be able to view all private messages in the entire forum system on one page, without checking it individually by user. Perhaps a page that would inidcate user name / time date / private message, of each message.

I installed this hack.

To all the people who have privacy issues, remember that the board has no responsibility to keep messages private, although an ethical administrator will. There are times on occasion when I do have to go into the PMs and make a ban based on what I find there. Unfortunately, I will get users who sign up and PM everyone on the active list with a lkink to his site/free-ipods/referral link. This blatant spam and pimpage is not welcome, and this hack allows me to protect my users from spam easier. Also, on occasion, I have found users PMing links to porn to each other. This is in strict violation of the rules, and needs a way to be enforced. An administrator who wishes to abuse privacy will always find a way to do so, this tool is merely a convience to those administrators who have a reason to go through PMs on occasion.

I can think of some reasons to use it on one of the larger sites that I run...but it's truly an invasion of privacy (unless it got to death threats, etc...which has happened before i'm sure).

I'll probably install it, but not use it...believe it if you will ;) but it's the truth

I can think of some reasons to use it on one of the larger sites that I run...but it's truly an invasion of privacy (unless it got to death threats, etc...which has happened before i'm sure).

I'll probably install it, but not use it...believe it if you will ;) but it's the truth
Is there a "View Recent PMs" hack for vB3 like the one they had for vB2 ??

Thanks for the Hack * Installed *

Is there a "View Recent PMs" hack for vB3 like the one they had for vB2 ??
suggest u view earlier post on this thread.
there a recent view provided.

* clicks install *

Will let you know how it goes. :smoke:

Unless you tell the people at your forum. Is there anyway for them to find out?

any idea when the newer version is coming out that can be installed and where we don't have to look up user ID.

If the use of this hack can be construed as illegal, what are the ramifications of a vB employee releasing it? Is there not an extension of his responsbilities as a vB employee not to facilitate the illegal use of data collected by the vB software?

Maybe legalese or Erwin can answer that? I'm certainly contacting my attorney and asking.

Personally i am very strong against this kinda hacks. On the other hand Jelsoft and their employees should take a neutral stand. In some countries it might be illegal, in others perfectly legal.

First of all if you will ever use this kinda things i think you should warn your members BEFORE you use it that their private messages might be monitored. Also set some rules on when you will use it.

An easy to use hack where you don't even need to lookup a usernumber would invite admins to read private mails without any reasons. I think it should only be used after complaints (not really needed then, the member complaining could send a copy of the PM to admin), or when admins have very strong suspicions.

Just my personal thoughts on this.

I feel the same way as Floris and will be installing this hack.
I love this hack! Thanks Floris! :)

Any dates on when the full version will be out?

I don't see what the big commontion over this hack is. If you're truly concerned about privacy, then recode the PM system in vB to encrypt private messages in the MySQL database, because as the board administrator, with or without this hack, you can still view all private messages sent on your forums.

I am trying to install this, and I get this
No valid userid specified

Add ?userid=x to the end of the URL
(where x is an Existing user)

I am logged into the admin on the board, then i run this and get that error.. I put my username at the end after taking out the x with my username? any ideas?

Thanks

ps I already set myself '1' to be superadmin in config.php

I am trying to install this, and I get this
No valid userid specified

Add ?userid=x to the end of the URL
(where x is an Existing user)

I am logged into the admin on the board, then i run this and get that error.. I put my username at the end after taking out the x with my username? any ideas?

Thanks

ps I already set myself '1' to be superadmin in config.php
you need to use the user number, not user name:

userid=5

for example

wow.. im a retard :( thanks.. trying now..

ok that worked :D thank you very much. one quick question.. I know it use to install in the admincp is that not true with this version? do I have to go find the users number and do it that way?
Thanks again yoyoyoyo

ok that worked :D thank you very much. one quick question.. I know it use to install in the admincp is that not true with this version? do I have to go find the users number and do it that way?
Thanks again yoyoyoyo
one way is to go to who's online and hover over the link with their name and look at the bottom of the browser. You will see an address something like:

h*tp://yoursite.com/forums/member.php?u=8

obviously u=8 is the user number. glad to help :D

thank you very much :D thats going to work out great :D

All that discussion going on about the privacy aspect of this ..

.. you realize you as admin have full access to all the email addresses your members provide to you? They are stored in plain text for example, and you can sell them to third party companies for a lot of money. Your members trust you not to do that, why?

Exactly.

hello floris

it's good hack... even the trust part is not allowing me to install it but if i need it i'll install it. i have one question is does it work in vb 3.0.5 or 3.0.6. i allready read the part in the info file that said "DISCLAIMER: This source code modification is written for
vBulletin version 3.0.0 beta 5 - it will (probably) not work on lower or higher versions." but since long time have bass mybe you did some changes to it.

please let me know and thank you in advance.

does this work on vb 3.0.6 ???

does this work on vb 3.0.6 ??? It's aseparate script from vB 3.0.6. so unless they changed the part of theDB that stores PM's, then Yes it will work for 3.0.6

I am currently useing it in vB 3.0.6 with no problems at all, I installed this hack cause a board I am on was hacked and through PMsearch they found who it was and when I was told who it was I found they was on my vB board as well, we was able to join forces and get the person and all the accounts they had hacked.

Oh the chaos this hack will cause. Not only will people scream about the privacy bull++++, but now you're releasing a beta 5 hack at vB.org? Oh the humanity...

lol

Does it work on 3.0.7 also Floris?

lol

Does it work on 3.0.7 also Floris?

This script will work with any version of vB 3.x so far. It is a separate script from vB itself, so it's independant from vB.

This script will work with any version of vB 3.x so far. It is a separate script from vB itself, so it's independant from vB.
Owh, then I didn't read it wel I guess.

Sorry and thank you!

ok that worked :D thank you very much. one quick question.. I know it use to install in the admincp is that not true with this version? do I have to go find the users number and do it that way?
Thanks again yoyoyoyo

Follow these instructions (http://www.vbulletin.org/forum/showpost.php?p=510441&postcount=93) to get it to work from the admincp.....

Is there any way to make it so you can see WHO a person sent a message to?

Wow...been a year and 2 months, where's the v3.0.7 one? =P

Well if you read back just 1 page, you will see that this version also work on vB3.0.7

Correct MarcoH64,
The hack works fine for me on version 3.0.7 as well.

(Great Hack by the way)

what about smiles??? this hack does not show the smiles of pms.

can you do it pls?

Why thats kind of a pointless feature isn't it?

O.k, I have officially ripped the hair out of the entire left side of my head (my right side is my good side and Im trying to save it if possible).

I have now read every page of this thread about 3x and Im still having issues (mind you the only hacks I have personally installed are Arcade Hacks) which means thus far Im useless, but I am trying and thank god for backing things up or I would be screwed.

With that said here's my issues.
I have installed:
Give it 2 uf 43's version pmview
http://www.vbulletin.org/forum/showpost.php?p=489871&postcount=59

When I follow the url path to that (instead of trying to add it into the control panel directly which Ill discuss below.

It continues to tell me:
You have to be a super administrator to moderate reported private messages, this can be set within config.php

I am running version 3.0.6 and I cannot find the config.php file in order to change it in hopes of not getting the message anymore.

So than I moved on to the next option I saw discussed which is adding it directly the the admin interface as opposed to running it outside of the admin area.

My biggest issue is simply the fact that Im an idiot, but regardless any help would be greatly appreciated. I can't for the life of me find or figure this part out:
now create a new phrase in "Control Panel User Management" as follows:
varname: view_users_pms
text: View Users PM's

Do I login to the actual Admin Control Panel to do this? Is it under the vbulletin options?? If so is it called something different?

I will say I would prefer to be able to simply view the last 200 PM's sent regardless of using a different login or whatever to do so as opposed to searching a specific user's pm's, the board is fairly large and has about 30+ employee's using the PM system so to manually search each one might be a real pain.

Thanks for reading my ramble, and anyone that can set someone straight that probably shouldnt be touching this stuff would be greatly appreciated :)

3.5 version
http://www.vbulletin.org/forum/showthread.php?t=92815

I am sorry but I think this is a total invasion of privacy.

Whoever installed this really do not deserved to have a forum!!

yes being able to do this with 3 fewer clicks is so much MORE a privacy invation...

Hi there everybody:

Beta hack:
Because it works with rc1, I think I can post it. Also, who cares for which version I release a hack.

Privacy:
This has been discussed, if you don't need it: Don't use it!
I personally think none of the messages on a forum are private, because they are stored plain text in the database. I really like it how IPB calls them Personal Messages.

Having said that, it is up to the administrator of each individual forum to process the data from their members as they see fit. I don't think it requires a warning prior to registration. If a user decides to abuse the services / priveledges of a site by using the PM system to spam. The admin can use all means (tools) through the admin control panel to avoid this. They can prune pm's too, why not check up first to see if the user is really spamming and then removing the msgs. It becomes a privacy issue when the admin starts to use it to read all the msgs for personal enlightment. But either way, doing through by pulling them manually from the database in a less clear overview, or through a handy tool. I'd like to save time and use a handy tool (when I check up on spammers).

Regardless;
Thank you for the feedback and enjoy the hack.


I have to agree with that 120%! I will never use the hack just to sit there and read private conversation between my users but when you have a new register who you see is online PMing people with 3 posts, you have to wonder what's being sent around by this unknown person.


I usually would go delete all sent and and incoming PM's just to be safe. But what if he was asking a innocent question? Who would ever know. Well this tool let's me answer that question ASAP. If the PM's are innocent, then no harm no foul. But if not, as the admin I think I have every write to handle the situation and take care of the sent PM's.


A very useful tool... thanks for putting this up.

i have installed it ;) thanks

i get a problem with the hacks.

it works fine, without the quotings.

everything inside the qoute tags is not displayed.
anybody with en idea for this ?

Hmmm, I added a user list to the front page, I was going to add pagination but I got lazy :-p

Thanks alot for the useful hack .. :)

Great hack, but one request. Is it possible to display who they sent a message to when viewing the sent items?? It would require deserializing the touserarray.

There are other hacks that do this.

Warning: Cannot use a scalar value as an array in /admincp/pm.php on line 61

How do I fix it? See my error as above.

Any plans to make this available for 3.5.x ?

It's the best looking one of this type of function and worked great in 3.0.x

Cheers.

this is already available for 3.5 go back 2 pages :) also its been said PLENTY of times before we need to see WHO they are sending the messages to. Also I tried the new PM file posted a page back and I get an error.

Floris released a vB3.5 version long time ago already. There are also 2 other 3.5 hacks that can do this.

I really liked this hack and would like to see it updated.If I knew how I would do it lol...

I really liked this hack and would like to see it updated.If I knew how I would do it lol...
If you read just 1 post above yours, you will see that Floris already released the 3.5 version of this long time ago.

After the last vb upgrade I reinstalled it and it would not work.So I guess there must be something wrong on my end.Thanks.

If you read just 1 post above yours, you will see that Floris already released the 3.5 version of this long time ago.

This is the vB3.0 version, for the vB3.5 version see: http://www.vbulletin.org/forum/showthread.php?s=&threadid=92815

Can anyone please explain to me where exactly do I modify this ?? So i can view the text on the pull down menu.


now create a new phrase in "Control Panel User Management" as follows:
varname: view_users_pms
text: View Users PM's

This is a 3.0 hack, please try installing one of the 3 3.5 hacks available to read pm's.

does it work on 3.0.10 ? Thanx in advance :nervous:

You need to edit the config.php file and add your userid to the Super Admin Section.. (the config file is documented just look for the right part)

point us in the right direction.....

i've been searching for an hour and cannot find any config file

hmmmmmmm