Chit chat away...

John

What happened? Big Bug? Security hole?

I was just upgrading to 2.0.2 ;)

I think I'll wait a couple of days or do you think that the 2.0.3 will last long enough?

Thanks for the help...


...Axel

Just upgraded, all went ok :) Nice job again.

Hi! Nice 2.0.3 =) I just installed it and WHOA! I like the built in Who's Online :D, the one I installed before !^%*£$ up :). Anyway, GREAT WORK!

:rolleyes: Only just upgraded to 2.0.2 fs ;)

Oh well, to the members area....

Both the 2.0.2 and the 2.0.3 upgrade was a breeze to upgrade.

Thanks guys!

Regards
- TommyBALL

wahoo another release :)

ok, i'm currently upgrading my board and my french release !

Thank u to fix this security hole quickly :D

I knew I should wait a couple days :)

Impressive your fast action and bugfixing!

Thanks for the new version ... and yes: I'll wait some days before upgrading from 2.0.1 :D

I love the vB dev team :)
-Tom

I also waited some days with the upgrading from 2.0.1 :D


btw:
my standardredirect default template are still the same like the old version.
Not any kind of Javascript inside.
You've forgot to insert the new Template in vbulletin.style

this is pretty obvious but, if anyone does upgrade from 2.02 to 2.03

"Please delete the following files if you uploaded them: install.php, upgrade1.php, upgrade2.php, upgrade3.php, upgrade4.php, upgrade5.php, upgrade6.php, upgrade7.php, upgrade8.php, upgrade9.php, upgrade10.php upgrade11.php"

they forgot to mention upgrade12.php ;)

Originally posted by CoolaShacka
btw: my standardredirect default template are still the same like the old version.
Not any kind of Javascript inside.
You've forgot to insert the new Template in vbulletin.style

Can someone confirm this? Here it also looks like something is missing. And how can an additional JavaScript saves me bandwith when a simple meta-refresh is used? Just curious.

I am assuming we are looking at a meta-refresh causing all of the images on the page that is refreshed to be re-downloaded whereas this javascript redirect doesn't do that. Ask Kier :)

Questions:

First will this over write the changes I have made in my php
files " index.php, usergroup.php, showthread.php, members.php, admin/index.php, calendar.php etc.?

Second I already have online.php hack installed, what do I
need to do about this?

online.php was removed from circulation, the last post has instructions on removing it. I forgot where that thread is, looking for it myself, if you find it let me know.

And yes, all the files were changed. This is how I did it and it didn't take all that long. BEFORE upgrading, copy all your current files into a directory. For me that included forums/admin/ directory.

Assuming you have beyond compare, do a compare on files from your forums directory to the upload directory in 2.03....then you should be able to figure out what has to be changed.

If you have trouble figuring it out, do a compare from the new files to the original 2.02 files.

All you need to do is delete the custom templates you added for your who's online hack.

Also can someone running 2.0.3 on a win32 server send me a pm as I want to verify something with WOL.

Originally posted by CoolaShacka
my standardredirect default template are still the same like the old version.
Not any kind of Javascript inside.
You've forgot to insert the new Template in vbulletin.style [/B]Thanx for fixing

First, thank you very much for the lightning fast responce to bugs and the 2.0.2 to 2.0.3 :)

I do have a few comments and before I start I would like to make it crystal clear that I have the very highest regard for all the coders, developers, mods, users, and everyone else. Also, I'm no stranger to little glitches and bugs. These are a fact of life and just part of the equation. Natch, my profile is current and I will continue to vigerously support vB and the fine Community which surrounds it.

1) I carefully watched the roll out and same day changes to some issues in 2.0.2 The next day we have 2.0.3

2) I hope the talented coders don't feel any pressure to release a new version untill they think it's ready.

3) No single feature or combination of features in any Forum software will "generate Community" I respect your wishes for new stuff and I have my own list but this should be tempered with the reality that 2 versions in two days could be a red flag which indicates that "our pressure" may cause a rush to market. I'm sure we have all seen this in other products and in some cases it can adversly affect the success of a product.

4) You may wish to wait before you upgrade. That's your choice and not mine. Nor do I wish to infer that my way is the best way.

Goood luck to all and please excuse me if my post sounds like I'm "preaching" as this is not my intent. :)

> From 2.0.0
Upload upgrade10.php, upgrade11.php and vbulletin.style. Run upgrade10.php and proceed through all the steps. Run through upgrade11.php and now uploaded the rest of the files. When you are done, be sure to delete install.php and all the upgradex.php scripts.

Isn't there the upgrade12.php missing?

I upgraded from 2.0.0 to 2.0.3 on my local test environment and getting a white page when I try to modify my profile in the User CP.... everything else seems to work fine

I ran the upgrade12.php.
Is this because I did or is there something wrong?

you had to revert modifyoptions template since 202 because the post method changed..

Sounds to me as if 2.0.2 could have done with a wider beta test (or any kind of public beta).

What some software houses do is release odd numbered versions as "development" releases (ie for those at the leading edge) and even numbers as more stable versions.

Originally posted by SteppenWolf
you had to revert modifyoptions template since 202 because the post method changed..

Thx ;) That's it :)

well both upgrades from 2.0.0 to 2.0.2 to 2.0.3 all went well :)

successful upgrade to 2.0.3

We have version 2.01 installed right now.

Can I upgrade directly from it to 2.03, or do I need to upgrade to 2.02 first?

::cringe::

And... er, where *are* the upgrades at!?

-deb

Originally posted by SysMom
And... er, where *are* the upgrades at!?

In the members area.

Originally posted by SysMom
We have version 2.01 installed right now.

Can I upgrade directly from it to 2.03, or do I need to upgrade to 2.02 first?

::cringe::

And... er, where *are* the upgrades at!?

-deb full upgrade instructions are here http://vbulletin.com/forum/showthread.php?s=&threadid=24116

and 2.0.3 is available in the members area

To those who are concerned please go read the 2.0.3 release announcement again.

The only reason it was released was to fix a security issue that we only became aware of after releasing 2.0.2. This security issue was not created in 2.0.2 and exists in all versions of 2.0 hence everyone should upgrade before it is made public. Quite simply if we hadn't been notified of the issue than you wouldn't have had 2.0.3 for at least a month or more.

ok I read the release notes for installation for 2.0.3 , it shows what templates have changed. I am running 2.0.1 Is there a location somewhere that shows which php files were changed from version 2.0.1 to 2.0.3?

Sure for what it's worth:

http://www.vbulletin.com/forum/showthread.php?s=&threadid=24145

thank you I see now' I understand

Like a charm.

This message is directed at Pilot's and Steve_S :

The only reason that we released 2.0.3 was because of a security issue. Period. This release was not at all planned, but we took swift action when we were notified about the bug, and released a new version within 2 hours of being notified.

This is not the way I would have liked it to have been at all. If we had been notified a matter of hours earlier, then the security fixes would have been made in 2.0.2. However, we always take security very seriously, and as bad as it has looked to release another version so soon, I felt that it was important to have this issue fixed as soon as possible.

Thanks for your understanding on this issue and apologies for any inconvenience for those who had already upgraded.

John

On the 2.0.1 to 2.0.3 install instructions - it says run upgrade10.php, upgrade11.php and upgrade12.php in turn.

But upgrade10.php when run says it is for upgrading from 2.0.0 to 2.0.1 !!!

So I didn't run it and instead just ran upgrade11 and 12 to go from 2.0.1 to 2.0.3.

Was this correct? (seems to work anyway).

If my /admin directory is password protected, was I still volnurable to this security hole?

Since the sessions.php resides in the /admin directory I thought I was pretty safe even without the upgrade.

Any comments?

upgrade10.php takes you from 2.0.0 to 2.0.1
upgrade11.php takes you from 2.0.1 to 2.0.2
upgrade12.php takes you from 2.0.2 to 2.0.3

Originally posted by Mitrofan
If my /admin directory is password protected, was I still volnurable to this security hole?

Since the sessions.php resides in the /admin directory I thought I was pretty safe even without the upgrade.

Any comments?

No, I am afraid not. You are not safe.

John

yah. never underestimate a hacker. Those guys could fit an airplane into a pinhole if you leave that pinhole open.

Originally posted by freddie
upgrade10.php takes you from 2.0.0 to 2.0.1
upgrade11.php takes you from 2.0.1 to 2.0.2
upgrade12.php takes you from 2.0.2 to 2.0.3

So John's instructions on upgrading from 2.0.1 are incorrect then?

Unless my printer is lying they say

"> From 2.0.1
Upload all the files, run upgrade10.php and proceed through all the steps. Run through upgrade11.php in the same way and then run upgrade12.php... etc"

can we just upload sessions.php for protection now and then later do the entire upgrade, will that be protection?

I just upgraded from 2.02 to 2.03, and I'm getting a really weird problem. Whenever I refresh the screen, the Header screws up. The title image will disappear, and one of the images for User CP, etc, will usually disappear, and text from the code appears in it's place.

It appears that the first part of the code is not being loaded on a refresh. Plus, it doesn't seem to display the right colours.

I've tried reverting back to the original template, and still the same error occurs. I have no other hacks installed, and all templates have been restored to their originals. What could be the issue?

Is the online.php free to distribute ?


can we distribute a translated version of the online.php ?

I've already made an hack, but the file directly is more easy to chage for my users...

Thank U to reply :)

Originally posted by webhost
can we just upload sessions.php for protection now and then later do the entire upgrade, will that be protection?

Yes.

John

Reposted on page 4, found error in this post :(

You will need to upgrade to 2.0.2 at least before you upload sessions.php.
John's 'yes' only applies if you are ALREADY running vB 2.0.2.

Originally posted by SteppenWolf
Is the online.php free to distribute ?


can we distribute a translated version of the online.php ?

I've already made an hack, but the file directly is more easy to chage for my users...

Thank U to reply :) No it is copyrighted work.

Originally posted by MW[MWGN]
Hi! Nice 2.0.3 =) I just installed it and WHOA! I like the built in Who's Online :D, the one I installed before !^%*£$ up :). Anyway, GREAT WORK!
what featuree are you refering to here?

ok, I goofed big time!

Thinking that I had 2.02 installed already...I ran upgrade12.php without running upgrade11.php first...and thus the error:


There seems to have been a slight problem with the database. Please try again by pressing the refresh button in your browser.

An E-Mail has been dispatched to our Technical Staff, who you can also contact if the problem persists.

We apologise for any inconvenience.


Database error in vBulletin Control Panel: Invalid SQL: INSERT INTO session (sessionhash,userid,host,useragent,lastactivity,lo cation,styleid) VALUES ('1681b455b47515ade85a9327a84dbb5f','1','64.19.55. 146','Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)','996616435','',1)
mysql error: Unknown column 'location' in 'field list'
mysql error number: 1054
Date: Tuesday 31st of July 2001 03:53:55 PM
Script: /rod/vb/admin/upgrade11.php
Referer:


I was running 2.01 :( Is there any way to recover from this?

I tried re-uploading and running upgrade11.php again but I got the error above!

Any help will be greatly appreciated!

revert everything to the way it was:

1. upload your 2.0.1 php files.
2. restore your database to a previous backup (v2.0.1)

then follow upgrade instructions.

John and crew of very talented geeks:

<blush> My appolagies. Like a dumb ****** I didn't read the 2.0.3 announcement carefully enough.

My sessions.php from 2.0.3 is in place. Thats all I did. Took 45 seconds!

Thanks again :)

With all due respect to the Jelsoft staff, I am disgusted by how this has been handled.

Firstly I have not yet received e-mail notification - I expect that an e-mail be sent if a security issue is fixed. Your posting of this into these forums has blown the issue public, BEFORE virtually any vBulletin owner even knows the issue exists. Look how many owners are already aware of this before I just "happen" to come in here and become aware of it. I am unable to do this upgrade for another 9 hours, had I received an e-mail even 2 hours ago I could have done this. John's posting of the security fix was 11 hours ago... hmmmmmm...

Secondly if 2.0.3 is a security fix, why the hell are there new features and template changes and so forth? I am sick to death of "bug fixes" that "add new features". Even Microsoft has now committed (effective 2000 onward) to never do this.

Thirdly if this security fix is so important, why has it only been made available for 2.0.3? As of several days ago, 2.0.1 was the officially supported version by Jelsoft - why has there not been a 2.0.1a been released that is purely 2.0.1 with the security fix and a 2.0.2a that is purely 2.0.2 with the security fix. You are now forcing everyone to go through the upgrade procedure, including modifying templates gallore and rehacking code, to get up to 2.0.3 PURELY because of a security fix.

Points 1 and 3 are my critical concerns here, for a security issue I would have expected an e-mail and a patch for the latest versions which could have been INSTANTLY applied. Instead 11 hours after it has been published PUBLICLY, before directly notifying vBulletin owners, I now find out that in 9 hours time I have to completely upgrade to 2.0.3

Sorry to sound negative, but I really do question a security fix that brings with it added features and depeds upon another bug fix that also added features... :mad: :mad: :mad: :mad: :mad:

P.S. Is it at all possible that the sessions.php from 2.0.3 will be fine with sessions.php from 2.0.1 (thus enabling people to instantly be patched for the SECURITY issue, and have the luxery of doing the forced upgrade to 2.0.3 hours later when time permits?)

DVD Plaza,

I completely understand your frustration, however you might want to take a moment and reread John's message earlier in this thread. They were only made aware of this situation yesterday and they issued 2.0.3 as quickly as possible to fix this. The problem, as John noted, is in all 2.0 versions and was not introduced with 2.0.2.

P.S. Is it at all possible that the sessions.php from 2.0.3 will be fine with sessions.php from 2.0.1 (thus enabling people to instantly be patched for the SECURITY issue, and have the luxery of doing the forced upgrade to 2.0.3 hours later when time permits?)Has already been answered in this thread. Yes.

dvd said: Firstly I have not yet received e-mail notification - I expect that an e-mail be sent ....

I agree and think this is a great idea for notification of "security fixes" only.

Many companies do this and also use this email to "brand" and "sell"

Hey ya.
I was looking around my Who's Online, and I realise that EVERY user's location says Forum Main Page....I am sure some of them are in other pages like General Discussion and such, but in WOL it doesnt say that, just FORUM MAIN PAGE. Is it just me or what?

Thanks for understanding guys, it's good news to hear the sessions.php file can simply be updated - seriously an e-mail should have been, and still should be, urgently sent out advising to immediately replace the sessions.php file (infact could that not be attached to the e-mail since it would only be going to registered users?) plus recommend the upgrade to 2.0.3 as soon as possible.

Just a thought. I can do the upgrade tonight, still not happy about implementing the new features at this point, but in the mean time I'll have a 30 minute window later this morning when I could quickly upload the new sessions.php file.

Thanks guys :)

Yeah, it could've been done in a better way, but you can't blame them for acting the way they did. They only had a short period of time to act, after being notified of the security issue.

At least Jelsoft is not Infopoop, and they actually DID something about it.

The upgrade went very smooth (now that I followed the instructions... LOL), thanks dev dudes :)

Chris,


With all due respect to the Jelsoft staff, I am disgusted by how this has been handled.
I hope that I can try to reply to how this has been handle, and at least in part justify our actions.



Firstly I have not yet received e-mail notification - I expect that an e-mail be sent if a security issue is fixed. Your posting of this into these forums has blown the issue public, BEFORE virtually any vBulletin owner even knows the issue exists. Look how many owners are already aware of this before I just "happen" to come in here and become aware of it. I am unable to do this upgrade for another 9 hours, had I received an e-mail even 2 hours ago I could have done this. John's posting of the security fix was 11 hours ago... hmmmmmm...

It is no small matter to send out several thousand emails, and we will have the mailing out within 24 hours of the original announcement. The most important thing to us was to get the patch out to the community. The vBulletin have been working flat out since last night with supporting the 2.0.2 release and now the 2.0.3 release.


Secondly if 2.0.3 is a security fix, why the hell are there new features and template changes and so forth? I am sick to death of "bug fixes" that "add new features". Even Microsoft has now committed (effective 2000 onward) to never do this.

There are new features in 2.0.3 because we began development of 2.0.3 as soon as 2.0.2 was released. These were already commited into our central code repository and instead of trying to remove them and introducing more bugs, I made the call to leave them in - they are hardly major changes either, a couple of lines IIRC. The bugs that have been fixed are a couple of late breaking bugs that surfaced in 2.0.2 . I think that it is better to include bug fixes in new releases that to leave the bugs in the software.


Thirdly if this security fix is so important, why has it only been made available for 2.0.3? As of several days ago, 2.0.1 was the officially supported version by Jelsoft - why has there not been a 2.0.1a been released that is purely 2.0.1 with the security fix and a 2.0.2a that is purely 2.0.2 with the security fix. You are now forcing everyone to go through the upgrade procedure, including modifying templates gallore and rehacking code, to get up to 2.0.3 PURELY because of a security fix.

I am going to quote myself in response to this one (from my 2.0.3 announcement):

It affects sessions.php only, so if you do not want to upgrade, please upload the new sessions.php at least.


I hope that you can understand my thinking behind these points. Believe me, I was just as annoyed as you were to find out about this security issue a matter of hours after releasing 2.0.2 .

And I also apologise for any inconveniences caused because of this.

Regards,
John

Looks like I was a little slow with my reply :)

John

this whosonline thing that is supposed to show where users are at ummmm my cp says it is on but where is this feature at i am not seeing this maybe im blind :rolleyes: :confused:

If you have v2.0.2 onwards, goto online.php in your main forum dir for the Who's Online...
The one on the forum main page in previous versions (Current Active Users) isnt exactly Who's Online, because WOL shows where users are and their IP address, while the other thingy doesnt.....
http://forum.mwgnet.com/online.php
see what you see...

Originally posted by almighty one
this whosonline thing that is supposed to show where users are at ummmm my cp says it is on but where is this feature at i am not seeing this maybe im blind :rolleyes: :confused:

You need to revert your forumhome_loggedinusers template for the new Who's Online feature. This will create a link to 'Currently Active Users.'

If you are just getting the Main Page for everyone, download 2.0.3 again and replace sessions.php

My Who's Online seems to have some problem
I gave a link to someone which goes to one of my forums, which is General Discussion. The I went to Who's online and it says this for that person:
MW Gaming Network Forums Main Index
It should say he's in General Discussion, but it doesnt. I looked in this forum's WOL and I saw it working perfect, so it must be me...
Please help!
Thanks :)

Originally posted by John
It is no small matter to send out several thousand emails, and we will have the mailing out within 24 hours of the original announcement. The most important thing to us was to get the patch out to the community.
I do understand, I send out quite a few thousands personalised e-mails at the beginning of every month. However by your own admission there are thousands of e-mails to send out, yet your post advising of the urgent security fix has been read only 629 times (inc duplicates) in the 12 hours it has been up.

In any case the mere upgrading of sessions.php is excellent - I had read through your announcement and this entire thread (admittedly fast reading, time is short and there was a lot to get through) and didn't pick up on this. Shouldn't the focus therefore exclusively be on upgrading that file?

Just a thought, thanks for your time guys I appreciate your busy :)

Originally posted by freddie
If you are just getting the Main Page for everyone, download 2.0.3 again and replace sessions.php

I'm confused...

The version of 2.0.3 that I downloaded had a sessions.php with an if statment checking the version number with a typo in it (was '==' instead of '>='). There's a post on the bugs board (http://www.vbulletin.com/forum/showthread.php?s=&threadid=24121) about it as well...

I just downloaded 2.0.3 again... Now the sessions.php if statment reads:


if ($templateversion > '2.0.1') { // Use location!


... And it doesn't appear as though the version number has changed from 2.0.3 (to 2.0.3a perhaps)

So did 2.0.3 get re-released? And what (else) changed? And should we change the 'fix' for the bug (above) to match this file?

-- Brian

Although I am ecstatic about vb in general, I'm also very frustrated about this upgrade too.

1st to go back to DVD's point, I don't really understand why it's so hard to send out an email even to thousands. There are maillists etc that handle this quite easily...what kind of system do you have in place?

But what's really frustrating me at this point is the template system. This is simply unmanageable. I wrote a hack to try and make it easier to see changes but that isn't enough and works only for small bits of code.

Some people only changed a couple of templates, no big deal for them to upgrade but you have no idea how many days of work this will be for those of us who have modified a ton of templates. Those are the guys who are making the most of the awesome power of vb. The soul of the vb community.

I shudder to think about those with multiple templates!!! I only have one to deal with plus the usenet template...

It makes it so prohibitive to work with...that I won't even want to upgrade when the next release comes out and I'm the kind of guy who likes to have it before anyone else does. Back when netscape was the bomb my friend and I would be among the first to download the latest release beta/maintenance release whatever, even when it came out at 4:30 am.

You absolutely need to have the ability to write those templates out to a file to do a beyond compare. If you change one minor thing in a template, how the heck is anyone supposed to see it? And who wants to scrap all the custom changes just to find out one little thing?

I'm now manually copying and pasting a ton of templates into different files into different directories just so I can run a beyond compare...but doing this manually it's so easy to make a mistake and screw up the templates. Please please please, come up with a way, even an interim way, to handle these templates better. There must be an sql statement that can split up these templates into files???

Thanks for hearing me out.

BINGO! It worked! I went to that bug board page given by Daroz and I just edit sessions.php without downloading the whole thing again. :)
You guys are quick :D. when will I see 2.0.4? ;)

Got this while I was browsing thru your forums! whats up? What does it mean ?? Thanks

Parse error: parse error in /data/sites/vbulletin.com/htdocs/forum/admin/functions.php on line 267

Fatal error: Call to undefined function: getuserinfo() in /data/sites/vbulletin.com/htdocs/forum/admin/sessions.php on line 327

--
Error created when I clicked on the link on the bottom of the page, that goes to the nesxt page ei: << <12345> >>

Just got the email about 2.0.3 and replaced the sessions.php file ... thank's for the quick heads up guys.

Hopefully I'll be able to upgrade to 2.0.3 very soon to get back in line with everyone else. ;)

just tell me one thing ...

I have 2.0.1 on now and so many hacks i couldnt count them if i tryed..

The bugs you have fixed to 2.0.2 i dont seem to couse any problems with my board and the running of it..

So do i have to upgrade to 2.0.3??? to fix yet another big whole? or isint this in 2.0.1? and am i still safe to run that?

Thanks for reading

Originally posted by Blue2000
just tell me one thing ...

I have 2.0.1 on now and so many hacks i couldnt count them if i tryed..

The bugs you have fixed to 2.0.2 i dont seem to couse any problems with my board and the running of it..

So do i have to upgrade to 2.0.3??? to fix yet another big whole? or isint this in 2.0.1? and am i still safe to run that?

Thanks for reading 2.0.2 contains a lot of extra features that might be desirable for your board, so it's probably worth upgrading.

If you really don't want to upgrade (although I strongly recommend that you do), then at least upload the new admin/sessions.php from 2.0.3 to fix the security hole.

thanks alot for you VERY fast reply

i do have far to many hacks installed to do it again (i make my own, not just install the ones from here)

I am downloading the zip as i type this i will upgrade the sessions.php ...

cheers mate

Where do I even begin with any of this stuff? I am completely bewildered. I have been a vBulletin forum administrator for all of two weeks. I followed all the links provided, such as to the online manual, but didn't see anything in particular there.

When I'm in the Members area, do I choose "renew/upgrade" or "download"?

Am I then just FTPing all downloaded files directly over the ones I've already got running on my domain that contains the currently running 2.0.1 forums?

How the hell do you "run the upgrade11.php script in the admin area. Then run upgrade12.php. When you are done, be sure to delete install.php and all the upgradex.php scripts"? I've never run any scripts before!

I have been swamped with installing firewall software (for the first time ever) and doing my first mySQL database backup during the past few days, so I am really at a loss. HEEEEELLP!

I think it would be helpful for those of us new to all this to have an easy-to-access, comprehensive set of upgrade instructions. I find it difficult to comb through this thread trying to find the bits of info I need.

Originally posted by Bobbi
When I'm in the Members area, do I choose "renew/upgrade" or "download"?

You click on the link "download" then when the page opens - you choose the latest version.

Am I then just FTPing all downloaded files directly over the ones I've already got running on my domain that contains the currently running 2.0.1 forums?

That is correct. You upload all the files right over the origional one. You don't need to worry about images. Make sure you upload all the files to the correct directories in ASCII mode and just overwrite the origional ones. Make sure upload the vBulletin.style to the admin directory before you run the upgrade.php files.

How the hell do you "run the upgrade11.php script in the admin area. Then run upgrade12.php. When you are done, be sure to delete install.php and all the upgradex.php scripts"?

You upload the upgrade file that you are supposed to upload into the admin directory in ASCII after you uploaded vBulletin.style. Then go to http://www.yourforums.com/admin/upgrade11/12.php or what ever file you are supposed to run. Then keep clicking "next" until it finishes updating everything.

After its done running the upgrade.php file, you go into FTP and delete all the upgade files which will be upgade1.php, upgade2.php etc.

I've never run any scripts before

Sure you have. If you were the admin installing the vBulletin software - running the script was when you went to http://www.yourforums.com/admin/install.php and chose the admin password/username etc..


Phil~

This sounds stupid, but I'm pretty new at this and I just want to make sure I understand before I upgrade. Do I just overwrite my existing files on the server? It seems like I would lose all my custom templates and hacks by doing so.... I'm ready to go, just want to make ABSOLUTELY sure I'm doing this correctly.

I wait impatiently to upgrade....:rolleyes:

Thanks!

This sounds stupid, but I'm pretty new at this and I just want to make sure I understand before I upgrade. Do I just overwrite my existing files on the server?

This has been addressed many times. See my last post but yes you overwrite the existing files.

It seems like I would lose all my custom templates and hacks by doing so.... I'm ready to go, just want to make ABSOLUTELY sure I'm doing this correctly.

You will loose your hacks but not your custom templates. My suggestion is to just overwrite the files that have changed since the last release. John has listed the updated files in the announcement forum since the last release.

Phil~

Thanks, Phil, will I still have to run the upgrade11 and 12.php - or simply overwrite and done?

Yes you will still have to run the upgrade files.

Phil~

--Security alert! install.php still remains in the admin directory. This poses a security risk, so please delete that file immediately. You cannot access the control panel until you do.---

I uploaded all the files, am upgrading from 2.0.1 to 2.0.3, and when I type in www.mysite.com/forums/admin/upgrade11/php I get that message immediately afyer it loads.

Doesn't seem to have done anything to my site either.

and... one more successful 2.0.1 to 2.0.3 upgrade on the second vB that I maintain. :)

Originally posted by MeMyselfandCatdog
Got this while I was browsing thru your forums! whats up? What does it mean ?? Thanks

Parse error: parse error in /data/sites/vbulletin.com/htdocs/forum/admin/functions.php on line 267

Fatal error: Call to undefined function: getuserinfo() in /data/sites/vbulletin.com/htdocs/forum/admin/sessions.php on line 327

--
Error created when I clicked on the link on the bottom of the page, that goes to the next page ei: << <12345> >>

Gee, am I going to expect this kind of error on my upgraded site? I posted this like hours ago and not heard any reason why this happen on this forum. I assume upgrading my 2.0.2 to 2.0.3 will cause this error ? Please let me know... Thanks

Okay, I went and overwrote the following files:

admin/thread.php
sessions.php
user.php
functions.php
vbulletinstyle
and global.php
I also overwrote all the upgrade files.

Then I went into admin and ran the upgrade. It said it was all upgraded - but did I overwrite all files that needed to be changed??? Have I missed anything? I am curious - since I had 2.01 - was there an upgrade that 2.02 had incorporated that I missed by not doing a complete upgrade?

Also, everything so far still seems the same on my board. What differences should I look for?

Lily59 ~

Most of the files that were released in 2.0.2 were changed since 2.0.1. I would over write all the files.

Phil~

But I will lose my hacks, right? That's a LOT of work. :eek:

I hacked my board to pieces! Come on over and check it out if you don't believe me.

Les Paul Forum (http://lespaulforum.org/forum/index.php?s=)

I don't mind doing all the extra work if you think it's really necessary though - but I'd also like to avoid it if it's NOT necessary. Please advise.

I deleted that install.php script from my admin directory and then logged into the control panel. It is now asking me if I want to upgrade. Will tell everyone how it works.

Lily59

Your on 2.0.2 right now going to 2.0.3, right?

The main reason why 2.0.3 was released was because of a large security hole that is in all versions on vBulletin. John said that if you didn't want to upgrade - the least you should do is just overwrite sessions.php with the new sessions.php.

Phil~

I just finished that part and now went back to the control panel and it says I have version 2.0.2. Will try to figure out how to go up to 2.0.3 now.

RE: The "Parse error: parse error in /data/sites/vbulletin.com/htdocs/forum/admin/functions.php on line 267

Fatal error: Call to undefined function: getuserinfo() in /data/sites/vbulletin.com/htdocs/forum/admin/sessions.php on line 327" error

Originally posted by MeMyselfandCatdog
Gee, am I going to expect this kind of error on my upgraded site? I posted this like hours ago and not heard any reason why this happen on this forum. I assume upgrading my 2.0.2 to 2.0.3 will cause this error ? Please let me know... Thanks No -- that error tends to happen if you load a page when a file is only half way uploaded. As long as the file is fully uploaded, you should never see it.

I typed in

www.mysite.com/forums/admin/upgrade12.php and it tells me it will upgrade it now. It says this below-

"This script will upgrade you from vBulletin 2.0.2 to vBulletin 2.0.3. If you are upgrading from a version other than 2.0.2, please run previous upgrade scripts first.

Installing a new version: run install.php


Upgrading from vBulletin 1.1x: run upgrade1.php


Upgrading from vBulletin 2.0 beta 1: run upgrade2.php, upgrade3.php, upgrade4.php, upgrade5.php, upgrade6.php, upgrade7.php, upgrade8.php, upgrade9.php, upgrade10.php upgrade11.php, upgrade12.php
Upgrading from vBulletin 2.0 beta 2: run upgrade3.php, upgrade4.php, upgrade5.php, upgrade6.php, upgrade7.php, upgrade8.php, upgrade9.php, upgrade10.php upgrade11.php, upgrade12.php
Upgrading from vBulletin 2.0 beta 3: run upgrade4.php, upgrade5.php, upgrade6.php, upgrade7.php, upgrade8.php, upgrade9.php, upgrade10.php upgrade11.php, upgrade12.php
Upgrading from vBulletin 2.0 beta 4: run upgrade5.php, upgrade6.php, upgrade7.php, upgrade8.php, upgrade9.php, upgrade10.php upgrade11.php, upgrade12.php
Upgrading from vBulletin 2.0 beta 5: run upgrade6.php, upgrade7.php, upgrade8.php, upgrade9.php, upgrade10.php upgrade11.php, upgrade12.php
Upgrading from vBulletin 2.0 RC1: run upgrade7.php, upgrade8.php, upgrade9.php, upgrade10.php upgrade11.php, upgrade12.php
Upgrading from vBulletin 2.0 RC2: run upgrade8.php, upgrade9.php, upgrade10.php upgrade11.php, upgrade12.php
Upgrading from vBulletin 2.0 RC3: run upgrade9.php, upgrade10.php upgrade11.php, upgrade12.php
Upgrading from vBulletin 2.0.0: run upgrade10.php, upgrade11.php, upgrade12.php
Upgrading from vBulletin 2.0.1: run upgrade11.php, upgrade11.php, upgrade12.php
Upgrading from vBulletin 2.0.2: run upgrade12.php (this file)
Continue with the upgrade --> "

Originally posted by handheld234
I just finished that part and now went back to the control panel and it says I have version 2.0.2. Will try to figure out how to go up to 2.0.3 now. Just run upgrade12.php in the same way you ran upgrade11.php.

It imported new templates then said this-

"Updating version number .... Done!
Upgrade to 2.0.3 completed successfully!
Please delete the following files if you uploaded them: install.php, upgrade1.php, upgrade2.php, upgrade3.php, upgrade4.php, upgrade5.php, upgrade6.php, upgrade7.php, upgrade8.php, upgrade9.php, upgrade10.php upgrade11.php

Thank you for using vBulletin. "

I checked my forums page and it says Powered by: vBulletin Version 2.0.3
Copyright ©2000, 2001, Jelsoft Enterprises Limited.

Now all I have to do is delete those upgrade scripts.

The trick to get this to run was to delete the install.php script first and then go into the Forum Control Panel.

This was for an upgrage from 2.0.1 to 2.0.3

Just run upgrade12.php in the same way you ran upgrade11.php.

When i ran upgrade11.php I got a warning that I couldn't access the control panel. It wouldn't run.

So i deleted the install.php script form my admin folder, went into the control panel, and it asked my to upgrade.

I did that, it worked, then i ran the upgrade12.php and this time it ran.

I had version 2.0.1 So, if I only overwrote and upgraded the above files I listed (per the Announcement thread) I still need to upgrade entirely? And redo all my hacks??? Will my board run better because of it? This is not an unnecessary step?

I'm not trying to be difficult. I really appreciate the quick security heads up. I'm just trying to ascertain whether it's necessary to overwrite everything and go to the trouble of re-hacking my entire site. :(

If you are already running vBulletin version 2.0.2 - from what John said in his announcement - all you need to do is update sessions.php. If you just do this, than you won't loose any more hacks unless you modified sessions.php I guess.

IMO - this is necessary because there is a large security issue. I hacked my board up pretty good but it sure beats having a large whole in security I guess.

Phil~

Help!!!!

I just went into the control panel and went to List Users and here's the message:

<tr class='
Fatal error: Call to undefined function: getrowbg() in /home/client/lespaulforum.org/docs/forum/admin/user.php on line 754


I think I need to upload ALL the files perhaps???

Kier,

Your reply to the 2.0.2 announcement isn't clear to. If I need to upgrade to 2.0.2 first, I only have access to the 2.0.3 from members area?

:confused:

Originally posted by Ed Sullivan
No -- that error tends to happen if you load a page when a file is only half way uploaded. As long as the file is fully uploaded, you should never see it.

Thats weird becuase I loaded the page like 5 minuets while I was watching TV then I got back read the post for like 2 minutes then clicked on it, so I had about 7 minutes to give it some upload time. Then I have about 3.1Mbps internet connection so the page should loaded in a jiffy.. Any suggestions ?

I Updated successfully.

To my relief, not too much change where I have edited the most:

A compare on MSWord shows that between version 2.01 and version 2.03,

1) There are no changes to the forumhome_unregmessage template.

2) The only change to the forumhome template was to add some code pointing to vBulletin:


</head>
<body>
$header

<!-- text -->
<table cellpadding="2" cellspacing="0" border="0" width="100%" align="center">
<tr valign="bottom">
<td><a href="javascript:window.location=window.location"><img src="images/vb_bullet.gif" border="0" align="middle" alt=""> <normalfont><b>$bbtitle</b></normalfont></td>alt="$bbtitle : Powered by vBulletin version $templateversion"></a>
<normalfont><b>$bbtitle</b></normalfont></td>
<td align="right"><smallfont>$welcometext<br><b>$newposts</b></smallfont></td>
</tr>
</table>


Also the new version has gotten rid of a bug that kept on asking me to re-login after each edit on the control panel.

Man, I already posted this message I thought!!!

Anyway I need some help. Now when I go into "list users" in control panel I get this error

Fatal error: Call to undefined function: getrowbg() in /home/client/lespaulforum.org/docs/forum/admin/user.php on line 989

Does this mean I need to just bite the bullet and upload everything???

at first, i upgrade all the files, run upgrade11.php, i got a message "install.php exists..."

i delete install.php, run upgrade11.php again, the Internet Explorer report "invalid syntax..."

i upload my 2.0.1 files again, then upload upgrade11.php within 2.0.3 package, run it, report ok.

i upload 2.0.3 files again, include upgrade11.php, run it, report "it seems U've already run this script" how does it know this?

i run upgrade12.php, report ok.

now it looks i've got 2.0.3, but i'm not sure if i missed something...

my forum http://forum.cloudworld.net

how do i know i didn't miss anything? thanks.

Buncha replies in one.

Longbow -- Check for this option in your CP: "Restrict Listing". If you have it, you should be ok. If you don't, then we need to take a look at what went wrong.

Lily59 -- That's a new function, so it looks like your adminfunctions.php is from pre-2.0.2. Make sure you have the newest version of that uploaded. If you're going from 2.0.1 -> 2.0.3, you almost have to do a full fledged upgrade. There are a lot of code changes. Not doing so could result in weird issues.

MeMyselfandCatdog -- If you get it again in the next couple hours, let me know. I know John was uploading a code change (for the license numbers in profile thing) earlier, so it's possible there was actually a typo in the code for a little while that caused that.

<edit>
Meant adminfunctions.php, not functions.php.
</edit>

Originally posted by tamarian
Kier,

Your reply to the 2.0.2 announcement isn't clear to. If I need to upgrade to 2.0.2 first, I only have access to the 2.0.3 from members area?

:confused: When you download 2.0.3, you are also downloading all the code changes from 2.0.2. You will need to study the announcement to see what templates etc. will need attention in order for your board to function correctly.

Am I dreaming????

I just upgraded entirely (except for my smilies) and it kept all my hacks!! is this possible??? My control panel looks different so I tend to believe the upgrade was successful....but my hacks were not overwritten.

Is this too good to be true???

Originally posted by Lily59
Am I dreaming????

I just upgraded entirely (except for my smilies) and it kept all my hacks!! is this possible??? My control panel looks different so I tend to believe the upgrade was successful....but my hacks were not overwritten.

Is this too good to be true???
if you had hacks installed via php files then it isnt possable and mayeb just maybe you could share soem of what ya got :D j/k but it really isnt possable for a hack thatw as in the say index.php to remain there i do hate upgrading due to rehacking but i only have timezone and threads started installed right now

So are you saying that it's not installed??

I overwrote all my files and then I ran the upgrade 12 which it said upgraded successfully.

How can I figure out if it did? As I said, my control panel now works and looks way different - but the board looks the same. :confused:

Originally posted by Lily59
Am I dreaming????

I just upgraded entirely (except for my smilies) and it kept all my hacks!! is this possible??? My control panel looks different so I tend to believe the upgrade was successful....but my hacks were not overwritten.

Is this too good to be true??? By hacks, if you're referring to template changes, then no -- any changed templates will remain until you manually make the changes in the announcements. I'd recommend heading to the 2.0.2 and 2.0.3 announcements and looking over the changed templates and "revert to original" 'ing the templates you've customized that are changed, and redoing the customization.

What's with the grumpy old men look? More like The Simpsons and less like Peanuts?

I liked those big faces more. But I guess I'll get used to these too.

Thanks Mike, I will be sure to upgrade those. But I will take my time and do a bit here and there until completed. Seems to me the critical stuff is completed. Would you agree.

BTW, I appreciate all the help....Being sort of new at this, I tend to get a bit nervous. You guys are the best.

Thanks again! :)
Lily

GMYachtsman -- huh? Are you referring to the mods' avatars? Well, we needed a bigger cast than Peanuts so all the mods could have them.

Lily59 -- Off the top of my head, the only really critical template change is modifyoptions. If you don't revert that, you won't be able to change any of your user's options. Although, Kier may contest that. :) If you want to have your board open while redoing the templates, start with modifyoptions, and work from there. (Just IMO, though)

I didn't read the directions clearly-- It says;

> From 2.0.1
Upload all the files but install.php, then run the upgrade11.php script in the admin area. Then run upgrade12.php. When you are done, be sure to delete install.php and all the upgradex.php scripts.

I uploaded all the files AND install.php

I guess what threw me was it said at the end to be sure and delete install.php too.

If you don't upload it, then it shouldn't be there to delete??? :confused:

Anyway, the upgrade worked great even with my mistake. Thank you.

I didn't read the directions clearly No, you did :) I edited the instructions. *goes to take out the part about deleting install.php*

Help. I've upgraded from 2.01 to 2.03 and now i've got an error in the administration menu. The board seems to be running fine.


There seems to have been a slight problem with the database. Please try again by pressing the refresh button in your browser.

An E-Mail has been dispatched to our Technical Staff, who you can also contact if the problem persists.

We apologise for any inconvenience.


Database error in vBulletin Control Panel: Invalid SQL: INSERT INTO session (sessionhash,userid,host,useragent,lastactivity,lo cation) VALUES ('3e4fedff752909388f0e0fd5a7b03285','2','212.64.10 4.65','Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0;','996647885','')
mysql error: Unknown column 'location' in 'field list'
mysql error number: 1054
Date: Wednesday 01st of August 2001 08:38:05 AM
Script: /forum/admin/index.php
Referer: http://www.superplaza.nl/forum/admin/index.php

That was fun, I updated to 2.0.2 yesterday and 2.0.3 today

The good thing is that they each took only 15 seconds and I didn't have to re-write any scripts.

Thanks guys :)

I'll think i now what i did wrong. I've runned upgrade12.php instead of upgrade11.php.

Please advice what to do...

Originally posted by PaulK
Help. I've upgraded from 2.01 to 2.03 and now i've got an error in the administration menu. The board seems to be running fine.


I'm not sure, but I think you have to upgrade to 2.0.2 first

Yes i'll think you're right, but i cannot find the place to download 2.02... It's not in the member area anymore...

Just run upgrade11.php from the 2.0.3 download

This does not work..

Error :

Database error in vBulletin Control Panel: Invalid SQL: INSERT INTO session (sessionhash,userid,host,useragent,lastactivity,lo cation) VALUES ('8b4dc86396d73abd4648459966a5a44f','2','212.64.10 4.65','Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0;','996649364','')
mysql error: Unknown column 'location' in 'field list'
mysql error number: 1054
Date: Wednesday 01st of August 2001 09:02:44 AM
Script: /forum/admin/upgrade11.php
Referer:

In that case...try posting a thread in the Installation problems forum.....I don't know anything about this.....

Both the 2.0.2 and the 2.0.3 upgrade went very well, many thanks

from version 2.0.2, aside from the member.php script, what are the other php scripts that were change? (I'm using version 2.0.1)

Originally posted by Ed Sullivan

MeMyselfandCatdog -- If you get it again in the next couple hours, let me know. I know John was uploading a code change (for the license numbers in profile thing) earlier, so it's possible there was actually a typo in the code for a little while that caused that.


I tried to create the error again, but couldn't if my life depended on it. I just upgraded mine and it's flawless.

I guess that what it was, John uploaded while I was pulling the files at the same time.

Thanks for the help, kinda got scared there for a minute ;)

Very smooth upgrade from v2.0.1 to 2.0.3...lost a few hacks (world time, coloured online users etc) but they should be easy to fix. Thanks guys.

Hi,

I want to upgrade from 2.0.1 to 2.0.3

But in the 2.0.3 announcement is stated the following:


Please note that when you upgrade to 2.0.3, you must also perform the upgrade to 2.0.2 first!

I looked in the members are but I can't find ver 2.0.2 anywhere... Where is it...? :confused:

Then I have another question; if I upgrade to 2.0.2 and then to 2.0.3, will I lose all the data from my database?

And What about the colors of my board, replacement variables and templates? Will I lose this data?

Thank you,

latinO

Please note that when you upgrade to 2.0.3, you must also perform the upgrade to 2.0.2 first!

This confuses me too. I already ran the upgrade from 2.0.1 to 2.0.3 before that post was made by Kier

What adverse affects will this cause on my board since that wasn't made known prior to my upgrade?

And if there are any bad things that can happen because of this, please let me know how to correct them

It just wants you to run the upgrade11. before you run the upgrade12. Upgrade 11 does upgrade you to 2.0.2 I think....that's how I did it and I'm successfully upgraded from 2.0.1 to 2.0.3 now...

Originally posted by Ed Sullivan


Lily59 -- Off the top of my head, the only really critical template change is modifyoptions. If you don't revert that, you won't be able to change any of your user's options. Although, Kier may contest that. :) If you want to have your board open while redoing the templates, start with modifyoptions, and work from there. (Just IMO, though)

I can't find such a template as modifyoptions, do you mean OPTIONS.php?

Also Restrict Listing is this the text you see when you view admin logs? and prompt to change config.php? Just asking

Nope, I went in last night and overwrote mine because it was customized. You go into the User Option templates. It's the modifyoptions.php

At least that's the one I overwrote.

ok, I am the goof who ran upgrade12.php over a 2.01 installation.

I have had my host resoter my databse to a pre-goof date (day before yesterday). Is there a way for me to do a clean install of the board and have it use the exisitnig database (and content, members, etc)? The VB backup I keep on a weekly basis is on a corrupt zip disk (not my week :( ) so I am stuck with using the database in tact...

Any thoughts?

Last night I upgraded successfully from 2.0.1 to 2.0.3.

I took the drastic approach, backed up everything, deleted all the scripts, reuploaded all the scripts. Then I ran upgrade11.php and upgrade12.php. Then I reverted all the templates.

After all this I rehacked my board remodifying the templates and the scripts and everything is working smoothly. Without Beyond Compare this task would have been impossible.

Now I read in the announcements that Kier says to first UPGRADE to 2.0.2 before going to 2.0.3. Kier, could you please explain us WHY? Don't want to spend another night upgrading when last night your last announcement said to just run upgrade11 and upgrade12 to upgrade from 2.0.1 to 2.0.3.

Please Jelsoft, you're all good guys but I think that for the next upgrade John should coordinate the thing in a better way. Too many installation procedure mistakes and changes, typos etc. that I can fully understand because you've been under pressure lately but please, don't let the pressure degrade the QUALITY of your work. I would have preferred to wait for 2-3 days more and have less doubts when upgrading. 2.0.1 straight to 2.0.3? Yeah, but the day after Kier says to first upgrade to 2.0.2 and last night I think a lot of 2.0.1 forums upgraded STRAIGHT to 2.0.3.

Please be more clear on these topics...we don't want to waste our time upgrading with a WRONG procedure.

Anyway my forum is doing great and thank you for your help, you made a great product. :D

BTW: My license info is in the profile...(I see that Freddie is sensible on the license topic) ;)


...Axel

Hmmm, the announcement says I need to upgrade to 2.0.2 before upgrading to 2.0.3 -- but 2.0.2 doesn't seem to be available in the Members Area. Am I missing something? :(

Database error in vBulletin Control Panel: Invalid SQL: INSERT INTO adminlog (adminlogid,userid,dateline,script,action,extrainf o,ipaddress) VALUES (NULL,'2',996745945,'options.php','options','','23 4.442.27.24')
mysql error: Unknown column 'ipaddress' in 'field list'
mysql error number: 1054
Date: Thursday 02nd of August 2001 05:52:25 AM
Script: /forums/admin/options.php?action=options
Referer: http://www.myurl.com/forums/admin/index.php?action=nav

What should I do?????????????? :confused:

pcmania, it looks like you did the same thing I did...went straight from 2.01 to 2.03 without running upgrade11.php first. I don;t know how to fix it yet...but I am hoping someone here does :(

This is not a case of lack of instructions, but please read the damn instructions


Upgrade instructions:

>From 1.1.x:
Upload all the files but install.php, then run the upgrade1.php scrint in the admin area. When you are done, be sure to delete install.php and all the upgradex.php scripts.

> From 2.0 betas and release candidates:
Information is available here to upgrade to 2.0.0:
http://www.vbulletin.com/forum/show...&threadid=17464
Then follow the instructions below for upgrading to 2.0.3

> From 2.0.0
Upload all the files but install.php, then run the upgrade10.php script in the admin area. Then run upgrade11.php. Then run upgrade12.php. When you are done, be sure to delete all the upgradex.php scripts.

> From 2.0.1
Upload all the files but install.php, then run the upgrade11.php script in the admin area. Then run upgrade12.php. When you are done, be sure to delete all the upgradex.php scripts.

> From 2.0.2
Upload all the files but install.php, then run the upgrade12.php script in the admin area. When you are done, be sure to delete all the upgradex.php scripts.


If you had of read that, you wouldn't not know what you are doing. Running the upgrade11.php script updates the board to 2.0.2. Running upgrade12.php upgrades to 2.0.3.

So go back to this thread (http://www.vbulletin.com/forum/showthread.php?s=&threadid=24116) and make sure you READ everything before you attempt to do it.

Give me a break Martz -- it was confusing. Everyone here should be able to admit that. The original instructions do not specifically tell you that upgrade11.php will handle the 2.0.2 transition for you. Everything would have been fine, but that post from Kier was confusing -- it should have read "Make sure you run upgrade11.php before upgrade12.php".

I'm not stupid, nor inexperienced, with vBulletin, and I was confused as well. I did read the damn instructions -- maybe the "damn instructions" should be more clear.

I have upgraded to 203 - and found that you have NOT added support for the whoposted java script templates:

searchresult
searchresultbit

only in

searchresult_threadonly
searchresultbit_threadonly


I guess thats an error

---

othervise - fine upgrade - no problemo - "just" a lot of translating the "same" templates again again - I would still dream of getting language into a seperate file/variables

Perhaps the confusion some people have would be avoided if future releases have a different naming scheme for the upgradeXX.php scripts.

How about these?
upgrade200to201.php: This will upgrade 2.0.0 to 2.0.1.
upgrade201to202.php: This will upgrade 2.0.1 to 2.0.2.
upgrade202to203.php: This will upgrade 2.0.2 to 2.0.3.
upgrade203to210.php: This will upgrade 2.0.3 to 2.1.0.
From a usability perspective, I think that would be a bit more goof-proof. :)

Marz turn on the DAMN brain before writing something...

Don't treat people like they're stupid if you don't know them ok?

Learn what RESPECT means!

Regarding the upgrade instructions:

1. First of all in my post I wrote that I successfully upgraded because I ran upgrade11 and upgrade12. So learn to read what you want to comment.

2. The original instructions for the upgrade path 2.0.1 -> 2.0.3 also said that you had to run upgrade10 wich was an ERROR promptly corrected by Jelsoft.

3. Kier wrote that it is IMPORTANT to first upgrade to 2.0.2, misleading users into thinking that they first had to install 2.0.2 files and that's why many people were trying to download 2.0.2 files from the members area. Pretty confusing for beginners don't you think? I don't care because I knew that Kier intended to say RUN UPGRADE11.PHP. He should have said it clearer. That's all.

4. Last night after I had upgraded I also noticed that the vbulletin 2.03 files from the download area HAD CHANGED, I redownloaded it and I noticed that they were modified. So I reuploaded the scripts.

Don't try to lick Jelsofts' programmers' butts Marz, trying to justifying the mistakes by offending people.

Everyone makes mistakes, and Jelsoft's people, as all the human beings in the world, make mistakes too.

I read John's reply to DVDPlaza and I can only say one thing: John, you're a real gentleman, you honestly admitted that the thing caused confusion, and didn't try to justify the little mistakes that have been made. You're an example for the community.

I am a happy custome of Jelsoft. And I think that a smart company should LISTEN to customers' critics to be able to try to avoid the same errors in the future.

Thanks again for your work Jelsoft...


...Axel

I just got my license yesterday, installed it in 1 hour with no problems, then tested things out....YOU GUYS ROCK!!!! This is one amazing piece of work!!! Then I get the 2.0.3 email about the security problem this morning....upgraded to 2.0.3 with NO probs!!

A real pleasant surprise!!! Can't all software companies operate this way???

P.S. The only mistake I've made so far was choosing the 1 year license...I should have chosen the lifetime one!

Upgrade quick Jackie...and you can still get the same price :)

I wish I had done it in time :)

I've never upgraded vB before, and I'm not clear on one thing.

In the announcement for 2.0.3 Kier wrote:

Please note that when you upgrade to 2.0.3, you must also perform the upgrade to 2.0.2 first!

My am running 2.0.1. Does this mean I need to upgrade to 2.0.2 first, then upgrade again to 2.0.3? I know this sounds obvious from the above quote, but I don't find a 2.0.2 download in the members area.

I have 2.0.3 downloaded. Can someone clarify for me?

Thanks for your patience.

jeffwbent, running the upgrade11.php does in fact upgrade your board to 2.02. You then run upgrade12.php to upgrade to 2.03.

I think the documentaion should be ammended to make this more clear, as this question is being asked repeatedly...

What do you think John?

just updated my note...

My upgrade went fine, the 2.0.3 files I downloaded seem to have a time stamp of 18:47 - is that the latest version?

I am a little concerned at the practice of "revising" the download files for a given release - it could lead to problems if people can't tell exactly what cut they have. Maybe the readme.txt file should specify a "sub-release" number?

Upgrading was easy as I did not have to re-hack - however I have very few customised templates. I think the template comparison process needs to be made easier and a way of importing/exporting the templates to flat files so that "beyond compare" can be used.

A function to download the custom templates (along with their originals) to flat files would be neat.

My upgrade went fine, the 2.0.3 files I downloaded seem to have a time stamp of 18:47 - is that the latest version? Things are dynamically rewritten, so I believe it'll actually be different every time you download.

i uploaded all the new files
ran upgrade11.php then upgrade12.php

and now when i go to my board url i get a blank page. the index.php is there just and the database exists. Does anyone have a idea to what has went wrong?

--------------------------------------------
wiped forums reloaded db backup and reloaded files and ran upgrades again
works fine now

wonder what happened ...

PPN,

Did you upload all the new files, including vbulletin.style? Here's some further info on upgrading:

http://www.vbulletin.com/forum/showthread.php?s=&postid=147998#post147998

For the templates that aren't being used anymore (the pagenav ones in particular)...

will they get deleted by the upgrade script? or will they just be left alone...

just wondering.
thanks

Who's online DO NOT WORK ! :(

I'm running a vB 2.0.3 and i allready (and for all members) have the

// We were unable to parse the location message on the who's online...

Can it be due to my host ? Or anything else ?
I remember it worked on 2.0.2 ...

Can you help me ?

Thanks in advance...

Download 2.0.3 again and replace sessions.php

ok thanks a lot :)

Thanks iaewedar and Kier. Upgrading was a snap with the clarification. Nice improvements in the admin control panel. I sure like this bulletin board!

Regards,

Jeff

I'm not trying to "beat a dead horse" :)

On 7/31/01 at my location I downloaded the 2.0.3 archive with file dates of 7/31/01.

Today, 8/1/01, I downloaded again and the file dates have changed to 8/1/01. I went ahead and installed the new sessions.php from the 8/1/01 archive as I do not yet have time for an upgrade. I guessed at this. I presume I did the appropriate thing?

Respectfully, why don't the instructions at the top of this forum contain words about the latest archive and if you downloaded on or before xxx you should download again?

Respectfully, I would prefer a designation of 2.0.3a if anything has changed in the archive.

Please think this over :)

As said before the files are dynamically written every time they are downloaded depending on if you want .php, .php3, .php4 (whatever options you are presented with) so they will always have the same date of the day you downloaded them on. The archive was actually changed within an hour of being put on line to fix sessions.php so that online.php would work properly.

I'm running 2.0.1 and to be honest, I'm a bit paranoid to upgrade in fear of ****ing things up.

Sounds like if I upload "sessions.php" I'll be ok in regards to the security issue right? I prefer to do this.

What does the "sessions.php" file do and do I need to change the file permissions once uploaded.

Thanks
Mike

With vBulletin you don't need to touch file permissions, you can let that perl script burden go :) sessions.php controls who is currently logged in.

So pushing this file to the server will fix the security issue without haveing to fully upgrade? And or without a confict of some sort?

Do I need to back anything up before uploading the file?


Originally posted by freddie
With vBulletin you don't need to touch file permissions, you can let that perl script burden go :) sessions.php controls who is currently logged in.

Make please that at split thread, it was possible to transfer messages to already existing thread.

:confused:
I have updated from 2.0.0 to 2.0.3 I have problems????

I uploaded the files from the upload directory, except install.php. I have run update.10, update11, and update 12.

My forum now says I am running 2.0.3 this is ok.

The problem I have is the index page shows no sub forums?
The Posts, Threads, Last Post and Moderator columns are all empty?
It shows the threads and posts at the top of the page?

Please can somebody help? Where do I go from here?? My forum is at Carponline (http://www.carponline.com/Forum)

Thanks
Mark
mark@carponline.com

markrt--

Make sure you have the newest vbulletin.style uploaded. Go to upgrade12.php?step=2 . It should import your templates. If you get an error, we need to know what it is.

:) Hi

I have re-uploaded upgrade12.php, vBulletin.style and re-run 12.php.

Now all works well Thank you.

Mark

To Zombie Keeper


<So pushing this file to the server will fix the security issue without haveing to fully upgrade?

YES. That is correct.


And or without a confict of some sort?

NO conflicts have been documented. I have done it three times. I close the BB just to make sure and then do it. Takes about 30-to45 seconds. Open BB and see :)

Do I need to back anything up before uploading the file?

IMHO, before you alter any .php file you should always download your latest styles and do a mysql dump. Total time is about 45 seconds. Although NOT REQUIRED I prefer to be better safe than sorry

HTH and good luck

Hi

Found a little problem?

In “Edit Options” if I click on “Submit Modifications” this sends me to a totally blank page?

The “Edit Profile” page works.

Thanks Mark

What Kier's note meant (and he didn't phrase it quite exactly right the first time around) was that you need to make sure if you are upgrading from 2.0.1, you need to make any template modifications as specified in the 2.0.2 announcement as well as any in the 2.0.3 announcement.

So, from the 2.0.2 announcement, you must change
method="get"
to
method="post"
in your modifyoptions template.

Originally posted by tubedogg
What Kier's note meant (and he didn't phrase it quite exactly right the first time around) was that you need to make sure if you are upgrading from 2.0.1, you need to make any template modifications as specified in the 2.0.2 announcement as well as any in the 2.0.3 announcement.

So, from the 2.0.2 announcement, you must change
method="get"
to
method="post"
in your modifyoptions template. yup that's all i did change for my modifyoptions template as well :)

OK, I'm sure I can do this, my original install went so smoothly! BUT, I'm very nervous, so please bear with me as I double check everying I've been reading.

I am currently running 2.0.1 I need to:
[list=1]
Download & unzip files for 2.0.3
Upload all the script files to my server (I can skip the images, I would assume -- see how chicken I am that I even have to mention that?)
Open my admin control center and run upgrade11.php and then #12. Right? OK -- I don't see an upgrade option in my control panel. Will that show up once the new files are in place?
Assuming this is successful (and correct) rehack my board (and keep a written record this time so I can rehack more easily next time!)
[/list=1]
Am on on the right track here?

Also, I noticed it said the upgrade from 2.0.2 won't mess with my templates. I'm hoping the same is true for the upgrade from 2.0.1 through 2.0.2 to 2.0.3???

(where's the quaking with fear emoticon?)

~ Heidi

Originally posted by mbcguru
OK, I'm sure I can do this, my original install went so smoothly! BUT, I'm very nervous, so please bear with me as I double check everying I've been reading.

I am currently running 2.0.1 I need to:
[list=1]
Download & unzip files for 2.0.3
Upload all the script files to my server (I can skip the images, I would assume -- see how chicken I am that I even have to mention that?)
Open my admin control center and run upgrade11.php and then #12. Right? OK -- I don't see an upgrade option in my control panel. Will that show up once the new files are in place?
Assuming this is successful (and correct) rehack my board (and keep a written record this time so I can rehack more easily next time!)
[/list=1]
Am on on the right track here?

Also, I noticed it said the upgrade from 2.0.2 won't mess with my templates. I'm hoping the same is true for the upgrade from 2.0.1 through 2.0.2 to 2.0.3???

(where's the quaking with fear emoticon?)

~ Heidi

From my basic and elementry understanding, you are correct in how to upgrade

I upgrade to 2.03 from 2.01 and lost the Smilies !?

First time I upload all the 2.02 to my forum directory and run the upgrade11.php and show me a error message !

Database error in vBulletin Control Panel: Invalid SQL: ALTER TABLE profilefield ADD editable SMALLINT DEFAULT '1' NOT NULL
mysql error: Duplicate column name 'editable'
mysql error number: 1060

Then I download the 2.03 updated . and upload all the 2.03 to forum directory. and run the upgrade12.php only. it works !!

well, I just want to said nothing ! I can run the 2.03 now ! but only lost some function . like Smilies.... any idea ? :confused:

:rolleyes:

I'm posting this so others who get caught in the same situation know what to do. Here's my tale of woe and the solution.

I followed the instructions. I ran the upgrade scripts in the correct order (upgrade11, upgrade12) for my version, 2.01. My board was totally jacked. I got this when I try to connect:

"There seems to have been a slight problem with the database. Please try again by pressing the refresh button in your browser."

Let me repeat, I did not run the upgrade scripts out of order. What I DID discover is that, in the 2.03 config.php script (which overwrites the old one when uploaded as per instructed) the "dbname" field says "vbulletin". The OLD default, from 2.01, was "vdbforum".

Now, if you didn't stick with the default db names in the first place, you probably didn't get affected by this, because you knew to look to change it anyway. However, I am willing to bet there are a number of folks (like me) who just stuck with the default name when they installed 2.01. In that case, upgrading to 2.03, even if everything is done correctly, will hose you because the new config.php is looking for the wrong database name.

Once I went and changed it back, everything worked fine. It's a little thing, but from the looks of this thread some people could benefit from it. At the very least, the upgrade instructions should tell you to look for it.

Cheers,

There was no config.php in my download - only a config.php.new.

config.php.new contains the new configuration variables. Add these to your config.php and you are all set.

The upgrade was flawless for me.

-t

config.php.new is specifically named such so that when you upload all of the files, it doesn't overwrite your configuration details. When upgrading, you do not need to mess with config.php.new at all.

Originally posted by tubedogg
config.php.new is specifically named such so that when you upload all of the files, it doesn't overwrite your configuration details. When upgrading, you do not need to mess with config.php.new at all.

What about the new variables present in the 2.03 config.php? Or do they matter?

Reason I ask is because I renamed config.php.new to config.php before I uploaded it, thinking the new information was needed. I did add the correct mysql admin/password, because I needed to do that before. But the database name change went right by me. I can't be the only one....or maybe I can, dunno?

Everything that you need to know about the new additions to config.php is in the help system attached to the adminlog scripts - just open the adminlog page from your control panel, and click the link at the bottom of the page :)

I can not use the Smilies function after upgrade to 2.03 from 2.01 ? any idea ?

My forum can not see anything on the Left hand side when I post a new message or reply a message ! I can do it on 2.01 but not in 2.03 ?

Originally posted by Kier
Everything that you need to know about the new additions to config.php is in the help system attached to the adminlog scripts - just open the adminlog page from your control panel, and click the link at the bottom of the page :)

Do I make these changes in config.php.new from the install folder or on the server - or do I adjust config.php on the server?

On the server.

Originally posted by teach1st


Do I make these changes in config.php.new from the install folder or on the server - or do I adjust config.php on the server?

Thanks. Eventually I can figure all this stuff out, but I also think the vBulletin crew assume too much knowledge and experience by its user base, when that may not be the case. It seems to me -from the responses in this thread and by my own experience - that the help documentation is lacking.

Hi

Found a little problem?

In “Edit Options” if I click on “Submit Modifications” this sends me to a totally blank page?

The “Edit Profile” page works.

Thanks Mark

Originally posted by tubedogg
...you need to make sure if you are upgrading from 2.0.1, you need to make any template modifications as specified in the 2.0.2 announcement as well as any in the 2.0.3 announcement.

So, from the 2.0.2 announcement, you must change
method="get"
to
method="post"
in your modifyoptions template.

Thank You Tubedogg

The above worked.

I did not think that message was for me the first time you posted it.

Mark

since 2.0.2 you had to change the post method of modifyoptions template !

Originally posted by SteppenWolf
since 2.0.2 you had to change the post method of modifyoptions template ! Actually, you had to change the form method to POST (from GET), rather than changing the POST method... but u get the idea :)

I "mistakenly" deleted config.php.new after I upgraded from 2.0.0 to 2.0.1 , should I "make" a new one? I haven't upgraded to 2.0.3 (or 2.0.2) yet, is this going to cause me extra problems?

Thanks
Jbear62000

vB License info is located in my profile :)

If you're just upgrading, you don't actually need config.php.new -- that's for new installs.

But there are two new fields in there for the admin log viewing support in 2.0.3

There's a help file in the adminlog viewer that explain how to add them :)

Yesterday i have upgraded my german forum from 2.0.1 to 2.0.3. Ca. 2 hours offline work with Beyond Compare and translation Half an hour for uploading and rebuild searchindex.

No Problems during the procedure.

Originally posted by Ed Sullivan
If you're just upgrading, you don't actually need config.php.new -- that's for new installs.

IM POSTING THIS IN ALL CAPS HOPING TO GET THE POINT ACROSS THIS TIME.

IF THERE IS A SECURITY ISSUE THEN YOU NEED TO CONTACT YOUR CUSTOMERS VIA EMAIL AND INFORM THEM OF THIS. NOT EVERYONE VISITS THIS SITE ON A REGULAR BASIS, SO IT CANNOT BE CONSIDERED A VIABLE SOURCE FOR SECURITY INFORMATION.

LAST TIME I BROUGHT THIS UP I WAS TOLD THAT THE SOFTWARE WAS IN BETA AND YOU DIDNT FEEL THE NEED TO UPDATE US ON EVERY BUG DURING THE BETA PROCESS. WELL GUESS WHAT, ITS NOT BETA ANYMORE AND I WOULD LIKE TO BE INFORMED BY EMAIL WHEN A SECURITY BUG LIKE THIS IS FOUND. UNLESS OF COURSE YOU WOULD LIKE TO COVER ANY DAMAGES CAUSED TO MY SITE, FOR YOU NEGLECTING TO INFORM ME OF SECURITY PROBLEMS WITHIN THE VBULLETIN SOFTWARE

Chris Miller
(of course i get to look like an ******* for posting this, but noone else seems to care)

JELSOFT E-BULLETIN
http://www.vbulletin.com
August 1st 2001

------------ VBULLETIN 2.0.3 - SECURITY FIX --------------

Today we were alerted of a potentially serious security issue
that affects all current versions of vBulletin. We have now
released a new version of the software (2.0.3) into the
members area, and we strongly recommend that all customers
upgrade to this version as soon as possible.

Note: If you are unable to complete the full upgrade, you can
patch this security hole by uploading just the sessions.php
file from version 2.0.3 (available in the members area).

For complete information about this new version, along with
upgrade instructions, please visit:
http://www.vbulletin.com/forum/showthread.php?threadid=24116

To download vBulletin 2.0.3, please visit:
http://www.vbulletin.com/members/

You can log into the members area with the following details:

Customer Number: <my number>
Customer Password: <my password>

If you have any questions about this patch that are not
addressed in the web page above, please contact us at:
support@vbulletin.com

----------------------------------------------------------

This email sent to: <my email>

Copyright (c) 2001, Jelsoft Enterprises Limited

Chris,

The email that Ed cites above, was sent out and received by me during the afternoon when the 2.0.3 version was released. If you didn't receive it, then you need to confirm with Jelsoft that they have your proper email address and/or your internet service provider is functioning properly.

What could someone do to my board? (sessions.php bug thing)

Originally posted by TechTalk
IM POSTING THIS IN ALL CAPS HOPING TO GET THE POINT ACROSS THIS TIME.
Chris Miller
(of course i get to look like an ******* for posting this, but noone else seems to care)
I dunno about you, but I got the email from Jelsoft about the security thingy ... received on 07/31 and it was titled "JELSOFT E-BULLETIN - SECURITY FIX - VBULLETIN 2.0.3" ... might wanna check YOUR email carefully from now on... or check the email that you registered your software with...

Rubbish, read back through this thread. You'll find that 12 hours AFTER Jelsoft made this issue public I complained in this very thread that no e-mail had yet been sent - John posted a reply confirming and admitting that no e-mail had yet been sent.

Thus I wouldn't go jumping at people that they should have checked their e-mail more carefully - because no such e-mail was sent to start with. Jelsoft made the issue public first (to hundreds according to thread read count), then 15 hours later contacted paying customers (to thousands according to John).

I love vBulletin and I have high respect for the developers, after all I'm a former developer myself, but I hold very high concerns regarding why Jelsoft made such a decision.

As TechTalk has correctly highlighted, this is EXACTLY what happened during the 2.0.0 beta - a security issue arose, and they advised people here in the forums an entire day before they finally sent out an e-mail.

I would VERY strongly recommend that people subscribe to the announcements forum. That way you'll instantly know about urgent and serious issues a good 12-24 hours before paying customers are advised. Don't mean to sound like a ass, but that's a dead serious suggestion - seems this is the only way to stay abreast of anything urgent. :( :( :(

Chris (TechTalk) states that he never recieved an email. That is a different issue than receiving it 15 hours after 2.0.3 was released.

Subscribing to this forum won't do you any good because it won't send emails on new threads which is what you want.

I don't know what more you want - you were notified in a timely fashion, once again details of the security breach were not made available to allow you time to upgrade before becoming vulnerable, so we've done everything we can. Beyond that I have no idea what you want.

so we've done everything we can. Beyond that I have no idea what you want.
The point all along has been that paying customers should have been e-mailed, THEN details posted into the forums? It's been said over and over by a number of people, not just me. I find it insulting that you're stating you have no idea what we're asking.

Put it this way - Jelsoft publicly expressed appreciation for being privately advised of the security flaw.

Why do Jelsoft's paying customers not deserve the same? Is there a reason why vBulletin.com is the only vBulletin forum in the world that deserved to be patched up before Jelsoft made the issue public?

If the thousands of vBulletin owners who did not know about the issue until the 15 hour later e-mail were attacked, would that have changed Jelsoft's stance on delaying e-mail notifications by an entire day?

Honestly, I'm puzzled why this is such a confusing issue? This is now the second incident, god help us all when a third incident occurrs that this time enables people to remotely execute commands on our servers. :( :confused:

Placing a new version of vBulletin into the member's area without announcing anything would cause more problems than good. Sending thousands of emails doesn't take seconds unless you want to overload the server. This server has (I believe) four sites running on it, two of which have 75+ average concurrent user forums on them. 15 hours later is still within the realm of a timely fashion given the circumstances. The email was not delayed for any other reason than logistics. If it happens again the same actions and steps will be taken.

Once again, details were not given. If a hacker discovered the flaw and used it against a site it wouldn't matter whether or not we announced that there was a flaw - the hacker would still be just as able to use it as if we had not announced it. Saying "there's a security flaw" does not make someone any more able to hack into a program than if you don't say that. I don't see why it's such a huge deal that we say there's a security flaw.

vbulletin.com is always patched up before a release just to test the upgrade process in a production environment. It has nothing to do with securing against possible exploits.

Personally - am not allowed that luxury? - notification of security exploits the same day that they are discovered in a production release is very acceptable to me. The vast majority of feedback has been supportive of our actions in this manner.

I've been following this thread and it's becoming ridiculous....

The facts remain:

1. I received an email notification from Jelsoft approximately 8-10 hours after the damn announcement was made here. Now, it didn't just materialize out of thin air and I have better things to do with my time than compose fake emails and send them to myself. So....it must have come from Jelsoft, and it was worded the exact same way as in Ed's post.

2. Why did I receive the email and Chris...you didn't? Who knows.....maybe they just throw a bunch of names in a hat and pick one every hour.

3. The reliability of internet service providers has been dramatically decreasing over the last 4 months due to the implementation of new, more strict anti-spam software. Microsoft Network is notorious for this. Some of my email doesn't come through for 2-3 days and others come through in seconds. Why? I have no clue.

Chris, you have two choices, either contact Jelsoft and find out why you never received an email, or why your email was delayed 15 hours or whatever the case may be, or contact your service provider and start running a serious inquiry. But beating this subject silly here is pointless. Everyone made a big deal out of it last time it happened with one of the Release Candidates, and I'm sure John is not deaf, dumb and blind. I'm sure he saw the responses from everyone and took them into consideration for the future. Why things worked out the way did this time is anybody's guess. If it really bothers you as much as it does, then take it private between Jelsoft/ISP and yourself.

AMEN (E.O.M.)

I am happy to know that an e-mail was sent but I never received it. I dont think i need to check my host because I AM MY HOST, and ive been without interuption for 2 years now.

The e-mail in my registration is the same as the one here so why I didnt get the e-mail who knows.

RobAC you're talking to the wrong person, I'm not one of the people who didn't get it.

Originally posted by TechTalk
I AM MY HOST, and ive been without interuption for 2 years now.

That's pretty good, OT, who's your upstream?

P.S. I do still agree about the email before the announcement. It's basic to me but it isn't the biggest deal in the world. Good hackers will find their way into anything and the only thing the popularity of the internet has done to make life easier is create so many targets that you (meaning most everybody) are pretty safe because the hacker has so many choices to choose from, why you?

Maybe it was not a prefect arrangement, and it would have room for improvement in the future, but I believe it is already the best effort Jelsoft had done so far :D

I think the only thing Jelsoft should do is be more responsible and carefull of their actions.

If Jelsoft also wants to license their board to larger companies, then they should be most aware of FIRST informing their users, and then the rest of the world.

that's also the reason larger companies sometimes use software that might not be the best, but are the best supported.

Jelsoft is a company that makes very nice software, but still can't give good support (besides this forum).

The funny thing is that Pine (the people who discovered the securitybug) found it out while modifiying our company's forum.
And still....Jelsoft hasn't send out an official notification.

So do I have to rely on external companies to fix my security-issues in your forum, since I still haven't been officialy informed.

Or is it to big a problem for Jelsoft to send a couple of thousand e-mails?

Goodieman: An email WAS sent out to all license holders. If you didn't receive it you need to make sure the correct email address is set in the members' area. Whichever way around we do it - whether it is announced here or via email first, there will be people who don't like it. I personally prefer it being announced here and I see no reason why it should be any other way, but I accept the fact that other people feel differently.

An official notification was sent just hours after it was added to the members' area, hopefully in future they will be done at the same time but I see no reason why it should be done by email first.

thnx for your reply

my reason for sending an email first is simple.

if you post it first on a forum, then the majority of licence-holders (who don't visit this forum) don't know about the bug and are vulnerable.

when you immediatly send an email first, the right people are informed. Not just every **** who visits this forum.

I understand the thought behind these actions, but I think it's not the correct behavior for a company (and I speak of Jelsoft here) that wants to be taken seriously.

you have to understand most company's do have other things on their mind and don't have the time to visit this forum every day or week.

PS. and I don't know if it's such a wise idea to put your version number in the bottom of your page. Certainly not when people can see you're vulnerable for certain hacks.

For all intents and purposes it was done simultaneously. Emailing thousands of people doesn't take just minutes to set up, nor to do, because as I said before, the server that it is being sent from is being used for three high-traffic websites and at least one other site.
Yes, unscrupulous people could come here and find out that there is a security hole in a certain version and attempt to exploit that; however there were no details given so the hacker is working in the dark and has as much chance of finding a hole as if he didn't know there was some kind of hole.
Posting a new version into the member's area without explanation and listing changes that need to be made to templates would create mass confusion and would not make things any better.

Originally posted by Goodieman
Jelsoft is a company that makes very nice software, but still can't give good support (besides this forum).


I dont think that is a very fare statement at all.

I will admit I didnt receive an email stating a new version had been released.

And as stated by someone else, the internet is not fault tollerant - and at the time I was tinkering with CPOP hehe which is probably why I didnt get it :o.

Im very satisified with the level of service/support from Jelsoft - thats why I recommend only vBulletin to my customers :)

Once again, we're arguing over brass tacks here. A few things to consider here.....

1. Email is unreliable. As I've stated before, more and more ISPs are implementing anti-spam software which is not predjudice....it will delay or prevent pertinent email from getting through....oh sorry, did you say you are you're own ISP? Well...that's very impressive, but hopefully your up-stream provider isn't VDI.

2. There are a lot of dedicated customers here that are able to take just a few seconds out of their extremely busy schedules and come over to these forums to check in, and sometimes participate.

3. I hate to tell you, but if I had my own company, I'd post releases in my support forums first and here's why:

The people that do hang out in these forums, for the most part, are pretty damn smart and not only know this software in and out, but have contributed a hefty list of hacks and offered countless hours of help to other members. If my company is releasing a piece of software, I would want to release it to those that not only do spend their time in my support forums, but are going to take that piece of software, run with it, install it immediately and report back *here* as to whether or not they, for some reason, had any installation problems.

Think about it.....Jelsoft will get a much quicker customer response back *here* than they will waiting for a damn email to float in. And, if for some reason, a mistake is made (we *are* all human), and a correction needs to be made, they can do it quickly and make a new release.

In my eyes, as an extra measure of insurance, I'd rather slowly release my product at the beginning to a small population of people (these forums) rather than the whole world just so that if for whatever reason, there is a problem, the entire population (AKA customer base) isn't subjected to it, including those of us who will take the very first opportunity to whine about the fact that the sky is blue?

Now, I am more than willing to admit, that yes, I am bias in favor of how Jelsoft handled the situation. Why? Because I do try to pop into these forums when I can. Why? Because I try to take an active stance in insuring that my own online community is up-to-date. And I do that by coming to these forums and learning about the product that I invested in, and that my community members (and if you're running an online business - aka "customers") rely on. Now before I start seeing people say "well I don't have the time...." bull. Takes two seconds to make a couple clicks and you're here. If your daily schedule is so busy that you can't take 5 -10 minutes to pop over to a web site, then you really should consider taking a course in time management.

Originally posted by tubedogg
For all intents and purposes it was done simultaneously. Emailing thousands of people doesn't take just minutes to set up, nor to do, because as I said before, the server that it is being sent from is being used for three high-traffic websites and at least one other site.

First of all, I want to reiterate that I'm not trying to give a hard time to jelsoft and am not mad as some others are. But I think sometimes people need to step out of the shoes they are in and try to look at things from someone else's shoes. Even though I certainly think jelsoft is very much a company to be taken seriously, there is a good point about large companies not liking very much having a release announced here first. I don't think hackers should be underestimated and it isn't as hard to figure out the hole as you may think. It obviously came about from the sessions.php. And if the person hacking happens to own vb, then by looking at the changes they can easily figure out what the bug was.

If you are the NYTimes or the federal government or the FBI website and you want your site to have the best forum software around, namely vb, you aren't going to be checking this place on a daily basis once it's installed. You need to be notified before the rest of the world is in this forum.

It seems to me the moderators are thinking in their shoes and the shoes of the soul of the vB community, which is the guys that visit every day (like me :) ), but in all fairness, I'm with the corporate guys who can't afford to allow a hole to exist in the open like this before the email. It may seem trivial to you but it isn't to corporate guys.

And I've also made the same comment about the version number. About the only person who will be looking at it is someone trying to hack into a site and maybe a few vb enthusiasts looking at other vbs. Not a good enough reason to make it standard.

I don't really want to harp on this because most of the issues have been discussed to death but I will add one more point. The excuse about taking a long time to send out emails because there are 3 high traffic servers being used for the same purpose is not an excuse at all imo. If this is an issue get a fourth server or much easier, outsource. There are companies that specialize in this. The guy running a forum at Ford or GM or GE doesn't care that you have 3 high traffic servers and don't want to overload your server just to inform them of a security issue.

Once again, please don't take my post the wrong way. It is meant constructively. I have referred a Fortune 500 company to vB and in the next year or so they will be buying a vB for one of their sites. But I speak w/ the tech guys @ that company many times a day and this is certainly a concern for them.

Originally posted by dwh
And I've also made the same comment about the version number. About the only person who will be looking at it is someone trying to hack into a site and maybe a few vb enthusiasts looking at other vbs. Not a good enough reason to make it standard.

Perhaps this should be made another thread, but for the time being to maintain context....

If I understand the license agreement correctly we cannot modify the copyright statment, including ther version number, without violationg the agreement.

Personally security by obscurity is not the right approach, but when all the other prudent and available measures are taken, at does have its place.

Perhaps an amendment/change to the license agreement can be made to allow for removal of only the version number information from the generated pages?

-- Brian

Originally posted by Daroz
If I understand the license agreement correctly we cannot modify the copyright statment, including ther version number, without violationg the agreement. General consensus is that as long as you have a copyright, you're fine. So feel free to remove the version number or use a fake number. ;) I think the most common one I've seen is:


Powered by: vBulletin © 2000, 2001, Jelsoft Enterprises Limited. Or similar.

I just upgraded, everything went dandy, good job dev team!

Stop all this fighting - true great persons and companies - can say "sorry - mistake - will try hard to do better" - and then they can keep the respect, somethimes "we did the best...." just make the dis-respect greater. There is nothing wrong in learning - hopefully we will all learn for the rest of our life.

First I was happy to recive info on the security issue - thinking paying members got nformed first - then I see otherwice........


Why not stop - think - and learn

Next time - if ever - inform paying coustomers first.

Then inform this board and all its members

Then inform the rest of the world

------ and to all the complainers - do not get fanatics on this - you have made your points

----------

I have my "dreams" of changes in vB - and write about that every now and then - bit realy try not to be fanatic - one could say, if you do not like the smell - get out....

but could someone please - by now - inform what this security issue is all about

I am speaking for myself here, but I don't think we did anything wrong and I hope we do nothing wrong the next time and the time after that. Paying members did get informed first, right here on this board, and through the email that was sent.

Someone mentioned outsourcing this. If you'd like us to spend the money to send a bulletin so that it happens at the exact same second as the announcement here is posted, fine, but don't complain when prices go up as a result.

The security issue will not be discussed or published in detail for at least another three weeks to allow everyone time to upgrade.

Originally posted by tubedogg


The security issue will not be discussed or published in detail for at least another three weeks to allow everyone time to upgrade.

I can guarantee you that there are others like myself out there that didn't get the notice and STILL don't know about the security issue.

So you may want to try your e-mail again before releasing any info on this or you may just have a few unhappy customers. I know if my server was manipulated in anyway, as a result of jelsoft not informing me of a known security issue with their software, we would have problems and I would come directly to jelsoft.

Why on earth would you (vb) want to release details of the security issue on this forum or anywhere else for that matter? Surly this information is a total irrelevance except only to hackers and potential "have-a-go" types.

I really don't understand your thinking on this.

Really, your efforts should be towards ensuring all legitimate owners have the upgrade notice, and as TechTalk said, problems caused by the release of the security issue could well fall to your company and this wouldn't be pleasant at all.

Well done better than well said !

let us do our best by using the wonderful software !

I am using a 2.03 now !! :rolleyes: :)

sound good kengan - agree

"life to short to getting on like that"

Thanks to everyone here who posted information on the upgrade and how to do it and especially to Phil who posted such a clear explanation for Bobbi I followed that verbatim and the upgrade (which I was dreading) worked yay!

There was one weird glitch during the upgrade I have no idea why but upgrade11 and upgrade12 went missing from the admin folder during ftp uploads. I do not know if this is related to them loading before vbulletin styles or just one of those unexplainable computer mysteries that happens but I had folder copies saved in case so I re-uploaded them alone and then everything went fine.

I do have a question. After upgrade12.php ran, the page directions told me to delete upgrades 1-11 but did not mention 12. Should I leave that on the server or delete it as well?

Thanks again.

You can delete all the upgrade*.php files without any side effects.

The number in vbulletin.style doesn't really mean anything when importing via upgrade12.php (or any upgrade script).

It does here:
Upload existing style set: (from your computer)
Style file: (upload from computer)
Overwrite style existing style ( Default No, create a new style)
Use style file even if it is for a different version of vBulletin (Yes No)
(if this method doesn't work, try the below method)

Yes, I know. That's why I said it means nothing in upgrade scripts (as there's no version check), which is where you should be importing the default style from (almost all the time at least).

The version number just wasn't changed until after the file was generated.

Well if this is a dumb question you can kick sand on me or something but did you run php11 first? Php 12 is for upgrading from 2.0.2 to 2.0.3 and if you have not run php11 to upgrade to 2.0.2 before running php12 that might be the problem?

When I first found out about the upgrade last month, I put off the upgrade for a couple days until I could think clearly about it. Well, it never got done, so now i'm gonna do it. Could someone please review with me?


I'm running 2.0.1, so........

I downloaded the most recent files. Now I need to .........

hack the 2.0.3 files that I had hacked in 2.0.1
upload all the program type files (not the graphics, smilies, etc. since those are as I want them)
run upgrade11.php & upgrade12.php


Is that all?

How exactly do I run the upgrade programs? Will they show up in admin or do I run them through my location bar?

I have a number of changes to the templates in the admin area. Will they stay as I put them, or revert back so I have to do them over?

Sorry to post such basic questions again, but with 230 replies to the thread it was difficult to sort through it all and find the specific information I need. Thanks for your time!

Is that all? Yes. Please note vbulletin.style *IS* a "program type file." :)


How exactly do I run the upgrade programs? Will they show up in admin or do I run them through my location bar? Just type them in the address bar. All you really have to do from there is click "next step" a couple times.


I have a number of changes to the templates in the admin area. Will they stay as I put them, or revert back so I have to do them over? Any templates you have customized will *not* be overwritten. You should look at the 2.0.2/2.0.3 announcements and see what templates changed. If you have customized any of those templates, you will need to change it(easiest way is to revert and recustomize).

Just a recommendation but I would backup your 2.01. files and then do upgrade from 2.0.1 to 2.02. to 2.0.3 and after that is working properly then reinstall your hacks using something like beyond compare.

Just a thought.

ED ~ I don't get the reference to vbulletin.style. Are you saying I need to upload it since if fits in the "program type files" category?

I looked through the list of changed templates. I don't think any of them are the ones I changed, but I'll be sure to note such things before I start working. :)

Webhost ~ OK -- my 2.0.1 files are up to date on my hard drive. I suppose I should back up my database, but I haven't the slightest clue how. :(

I took a quick look at beyond compare. Does it actually make the changes for me, or does it just tell me where they are? And I do it AFTER the files are on the server?

Thanks yet again. ~ Heidi

it just shows differences in the files you have to convert but you can do that with beyond compare

OK, cool. Thanks. My hacks were only minor changes, so I probably don't need a program to tell me, BUT! I just may in the end. LOL. Thanks.

go to members area it is a free dowload for 30 days I believe

i upgradedf rom 2.0.1 -> 2.0.3, and seems that $pagenav in showthread.php is returned back empty and thus no navigation is shown in threads with multiple pages. Has anyone seen this before?

That happens when you forgot to upload 2.0.3's vbulletin.style or showthread.php. If it's the former, you can "upload" (import) it through the CP.

thanks! Turns out I had the 2.0.1 showtrhead.php on my local copy, no idea how that happened.

I feel that I have to put my six pence share in here.

As far as I am concerned, the only reason why I know about this upgrade is because I received an email notifying me of its relase and advising me to upgrade immediately. Meybe I am preffered customer ;). Jelsoft always replied promptly to all my email questions, before and after I purchased VB. With all different customer support people I have to deal with, Jelsoft is an example of how to do it and do it right. All the others could learn a thing or two from these guys. My only concern is that they do not get too big for their own shoes!

PS. Where is the spell checker gone?

Originally posted by surfdude
I feel that I have to put my six pence share in here.

As far as I am concerned, the only reason why I know about this upgrade is because I received an email notifying me of its relase and advising me to upgrade immediately. Meybe I am preffered customer ;). Jelsoft always replied promptly to all my email questions, before and after I purchased VB. With all different customer support people I have to deal with, Jelsoft is an example of how to do it and do it right. All the others could learn a thing or two from these guys. My only concern is that they do not get too big for their own shoes!

PS. Where is the spell checker gone?

I think we have a pretty realistic mix of people here, so I have great confidence that we won't become an unnamed competitor. We do make mistakes, but we learn from them.

Thanx for the positive feedback, it's always appreciated :)

As for the spellchecker, spellchecker.net quit providing service and to program one in would require lots of server resources, so it would become unmanagable on shared hosting accounts.

Hi all,

We just installed vBulletin 2.0.3, and well I must say this is a
very nice bulletin board. Just thought I would let you know.
Hopefully we do not find to many bug's (or any). Had a small
error when setting the board up, but all seems to be working
fine. -shrug-

Best Regards,

Originally posted by GetMeHosted.com
Hi all,

We just installed vBulletin 2.0.3, and well I must say this is a
very nice bulletin board. Just thought I would let you know.
Hopefully we do not find to many bug's (or any). Had a small
error when setting the board up, but all seems to be working
fine. -shrug-

Best Regards,

GOOD !!

cool this is being done at the moment. :D
i wanna marry vBulletin :D

I am upgrading from 1.1.4. Okay, so I'm slow . . . I'll get there eventually :D!

Anyway . . . per instructions, I ran upgrade1.php in my admin area. I got this message:


Please be sure to upgrade your config.php to vBulletin 2.0 standard before continuing with the upgrade.

What does this mean? In fact, I have a copy of 2.0 here on my machine - there isn't a config.php included with that version!

Thoughts? TIA :)!

There should be a config.php.new file - you can rename that to config.php and edit it as appropriate.

Also, can you please enter your license details into your profile? This will entitile you to priority support if you have any issues in the future - thanks! :)

Thank you . . . found the file (duh) and edited appropriately, uploaded fresh copy . . . now the database has errors. Sigh.
Next step is . . . ? Revert to old copy and restore backup?

(Thanks for the profile tip . . . went and filled in my info.)'
**
Edit: For future reference in search: The answer is YES - revert to old files, and start over. Wasn't necessary to restore DB backup.

I completed the updates from 2.0.1 - 2.0.3 with no problems encountered.

The admin secttion changed but all the other pages / index.php etc. did not change? It still said 2.0.0beta at the bottom.

What may have gone wrong? thanks

if you have a custom footer you must revert to new footer template and then move your changes from your custom footer template into it.

So this is probably a REALLY dumb question but....... Where do I download the upgrades? What am i missing? Secret handshake?