Dayo

i just updated the script on my site click herefor the list of updates sorry i havent updated them in a while ive had problems at work so i have had less and less time to do it :( so sorry for all these delays but it will be worth the wait

for $4 you may get some1 to secure a single file but the whole mccodes scripts ... i think not

i only read the 1st post but insted of showing themto secure mccodes why not just have an article on securing there coding, it would be better to teach owners rather then to show them to put 1 thing here and another here etc...

that is a big NO NO to convert it use the V2-V1 conversion tools in the mccode section (it may be in the free mods)

// This is an un-secured modification, sorry all you are doing is checking the users to see if they are in jailor hosp then if they are youare using die() (use $h->endpage();exit; that way it dont mess up the layout) also thereisno need for the (int )rand(100,999) as you have removed the link to the slots other then that it looks like the normal explore just edited slightly

im on one of my 15 min breaks, i will fix a few little bugs found on the forum to save me time sunday (im on my iphone so wont be as fast as usual)

hiya, just as i was reading throgh the last relese of the code and making it more neater and adding the nessasary notes (for easy editing later on) i found a rather big bug that i dint remember when i was coding (the part where you can change the name and settings like this) $forum= new forum; $forum->start('p'); //only show public forums $forum->start('g');//only show gang forums (if you have the privalages to do so) $forum->start('s');//only show staff forums (if you have the privalages to do so) $forum->start('s/g');//only show staff and gang forums (if you have the privalages to do so) $forum->start('a'); //show all the forums (if you have the privalages to do so) then call that whatever you like gang_forum.php, what_ever_you_like.php etc... so all i have to do is go throgh the files and change a few things, havent got time tonight/tomorow as im at work (17h shift :thumbdown: ) im very sorry for this most basic mistake :rolleyes:

yes that is currently offline till i can find a better way to record what user has -/+ another user (if you get what i mean) i was using something like 1-12-14-154-356 (user IDs) then using explode but then if the user decides to -/+ loads of ppl then your db column will show errors

think there was one but i recon it would be a simple edit to the itemuse.php and inventory

Is it fully secure? test it out yourself http://www.cddesigns.org/forum/ people have tryed and any holes have been delt with When can i buy it? if all goes well friday

the final version will be up tomorow night and will go on sale friday (if all goes well) the price is $7.50 what is very cheap as there are 1250 lines of coding (excluding NBBC) and that will reach near on 1600 when finished ^^

ive just got a few things to do then i will be finished iwill be adding the admin cpanel and user cpanel soon also i have added the delete catagory/forum with the ability to move the forums/topics to other areas or to just delete them. or can you think of a better way?

check it passes the sig img tags throgh the img tag i supplyed NOT an existing one eg if there is the old img tags, this does not overide them

no problem mate i hope this will help many out :thumbup:

ill help out too just give me a shout when needed

<?php if($_SERVER['PHP_SELF'] == __FILE__) { header("Location:index.php"); exit; } class bbcode { function secureimg($img) { $img=str_replace(array('/.', '&'), array('.', '&'), $img); $img2=@getimagesize($img); if (@is_array($img2)) { return $img; } else { return 'images/broken.gif'; } } function bbcode_parse($text) { global $ir, $db, $userid, $set; $text = htmlspecialchars($text); $text = preg_replace("/\[b\]/", "[b]", $text); $text = preg_replace("/\[\/b\]/", "[/b]", $text); $text = preg_replace("/\[i\]/", "[i]", $text); $text = preg_replace("/\[\/i\]/", "[/i]", $text); $text = preg_replace("/\[u\]/", "<span style='text-decoration:underline;'>", $text); $text = preg_replace("/\[\/u\]/", "</span>", $text); $text = preg_replace("/\[s\]/", "<s>", $text); $text = preg_replace("/\[\/s\]/", "</s>", $text); $text = preg_replace("/\[sub\](.+?)\[\/sub\]/", "_$1", $text); $text = preg_replace("/\[sup\](.+?)\[\/sup\]/", "^$1", $text); $text = preg_replace("/\[big\](.+?)\[\/big\]/", "<big>$1</big>", $text); $text = preg_replace("/\[small\](.+?)\[\/small\]/", "[size="1"]$1[/size]", $text); $text = preg_replace("/\[list\](.+?)\[\/list\]/", "<ul>$1[/list]", $text); $text = preg_replace("/\[olist\](.+?)\[\/olist\]/", "[list=1]$1[/list]", $text); $text = preg_replace("/\[li\](.+?)\[\/li\]/", "[*]$1", $text); $text = preg_replace("/\[font=(.+?)\](.+?)\[\/font\]/", "<span style='font-family:$1'>$2</span>", $text); $text = preg_replace("/\[size=(.+?)\](.+?)\[\/size\]/", "<font size='$1'>$2</font>", $text); $text = preg_replace("/\[url=(.+?)\](.+?)\[\/url\]/", "[url='$1']$2[/url]", $text); $text = preg_replace("/\n/", "&nbrlb;", $text); $text = preg_replace("/\[email=(.+?)\](.+?)\[\/email\]/", "[email='$1']$2[/email]", $text); $text = preg_replace("/\[email\](.+?)\[\/email\]/", "[email='$1']$1[/email]", $text); $text = preg_replace("/\[left\](.+?)\[\/left\]/", "<div style='text-align: left;'>$1</div>", $text); $text = preg_replace("/\[center\](.+?)\[\/center\]/", "<div style='text-align: center;'>$1</div>", $text); $text = preg_replace("/\[right\](.+?)\[\/right\]/", "<div style='text-align: right;'>$1</div>", $text); $text = preg_replace("/\[quote name='(.+?)\'](.+?)\[\/quote\]/", "<div class='quotetop'>Quote($1)</div><div class='quotemain'>$2</div>", $text); $text = preg_replace("/\[quote\](.+?)\[\/quote\]/", "<div class='quotetop'>Quote</div><div class='quotemain'>$1</div>", $text); $text = preg_replace("/\[style=(.+?)\](.+?)\[\/style\]/", "<div style='$1'>$2</div>", $text); $text = preg_replace("/\[quote\](.+?)\[\/quote\]/","<div class='quotetop'>Quote</div><div class='quotemain'>$1</div>", $text); $text = preg_replace("/\[code\](.+?)\[\/code\]/","<div class='codetop'>Code</div><div class='codemain'><code>$1</code></div>", $text); $text = preg_replace("/\[codebox\](.+?)\[\/codebox\]/","<div class='codetop'>Code</div><div class='codemain'><code>$1</code></div>", $text); $text = preg_replace("/&nbrlb;/", " \n", $text); $text = preg_replace("/\[colour=(.+?)\]/", "<span style='color:$1;'>", $text); $text = preg_replace("/\[\/colour\]/", "</span>", $text); $text = preg_replace("/\[color=(.+?)\]/", "<span style='color:$1;'>", $text); $text = preg_replace("/\[\/color\]/", "</span>", $text); $text = preg_replace("/\[br \/]/", " ", $text); $text = preg_replace("/\[br]/", " ", $text); $text = preg_replace("/\[hr \/]/", "<hr />", $text); $text = preg_replace("/\[hr]/", "<hr />", $text); $text = preg_replace("/\[list\]/", "<ul>", $text); $text = preg_replace("/\[\/list\]/", "[/list]", $text); $text = preg_replace("/\[olist\]/", "[list=1]", $text); $text = preg_replace("/\[\/olist\]/", "[/list]", $text); $text = preg_replace("/\[li\]/", "[*]", $text); $text = preg_replace("/\[\/li\]/", "", $text); $bbcode = array(1 => '/\[img\](.+?)\[\/img\]/e'); $html = array(1 => '"<img src=\'".$this->secureimg("$1")."\' alt=\'User submitted image\' id=\"img\" title=\'User submitted image\' />"'); ksort($bbcode); ksort($html); //preg_replace to convert all remaining bbCode tags $text = preg_replace($bbcode, $html, $text); return nl2br($text); } } $bbc = new BBCode; ?> this is untested

i have just posted this in the PHP section today go and check it out :D

This is a small simple way to secure tags on forums or just about anywhere you use bbcode function img($code) { $code_treated = htmlspecialchars($code); $bbcode = array(1 => '/\[img\](.+?)\[\/img\]/e'); $html = array(1 => '"<img src=\'".secureimg("$1")."\' alt=\'User submitted image\' id=\"img\" title=\'User submitted image\' />"'); ksort($bbcode); ksort($html); //preg_replace to convert all remaining bbCode tags $post_bbcode_treated = preg_replace($bbcode, $html, $code_treated); return nl2br($post_bbcode_treated); } function secureimg($img) { $img=str_replace(array('/.', '&'), array('.', '&'), $img); $img2=@getimagesize($img); if (@is_array($img2)) { return $img; } else { return 'images/broken.gif'; } } now all you do is wrap img() around the text and ur done

Fixed the subject, can you tell me how you spoofed the image tag, would help me fix it

yea the forum has been updated to 0.25.B here is the TOPIC 0.30.B will be relesed soon with the karma working, just gota finish a problem with the timestamp and the not letting people rate the same person twice

it dosent have skinning, buti will make a few themes for the forum, not just the 1 blue theme plus it is all CSS so would be easy to edit

if im right that gangs was a drop in so the sql is mccodes V2 so we cant give it out ...

as soon as im sure there are no bugs/exploits

new topic - fixed bbcode - fixed (added NBBC) :thumbsup:

"but honestly seems a lot of work" - intergrating existing forum software into mccodes or 4 files added to your server and 1 edit - as for themes not everyone make a theme for SMF, PHPBB, VB etc... :thumbsup: