[mccode] Profile Signatures

[DeaTH_RideR]

Re: [mccode] Profile Signatures

this uses html code not bbcode

[chris3010]

Re: [mccode] Profile Signatures

Who said i was using bbcode?

[Eternal]

Re: [mccode] Profile Signatures

 

I used Joel's v2 profile sig mod but i get this error when i go into preferences and then click on profile signature.

Fatal error: Call to undefined function signature_change() in /home/urbanwar/public_html/preferences.php on line 43

Just means that you don't have the correct spelling or the function in the preferences.php page

I would suggest going through it and checking on where that functyion starts./

[Zero-Affect]

Re: [mccode] Profile Signatures

 

I used Joel's v2 profile sig mod but i get this error when i go into preferences and then click on profile signature.

Fatal error: Call to undefined function signature_change() in /home/urbanwar/public_html/preferences.php on line 43

Just means that you don't have the correct spelling or the function in the preferences.php page

I would suggest going through it and checking on where that functyion starts./

it happens to the best of us :-D

[furn355]

Re: [mccode] Profile Signatures

was there ever a bbcode version of this made, i cant find anything in teh search :mrgreen:

 

nevermind done it myself

[scottbee2k8]

Re: [mccode] Profile Signatures

Parse error: syntax error, unexpected $end in /home/corrupted-warz/public_html/preferences.php on line 199

it keeps coming up that right and i keep trying stuff but the line 199 has got ?> but i think there is ment to be more there and i have done something to it or something like that can you help me please

[Lithium]

Re: [mccode] Profile Signatures

line 199 is "?>" and the error says "unexpected $end", you think it there is ment to be more... i think you should check the previous code as you are probably missing some closure's like } or ) or ;

[reek13]

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

[Zero-Affect]

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

...into

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

simple is it not?

considering this modification does not look secure in the slightest i would recommend not using it, i have posted earlier afew simple functions on another post which may help against simple attacks.

Considering i could easily take control of your website and even make you make me admin from anyone using this code.

[a_bertrand]

Would be great that you post the reasons why such mod is not secure then, as just saying you could take control over a site is too easy if you don't really offer any solution.

[Zero-Affect]

Good point i did direct them to a previous post without a link, Simply you have no protection on the inputted string which will allow users to do almost anything.

Allowing HTML in signatures could be auto refreshed to viruses or simply make you make them admin using a simple Injection (which i will not post).

A obvious but very rarely used protection against attacks like this would be the very well known striptags() function which only allows what code you direct it to allow.

There maybe a newer way of doing this but i have been away from PHP for afew months now and am working on old experience with Signature being one of the most exploited things i found on MC codes. Other solutions could involve only allowing Alpha and Numeric chars to be inputted which would stop the simple decoding of chars to make a HTML string work with striptags included.

Researching possible ways your code can and will be attacked is about 80% of the whole idea of coding something. Everyone wants a easy way of doing something and every little 12 year old can easily get a injection from google. They see it as a game yet you should look at it as your business.

htmlentities()

striptags()

ctype_alnum()

search on http://www.php.net

3 helpers which i consider my favorites against wannabe hackers

[Uridium]

HTML in forums or Signatures is always a bad thing not everyone is nice and stick to the rules whilst others like to place onloads into a html tags and have your page redirected. tick with BBCODE if you want my advice...

[seanybob]

HTML in forums or Signatures is always a bad thing not everyone is nice and stick to the rules whilst others like to place onloads into a html tags and have your page redirected. tick with BBCODE if you want my advice...

BBcode is better than nothing (but it can be just as bad as HTML if you use a crappy BBcode engine).

http://htmlpurifier.org/

I've never used HTML Purifier, but I've heard good things about it.

[Zero-Affect]

all the options are there to filter/secure it if looked at properly, HTML Purifier only works with PHP 5 i believe

[a_bertrand]

You may also use something derived from my "BBCode" or HTML cleaner here:

A simple BB code support as well as filtering the HTML

It ensures that only some tags are accepted and those tags with only the defined parameters.

[morgan1122]

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

i have

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

[morgan1122]

I am sorry this is an old post but i want Profile Signature for my webiste can someone add a V2 working and tested Profile Signature codes please

[morgan1122]

Best to buy one of theys people :D

[Darkwolf]

Wow I was just going through this thread, and reading the old posts I made about not posting up my code for the sigs code I had, now I wish I had. Shut down my game years ago, thinking of coming back as a classic (actually working on a MMORPG these days), but the hard drive I had the code on was stolen and disk backup was lost years ago. :(

[Paul Evans]

ALTER TABLE users ADD `signature` text NOT NULL default ''