Joshua Posted October 15, 2009 Posted October 15, 2009 **NOTE** I did not make this. This was made by Karlos as a Free mod on a differant forums. It is secured to the best of my knowledge and I have been using it. I am just getting 1 small error in that it's giving me a fatal error call to $h-endpage on a non member object. It's the Endpage where Sex Change is. if anyone could fix that small error, this is a great pref secure. <?php include_once (DIRNAME(__FILE__). '/globals.php'); // XSS Prevention function NoXSS($Var) { return (get_magic_quotes_gpc()) ? htmlspecialchars($Var) : addslashes(htmlspecialchars($Var)); } $_GET['act'] = isset($_GET['act']) && ctype_alpha($_GET['act']) ? trim($_GET['act']) : 'Index'; switch ($_GET['act']) { case 'SexChange': SexChange(); break; case 'PassChange': PassChange(); break; case 'NameChange': NameChange(); break; case 'DPChange': DPChange(); break; case 'ForumSig': ForumSig(); break; case 'ProfileSig': ProfileSig(); break; default: Index(); break; } if (!in_array($_GET['act'], array('Index', 'SexChange', 'PassChange', 'NameChange', 'DPChange', 'ForumSig'))) { Error('Invalid Command!'); } // Index Function function Index() { echo '<h3 style="text-decoration: underline;">Your Preferences</h3> [url="prefs.php?act=SexChange"]Sex Change[/url] [url="prefs.php?act=PassChange"]Password Change[/url] [url="prefs.php?act=NameChange"]Username Change[/url] [url="prefs.php?act=DPChange"]Display Picture Change[/url] [url="prefs.php?act=ForumSig"]Forum Info Change[/url] [url="prefs.php?act=ProfileSig"]Profile Sig Change[/url] '; } // Sex Change Function function SexChange() { global $ir, $db; $NewGender = ($ir['gender'] == 'Male') ? 'Female' : 'Male'; if (isset($_POST['NewGender'])) { $db->query(sprintf("UPDATE `users` SET `gender`='%s' WHERE `userid`='%d'", $_POST['NewGender'], $ir['userid'])); echo sprintf("You Are Now A %s", $_POST['NewGender']); $h->endpage(); exit; } else { echo '<h3 style="text-decoration: underline;">Sex Change</h3> <form action="prefs.php?act=SexChange" method="post">'; echo sprintf("<input type='hidden' name='NewGender' value='%s' />", $NewGender); echo sprintf("You Are Currently A Are %s, Are You Sure You Want To Become A %s? ", $ir['gender'], $NewGender); echo '<input type="submit" value="Yes!" /> </form>'; } } // Password Change Function function PassChange() { global $ir, $db, $c; $Info = $db->fetch_row($db->query(sprintf("SELECT `userid`, `userpass`, `login_name` FROM `users` WHERE `userid`='%d'", $ir['userid']))); if (isset($_POST['OldPass'], $_POST['NewPass1'])) { if ($_POST['NewPass1'] == '') { echo 'Error! You Entered No Password '; } else if (md5($_POST['OldPass']) != $Info['userpass']) { echo 'Error! The Current Password Is Inncorrect! '; } else { $db->query(sprintf("UPDATE `users` SET `userpass`='%s' WHERE `userid`='%d'", md5($_POST['NewPass1']), $ir['userid'])); echo 'Your Password Has Been Updated! Your New Password Is: [i]'.$_POST['NewPass1'].'[/i] Keep This Password Safe And Don\'t Tell Anyone It. > [url="index.php"]Home[/url]'; } } else { echo '<h3 style="text-decoration: underline;">Password Change</h3> <form action="prefs.php?act=PassChange" method="post"> Current Password: <input type="password" name="OldPass" /> New Password: <input type="password" name="NewPass1" /> <input type="submit" value="Change Password!" /> </form>'; } } // Name Change Function function NameChange() { global $ir, $db; if (isset($_POST['NewName'])) { $CheckLog = $db->num_rows($db->query(sprintf("SELECT `userid`, `username` FROM `users` WHERE `login_name`='%s' AND `userid`!='%d'", $_POST['NewName'], $ir['userid']))); $CheckGame = $db->num_rows($db->query(sprintf("SELECT `userid`, `username` FROM `users` WHERE `username`='%s' AND `userid`!='%d'", $_POST['NewName'], $ir['userid']))); if (trim($_POST['NewName']) == '') { echo 'Error! You Did Not Enter A New Name '; } else if ($CheckLog) { echo 'Error! This Name Is In Use '; } else if ($CheckGame) { echo 'Error! This Name Is In Use '; } else if (strlen($_POST['NewName']) < '4') { echo 'Error! This Name Is Too Short'; } else if (strlen($_POST['NewName']) > '15') { echo 'Error! This Name Is Too Long'; } else { $_POST['NewName'] = str_replace(array("<", ">", "'", ";"), array("", "", "", ""), $_POST['NewName']); $db->query(sprintf("UPDATE `users` SET `username`='%s' WHERE `userid`='%d'", $_POST['NewName'], $ir['userid'])); echo 'You Have Changed Your Username'; } } else { echo '<h3>Name Change</h3> Please note that you still use the same name to login, this procedure simply changes the name that is displayed. <form action="prefs.php?act=NameChange" method="post"> New Name: <input type="text" name="NewName" /> <input type="submit" value="Change Name" /> </form>'; } } // Display Picture Change Function function DPChange() { global $ir, $db; $Pic = $db->query(sprintf("SELECT `display_pic` FROM `users` WHERE `userid`='%d'", $ir['userid'])); if (isset($_POST['NewPic'])) { if ($_POST['NewPic'] == '') { echo 'You Did Not Enter An Image'; } else { if(!preg_match('~(.?).(jpg|jpeg|gif|png)~i', $_POST['NewPic'])) { print "You are trying to upload an invalid image"; } else { $_POST['NewPic'] = str_replace(array("<", ">", "'", ";", ".php", ".html", ".js"), array("", "", "", "", "", "", ""), $_POST['NewPic']); $db->query(sprintf("UPDATE `users` SET `display_pic`='%s' WHERE `userid`='%d'", $_POST['NewPic'], $ir['userid'])); echo 'Picture Changed'; } } } else { echo '<h3>Pic Change</h3> Please note that this must be externally hosted, [url="http://imageshack.us"]ImageShack[/url] is our recommendation. <form action="prefs.php?act=DPChange" method="post">'; echo sprintf("New Pic: <input type='text' name='NewPic' value='%s' /> ", $Pic['display_pic']); echo ' <input type="submit" value="Change Picture" /> </form>'; } } // Forum Info Change Function function ForumSig() { global $ir, $db; if (isset($_POST['NewFSig'])) { $db->query(sprintf("UPDATE `users` SET `forums_avatar`='%s', `forums_signature`='%s' WHERE `userid`='%d'", NoXSS($_POST['FPic']), NoXSS($_POST['NewFSig']), $ir['userid'])); echo 'Forum Info Updated'; } else { echo '<h3>Forum Info Change</h3> Please note that the avatar must be externally hosted, [url="http://imageshack.us"]ImageShack[/url] is our recommendation. <form action="prefs.php?act=ForumSig" method="post">'; echo sprintf("Avatar: <input type='text' name='NewFPic' value='%s' /> ", $ir['forums_avatar']); echo sprintf("Signature (you may use BBcode): <textarea rows='10' cols='50' name='NewFSig'>%s</textarea> ", $ir['forums_signature']); echo '<input type="submit" value="Change Info" /> </form>'; } } // Profile Sig Change Function function ProfileSig() { global $ir, $db; if (isset($_POST['NewPSig'])) { $db->query(sprintf("UPDATE `users` SET `sig`='%s' WHERE `userid`='%d'", NoXSS($_POST['NewPSig']), $ir['userid'])); echo 'Profile Sig Updated'; } else { echo '<h3>Profile Sig</h3> <form action="prefs.php?act=ProfileSig" method="post">'; echo 'Signature (you may use BBcode): '; echo sprintf("<textarea rows='10' cols='50' name='NewPSig'>%s</textarea> ", $ir['sig']); echo '<input type="submit" value="Change Profile Sig" /> </form>'; } } $h->endpage( ); ?> Quote
Joshua Posted October 15, 2009 Author Posted October 15, 2009 Side Note*** I completely removed the endpage function and it works 100% Quote
The Chaotic Banana Posted October 16, 2009 Posted October 16, 2009 Been searching for one of these for some time great work and well done :) Quote
AlabamaHit Posted October 16, 2009 Posted October 16, 2009 the $h->endpage( ); see the space. $h->endpage(); That would maek you be able to use it. Quote
Joshua Posted October 16, 2009 Author Posted October 16, 2009 Negative, I tried that as well The endpage is sending a call to a non member function still Fatal error: Call to a member function endpage() on a non-object in /home/*******/***********/preferences.php on line 43 Easiest thing I've seen is just to remove the endpage and it works 100% Quote
Djkanna Posted October 16, 2009 Posted October 16, 2009 <?php include_once (DIRNAME(__FILE__). '/globals.php'); // XSS Prevention function NoXSS($Var) { return (get_magic_quotes_gpc()) ? htmlspecialchars($Var) : addslashes(htmlspecialchars($Var)); } $_GET['act'] = isset($_GET['act']) && ctype_alpha($_GET['act']) ? trim($_GET['act']) : 'Index'; switch ($_GET['act']) { case 'SexChange': SexChange(); break; case 'PassChange': PassChange(); break; case 'NameChange': NameChange(); break; case 'DPChange': DPChange(); break; case 'ForumSig': ForumSig(); break; case 'ProfileSig': ProfileSig(); break; default: Index(); break; } if (!in_array($_GET['act'], array('Index', 'SexChange', 'PassChange', 'NameChange', 'DPChange', 'ForumSig'))) { Error('Invalid Command!'); } // Index Function function Index() { echo '<h3 style="text-decoration: underline;">Your Preferences</h3> [url="prefs.php?act=SexChange"]Sex Change[/url] [url="prefs.php?act=PassChange"]Password Change[/url] [url="prefs.php?act=NameChange"]Username Change[/url] [url="prefs.php?act=DPChange"]Display Picture Change[/url] [url="prefs.php?act=ForumSig"]Forum Info Change[/url] [url="prefs.php?act=ProfileSig"]Profile Sig Change[/url] '; } // Sex Change Function function SexChange() { global $ir, $db, $h; $NewGender = ($ir['gender'] == 'Male') ? 'Female' : 'Male'; if (isset($_POST['NewGender'])) { $db->query(sprintf("UPDATE `users` SET `gender`='%s' WHERE `userid`='%d'", $_POST['NewGender'], $ir['userid'])); echo sprintf("You Are Now A %s", $_POST['NewGender']); $h->endpage(); exit; } else { echo '<h3 style="text-decoration: underline;">Sex Change</h3> <form action="prefs.php?act=SexChange" method="post">'; echo sprintf("<input type='hidden' name='NewGender' value='%s' />", $NewGender); echo sprintf("You Are Currently A Are %s, Are You Sure You Want To Become A %s? ", $ir['gender'], $NewGender); echo '<input type="submit" value="Yes!" /> </form>'; } } // Password Change Function function PassChange() { global $ir, $db, $c; $Info = $db->fetch_row($db->query(sprintf("SELECT `userid`, `userpass`, `login_name` FROM `users` WHERE `userid`='%d'", $ir['userid']))); if (isset($_POST['OldPass'], $_POST['NewPass1'])) { if ($_POST['NewPass1'] == '') { echo 'Error! You Entered No Password '; } else if (md5($_POST['OldPass']) != $Info['userpass']) { echo 'Error! The Current Password Is Inncorrect! '; } else { $db->query(sprintf("UPDATE `users` SET `userpass`='%s' WHERE `userid`='%d'", md5($_POST['NewPass1']), $ir['userid'])); echo 'Your Password Has Been Updated! Your New Password Is: [i]'.$_POST['NewPass1'].'[/i] Keep This Password Safe And Don\'t Tell Anyone It. > [url="index.php"]Home[/url]'; } } else { echo '<h3 style="text-decoration: underline;">Password Change</h3> <form action="prefs.php?act=PassChange" method="post"> Current Password: <input type="password" name="OldPass" /> New Password: <input type="password" name="NewPass1" /> <input type="submit" value="Change Password!" /> </form>'; } } // Name Change Function function NameChange() { global $ir, $db; if (isset($_POST['NewName'])) { $CheckLog = $db->num_rows($db->query(sprintf("SELECT `userid`, `username` FROM `users` WHERE `login_name`='%s' AND `userid`!='%d'", $_POST['NewName'], $ir['userid']))); $CheckGame = $db->num_rows($db->query(sprintf("SELECT `userid`, `username` FROM `users` WHERE `username`='%s' AND `userid`!='%d'", $_POST['NewName'], $ir['userid']))); if (trim($_POST['NewName']) == '') { echo 'Error! You Did Not Enter A New Name '; } else if ($CheckLog) { echo 'Error! This Name Is In Use '; } else if ($CheckGame) { echo 'Error! This Name Is In Use '; } else if (strlen($_POST['NewName']) < '4') { echo 'Error! This Name Is Too Short'; } else if (strlen($_POST['NewName']) > '15') { echo 'Error! This Name Is Too Long'; } else { $_POST['NewName'] = str_replace(array("<", ">", "'", ";"), array("", "", "", ""), $_POST['NewName']); $db->query(sprintf("UPDATE `users` SET `username`='%s' WHERE `userid`='%d'", $_POST['NewName'], $ir['userid'])); echo 'You Have Changed Your Username'; } } else { echo '<h3>Name Change</h3> Please note that you still use the same name to login, this procedure simply changes the name that is displayed. <form action="prefs.php?act=NameChange" method="post"> New Name: <input type="text" name="NewName" /> <input type="submit" value="Change Name" /> </form>'; } } // Display Picture Change Function function DPChange() { global $ir, $db; $Pic = $db->query(sprintf("SELECT `display_pic` FROM `users` WHERE `userid`='%d'", $ir['userid'])); if (isset($_POST['NewPic'])) { if ($_POST['NewPic'] == '') { echo 'You Did Not Enter An Image'; } else { if(!preg_match('~(.?).(jpg|jpeg|gif|png)~i', $_POST['NewPic'])) { print "You are trying to upload an invalid image"; } else { $_POST['NewPic'] = str_replace(array("<", ">", "'", ";", ".php", ".html", ".js"), array("", "", "", "", "", "", ""), $_POST['NewPic']); $db->query(sprintf("UPDATE `users` SET `display_pic`='%s' WHERE `userid`='%d'", $_POST['NewPic'], $ir['userid'])); echo 'Picture Changed'; } } } else { echo '<h3>Pic Change</h3> Please note that this must be externally hosted, [url="http://imageshack.us"]ImageShack[/url] is our recommendation. <form action="prefs.php?act=DPChange" method="post">'; echo sprintf("New Pic: <input type='text' name='NewPic' value='%s' /> ", $Pic['display_pic']); echo ' <input type="submit" value="Change Picture" /> </form>'; } } // Forum Info Change Function function ForumSig() { global $ir, $db; if (isset($_POST['NewFSig'])) { $db->query(sprintf("UPDATE `users` SET `forums_avatar`='%s', `forums_signature`='%s' WHERE `userid`='%d'", NoXSS($_POST['FPic']), NoXSS($_POST['NewFSig']), $ir['userid'])); echo 'Forum Info Updated'; } else { echo '<h3>Forum Info Change</h3> Please note that the avatar must be externally hosted, [url="http://imageshack.us"]ImageShack[/url] is our recommendation. <form action="prefs.php?act=ForumSig" method="post">'; echo sprintf("Avatar: <input type='text' name='NewFPic' value='%s' /> ", $ir['forums_avatar']); echo sprintf("Signature (you may use BBcode): <textarea rows='10' cols='50' name='NewFSig'>%s</textarea> ", $ir['forums_signature']); echo '<input type="submit" value="Change Info" /> </form>'; } } // Profile Sig Change Function function ProfileSig() { global $ir, $db; if (isset($_POST['NewPSig'])) { $db->query(sprintf("UPDATE `users` SET `sig`='%s' WHERE `userid`='%d'", NoXSS($_POST['NewPSig']), $ir['userid'])); echo 'Profile Sig Updated'; } else { echo '<h3>Profile Sig</h3> <form action="prefs.php?act=ProfileSig" method="post">'; echo 'Signature (you may use BBcode): '; echo sprintf("<textarea rows='10' cols='50' name='NewPSig'>%s</textarea> ", $ir['sig']); echo '<input type="submit" value="Change Profile Sig" /> </form>'; } } $h->endpage( ); ?> May work :) Quote
corruptcity || skalman Posted October 18, 2009 Posted October 18, 2009 hi immortal you left out Profile Sig from your get array find this if (!in_array($_GET['act'], array('Index', 'SexChange', 'PassChange', 'NameChange', 'DPChange', 'ForumSig'))) { Error('Invalid Command!'); } replace it with this if (!in_array($_GET['act'], array('Index', 'SexChange', 'PassChange', 'NameChange', 'DPChange', 'ForumSig','ProfileSig'))) { Error('Invalid Command!'); } skal Quote
ddupuis Posted December 28, 2009 Posted December 28, 2009 you need to global the $h tested and works fine. +1 Quote
Zero-Affect Posted December 28, 2009 Posted December 28, 2009 you need to global the $h tested and works fine. +1 i was just going to say that switch global $ir, $db; with global $ir, $db,$h; in the sex change function Quote
Joshua Posted December 28, 2009 Author Posted December 28, 2009 yer I figured that bit out awhile back >,< Quote
ddupuis Posted December 29, 2009 Posted December 29, 2009 no worries. just posted as im using this for my game. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.