Shakeynath Posted February 21, 2010 Posted February 21, 2010 Does anyone know whats wrong with my profile signiture everything works but when i put in what i want it dont show up on my profile but when i go to edit it its still there ????? My preferences and users profile codes are below >>>> Preferences.php <?php include_once (DIRNAME(__FILE__). '/globals.php'); // XSS Prevention function NoXSS($Var) { return (get_magic_quotes_gpc()) ? htmlspecialchars($Var) : addslashes(htmlspecialchars($Var)); } $_GET['act'] = isset($_GET['act']) && ctype_alpha($_GET['act']) ? trim($_GET['act']) : 'Index'; switch ($_GET['act']) { case 'SexChange': SexChange(); break; case 'PassChange': PassChange(); break; case 'NameChange': NameChange(); break; case 'DPChange': DPChange(); break; case 'ForumSig': ForumSig(); break; case 'ProfileSig': ProfileSig(); break; default: Index(); break; } if (!in_array($_GET['act'], array('Index', 'SexChange', 'PassChange', 'NameChange', 'DPChange', 'ForumSig','ProfileSig'))) { Error('Invalid Command!'); } // Index Function function Index() { echo '<h3 style="text-decoration: underline;">Your Preferences</h3> [url="preferences.php?act=SexChange"]Sex Change[/url] [url="preferences.php?act=PassChange"]Password Change[/url] [url="preferences.php?act=NameChange"]Username Change[/url] [url="preferences.php?act=DPChange"]Display Picture Change[/url] [url="preferences.php?act=ForumSig"]Forum Info Change[/url] [url="preferences.php?act=ProfileSig"]Profile Sig Change[/url] '; } // Sex Change Function function SexChange() { global $ir, $db; $NewGender = ($ir['gender'] == 'Male') ? 'Female' : 'Male'; if (isset($_POST['NewGender'])) { $db->query(sprintf("UPDATE `users` SET `gender`='%s' WHERE `userid`='%d'", $_POST['NewGender'], $ir['userid'])); echo sprintf("You Are Now A %s", $_POST['NewGender']); endpage; exit; } else { echo '<h3 style="text-decoration: underline;">Sex Change</h3> <form action="preferences.php?act=SexChange" method="post">'; echo sprintf("<input type='hidden' name='NewGender' value='%s' />", $NewGender); echo sprintf("You Are Currently A Are %s, Are You Sure You Want To Become A %s? ", $ir['gender'], $NewGender); echo '<input type="submit" value="Yes!" /> </form>'; } } // Password Change Function function PassChange() { global $ir, $db, $c; $Info = $db->fetch_row($db->query(sprintf("SELECT `userid`, `userpass`, `login_name` FROM `users` WHERE `userid`='%d'", $ir['userid']))); if (isset($_POST['OldPass'], $_POST['NewPass1'])) { if ($_POST['NewPass1'] == '') { echo 'Error! You Entered No Password '; } else if (md5($_POST['OldPass']) != $Info['userpass']) { echo 'Error! The Current Password Is Inncorrect! '; } else { $db->query(sprintf("UPDATE `users` SET `userpass`='%s' WHERE `userid`='%d'", md5($_POST['NewPass1']), $ir['userid'])); echo 'Your Password Has Been Updated! Your New Password Is: [i]'.$_POST['NewPass1'].'[/i] Keep This Password Safe And Don\'t Tell Anyone It. > [url="index.php"]Home[/url]'; } } else { echo '<h3 style="text-decoration: underline;">Password Change</h3> <form action="preferences.php?act=PassChange" method="post"> Current Password: <input type="password" name="OldPass" /> New Password: <input type="password" name="NewPass1" /> <input type="submit" value="Change Password!" /> </form>'; } } // Name Change Function function NameChange() { global $ir, $db; if (isset($_POST['NewName'])) { $CheckLog = $db->num_rows($db->query(sprintf("SELECT `userid`, `username` FROM `users` WHERE `login_name`='%s' AND `userid`!='%d'", $_POST['NewName'], $ir['userid']))); $CheckGame = $db->num_rows($db->query(sprintf("SELECT `userid`, `username` FROM `users` WHERE `username`='%s' AND `userid`!='%d'", $_POST['NewName'], $ir['userid']))); if (trim($_POST['NewName']) == '') { echo 'Error! You Did Not Enter A New Name '; } else if ($CheckLog) { echo 'Error! This Name Is In Use '; } else if ($CheckGame) { echo 'Error! This Name Is In Use '; } else if (strlen($_POST['NewName']) < '4') { echo 'Error! This Name Is Too Short'; } else if (strlen($_POST['NewName']) > '15') { echo 'Error! This Name Is Too Long'; } else { $_POST['NewName'] = str_replace(array("<", ">", "'", ";"), array("", "", "", ""), $_POST['NewName']); $db->query(sprintf("UPDATE `users` SET `username`='%s' WHERE `userid`='%d'", $_POST['NewName'], $ir['userid'])); echo 'You Have Changed Your Username'; } } else { echo '<h3>Name Change</h3> Please note that you still use the same name to login, this procedure simply changes the name that is displayed. <form action="preferences.php?act=NameChange" method="post"> New Name: <input type="text" name="NewName" /> <input type="submit" value="Change Name" /> </form>'; } } // Display Picture Change Function function DPChange() { global $ir, $db; $Pic = $db->query(sprintf("SELECT `display_pic` FROM `users` WHERE `userid`='%d'", $ir['userid'])); if (isset($_POST['NewPic'])) { if ($_POST['NewPic'] == '') { echo 'You Did Not Enter An Image'; } else { if(!preg_match('~(.?).(jpg|jpeg|gif|png)~i', $_POST['NewPic'])) { print "You are trying to upload an invalid image"; } else { $_POST['NewPic'] = str_replace(array("<", ">", "'", ";", ".php", ".html", ".js"), array("", "", "", "", "", "", ""), $_POST['NewPic']); $db->query(sprintf("UPDATE `users` SET `display_pic`='%s' WHERE `userid`='%d'", $_POST['NewPic'], $ir['userid'])); echo 'Picture Changed'; } } } else { echo '<h3>Pic Change</h3> Please note that this must be externally hosted, [url="http://imageshack.us"]ImageShack[/url] is our recommendation. <form action="preferences.php?act=DPChange" method="post">'; echo sprintf("New Pic: <input type='text' name='NewPic' value='%s' /> ", $Pic['display_pic']); echo ' <input type="submit" value="Change Picture" /> </form>'; } } // Forum Info Change Function function ForumSig() { global $ir, $db; if (isset($_POST['NewFSig'])) { $db->query(sprintf("UPDATE `users` SET `forums_avatar`='%s', `forums_signature`='%s' WHERE `userid`='%d'", NoXSS($_POST['FPic']), NoXSS($_POST['NewFSig']), $ir['userid'])); echo 'Forum Info Updated'; } else { echo '<h3>Forum Info Change</h3> Please note that the avatar must be externally hosted, [url="http://imageshack.us"]ImageShack[/url] is our recommendation. <form action="preferences.php?act=ForumSig" method="post">'; echo sprintf("Avatar: <input type='text' name='NewFPic' value='%s' /> ", $ir['forums_avatar']); echo sprintf("Signature (you may use BBcode): <textarea rows='10' cols='50' name='NewFSig'>%s</textarea> ", $ir['forums_signature']); echo '<input type="submit" value="Change Info" /> </form>'; } } // Profile Sig Change Function function ProfileSig() { global $ir, $db; if (isset($_POST['NewPSig'])) { $db->query(sprintf("UPDATE `users` SET `sig`='%s' WHERE `userid`='%d'", NoXSS($_POST['sig']), $ir['userid'])); echo 'Profile Sig Updated'; } else { echo '<h3>Profile Sig</h3> <form action="preferences.php?act=ProfileSig" method="post">'; echo 'Signature : '; echo '[b]<font color="CC0000"> Note that image size should be a maximum size of 640x480 !![/b] '; echo sprintf("<textarea rows='10' cols='50' name='NewPSig'>%s</textarea> ", $ir['sig']); echo '<input type="submit" value="Change Profile Sig" /> </form>'; } } $h->endpage( ); ?> Viewuser.php <?php require_once (DIRNAME(__FILE__) . '/globals.php'); $_GET['u'] = abs((INT) $_GET['u']); if(!$_GET['u']) { echo 'Invalid use of file'; $h->endpage(); exit; } else { $Select = sprintf( "SELECT u.userid, u.username, u.level, u.money, u.crystals, u.laston, u.lastip, u.energy, u.will, u.maxwill, u.brave, u.maxbrave, u.maxenergy, u.hp, u.maxhp, u.location, u.hospital, u.jail, u.jail_reason, u.fedjail, u.user_level, u.gender, u.daysold, u.signedup, u.gang, u.donatordays, u.email, u.display_pic, u.duties, u.staffnotes, u.hospreason, u.lastip_login, u.lastip_signup, u.last_login, u.friend_count, u.enemy_count, c.cityid, c.cityname, h.hID, h.hWILL, g.gangID, g.gangNAME, f.fed_userid, f.fed_days, f.fed_jailedby, f.fed_reason " . "FROM users u " . "LEFT JOIN cities c " . "ON u.location=c.cityid " . "LEFT JOIN houses h " . "ON u.maxwill=h.hWILL " . "LEFT JOIN gangs g " . "ON g.gangID=u.gang " . "LEFT JOIN fedjail f " . "ON f.fed_userid=u.userid " . "WHERE u.userid=('%u')", $_GET['u']); $q = $db->query($Select); if($db->num_rows($q) == 0) { echo 'Sorry, we could not find a user with that ID, check your source.'; $h->endpage(); exit; } else { $r = $db->fetch_row($q); if($r['user_level'] == 1) { $UserLevel = "Member"; } else if($r['user_level'] == 2) { $UserLevel = "Admin"; } else if ($r['user_level'] == 3) { $UserLevel = "Secretary"; } else if($r['user_level'] == 5) { $UserLevel = "Assistant"; } else if($r['user_level'] == 0) { $UserLevel = "NPC"; } else { $UserLevel = "Report To Admin."; } $LastOn = ($r['laston'] > 0) ?date('F j, Y g:i:s a',$r['laston']) : "Never"; $SignedUp = date('F j, Y g:i:s a',$r['signedup']); $d=""; if($r['laston'] > 0) { $LA = time() - $r['laston']; $Unit1 = "Seconds"; if($LA >= 60) { $LA = (int) ($LA/60); $Unit1 = "Minutes"; } if($LA >= 60) { $LA = (int) ($LA/60); $Unit1 = "Hours"; if($LA >= 24) { $LA = (int) ($LA/24); $Unit1 = "Days"; } } $LastAction = "$LA $Unit1 ago."; } else { $LastAction="--"; } if($r['married'] != 0) { $partner= "{$par['username']}"; } else { $partner= "N/A"; } if($r['donatordays']) { $r['username'] = '<font color=red>'.$r['username'].'</font>'; $D = '[img=/images/donator.gif]'; } if($r['laston'] >= time()-15*60) { $On = "<blink><font color='green'>[b]Online[/b]</font></blink>"; } else { $On = "<font color='red'>[b]Offline[/b]</font>"; } $DaysOld = number_format($r['daysold']); $Money = number_format($r['money']); $Crystals = number_format($r['crystals']); $Level = number_format($r['level']); $HP = number_format($r['hp']); $MaxHP = number_format($r['maxhp']); $Friends = number_format($r['friend_count']); $Enemies = number_format($r['enemy_count']); echo '<h3>Profile for '.$r['username'].'</h3> <table width="98%" cellspacing="1" class="table"> <tr style="background:gray"> <th>General Info</th> <th>Display Pic</th> </tr> <tr> <td width="50%"> Name: '.$r['username'].' ['.$r['userid'].'] '.$D.' User Level: '.$UserLevel.' Duties: '.$r['duties'].' Level: '.$Level.' Money: $'.$Money.' Crystals: '.$Crystals.' Property: '.$r['hNAME'].' Gender: '.$r['gender'].' Married: '.$partner.' Days Old: '.$DaysOld.' Location: '.$r['cityname'].' Friends: '.$Friends.' Enemies: '.$Enemies.' Health: '.$HP.'/'.$MaxHP.' Gang: '; if($r['gang']) { echo '[url="gangs.php?action=view&ID='.$r['gang'].'"]'.$r['gangNAME'].'[/url] '; } else { echo 'Not in a gang. '; } echo ' Signed Up: '.$SignedUp.' Last Action: '.$LastAction.' Online: '.$On.' '; if($r['fedjail']) { echo ' [b]<font color="red">In federal jail for '.$r['fed_days'].' day(s). '.$r['fed_reason'].' Jailed By: '.$r['fed_jailedby'].'</font>'; } if($r['hospital']) { echo ' [b]<font color=red>In hospital for '.$r['hospital'].' minutes. Reason: '.$r['hospreason'].'</font>[/b]'; } if($r['jail']) { echo ' [b]<font color=red>In jail for '.$r['jail'].' minutes. Reason: '.$r['jail_reason'].'</font>[/b]'; } echo ' </td> <td width="50%" style="text-align:center;">'; if($r['display_pic']) { echo "<center>[img={$r[] </center>"; } else { echo "<center>[img=images/nodisplay.jpg]"; } echo "</div></table><table width=85% bgcolor=#202020 border=0 cellpadding=3> <tr><td> [[url='mailbox.php?action=compose&ID={$r[']<font color=white>Send Mail</font>[/url]]</td> <td>[[url='sendcash.php?ID={$r[']<font color=white>Send Cash</font>[/url]]</td> <td>[[url='sendcrys.php?ID={$r[']<font color=white>Send Crystals</font>[/url]]</td> </tr><tr> <td>[[url='attack.php?ID={$r[']<font color=white>Attack</font>[/url]]</td> <td>[[url='mug.php?ID={$r[']<font color=white>Mug</font>[/url]]</td> <td>[[url='spy.php?ID={$r[']<font color=white>Spy</font>[/url]]</td> </tr>"; if($ir['donatordays'] > 0) { echo "<tr> <td>[[url='friendslist.php?action=add&ID={$r[']<font color=white>Add Friends</font>[/url]]</td> <td>[[url='contactlist.php?action=add&ID={$r[']<font color=white>Add Contact</font>[/url]]</td> <td>[[url='blacklist.php?action=add&ID={$r[']<font color=white>Add Enemies</font>[/url]]</td> </tr>"; } if($ir['user_level'] == 2 || $ir['user_level'] == 3 || $ir['user_level'] == 5) { echo "<tr> <td>[[url='jailuser.php?userid={$r[']<font color=white>Jail</font>[/url]]</td> <td>[[url='mailban.php?userid={$r[']<font color=white>MailBan</font>[/url]]</td> </tr>"; } echo '</table> <table width="85%" cellspacing="1" class="table"> <tr><th>Profile Signature</th></tr> <tr><td>'; if($r['sig']) { function bbc($text) { $search = array( "'<'is", "'>'is", "'\''is", "'\"'is", "'\[b\](.*?)\[/b\]'is", "'\[i\](.*?)\[/i\]'is", "'\[u\](.*?)\[/u\]'is", "'\[img\](.*?)\[/img\]'i", "'\[size=(.*?)\](.*?)\[/size\]'i", "'\[color=(.*?)\](.*?)\[/color\]'i", "'\[font=(.*?)\](.*?)\[/font\]'i", "'\[center\](.*?)\[/center\]'is", "'\[url\](.*?)\[/url\]'i", "'\[url=(.*?)\](.*?)\[/url\]'i" ); $replace = array( "<", ">", """, "'", "\\1", "[i]\\1[/i]", "<u>\\1</u>", "<img src=\"\\1\" />", "<font size=\"\\1\">\\2</font>", "<font color=\"\\1\">\\2</font>", "<font face=\"\\1\">\\2</font>", "<center>\\1</center>", "<a href=\"\\1\">\\1</a>", "<a href=\"\\1\">\\2</a>" ); $text = preg_replace($search, $replace, $text); $text = str_replace("\n", " ", $text); return $text; } echo bbc($r['sig']); } else { echo 'This User Has No Profile Signature'; } echo '</td></tr> </table>'; if($ir['user_level'] == 2 || $ir['user_level'] == 3 || $ir['user_level'] == 5) { $r['lastiph']=@gethostbyaddr($r['lastip']); $r['lastiph']=checkblank($r['lastiph']); $r['lastip_loginh']=@gethostbyaddr($r['lastip_login']); $r['lastip_loginh']=checkblank($r['lastip_loginh']); $r['lastip_signuph']=@gethostbyaddr($r['lastip_signup']); $r['lastip_signuph']=checkblank($r['lastip_signuph']); print "<h3>Internet Info</h3><table width='100%' border='0' cellspacing='1' class='table'> <tr><td></td><td class='h'>IP</td><td class='h'>Hostname</td></tr> <tr><td class='h'>Last Hit</td><td>$r[lastip]</td><td>$r[lastiph]</td></tr> <tr><td class='h'>Last Login</td><td>$r[lastip_login]</td><td>$r[lastip_loginh]</td></tr> <tr><td class='h'>Signup</td><td>$r[lastip_signup]</td><td>$r[lastip_signuph]</td></tr></table>"; print "<form action='staffnotes.php' method='post'> <font color='red'>User email: {$r['email']}</font> Staff Notes: <textarea rows=7 cols=40 name='staffnotes'>{$r['staffnotes']}</textarea> <input type='hidden' name='ID' value='{$_GET['u']}' /> <input type='submit' value='Change' /></form></center>"; } else { } } } function checkblank($in) { if(!$in) { return "N/A"; } return $in; } if($ir['userid'] == '1') { echo "<form action='staff.php?action=maillogs2' method='post'> <input type='hidden' name='userid' value='{$r['userid']}'> <input type='submit' value='Mail' /></form>"; } $h->endpage(); ?> Quote
Joshua Posted February 21, 2010 Posted February 21, 2010 A few things, Did you add the SQL for the sig in users column? Also, your viewuser isnt secure from the displaypic hack ^_- Try this. if(!@getimagesize($r['display_pic) { echo "<center>[img=images/nodisplay.jpg]"; } elseif(@getimagesize($r['display_pic) { echo "<center>[img={$r[] </center>"; } As for sig bit i'm still not entirely sure how to make a "secure one" from xss in the bbcode. echo ''.bbc($r['sig']).''; } else { echo 'This User Has No Profile Signature'; } maybe the above will work. Quote
Zero-Affect Posted February 21, 2010 Posted February 21, 2010 if(!@getimagesize($r['display_pic) { echo "<center>[img=images/nodisplay.jpg]"; } elseif(@getimagesize($r['display_pic) { echo "<center>[img={$r[] </center>"; } Actually it would be more like $image_check = (@getimagesize($r['display_pic']); $image_check = ( is_array($r['display_pic']) ) ? '[img='.$r['display_pic'].']' : '[img=images/nodisplay.jpg]' ; also Immortal don't forget to close the array '] Quote
Joshua Posted February 21, 2010 Posted February 21, 2010 Still trying to work Arrays just right, Think my way would work tho i'd have to compare to what I did on my sites >,< I'm going to devote just some time to arrays and modules here shortly Quote
Shakeynath Posted February 21, 2010 Author Posted February 21, 2010 Any chance someone can post the SQL for the signiture ?? Quote
Jordan Palmer Posted February 21, 2010 Posted February 21, 2010 [mysql]ALTER TABLE users ADD `sig` text NOT NULL;[/mysql] Simple stuff Quote
Joshua Posted February 21, 2010 Posted February 21, 2010 Am sudo curious where you got my old view user ;-) Removed a few calls from the db-> query but the links are all the same, laid out the same, i.e mug/steal etc. "wasnt mine" Per say....but the way it's laid out is the same way I had it laid out on my game. Must have more than 1 back up floating around >,< Quote
Jordan Palmer Posted February 22, 2010 Posted February 22, 2010 Looks like Karlos' code ;) I think he's taken bits out off Karlos viewuser as it's not all Karlos code Quote
Joshua Posted February 22, 2010 Posted February 22, 2010 "wasnt mine" Per say Hence ^ I used his originall awhile back, but the steal.php and mug.php were something I added to it, in that order, in that precise location :P Quote
Jordan Palmer Posted February 22, 2010 Posted February 22, 2010 "wasnt mine" Per say Hence ^ I used his originall awhile back, but the steal.php and mug.php were something I added to it, in that order, in that precise location :P Just so you know, My comment wasn't directed at you. I was just stating. It's not all his code :P Quote
Zero-Affect Posted February 22, 2010 Posted February 22, 2010 may i direct your two to off-topic Quote
CrazyT Posted February 23, 2010 Posted February 23, 2010 lol Point less post? Yeah. So is mine now. o.o Quote
Jordan Palmer Posted February 23, 2010 Posted February 23, 2010 may i direct your two to off-topic You may, But I wont go there :D Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.