New Profiles w/ Great staff panel and BBCode!

[Scarfacial]

Alright everybody. This is my first mod I've done, so hopefully it's good :P

Basically what I've done with this mod is: I've added a quote to the top of profiles, and a signature to the bottom. Then I've incorporated the BBCode that comes already with the forums into the Profile Signature and Quote. And freely added in, I've done a new staff panel on the bottom of the profiles, but I'm sure it needs some work done as I've just barely finished it to replace the old one I've been using.

Alrighty then, lets do this. NOTICE: If you're too lazy to copy and paste, I've attached a .zip file with these files in it.

REPLACE viewuser.php with this:

[expander]

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

[/expander]

REPLACE preferences with this:

[expander]

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

[/expander]

And last but not least, SQL this into the database:

[expander][mysql]CREATE TABLE IF NOT EXISTS `staffcplogs` (

`id` INT( 11 ) NOT NULL AUTO_INCREMENT,

`staffid` int(11) NOT NULL DEFAULT '0',

`userid` int(11) NOT NULL DEFAULT '0',

`changed` VARCHAR( 250 ) NOT NULL DEFAULT '0',

`time` int(11) NOT NULL DEFAULT '0',

PRIMARY KEY (`id`)

) ENGINE=MyISAM DEFAULT CHARSET=latin1;

ALTER TABLE `users` ADD `quote` TEXT NOT NULL;

ALTER TABLE `users` ADD `signature` TEXT NOT NULL;[/mysql][/expander]

As far as I know, this mod works. It may not be the best though as I had to try to convert it into the original profiles from MCCodes V2.

Thanks for looking at my first mod, have fun, and good luck with your MCCodes game. :)

[Djkanna]

Well done for your first mod.

:)

[Scarfacial]

Thanks :)

[rulerofzu]

Well done on your first mod.

Few things you may wanna look into...

The bbcode you have there isnt secure can be exploited using img tags. Also I dont see any reason in a game to have code tags but hey it might fit in someones game. If you wish have a look at the viewuser/profile with bbcode I posted and see how i replaced the bbcode with one that is secure.

Display pic. You could do with validating that it is an image. Just for safety and ensure nobody is uploading something pretending to be an image when its not.

Actually after typing that line above I looked over the preferences page and I would suggest a bit more work on that.

The submit all function whilst I can see how it would be useful doesnt actually secure anything thats being inputted into the database.

[lucky3809]

I use this site for bbcodes, better then the mccode one lol.

http://nbbc.sourceforge.net

[Dayo]

The nbbc script is stillvunrable to the ing tag if I remember correctly, I posted a simple snippet to protect agains the IMG tag I think it's in the phpntutorials section.

Looking good mate good to see a pick up in mods being made :)

[rulerofzu]

Versions 1.4.1 and below are. I havnt found any reports on 1.4.2 or 1.4.3

[Joshua]

All in all, Glad to see someone else trying and actually putting forth some effort.

Security isn't learned overnight and anyone will tell you, you constantly learn.

Good Job on your first modification, really. :)

[Paul Evans]

Security isn't learned overnight and anyone will tell you, you constantly learn.

Security isn't actually a subject to learn it's actually just knowledge of php/mysql (for MCC anyways).

[Joshua]

Well i was referring in General, but yea, it is a subject to broach on.

[Paul Evans]

Naw i hate that people believe security is a totally different thing from PHP and that MCC security is also different... WTF it's PHP learn it.

RTFM!

[Djkanna]

Security isn't learned overnight and anyone will tell you, you constantly learn.

Security isn't actually a subject to learn it's actually just knowledge of php/mysql (for MCC anyways).

I find it to be more 'method of approach' than anything else.

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

By default there isn't anything wrong with that.

But enter just a space as your username and there a new bug is born.

So yeah method of approach.

[Joshua]

"hate that people believe security is a totally different thing from PHP "

You can't be serious?

lol...

 

Anywho ^_^

 

When one goes to school to learn a PHP subject they don't learn it all at once.

They learn it in pieces, I'm most positive that one set of lessons is delving into securing your code.

Hence, security is a lesson to be learned, which is where I was headed with this to begin with

ANYfkinWho :P

[Dominion]

I also hate it. you may learn in pieces, however you should learn correctly e.g. when you learn to insert text data you learn to use mres, after all it's just a function. Like cooking they don't show you how to cook then tell you about food poisoning do they? They show you how to stay safe from the first time you start. Then of course like everything as you learn more methods change, and improve.

[Paul Evans]

Exactly Security is learnt when you are actually learning how to script (if your learn properly) so it isn't a completely different thing to learn it's basics.

[Scarfacial]

I just started with php, and I'm teaching myself >_< So it's not too bad I don't think.

Thanks everybody for commenting :) I didn't expect anybody would even look at this for over 5 seconds :P