chaoswar4u Posted August 15, 2007 Posted August 15, 2007 I have a 3problems. 1 is users when posting on the forums. If they post something with a blank topic it becomes no access to all and it carnt be deleted by staff via the links. DB Only. My next problem is some members are thinking its great to start renaming there account with spaces thus resulting in a blank name. Making them invisable almost as they carnt be linked too. This also can be done for gang names also which is the 3rd problem. Anything that I could use to stop this would be great. Please help. Thx for any elp in advance my friends of CE. Quote
Decepti0n Posted August 15, 2007 Posted August 15, 2007 Re: Mc Code V2 Problems. Help required. http://php.net/strlen http://php.net/eregi Quote
Matty Posted August 16, 2007 Posted August 16, 2007 Re: Mc Code V2 Problems. Help required. http://us3.php.net/manual/en/function.isset.php Quote
SaMz Posted August 16, 2007 Posted August 16, 2007 Re: Mc Code V2 Problems. Help required. i have this problem aswell lol Quote
chaoswar4u Posted August 25, 2007 Author Posted August 25, 2007 Re: Mc Code V2 Problems. Help required. For anyone who wants it. This is one step I made to fixing the problem. In preferences find function do_name_change() { global $db,$ir,$c,$userid,$h; if($_POST['newname'] == "") { print "You did not enter a new name. > Back"; } else { $_POST['newname']=str_replace(array("<", ">", "\\\'"), array("<", ">", "'"), $_POST['newname']); $db->query("UPDATE users SET username='{$_POST['newname']}' WHERE userid=$userid"); print "Username changed!"; } } and replace with function do_name_change() { global $db,$ir,$c,$userid,$h; if($_POST['newname'] == "") { print "You did not enter a new name. > Back"; } else { if (eregi("( )", $_POST['newname'])) { print"Spaces aren't allowed."; $h->endpage(); exit; } else { $_POST['newname']=str_replace(array("<", ">", "\\\'"), array("<", ">", "'"), $_POST['newname']); $db->query("UPDATE users SET username='{$_POST['newname']}' WHERE userid=$userid"); print "Username changed!"; } } } Quote
seanybob Posted August 25, 2007 Posted August 25, 2007 Re: Mc Code V2 Problems. Help required. I've always thought a fatal flaw in mccodes was the blacklist that is used for new usernames. A white list should be used, only allowing a-z and 0-9 Quote
chaoswar4u Posted August 25, 2007 Author Posted August 25, 2007 Re: Mc Code V2 Problems. Help required. Here is another. Any info to make any of my fixes better are welcom. Find in forums.php under function newtopic() Find in that function $u=$ir['username']; if($ir['ul_color']) { $uname="<font color='{$ir['ul_color']}'>"; if($ir['ul_isbold']) { $uname.=""; } $uname.=$ir['username']; if($ir['ul_isbold']) { $uname.=""; } $uname.="</font>"; $u=$uname; } else if($ir['donatordays']) { $u = "<font color=red>{$ir['username']}</font>"; } add under if($_POST['ft_name'] == "") { print "You did not enter a topic name. "; $h->endpage(); exit; } This will stop users placing no names in the topics on forums that result in no access and which makes the post only removable by database. Quote
seanybob Posted August 25, 2007 Posted August 25, 2007 Re: Mc Code V2 Problems. Help required. This allows only A-Z and 0-9 in usernames In preferences find function do_name_change() { global $db,$ir,$c,$userid,$h; if($_POST['newname'] == "") { print "You did not enter a new name. [url='preferences.php?action=namechange']> Back[/url]"; } else { $_POST['newname']=str_replace(array("<", ">", "\\\'"), array("<", ">", "'"), $_POST['newname']); $db->query("UPDATE users SET username='{$_POST['newname']}' WHERE userid=$userid"); print "Username changed!"; } } and replace with function do_name_change() { global $db,$ir,$c,$userid,$h; if($_POST['newname'] == "") { print "You did not enter a new name. [url='preferences.php?action=namechange']> Back[/url]"; } else if (!preg_match("/^[a-z0-9]*$/", trim($_POST['newname']))) { die("Your username contained characters that aren't allowed. Only A-Z and 0-9 accepted. [url='preferences.php?action=namechange']> Back[/url]"); } else { $_POST['newname']=str_replace(array("<", ">", "\\\'"), array("<", ">", "'"), $_POST['newname']); $db->query("UPDATE users SET username='{$_POST['newname']}' WHERE userid=$userid"); print "Username changed!"; } } } *Untested Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.