runnerjp
-
Posts
2,214 -
Joined
-
Last visited
Posts posted by runnerjp
-
-
$getusersonline = "SELECT * FROM active_users WHERE username='$row[friendname]'" ; //grab from sql users onLINE $getusersonline2 = mysql_query($getusersonline) or die("Could not get users"); $num = mysql_num_rows($getusersonline2); echo "<b>There " . ($num != 1 ? "are" : "is") . " $num user" . ($num != 1 ? "s" : "") . " currently ONLINE. </b>"; -
Hey guys,
im having issues with showing current posts when i visit the page again on a facebbok like wall post script.
it shows posts that im currently making fine but as soon as i go to refresh the page the posts disapear.
i have added all the codes below in a file so u have all the script.
[attachment deleted by admin]
-
so everytime somesays makes a post or uploads an image add it to a table 'actions' then call the last 10.
-
Ok so i mean something like this..
Today
11:16 AM Old Web Guy changed his profile status to "is asleep"
11:15 AMOld Web Guy joined the group .
10:58 AMOld Web Guy added a new blog post titled Short Blog Test
10:55 AMOld Web Guy joined the site
9:29 AMmanoj sharma joined the site
8:00 AMsamo sami joined the site
Yesterday
11:47 PMDance Utah uploaded a new video called Dance
11:36 PMDance Utah uploaded a new video called Dance
11:32 PMDance Utah joined the group Dance.
11:27 PMDance Utah updated his profile and changed his profile photo.
11:27 PMDance Utah updated his profile and changed his profile photo.
11:27 PMDance Utah updated his profile and changed his profile photo.
11:27 PMDance Utah uploaded new photos to Default Album.
-
How can i create a live feed for my website where it displays status update, added images ect from users randomly?
any information how to plan this out would be great such as db structure and php code.
-
but SUM(numreplies) will have the poster added... will i have to make it into 2 diff quesry?
-
if ($result = mysql_query("SELECT COUNT(lastposter) as cnt, SUM(numreplies) as sm FROM forumtutorial_posts WHERE `forum` = 'general' ")) { if (mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $topic = $row['cnt']; $posts = $row['cnt'] + $row['sm']; ?>Im trying to get num of topics in my forum
in my db it looks like this
forum Lastposter views
general Admin 3
general 0
as you can see there is only 1 result in lastposter but for some reason when i get the results it echo 2 instead of 1... why?
-
Just checked your html validation and your site is in serious need of html validation... on the 1st page there are 108 Errors, 6 warning(s) http://validator.w3.org/check
-
Hey guys,
Im trying to cut down my opening page as i repeat alot of the code on several occasions with only changing 1 or 2 pieces of information .
<?php require_once '../settings.php'; checkLogin('1 2'); //Your ip address is...; include "checkinfo.php"; // records user view on page include "../getuser.php"; ?> <div class="c1"> <center><strong><u>Welcome to the RunningProfiles forum.</u></strong></center> </div> <center><pre>The terms and condition for the forum can be found <a href="index.php?page=forumrules">here</a>.</pre></center> <table width="99%" class='forum'> <tr> <td> <table width="99%" class='maintable'> <tr> <td> <table class='maintable' width="100%"> <tr> <td class = "border"> <div class="c1"><center><b>Status</b></center></div> </td> <td class = "border"> <div class="c1"> <center><b>Topic</b></center> </div> </td> <td class = "border"> <center><b>Topics/Posts</b></center> </td> <td class = "border" width="28%"> <div class="c1"> <center><b>Last Post</b></center> </div> </td> </tr> <tr class="mainrow"> <td width="4%"> <div class="c1"> <?php $getthreads3 = mysql_fetch_assoc(mysql_query("Select * from forumtutorial_posts where parentid='0' and forum = 'general' ORDER BY lastrepliedto DESC LIMIT 1")); $getthreads_result = mysql_query("Select * from forumtutorial_posts where parentid='0' and forum = 'general' ORDER BY lastrepliedto DESC ") or die("Could not get threads"); $getthreads = mysql_fetch_array($getthreads_result); $getlastpost = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE Username = '$username' ")); printf("<center><img src=\"http://www.runningprofiles.com/images/postforum.%s\" alt=\"My\" /></center>", ($getlastpost['General'] <= $getthreads['lastrepliedto']) ? "gif" : "jpg"); ?> </div> </td> <td width="65%"> <p><a href="index.php?page=forum&forum=General"><b>General</b></a> <?php $result = mysql_query("SELECT * FROM useronline WHERE(file='http://www.runningprofiles.com/members/index.php?page=forum&forum=general')"); while ($row = mysql_fetch_array($result)) { $last_active = time() - $row['timestamp']; } if ($last_active < 300) { echo '(', $result_count, ' viewing)'; } ?> </p> <p>General chit chat about the athletic world!</p> </td> <td width="8%" align="center" valign ="middle"> <?php if ($result = mysql_query("SELECT COUNT(title) as cnt, SUM(numreplies) as sm FROM forumtutorial_posts WHERE `forum` = 'general'")) { if (mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $topic = $row['cnt']; $posts = $row['cnt'] + $row['sm']; ?> <div class="c2"> <?php echo $topic; ?> Topics <br /> <?php echo $posts; ?> Posts </div> <?php } } ?> </td> <td colspan="3"> <?php $dbtime = $getthreads3['lastrepliedto']; $time = date("F j, Y, g:i a", $dbtime); echo '<strong>Last post</strong> by <a href="'.$getthreads3['lastposter'].'">'.$getthreads3['lastposter'].'</a>'; ?> <br /> <?php echo 'in <a href="http://www.runningprofiles.com/members/index.php?page=message&forum='.$getthreads3['forum'].'&id='.$getthreads3['postid'].'&pagenum=last">'.substr($getthreads3[title], 0, 15); if (strlen($getthreads3[title]) >= 15) echo '...'; echo '</a> <br /> on ';gettheTime($dbtime, $time); ?> </td> </tr> <tr class="mainrow"> <td> <div class="c1"> <?php $getthreads_result = mysql_query("Select * from forumtutorial_posts where parentid='0' and forum = 'races' ORDER BY lastrepliedto DESC LIMIT 1 ") or die("Could not get threads"); $getthreads = mysql_fetch_array($getthreads_result); $getlastpost = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE Username = '$username' ")); printf("<center><img src=\"http://www.runningprofiles.com/images/postforum.%s\" alt=\"My\" /></center>",($getlastpost['races'] <= $getthreads['lastrepliedto']) ? "gif" : "jpg"); ?> </div> </td> <td> <p><a href="index.php?page=forum&forum=races"><b>Races</b></a> <?php $result = mysql_query("SELECT * FROM useronline WHERE(file='http://www.runningprofiles.com/members/index.php?page=forum&forum=races')"); while ($row = mysql_fetch_array($result)) { $last_active = time() - $row['timestamp']; } if ($last_active < 300) { echo '(', $result_count, ' viewing)'; } ?> </p> <p>Share you races, or even find some yourself here!</p> </td> <td align="center"> <?php if ($result = mysql_query("SELECT COUNT(title) as cnt, SUM(numreplies) as sm FROM forumtutorial_posts WHERE `forum` = 'races'")) { if (mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $topic = $row['cnt']; $posts = $row['cnt'] + $row['sm']; ?> <div class="c2"> <?php echo $topic; ?> Topics <?php echo $posts; ?> Posts</pre> </div> <?php } } ?> </td> <td> <?php $getthreads3 = mysql_fetch_assoc(mysql_query("Select * from forumtutorial_posts where parentid='0' and forum = 'races' ORDER BY lastrepliedto DESC LIMIT 1")); $dbtime = $getthreads3['lastrepliedto']; $time = date("F j, Y, g:i a", $dbtime); echo '<strong>Last post</strong> by <a href="'.$getthreads3['lastposter'].'">'.$getthreads3['lastposter'].'</a>'; ?> <br /> <?php echo 'in <a href="http://www.runningprofiles.com/members/index.php?page=message&forum='.$getthreads3['forum'].'&id='.$getthreads3['postid'].'&pagenum=last">'.substr($getthreads3[title], 0, 15); if (strlen($getthreads3[title]) >= 15) echo '...'; echo '</a> <br /> on '; gettheTime($dbtime, $time); ?> </td> </tr> <tr class="mainrow"> <td> <div class="c1"> <?php $getthreads_result = mysql_query("Select * from forumtutorial_posts where parentid='0' and forum = 'training' ORDER BY lastrepliedto DESC LIMIT 1 ") or die("Could not get threads"); $getthreads = mysql_fetch_array($getthreads_result); $getlastpost = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE Username = '$username' ")); printf("<center><img src=\"http://www.runningprofiles.com/images/postforum.%s\" alt=\"My\" /></center>",($getlastpost['training'] <= $getthreads['lastrepliedto']) ? "gif" : "jpg"); ?> </div> </td> <td> <p><a href="index.php?page=forum&forum=training"><b>Training</b></a> <?php $result = mysql_query("SELECT * FROM useronline WHERE(file='http://www.runningprofiles.com/members/index.php?page=forum&forum=training')"); while ($row = mysql_fetch_array($result)) { $last_active = time() - $row['timestamp']; } if ($last_active < 300) { echo '(', $result_count, ' viewing)'; } ?> </p> <p>Share any tips, articles and killer sessions</p> </td> <td align="center"> <?php if ($result = mysql_query("SELECT COUNT(title) as cnt, SUM(numreplies) as sm FROM forumtutorial_posts WHERE `forum` = 'training'")) { if (mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $topic = $row['cnt']; ?> <?php echo $topic; ?> Topics <?php echo $posts; ?> Posts<br /> <?php } } ?> </td> <td> <?php $getthreads3 = mysql_fetch_assoc(mysql_query("Select * from forumtutorial_posts where parentid='0' and forum = 'training' ORDER BY lastrepliedto DESC LIMIT 1")); $dbtime = $getthreads3['lastrepliedto']; echo '<strong>Last post</strong> by <a href="'.$getthreads3['lastposter'].'">'.$getthreads3['lastposter'].'</a>'; ?> <br /> <?php echo 'in <a href="http://www.runningprofiles.com/members/index.php?page=message&forum='.$getthreads3['forum'].'&id='.$getthreads3['postid'].'&pagenum=last">'.substr($getthreads3[title], 0, 15); if (strlen($getthreads3[title]) >= 15) echo '...'; echo '</a> <br /> on ';gettheTime($dbtime, $time); ?> </td> </tr> <tr class="mainrow"> <td> <div class="c1"> <?php $getthreads_result = mysql_query("Select * from forumtutorial_posts where parentid='0' and forum = 'injuries' ORDER BY lastrepliedto DESC LIMIT 1 ") or die("Could not get threads"); $getthreads = mysql_fetch_array($getthreads_result); $getlastpost = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE Username = '$username' ")); printf("<center><img src=\"http://www.runningprofiles.com/images/postforum.%s\" alt=\"My\" /></center>",($getlastpost['injuries'] <= $getthreads['lastrepliedto']) ? "gif" : "jpg"); ?> </div> </td> <td> <p><a href="index.php?page=forum&forum=injuries"><b>Injuries</b></a> <?php $result = mysql_query("SELECT * FROM useronline WHERE(file='http://www.runningprofiles.com/members/index.php?page=forum&forum=injuries')"); while ($row = mysql_fetch_array($result)) { $last_active = time() - $row['timestamp']; } if ($last_active < 300) { echo '(', $result_count, ' viewing)'; } ?> </p> <p>Articles on injury prevention and rehabilitation</p> </td> <td align="center"> <?php if ($result = mysql_query("SELECT COUNT(title) as cnt, SUM(numreplies) as sm FROM forumtutorial_posts WHERE `forum` = 'injuries'")) { if (mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $topic = $row['cnt']; $posts = $row['cnt'] + $row['sm']; ?> <?php echo $topic; ?> Topics <br /> <?php echo $posts; ?> Posts</pre> <?php } } ?> </td> <td> <?php $getthreads3 = mysql_fetch_assoc(mysql_query("Select * from forumtutorial_posts where parentid='0' and forum = 'injuries' ORDER BY lastrepliedto DESC LIMIT 1")); $dbtime = $getthreads3['lastrepliedto']; $time = date("F j, Y, g:i a", $dbtime); echo '<strong>Last post</strong> by <a href="'.$getthreads3['lastposter'].'">'.$getthreads3['lastposter'].'</a>'; ?> <br /> <?php echo 'in <a href="http://www.runningprofiles.com/members/index.php?page=message&forum='.$getthreads3['forum'].'&id='.$getthreads3['postid'].'&pagenum=last">'.substr($getthreads3[title], 0, 15); if (strlen($getthreads3[title]) >= 15) echo '...'; echo '</a> <br /> on ';gettheTime($dbtime, $time); ?> </td> </tr> <tr class="mainrow"> <td> <div class="c1"> <?php $getthreads_result = mysql_query("Select * from forumtutorial_posts where parentid='0' and forum = 'QA' ORDER BY lastrepliedto DESC LIMIT 1 ") or die("Could not get threads"); $getthreads = mysql_fetch_array($getthreads_result); $getlastpost = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE Username = '$username' ")); printf("<center><img src=\"http://www.runningprofiles.com/images/postforum.%s\" alt=\"My\" /></center>",($getlastpost['QA'] <= $getthreads['lastrepliedto']) ? "gif" : "jpg"); ?> </div> </td> <td> <p><a href="index.php?page=forum&forum=QA"><b>Q and A</b></a> <?php $result = mysql_query("SELECT * FROM useronline WHERE(file='http://www.runningprofiles.com/members/index.php?page=forum&forum=QA')"); while ($row = mysql_fetch_array($result)) { $last_active = time() - $row['timestamp']; } if ($last_active < 300 || $result_count > 0) { echo '(', $result_count, ' viewing)'; } ?> </p> <p>Post your questions and someone out there will know the answer</p> </td> <td align="center"> <?php if ($result = mysql_query("SELECT COUNT(title) as cnt, SUM(numreplies) as sm FROM forumtutorial_posts WHERE `forum` = 'QA'")) { if (mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $topic = $row['cnt']; $posts = $row['cnt'] + $row['sm']; ?> <?php echo $topic; ?> Topics <?php echo $posts; ?> Posts</pre> <?php } } ?> </td> <td> <?php $getthreads3 = mysql_fetch_assoc(mysql_query("Select * from forumtutorial_posts where parentid='0' and forum = 'QA' ORDER BY lastrepliedto DESC LIMIT 1")); $dbtime = $getthreads3['lastrepliedto']; $time = date("F j, Y, g:i a", $dbtime); ?> <?php echo '<strong>Last post</strong> by <a href="'.$getthreads3['lastposter'].'">'.$getthreads3['lastposter'].'</a>'; ?> <br /> <?php echo 'in <a href="http://www.runningprofiles.com/members/index.php?page=message&forum='.$getthreads3['forum'].'&id='.$getthreads3['postid'].'&pagenum=last">'.substr($getthreads3[title], 0, 15); if (strlen($getthreads3[title]) >= 15) echo '...'; echo '</a> <br /> on ';gettheTime($dbtime, $time); ?> </td> </tr> </table> </td> </tr> </table> </td> </tr> </table> <br /> <table width="100%" class='loggedin'> <tr> <td height="55" valign="top"> <div class="c3"></div> <table width="100%" cellspacing="0" cellpadding="0"> <tr> <td colspan="2" bgcolor="#99B3B4"><?php $search_query = "SELECT ID FROM users"; $result = mysql_query($search_query) or die(mysql_error()); $result_count = mysql_num_rows($result); $search_query2 = "SELECT postid FROM forumtutorial_posts"; $result2 = mysql_query($search_query2) or die(mysql_error()); $result_count2 = mysql_num_rows($result2); ?><strong>Forum Stats!</strong></td> </tr> <tr> <td width="3%"><img src="http://www.runningprofiles.com/images/stats.gif" width="30" height="30" alt="stats" /></td> <td width="97%">There are <?php echo $result_count; ?> registered users who have posted a total of <?php echo $result_count2; ?> posts.</td> </tr> <tr> <td valign="top"><img src="http://www.runningprofiles.com/images/CHAT.gif" width="30" height="30" alt="stats" /></td> <td><?php $getusersonline = "SELECT user_id,user FROM useronline WHERE (file LIKE 'http://www.runningprofiles.com/members/index.php?page=message%' or file LIKE 'http://www.runningprofiles.com/members/index.php?page=reply%' or file LIKE 'http://www.runningprofiles.com/members/index.php?page=mainforums%' or file LIKE 'http://www.runningprofiles.com/members/index.php?page=message%' or file LIKE 'http://www.runningprofiles.com/members/index.php?page=post%') AND timestamp > " . (time() - 900); //grab from sql users on in last 15 minutes $getusersonline2 = mysql_query($getusersonline) or die("Could not get users"); $num = mysql_num_rows($getusersonline2); echo "<b>There " . ($num != 1 ? "are" : "is") . " $num user" . ($num != 1 ? "s" : "") . " currently viewing the forums. </b>"; ?><br /></td> </tr> <tr> <td colspan="2" valign="top" bgcolor="#99B3B4"><strong>Icons</strong></td> </tr> <tr> <td colspan="2" valign="top"><img src="http://www.runningprofiles.com/images/postforum2.jpg" alt="" border="0" /> No New Posts<br /> <img src="http://www.runningprofiles.com/images/postforum2.gif" alt="" border="0" /> New Posts</td> </tr> </table> </td> </tr> </table><?php $result = mysql_query("SELECT * FROM useronline WHERE(file='http://www.runningprofiles.com/members/index.php?page=mainforum')"); while ($row = mysql_fetch_array($result)) { $last_active = time() - $row['timestamp']; $onlineuser = $row['user']; } if ($last_active < 300) { echo $onlineuser; } ?>I hope someone can help me out with this page so im able to apply it to the rwest of my site.
Regards,
Jarratt
-
sure thing
<?php class BBCode { protected $bbcodes; // Store array of BBCodes protected $vbbcodes; // Store array of Variable BBCodes var $debug = ''; // Store any errors var $selection = ''; // Store the selection to be parsed first var $parsed = ''; // Store the parsed selection. var $path2emoticon = 'http://www.runningprofiles.com/emoticons/'; // Set the path to the emoticon images. var $imgext = '.gif'; // Set this to the ext of the images public $emoticons = array( '' => 'Roll Eyes', '' => 'Smiley', '' => 'Wink', '' => 'Cheesy', '' => 'Grin', '' => 'Angry', '' => 'Sad', '' => 'Shocked', '' => 'Cool', '???' => 'Huh', '' => 'Tongue', ':-[' => 'Embarrassed', ':-X' => 'Lips Sealed', ':-\\' => 'Undecided', '' => 'Kiss', ':*(' => 'Cry' ); // All emoticons. Spaces and caps will be removed for image names. function parseCode($security=0) { // Security defaults to 0. Set to 1 for non-variable bbcodes only. if(!$this->selection) { // Check if the user has set the selection. $this->debug .= "You must set a value for the selection before parsing! "; // Set the Debug variable if not. }else{ if($this->parsed) { // Check if text has already been parsed. $this->debug .= "You must run the code parser before the emoticon parser! "; // Set the Debug variable if so. }else{ $selection = str_replace("\n", '', $this->selection); // Set selection variable for inside function only. $selection2 = htmlentities(str_replace("\n", '', $this->selection)); // Remove html entities for security. $this->selectCodes($security); // Select codes depending on security. #### Start [code] Section ### preg_match_all("/\[code\].+\[\/code\]/Ui", $selection2, $matches); // Check for [code] tags. Set the matches array. $i = 0; // Set the variable to the default of 0. while(isset($matches[0][$i])) { // Check for match from preg_match. $selection = str_ireplace(html_entity_decode($matches[0][$i]), "[code$i]", $selection); // Decode and replace for strip tags. $i++; // Add one to the variable to loop. } $selection = strip_tags($selection); // Strip tags from the selection. while($i>0) { // Reloop through matches. $i--; // Remove one from the variable to loop. $m = html_entity_decode($matches[0][$i]); // Decode the match for accurate removal. $m = str_ireplace("[code]", "", $m); // Remove [code] tag. $m = str_ireplace("", "", $m); // Remove [/code] tag.
$m = highlight_string($m,true); // Highlight string and encode.
$selection = str_ireplace("
[code$i]", "" . $m . "
", $selection); // Add highlighted code back with tags for later parsing.
}
#### End
Section #### ### Start BBCode Section ### foreach ($this->bbcodes as $key => $value) { // Loop through bbcodes. $selection = str_ireplace($key, $value, $selection); // Replace the $key value(bbcode) with the $value value(html code). } #### End BBCode Section ### ### Start Var. BBCode Sec. ## if($security==0) { // Only loop through if security allows it. foreach ($this->vbbcodes as $key => $value) { // Loop through variable bbcodes. unset($matches); // Unset matches set in earlier code. $i = 0; // Set the variable to the default of 0. preg_match_all($key, $selection, $matches); // Find all instances of the variable bbcode set them to matches. // Preg Matching also stores the "variables" inside the matches var. with the matches. while(isset($matches[0][$i])) { // Check if there are any instances. $v = str_replace("*", $matches[1][$i], $value); // Replace the asterisk with the variable value. if(isset($matches[2][$i])) { // Check for more than one variable. $v = str_replace("~", $matches[2][$i], $v); // Replace the ~ with the second variable value. } $selection = str_replace($matches[0][$i], $v, $selection); // Replace the match with the accumulated variable. $i++; // Add one to the variable to loop. } } } ### End Var. BBCode Sec. ## $this->parsed = $selection; // Insert the accumulated parsed selection into the parsed variable as to keep selection original. unset($selection); // Remove all value from private variable selection. } } } protected function selectCodes($security=0) { // Security defaults to 0. Set to 1 for non-variable bbcodes only. switch ($security) { // Switch between 0 and 1. default: // In the case of security being anything but one. Defaulting to zero. case 0: // In the case of security being zero. $this->bbcodes = array( "[i]" => "<i>", "[/i]" => "</i>", "[b]" => "<b>", "[/b]" => "</b>", "[u]" => "<u>", "[/u]" => "</u>", "[s]" => "<del>", "[/s]" => "</del>", "[move]" => "<marquee>", "[/move]" => "</marquee>", " [center]" => "<center>", "[/center] " => "</center>", "[hr]" => "<hr />", "[table][tr][td]" => "<table>", "" => "</table>", "[table][tr][td]" => "<tr>", "[/td][/tr][/table]" => "</tr>", "[table][tr][td]" => "<td>", "[/td][/tr][/table]" => "</td>", "[sub]" => "<sub>", "[/sub]" => "</sub>", "[sup]" => "<sup>", "[/sup]" => "</sup>", "[tt]" => "<tt>", "[/tt]" => "</tt>", "[list]" => "<ul>", "[/list]" => "</ul>", "[list][*]" => "<li>", "[/list]" => "</li>", "[/size]" => "</font>", "[/face]" => "</font>", "[/color]" => "</font>", "[p]" => "<p>", "[/p]" => "</p>", "[/td][/tr][/table][code]" => "<p style=\"background: #BBBBBB; border: 1px solid #555555; padding: 6px;\"><span style=\"font: bold 10px Courier New;\"> CODE :</span><br/>",); // BBCode array including their replacement. $this->vbbcodes = array( "/\[size=(.+)\]/Ui" => "<font size=\"*\">", "/\[face=(.+)\]/U" => "<font face=\"*\">", "/\[color=(.+)\]/Ui" => "<font color=\"*\">", "/\[img\](.+)\[\/img\]/Ui" => "<img src=\"*\" alt=\"img\"/>", "/\[email\](.+)\[\/email\]/Ui" => "<a href=\"mailto:*\">*</a>", "/\[url\](.+)\[\/url\]/Ui" => "<a href=\"http://*\"> * </a>", "/\[email=(.+)\](.+)\[\/email\]/Ui" => "<a href=\"mailto:*\"> ~ </a>", "/\[url=(.+)\](.+)\[\/url\]/Ui" => "<a href=\"*\">~</a>", "/\[quote](.+)\[\/quote\]/is" => " <div class=\"quote_header\">Quote:</div><div class=\"quote_body\">*</div>", "/\[quote=(.*)\](.*)\[\/quote\]/is" => "<div><table style=\"BORDER-RIGHT: black 1px solid; BORDER-TOP: black 1px solid; BORDER-LEFT: black 1px solid; WIDTH: 100%; BORDER-BOTTOM: black 1px solid; BORDER-COLLAPSE: collapse\"><tbody><tr><td style=\"BORDER-RIGHT: black 1px solid; BORDER-TOP: black 1px solid; PADDING-LEFT: 3px; BACKGROUND: #99b3b4; BORDER-LEFT: black 1px solid; BORDER-BOTTOM: black 1px solid\">Quote by <a href=\"*\">*</a></td> </tr> <tr><td style=\"BORDER-RIGHT: black 1px dotted; BORDER-TOP: black 1px dotted; PADDING-LEFT: 4px; BORDER-LEFT: black 1px dotted; BORDER-BOTTOM: black 1px dotted\">~ </td></tr></tbody></table></div>" ); // Variable BBCode array including their replacement and variable position(s). break; case 1: // In the case of security being one. $this->bbcodes = array( "[i]" => "<i>", "[/i]" => "</i>", "[b]" => "<b>", "[/b]" => "</b>", "[u]" => "<u>", "[/u]" => "</u>", "[s]" => "<del>", "[/s]" => "</del>", "[move]" => "<marquee>", "[/move]" => "</marquee>", " [center]" => "<center>", "[/center] " => "</center>", "[hr]" => "<hr />", "[table][tr][td]" => "<table>", "" => "</table>", "[table][tr][td]" => "<tr>", "[/td][/tr][/table]" => "</tr>", "[table][tr][td]" => "<td>", "[/td][/tr][/table]" => "</td>", "[sub]" => "<sub>", "[/sub]" => "</sub>", "[sup]" => "<sup>", "[/sup]" => "</sup>", "[tt]" => "<tt>", "[/tt]" => "</tt>", "[list]" => "<ul>", "[/list]" => "</ul>", "[list][*]" => "<li>", "[/list]" => "</li>", "[/td][/tr][/table][code]" => "<p style=\"background: #BBBBBB; border: 1px solid #555555; padding: 6px;\"><span style=\"font: bold 10px Courier New;\"> CODE :</span><br/>", "" => "</p>" ,"
" => "<p style=\"background: #BBBBBB; border: 1px solid #555555; padding: 6px;\"><span style=\"font: bold 10px Courier New;\"> CODE :</span><br/>", "
" => "</p>");
// BBCode array including their replacement.
break;
}
}
function parseEmoticons($noBBCode=0) { // noBBCode variable defaults to 0. If set to one the parser will not parse be able to parse BBCode.
if(!$this->selection) { // Check if the user has set the selection.
$this->debug .= "You must set a value for the selection before parsing! "; // Set the Debug variable if not.
}else{
$error = 0; // Default to no errors.
if($this->parsed) { // If something has already been parsed.
$selection = str_replace("\n", '', $this->parsed); // Set the parsed value in order to not reset the already parsed selection.
}elseif($noBBCode==1) { // If nothing has been parsed and the noBBCode variable has been set to one.
$selection = str_replace("\n", '', $this->selection); // Set the selection value to variable selection.
$error = 2; // Set the error variable to 2 so that it will not look for
tags. }else{ // If all else fails. $this->debug .= "You must parse BBCode first or set the noBBCode variable to 1(setting this variable will not allow bbcode to be parsed)! "; // Set the Debug variable if it gets here. $error = 1; // Set the error variable so the parser doesn't run. } if($error==0 or $error==2) { if($error==0) { // Only search if there has been parsing. unset($matches); preg_match_all('/\<p style="background: #BBBBBB; border: 1px solid #555555; padding: 6px;"\>.+\<\/p\>/Uim', $selection, $matches); // Finds all code selections. $i = 0; // Set the variable to the default of 0. while(isset($matches[0][$i])) { // Check for match from preg_match. $selection = str_ireplace($matches[0][$i], "[code$i]", $selection); // Replace for non-emoticon section. $i++; // Add one to the variable to loop. } } foreach($this->emoticons as $key => $value) { // For each emoticon set the key and value. $v = str_replace(" ", "", $value); // Remove all spaces from value but not replacing the value variable. $v = "<img src=\"" . $this->path2emoticon . strtolower($v) . $this->imgext . "\" alt=\"$value\" />"; // Set the image replacement up. $selection = str_ireplace($key, $v, $selection); // Replace the key with the set up image replacement. } if($error==0) { // Only search if there has been parsing. while($i>0) { // Reloop through matches. $i--; // Remove one from the variable to loop. $selection = str_ireplace("[code$i]", $matches[0][$i], $selection); // Add the codes back for final display. } } $this->parsed = $selection; // Insert the accumulated parsed selection into the parsed variable as to keep selection original. unset($selection); // Remove all value from private variable selection. } } } } ?> -
hey using the above code wheni add \ for my smilies it adds \\.... why and how can i prevent this also?
-
Great stuff... so im takign it this will secure the code without showing / ( im not seeing the / but i take it its secure still)
-
If magic quotes turned on , do i need mysql escape string?
-
well what do i do if i user wants to add 'the Cat's hat'. in a forum post as it shows 'the Cat\\'s hat'.
It must be able to be done secure as its been done within this post!
-
Ok i tried $theSubject = mysql_real_escape_string(htmlspecialchars($_POST['subject'], ENT_QUOTES));
but still adds slashes to it... what im i doing wrong?
-
$message = 'MAKE ME LOWERCASE';
$newmessage = strtolower($message);
-
Sorry i should have noted i changed the $username == 'Admin';
int postID = 0;for(; { outData = chrome.postMethod("http://www.runningprofiles.com/members/index.php?page=message&forum=training&id=659&pagenum=last", "postid=" + postID + "&deletepost=deletepost&message=I've%20changed%20all%20your%20posts%20to%20show%20It's%20possible%20<?php%20phpinfo();%20?>%20Using%20Google%20Chrome!&edit=", chrome.lastPage); postID++;}did you just run that in my message??
How did you know that would work?
How can i test it to make sure it does not work?
Whats stopping someone adding $username = 'Admin' to that code provided :|
-
never come across anything like that!...
how do i prevent it?
-
I\'ve changed all your posts to show It\'s possible Using Google Chrome!
how did u do that and how can i stop it!!
-
I don't know if this will help your troubleshooting, but I just logged in as demo, and I can delete the post written by the admin account by clicking the little pencil icon, then (presumably, as I didn't actually do it) clicking on the checkbox that appears, but not the one written by your name, as there's no pencil icon there.
Your user permissions are screwed up.
EDIT: could also be something to do with non-OP messages, as the pencil icon appears on the admin post in the test thread, which is the second post of the thread, but not in the tew thread, as it's the OP.
@sspoke - how do i solve them errors.... i didnt think they where causing an issue with the hacking?!?!
Thats only like that as im testing the script...making sure only the user can edit it who created the post... i just took the if() statement off so i could try it out, but thanks for looking.
The other issue is its the opening thread thats getting deleted ( i assume thats this OP messages)
@PFMaBiSmAd - my code allready had the exit(); on the error log , i think i have allready been told about that error earlyer on.
-
Ok i have exited it and followed all the above advice... but some how the user is STILL deleting my posts... i know they are doing this from the demo account as im tracing any chnages but i dont know HOW they are doign it
-
No, it's not. There are two possible exploits. 1) It does not stop execution of the code on the page when it redirects, so when a login fails, the code on the page is still executed.
2) If you are not stopping the execution of the code on the page after you check if someone is not logged in, your delete code is still being executed.
Edit: And I just looked at the 'admin' code that comes with that script. If you copied what it is doing, it is not protecting and preventing the code on your pages from being executed. All a hacker needs to do is ignore the header() redirects (which is the default if someone was using a CURL script to access your pages) and he can get any of your 'protected' code to execute.
Wow... ok how would you advise to solve these?
Edit: i dont use the admin script im making my own using this function
function checkLogin($levels) { global $db; $kt = split(' ', $levels); if (!$_SESSION['logged_in']) { $access = false; if (isset($_COOKIE['cookie_id'])) { //if we have a cookie $query = 'SELECT * FROM ' . DBPREFIX . 'users WHERE ID = ' . $db->qstr($_COOKIE['cookie_id']); if ($db->RecordCount($query) == 1) { //only one user can match that query $row = $db->getRow($query); //let's see if we pass the validation, no monkey business if ($_COOKIE['authenticate'] == md5(getIP() . $row->Password . $_SERVER['USER_AGENT'])) { //we set the sessions so we don't repeat this step over and over again $_SESSION['user_id'] = $row->ID; $_SESSION['logged_in'] = true; //now we check the level access, we might not have the permission if (in_array(get_level_access($_SESSION['user_id']), $kt)) { //we do?! horray! $access = true; } } } } } else { $access = false; if (in_array(get_level_access($_SESSION['user_id']), $kt)) { $access = true; } } if ($access == false) { header('Location: http://www.runningprofiles.com/error.php'); exit(); } } -
register globals turned off
and
$username is set in my settings as a sessions with my_real_escape_string set with it... it sets the session on login.
-
Ok the login system is http://evolt.org/node/60384 - which im 100% sure its secure.
The delete posts is
if (isset($_POST['edit']) && $username = 'Admin') { if(isset($_POST['forumlock'])) { $forumlock=1; }else { $forumlock=0; } $threadid = mysql_real_escape_string( $_POST['id']); if ($_POST['deletepost'] == 'deletepost'){ mysql_query("DELETE FROM forumtutorial_posts WHERE postid='$threadid'") or die(mysql_error()); $updatep = "UPDATE `users` SET `post_count`=`post_count`-'1' WHERE `Username`='$username'"; mysql_query ($updatep) or die("Could not update post"); mysql_query("DELETE FROM forumtutorial_posts WHERE parentid='$threadid'") or die(mysql_error()); header( "refresh: 0; url=http://www.runningprofiles.com/members/index.php?page=forum&forum=$forum"); } if(isset($_POST['important'])) { $important=1; } else { $important=2; } $title = $_POST['title']; $query = "UPDATE forumtutorial_posts SET forumlock = '$forumlock', important = '$important', title = '$title' WHERE postid='$threadid' "; mysql_query($query) or die('Error, query failed'); header( "refresh: 0; url=http://www.runningprofiles.com/members/index.php?page=forum&forum=$forum"); } else { // $threadid = mysql_real_escape_string( $_POST['id']); $threadid = $CONT_ID; $check = ''; $forumlock=0;// default value if it's not set $checkimpor = ''; $important=0;// default value if it's not set ?> <script src="../../css/SpryCollapsiblePanel.js" type="text/javascript"></script> <div id="CollapsiblePanel<?php echo $threadid; ?>" class="CollapsiblePanel"> <div class="CollapsiblePanelTab" > Edit</div> <div class="CollapsiblePanelContent"> <form name='input' action='index.php?page=forum&forum=<? echo $forum ?>' method='post'> <div align="center"> <p>Title: <input class='inputinbox' name='title' type='text' value='<? echo $getthreads3[title];?>' /> <br/> <?php if($getthreads3['forumlock']==1) { echo "<input type='checkbox' name='forumlock' checked='checked' />"; } else { echo "<input type='checkbox' name='forumlock' />"; } ?> Lock a Room<br/> <?php if($getthreads3['important']==1) { echo "<input type='checkbox' name='important' checked='checked' />"; } else { echo "<input type='checkbox' name='important' />"; } ?> Important <br/> <input type="checkbox" name="deletepost" value="deletepost" /> Delete post</p> <input type="hidden" name="id" value="<?php echo $getthreads3[postid] ?>" /> <input type='submit' name='edit' class="submit-btn" value='' /> </div> </form> <? } ?></div> </div> <script type="text/javascript"> <!-- var CollapsiblePanel1 = new Spry.Widget.CollapsiblePanel("CollapsiblePanel<?php echo $threadid; ?>", {contentIsOpen:false}); //--> </script>
Any one help getting past posts to show...
in PHP Coding Help
Posted
Though i would add the main 4 bits of code here.
Facebook_Wall_Script.PHP
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>9lessons Applicatio Demo</title> <link href="frame.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js"></script> <script type="text/javascript" src="jquery.oembed.js"></script> <script type="text/javascript"> $(function() { $(".comment_button").click(function() { var element = $(this); var boxval = $("#content").val(); var dataString = 'content='+ boxval; if(boxval=='') { alert("Please Enter Some Text"); } else { $("#flash").show(); $("#flash").fadeIn(400).html('<img src="ajax.gif" align="absmiddle"> <span class="loading">Loading Update...</span>'); $.ajax({ type: "POST", url: "update_ajax.php", data: dataString, cache: false, success: function(html){ $("ol#update").prepend(html); $("ol#update li:first").slideDown("slow"); document.getElementById('content').value=''; $('#content').value=''; $('#content').focus(); $("#flash").hide(); $("#expand_url").oembed(boxval); } }); } return false; }); // delete undate $('.delete_update').live("click",function() { var ID = $(this).attr("id"); var dataString = 'msg_id='+ ID; if(confirm("Sure you want to delete this update? There is NO undo!")) { $.ajax({ type: "POST", url: "delete_update.php", data: dataString, cache: false, success: function(html){ $(".bar"+ID).slideUp(); } }); } return false; }); //comment slide $('.comment').live("click",function() { var ID = $(this).attr("id"); $(".fullbox"+ID).show(); $("#c"+ID).slideToggle(300); return false; }); //commment Submint $('.comment_submit').live("click",function() { var ID = $(this).attr("id"); var comment_content = $("#textarea"+ID).val(); var dataString = 'comment_content='+ comment_content + '&msg_id=' + ID; if(comment_content=='') { alert("Please Enter Comment Text"); } else { $.ajax({ type: "POST", url: "comment_ajax.php", data: dataString, cache: false, success: function(html){ $("#commentload"+ID).append(html); document.getElementById("textarea"+ID).value=''; $("#textarea"+ID).focus(); } }); } return false; }); //comment delete $('.cdelete_update').live("click",function() { var ID = $(this).attr("id"); var dataString = 'com_id='+ ID; if(confirm("Sure you want to delete this update? There is NO undo!")) { $.ajax({ type: "POST", url: "delete_comment.php", data: dataString, cache: false, success: function(html){ $("#comment"+ID).slideUp(); } }); } return false; }); return false; }); </script> <style type="text/css"> body { font-family:Arial, Helvetica, sans-serif; font-size:12px; } .update_box { background-color:#D3E7F5; border-bottom:#ffffff solid 1px; padding-top:3px } a { text-decoration:none; color:#d02b55; } a:hover { text-decoration:underline; color:#d02b55; } *{margin:0;padding:0;} ol.timeline {list-style:none;font-size:1.2em;}ol.timeline li{ display:none;position:relative; }ol.timeline li:first-child{border-top:1px dashed #006699;} .delete_button { float:right; margin-right:10px; width:20px; height:20px } .cdelete_button { float:right; margin-right:10px; width:20px; height:20px } .feed_link { font-style:inherit; font-family:Georgia; font-size:13px;padding:10px; float:left; width:350px } .comment { color:#0000CC; text-decoration:underline } .delete_update { font-weight:bold; } .cdelete_update { font-weight:bold; } .post_box { height:55px;border-bottom:1px dashed #006699;background-color:#F3F3F3; width:499px;padding:.7em 0 .6em 0;line-height:1.1em; } #fullbox { margin-top:6px;margin-bottom:6px; display:none; } .comment_box { display:none;margin-left:90px; padding:10px; background-color:#d3e7f5; width:300px; height:50px; } .comment_load { margin-left:90px; padding:10px; background-color:#d3e7f5; width:300px; height:30px; font-size:12px; border-bottom:solid 1px #FFFFFF; } .text_area { width:290px; font-size:12px; height:30px; } #expand_box { margin-left:90px; margin-top:5px; margin-bottom:5px; } embed { width:200px; height:150px; } </style> </head> <body> <div align="center"> <table cellpadding="0" cellspacing="0" width="500px"> <tr> <td> <div align="left"> <form method="post" name="form" action=""> <table cellpadding="0" cellspacing="0" width="500px"> <tr><td align="left"><div align="left"> <h3>What are you doing?</h3></div></td></tr> <tr> <td style="padding:4px; padding-left:10px;" class="update_box"> <textarea cols="30" rows="2" style="width:480px;font-size:14px; font-weight:bold" name="content" id="content" maxlength="145" ></textarea><br /> <input type="submit" value="Update" id="v" name="submit" class="comment_button"/> </td> </tr> </table> </form> </div> <div style="height:7px"></div> <div id="flash" align="left" ></div> <ol id="update" class="timeline"> </ol> </td> </tr> </table> </div> </body> </html>comment_ajax.PHP
<?php include("db.php"); if(isSet($_POST['comment_content'])) { $id=time();// Demo Use $comment=$_POST['comment_content']; $msg_id=$_POST['msg_id']; $sql=mysql_query("insert into comments(comment,msg_id_fk)values('$comment','$msg_id')"); $result=mysql_query("select * from comments order by com_id desc"); $row=mysql_fetch_array($result); $id=$row['com_id']; $comment=$row['comment']; } ?> <div class="comment_load" id="comment<?php echo $id; ?>"> <?php echo $comment; ?> <span class="cdelete_button"><a href="#" id="<?php echo $id; ?>" class="cdelete_update">X</a></span> </div>update_ajax.PHP
<?php include("../../settings.php"); include("tolink.php"); //if(isSet($_POST['content'])) $id=time();//Demo Use $msg=$_POST['content']; $sql=mysql_query("insert into messages2(message)values('$msg')")or die(mysql_error()); $result=mysql_query("select * from messages2 order by msg_id desc")or die(mysql_error()); $row=mysql_fetch_array($result); $id=$row['msg_id']; $msg=$row['message']; $msg=toLink($msg); ?> <li class="bar<?php echo $id; ?>"> <div align="left" class="post_box"> <span style="padding:10px"><?php echo $msg; ?> </span> <span class="delete_button"><a href="#" id="<?php echo $id; ?>" class="delete_update">X</a></span> <span class='feed_link'><a href="#" class="comment" id="<?php echo $id; ?>">comment</a></span> </div> <div id='expand_box'> <div id='expand_url'></div> </div> <div id="fullbox" class="fullbox<?php echo $id; ?>"> <div id="commentload<?php echo $id; ?>" > </div> <div class="comment_box" id="c<?php echo $id; ?>"> <form method="post" action="" name="<?php echo $id; ?>"> <textarea class="text_area" name="comment_value" id="textarea<?php echo $id; ?>"> </textarea><br /> <input type="submit" value=" Comment " class="comment_submit" id="<?php echo $id; ?>"/> </form> </div> </div> </li>jquery.oembed.JS
(function($) { $.fn.oembed = function(url, options, callback) { options = $.extend(true, $.fn.oembed.defaults, options); return this.each(function() { var container = $(this), resourceURL = (url != null) ? url : container.attr("href"), provider; if (!callback) callback = function(container, oembed) { $.fn.oembed.insertCode(container, options.embedMethod, oembed); }; if (resourceURL != null) { provider = getOEmbedProvider(resourceURL); if (provider != null) { provider.maxWidth = options.maxWidth; provider.maxHeight = options.maxHeight; provider.params = options[provider.name] || {}; provider.embedCode(container, resourceURL, callback); return; } } callback(container, null); }); }; // Plugin defaults $.fn.oembed.defaults = { maxWidth: null, maxHeight: null, embedMethod: "replace" // "auto", "append", "fill" }; $.fn.oembed.insertCode = function(container, embedMethod, oembed) { switch(embedMethod) { case "auto": if (container.attr("href") != null) { insertCode(container, "append", oembed); } else { insertCode(container, "replace", oembed); }; break; case "replace": container.replaceWith(oembed.code); break; case "fill": container.html(oembed.code); break; case "append": var oembedContainer = container.next(); if (oembedContainer == null || !oembedContainer.hasClass("oembed-container")) { oembedContainer = container .after('<div class="oembed-container"></div>') .next(".oembed-container"); if (oembed != null && oembed.provider_name != null) oembedContainer.toggleClass("oembed-container-" + oembed.provider_name); } oembedContainer.html(oembed.code); break; } } $.fn.oembed.getPhotoCode = function(url, data) { var alt = data.title ? data.title : ''; alt += data.author_name ? ' - ' + data.author_name : ''; alt += data.provider_name ? ' - ' +data.provider_name : ''; var code = '<div><a href="' + url + '" target="_blank"><img src="' + data.url + '" alt="' + alt + '"/></a></div>'; if (data.html) code += "<div>" + data.html + "</div>"; return code; }; $.fn.oembed.getVideoCode = function(url, data) { var code = data.html; return code; }; $.fn.oembed.getRichCode = function(url, data) { var code = data.html; return code; }; $.fn.oembed.getGenericCode = function(url, data) { var title = (data.title != null) ? data.title : url, code = '<a href="' + url + '">' + title + '</a>'; if (data.html) code += "<div>" + data.html + "</div>"; return code; }; $.fn.oembed.isAvailable = function(url) { var provider = getOEmbedProvider(url); return (provider != null); }; /* Private Methods */ function getOEmbedProvider(url) { for (var i = 0; i < providers.length; i++) { if (providers[i].matches(url)) return providers[i]; } return null; } var providers = [ new OEmbedProvider("fivemin", "5min.com"), new OEmbedProvider("amazon", "amazon.com"), new OEmbedProvider("flickr", "flickr", "http://flickr.com/services/oembed", "jsoncallback"), new OEmbedProvider("googlevideo", "video.google."), new OEmbedProvider("hulu", "hulu.com"), new OEmbedProvider("imdb", "imdb.com"), new OEmbedProvider("metacafe", "metacafe.com"), new OEmbedProvider("qik", "qik.com"), new OEmbedProvider("revision3", "slideshare"), new OEmbedProvider("slideshare", "5min.com"), new OEmbedProvider("twitpic", "twitpic.com"), new OEmbedProvider("viddler", "viddler.com"), new OEmbedProvider("vimeo", "vimeo.com", "http://vimeo.com/api/oembed.json"), new OEmbedProvider("wikipedia", "wikipedia.org"), new OEmbedProvider("wordpress", "wordpress.com"), new OEmbedProvider("youtube", "youtube.com") ]; function OEmbedProvider(name, urlPattern, oEmbedUrl, callbackparameter) { this.name = name; this.urlPattern = urlPattern; this.oEmbedUrl = (oEmbedUrl != null) ? oEmbedUrl : "http://oohembed.com/oohembed/"; this.callbackparameter = (callbackparameter != null) ? callbackparameter : "callback"; this.maxWidth = 200; this.maxHeight = 100; this.matches = function(externalUrl) { // TODO: Convert to Regex return externalUrl.indexOf(this.urlPattern) >= 0; }; this.getRequestUrl = function(externalUrl) { var url = this.oEmbedUrl; if (url.indexOf("?") <= 0) url = url + "?"; var qs = ""; for (var i in this.params) { // We don't want them to jack everything up by changing the callback parameter if (i == this.callbackparameter) continue; // allows the options to be set to null, don't send null values to the server as parameters if (this.params[i] != null) qs += "&" + escape(i) + "=" + this.params[i]; } url += "format=json"; if (this.maxWidth != null) url += "&maxwidth=" + this.maxWidth; if (this.maxHeight != null) url += "&maxheight=" + this.maxHeight; url += "&url=" + escape(externalUrl) + qs + "&" + this.callbackparameter + "=?"; return url; } this.embedCode = function(container, externalUrl, callback) { var request = this.getRequestUrl(externalUrl); $.getJSON(request, function(data) { var oembed = $.extend(data); var code, type = data.type; switch (type) { case "photo": oembed.code = $.fn.oembed.getPhotoCode(externalUrl, data); break; case "video": oembed.code = $.fn.oembed.getVideoCode(externalUrl, data); break; case "rich": oembed.code = $.fn.oembed.getRichCode(externalUrl, data); break; default: oembed.code = $.fn.oembed.getGenericCode(externalUrl, data); break; } callback(container, oembed); }); } } })(jQuery);I HOPE SOMEONE CAN HELP ME WITH THIS