runnerjp Posted August 2, 2008 Share Posted August 2, 2008 i have my report user code set up (shown below) <link rel="stylesheet" type="text/css" href="http://www.runningprofiles.com/css/login.css"><?php session_start(); require_once '../settings.php'; checkLogin ('1 2'); $user= get_username($_SESSION['user_id']); $query = "SELECT * FROM users WHERE Username = '$user' LIMIT 1"; if ($result = mysql_query($query)){ if (mysql_num_rows($result)) { $array = mysql_fetch_assoc($result); $pemail = $array['Email']; $puser = $array['Username']; $pid = $array['ID']; }} if(isset($_POST['reason'])) { $userid=$_POST['User id']; $msgid=$_GET["msgid"]; $reportuser=$_GET["user"]; $username=$_POST['Username']; $useremail=$_POST['Useremail']; $reason=$_POST['reason']; if(strlen($reason)<1) { print "You did not type in a reason."; //no post entered } else { $thedate=date("U"); //get unix timestamp $displaytime=date("F j, Y, g:i a"); //we now strip HTML injections $userid=$_POST['Userid']; $msgid=$_GET["msgid"]; $reportuser=$_GET["user"]; $username=$_POST['Username']; $useremail=$_POST['Useremail']; $reason=$_POST['reason']; $userid=strip_tags($userid); $msgid=strip_tags($msgid); $reportuser=strip_tags($reportuser); $username=strip_tags($username); $reason=strip_tags($reason); $insertpost="INSERT INTO reports(userid,username,useremail,reportid,reportuser,reportreason) values('$userid','$username','$useremail','$msgid','$reportuser','$reason')"; mysql_query($insertpost) or die("Could not insert post"); //insert post print "Your message has been sent to our team and will be dealt with. We would like to thankyou for helping us out keep the site user friendly."; } } else { ?> Use this function to inform the moderators and administrators of an abusive or wrongly posted message. Please note that your email address will be revealed to the administrators and moderators if you use this. <form action="<?php "$_SERVER[php_SELF]" ?>" method="post" name="report"> <input name="Userid" type="hidden" value="<?php echo $pid; ?>"> <input name="Username" type="hidden" value="<?php echo $puser; ?>"> <input name="Useremail" type="hidden" value="<?php echo $pemail; ?>"> <input name="reportuser" type="hidden" value="<?php echo $_GET["msgid"]; ?>"> <input name="reportid" type="hidden" value="<?php echo $_GET["msgid"]; ?>"> <label> <div align="center"><br> Reason <input class="inputforum" type="text" name="reason" id="reason"> <br> </div> </label> <div align="center"> <input name="submitButtonName" type="submit" class="submit-btn" value=""> </div> </form> <?php }?> but is there away that this page can only be shown if they have come a certain page so for example the link to the report page is on www.mysite.com/before.. unless the last page was this then they cannot submit the form even if they went to www.mysite.com/report... thought i could avoid users messing with the form this way Link to comment https://forums.phpfreaks.com/topic/117830-advice-needed-on-report-user-code/ Share on other sites More sharing options...
ohdang888 Posted August 2, 2008 Share Posted August 2, 2008 check to see if they submitted your form: this does it all. <?php if(isset($_POST['submit'])){ perform the form action here } ?> Link to comment https://forums.phpfreaks.com/topic/117830-advice-needed-on-report-user-code/#findComment-606067 Share on other sites More sharing options...
cooldude832 Posted August 2, 2008 Share Posted August 2, 2008 the variable $_SERVER holds info like this http://us2.php.net/manual/en/reserved.variables.server.php But the reliability of the data is questionable since it comes from the end user and is easy to change if you wanted to be super sure they came from the right page you can use sessions on the page you want to be the referring page add in a line at the top <?php session_start(); $_SESSION['SecretFormPW'] = "Monkey"; ?> Then on the next page simply put <?php session_start(); if($_SESSION['SecretFormPW'] != "Monkey"){ #die not proper refer } else{ #show form } ?> Link to comment https://forums.phpfreaks.com/topic/117830-advice-needed-on-report-user-code/#findComment-606073 Share on other sites More sharing options...
runnerjp Posted August 2, 2008 Author Share Posted August 2, 2008 wow sounds like a good option to use but i added the code as above yet i can still access the page via typing it in Link to comment https://forums.phpfreaks.com/topic/117830-advice-needed-on-report-user-code/#findComment-606089 Share on other sites More sharing options...
cooldude832 Posted August 2, 2008 Share Posted August 2, 2008 lets see the code Link to comment https://forums.phpfreaks.com/topic/117830-advice-needed-on-report-user-code/#findComment-606097 Share on other sites More sharing options...
runnerjp Posted August 2, 2008 Author Share Posted August 2, 2008 ok so i hav my forum <link rel="stylesheet" type="text/css" href="http://www.runningprofiles.com/css/login.css"> <link rel="stylesheet" type="text/css" href="http://www.runningprofiles.com/members/include/style.css"> <?php include "connect.php"; //mysql db connection here $_SESSION['SecretFormPW'] = "runningprofiles"; $id=$_GET['id']; $id1 = $_SESSION['user_id']; $timestamp = time(); $timeout = $timestamp - 180; $username= get_username($_SESSION['user_id']); function selfURL() { $s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" : ""; $protocol = strleft(strtolower($_SERVER["SERVER_PROTOCOL"]), "/").$s; $port = ($_SERVER["SERVER_PORT"] == "80") ? "" : (":".$_SERVER["SERVER_PORT"]); return $protocol."://".$_SERVER['SERVER_NAME'].$port.$_SERVER['REQUEST_URI']; } function strleft($s1, $s2) { return substr($s1, 0, strpos($s1, $s2)); } $filename = (selfURL()); //Insert User $insert = mysql_query("REPLACE INTO `useronline` SET `timestamp`='$timestamp', `ip`='".$_SERVER['REMOTE_ADDR']."', `file`='$filename',`user`='$username',`user_id`='".$_SESSION['user_id']."'") or die(mysql_error()); $pagenum = isset($_GET['pagenum']) ? $_GET['pagenum'] : "1"; $gettopic="SELECT * from forumtutorial_posts where postid='$id'"; $gettopic2=mysql_query($gettopic) or die("Could not get topic"); $gettopic3=mysql_fetch_array($gettopic2); ?> <A href="index.php?page=index">Back to main forum</a>-<A href="index.php?page=post">New Topic</a>- <? if ($gettopic3['locked'] == 0){ ?><A href="index.php?page=reply&id=<? echo $id ?>">Reply<br> </A> <?php //Here we count the number of results //Edit $data to be your query $data = mysql_query("SELECT * from forumtutorial_posts where parentid='$id'") or die(mysql_error()); $rows = mysql_num_rows($data); //This is the number of results displayed per page $page_rows = 4; //This sets the range to display in our query $max = 'limit ' .($pagenum - 1) * $page_rows .',' .$page_rows; //This is your query again, the same one... the only difference is we add $max into it { ?> <? }?> <p><A href='index.php?page=mainforums'><img src="http://www.runningprofiles.com/images/homeforum.gif" alt="home" border="0" /></a><A href='index.php?page=post&forum=<?php echo $forum; ?>'><img src="http://www.runningprofiles.com/images/new_post.gif" border="0" /></a></p> <p>users viewing forum = <? $result = mysql_query("SELECT * FROM useronline WHERE(file='http://www.runningprofiles.com/members/index.php?page=message&forum=$forum&id=$id')"); while($row = mysql_fetch_array( $result )) { $last_active = time() - $row['timestamp']; $onlineuser = $row['user']; } if($last_active < 300) { echo $onlineuser; } ?></p> <table class='maintable'> <tr class='headline'><td width=11%>Author</td> <td width=89%>Post</td> </tr> <?php if ($pagenum == 1){ ?> <tr class='mainrow'><td valign='top'><div align="center"><?php //We need to add a Little variable that will automatically increase so that //Each div (container) in the editforum.php script is unique: $CONT_ID = 1; echo $gettopic3['author'] ;?></div> <p align="center"> <? $query = "SELECT * FROM users WHERE Username = '".$gettopic3['author']."' LIMIT 1"; if ($result = mysql_query($query)){ if (mysql_num_rows($result)) { $array = mysql_fetch_assoc($result); $image = $array['image']; $postnum = $array['post_count']; echo "<img src=\"http://www.runningprofiles.com/members/images/mini/$image\" border=\"1\" />";?> <p> No posts: <?php echo $postnum;?> <p> <?php $result = mysql_query("SELECT * FROM useronline WHERE(user='".$gettopic3['author']."')"); while($row = mysql_fetch_array( $result )) { $last_active = time() - $row['timestamp']; } if($last_active < 300) { ?> <span class="online">online</span> <? } else { echo "Last Online: "; }?> <p> <? } } ?> </p></td> <td valign='top'>created on <? $dbtime=$gettopic3['showtime']; $time = date("F j Y, g:i a", $dbtime); echo $time;?> <br> <hr> <p> <?php $message=$gettopic3['post']; $message=nl2br($message); ?> <?php echo $message ?></p> <p><br> <?php { include 'editmessage.php'; //Now increase it: $CONT_ID++; } ; ; ?> </p> <p><a href="index.php?page=report&user=<?php echo $gettopic3['author'];?>&msgid=<?php echo $gettopic3['postid'];?>">Report to Admin</a></p></td></tr> <?php } $getreplies="Select * from forumtutorial_posts where parentid='$id' ORDER BY showtime $max"; //getting replies $getreplies2=mysql_query($getreplies) or die(mysql_error()."Could not get replies"); while($getreplies3=mysql_fetch_array($getreplies2)) { ?><tr class='mainrow'><td valign='top'><?php echo $getreplies3['author'];?> <p> <? $query = "SELECT * FROM users WHERE Username = '".$getreplies3['author']."' LIMIT 1"; if ($result = mysql_query($query)){ if (mysql_num_rows($result)) { $array = mysql_fetch_assoc($result); $image = $array['image']; $postnum = $array['post_count']; echo "<img src=\"http://www.runningprofiles.com/members/images/mini/$image\" border=\"1\" />";?> <p> No posts: <?php echo $postnum;?> <p> <?php $result = mysql_query("SELECT * FROM useronline WHERE(user='".$getreplies3['author']."')"); while($row = mysql_fetch_array( $result )) { $last_active = time() - $row['timestamp']; } if($last_active < 300) { ?> <span class="online">online</span> <? } else { echo "Last Online: "; }?> <p> <? } }?> </p></td><td vakign='top'>replied at <? $dbtime=$getreplies3['showtime']; $time = date("F j Y, g:i a", $dbtime); echo $time;?> <br> <hr> <p> <?php $message=$getreplies3['post']; $message=nl2br($message); ?> <?php echo $message?></p> <p><br> <?php include 'editmessage.php'; //Now increase it: $CONT_ID++; ; ?> </p> <p><a href="index.php?page=report&user=<?php echo $getreplies3['author'];?>&msgid=<?php echo $getreplies3['postid'];?>">Report to Admin</a></p></td></tr> <? } ?> </table> <? echo "<br>"; } // Find out the total number of pages depending on the limit set $numofpages = $rows / $page_rows; $totalpages = ceil($numofpages); // Start links for pages $maxpage = $totalpages == 0 ? 1 : $totalpages; // add this line echo "<p align=center>Page $pagenum of $maxpage <br /> "; // change this // Sets link for previous 25 and return to page 1 if($pagenum != 1){ $pageprev = ($pagenum - 1); echo "<a href=\"".$_SERVER['PHP_SELF']."?page=message&id=$id&pagenum=1\"><<</a> "; echo "<a href=\"".$_SERVER['PHP_SELF']."?page=message&id=$id&pagenum=$pageprev\">PREV </a> "; }else{ echo "PREV "; } // Loop thru all the pages and echo out the links for($i = 1; $i <= $numofpages; $i++){ if($i == $pagenum){ echo "[".$i."] "; }else{ echo "<a href=\"".$_SERVER['PHP_SELF']."?page=message&id=$id&pagenum=$i\">$i</a> "; } } // Check for straglers after the limit blocks if(($rows % $page_rows) != 0){ if($i == $pagenum){ echo "[".$i."] "; }else{ echo "<a href=\"".$_SERVER['PHP_SELF']."?page=message&id=$id&pagenum=$i\">$i</a> "; } } // Print out the Next 25 and Goto Last page links if(($rows - ($page_rows * $pagenum)) > 0){ $pagenext = $pagenum++; echo "<a href=\"".$_SERVER['PHP_SELF']."?page=message&id=$id&pagenum=$pagenext\">NEXT </a> "; echo "<a href=\"".$_SERVER['PHP_SELF']."?page=message&id=$id&pagenum=$totalpages\">>></a> "; }else{ echo("NEXT"); } echo "</p>"; ?> </body> </html> and then the page that the link sends you too <link rel="stylesheet" type="text/css" href="http://www.runningprofiles.com/css/login.css"><?php session_start(); require_once '../settings.php'; checkLogin ('1 2'); if($_SESSION['SecretFormPW'] != "runningprofiles"){ echo 'error';} else { $user= get_username($_SESSION['user_id']); $query = "SELECT * FROM users WHERE Username = '$user' LIMIT 1"; if ($result = mysql_query($query)){ if (mysql_num_rows($result)) { $array = mysql_fetch_assoc($result); $pemail = $array['Email']; $puser = $array['Username']; $pid = $array['ID']; }} if(isset($_POST['reason'])) { $userid=$_POST['Userid']; $msgid=$_GET["msgid"]; $reportuser=$_GET["user"]; $username=$_POST['Username']; $useremail=$_POST['Useremail']; $reason=$_POST['reason']; if(strlen($reason)<1) { print "You did not type in a reason."; //no post entered } else { $displaytime=date("F j, Y, g:i a"); //we now strip HTML injections $userid=$_POST['Userid']; $msgid=$_GET["msgid"]; $reportuser=$_GET["user"]; $username=$_POST['Username']; $useremail=$_POST['Useremail']; $reason=$_POST['reason']; $userid=strip_tags($userid); $msgid=strip_tags($msgid); $reportuser=strip_tags($reportuser); $username=strip_tags($username); $reason=strip_tags($reason); $insertpost="INSERT INTO reports(userid,username,useremail,reportid,reportuser,reportreason,date) values('$userid','$username','$useremail','$msgid','$reportuser','$reason','$displaytime')"; mysql_query($insertpost) or die("Could not insert post"); //insert post print "Your message has been sent to our team and will be dealt with. We would like to thankyou for helping us out keep the site user friendly. "; } } else { ?> Use this function to inform the moderators and administrators of an abusive or wrongly posted message. Please note that your email address will be revealed to the administrators and moderators if you use this. <form action="<?php "$_SERVER[php_SELF]" ?>" method="post" name="report"> <input name="Userid" type="hidden" value="<?php echo $pid; ?>"> <input name="Username" type="hidden" value="<?php echo $puser; ?>"> <input name="Useremail" type="hidden" value="<?php echo $pemail; ?>"> <input name="reportuser" type="hidden" value="<?php echo $_GET["msgid"]; ?>"> <input name="reportid" type="hidden" value="<?php echo $_GET["msgid"]; ?>"> <label> <div align="center"><br> Reason <input class="inputforum" type="text" name="reason" id="reason"> <br> </div> </label> <div align="center"> <input name="submitButtonName" type="submit" class="submit-btn" value=""> </div> </form> <?php }}?> Link to comment https://forums.phpfreaks.com/topic/117830-advice-needed-on-report-user-code/#findComment-606100 Share on other sites More sharing options...
cooldude832 Posted August 2, 2008 Share Posted August 2, 2008 session_start() has to go ontop of any output Link to comment https://forums.phpfreaks.com/topic/117830-advice-needed-on-report-user-code/#findComment-606101 Share on other sites More sharing options...
runnerjp Posted August 2, 2008 Author Share Posted August 2, 2008 i added session_start too them both yet still not working Link to comment https://forums.phpfreaks.com/topic/117830-advice-needed-on-report-user-code/#findComment-606111 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.