Help -- can not add member from ACP

[steveeyes]

Everything was working fine until today. Now when I want to add a new user from the ACP I get the following error:

DB Error: Bad SQL Query: INSERT INTO 4images_users (user_id, user_level, user_name, user_password, user_email, user_showemail, user_allowemails, user_invisible, user_joindate, user_activationkey, user_lastaction, user_lastvisit, user_comments, user_homepage, user_icq, user_limit, user_country, user_first, user_height, user_weight, user_DOB, user_religion, user_ed, user_meet, user_self, user_phone, user_cell, user_job, user_age, user_sex) VALUES (215, 2, 'jack', 'eac572796cb9c7590471c38157f91cf2', 'jack@jack.com', 1, 1, 0, 1173991795, '9a63dea52c857dfec51aa1fd2d6cd6b7', 1173991795, 1173991795, 0, '', '', , 'usa', 'jack', '5\'10\"', '180', 'jan 14 1953', 'none', 'college', 'pretty and kind', 'good looking', 'none', 'none', 'retired', 'none', '1')
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' 'usa', 'jack', '5\'10\"', '180', 'jan 14 1953', 'none', 'college', 'pretty and ' at line 4


I did modify the profile of 1.7.4 weeks ago but like I said all was working fine until today. I'm not sure what went wrong or if I have been hacked.

The user can still register from the front end. And once they are registered, I can still edit the user from the ACP.


 I only get the above error when I try to register a NEW  user from the ACP. I'm not sure where the new user FORM for the ACP is controlled from nor do I have any clue about SQL.

 Any help would be appreciated?

Thanks
Steve

[steveeyes]

I found the problem........

4images 1.7.4 does not work with user_limits mod. When I removed this mod all was back to normal. Too bad. That is an excelent mod. I hope SSL updates it for 1.7.4.

[getcom]

you can and it works if you make a few small changes to the install file like below.

See $user_limit tags in bold, or just use this file as your user limit install file.

################################################################################################
## Title: User Upload Limits for 4images - Image Gallery Management System.
## Version: 1.2
## Author: Silly Little Lamer <sll@dalnet.ru>
## Description: This Mod sets limits to the number of images, that user could upload to the gallery.
##      Default limit is set to all existing users during installation of this MOD, and can
##      be changed later via Control Panel. Individual upload limits for every user can also
##      be changed via Edit User Panel. Since this MOD is altering 4images database, please
##      go Control Panel and backup you database!
##
## New in v.1.2 - Daily limits + ability to check uploaded but not yet validated images.
##
##
## Installation Level:   Medium
## Installation Time:   20 Minutes
##
## Files To Edit: 6
##   /4images/member.php
##   /4images/register.php
##   /4images/admin/users.php
##   /4images/admin/settings.php
##   /4images/lang/english/admin.php
##   /4images/lang/english/main.php
##
################################################################################################
## BEFORE ADDING THIS MOD, YOU SHOULD BACK UP ALL FILES RELATED TO 4IMAGES INCLUDING DATABASE!
################################################################################################
#
#
# Unpack install_user_limits.php to your 4images root directory and run it. If you see "Success!"
# message, than all required fields and records were added to your database. Close this file, do
# not try to run in twice!
#
# Alternatively, you can perform these two queries manualy:
#
#   ALTER TABLE `4images_users` ADD `user_limit` SMALLINT(3) DEFAULT '5' NOT NULL;
#   INSERT INTO `4images_settings` (`setting_name`, `setting_value`) VALUES ('default_upload_limit', '5');
#
# Then modify all neccessary files as disribed below:
#
#-----[ OPEN ]----------------------------------------
#

/4images/member.php

#
#-----[ FIND ]----------------------------------------
#

if ($action == "uploadform") {
  if ($cat_id != 0 && (!isset($cat_cache[$cat_id]) || !check_permission("auth_upload", $cat_id))) {
    show_error_page($lang['no_permission']);
    exit;
  }

#
#-----[ REPLACE WITH ]--------------------------------
#

//-----------------------------------------------------
// --- Check User Limits ------------------------------
//-----------------------------------------------------

$user_id = $user_info['user_id'];

$clickstream = "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'];
if ($cat_id && isset($cat_cache[$cat_id])) {
  $clickstream .= get_category_path($cat_id, 1).$config['category_separator'];
}
$clickstream .= $lang['file_upload_error']."</span>";

   $site_template->register_vars(array(
      "clickstream" => $clickstream,
      "lang_no_limits" => $lang['no_limits'],
      "lang_no_limits_text" => $lang['no_limits_text'],
      "lang_already_loaded" => $lang['already_loaded'],
      "lang_show_my_images" => $lang['show_my_images'],
      "url_show_user_images" => $site_sess->url(ROOT_PATH."search.php?search_user=".$user_info['user_name'])
   ));


function check_daily_picture_limit($user_id) {
   global $site_db, $site_template;

$sql = "SELECT user_limit FROM ".USERS_TABLE." WHERE user_id = $user_id";
$result = $site_db->query($sql);
$row = $site_db->fetch_array($result);
$upload_limit = ($row['user_limit']);
$site_template->register_vars("upload_limit", $upload_limit);

$limit_cutoff = time() - 60 * 60 * 24;

$sql = "SELECT COUNT(*) AS num_rows_all
FROM ".IMAGES_TABLE."
WHERE image_active = 1 AND user_id=$user_id AND image_date > $limit_cutoff";
$row = $site_db->query_firstrow($sql);
$images_per_user = $row['num_rows_all'];

$site_template->register_vars("images_per_user", $images_per_user);

if($images_per_user >= $upload_limit) {
return false;
} else {
return true;
   }
}

function check_picture_limit($user_id) {
   global $site_db, $site_template;

$sql = "SELECT user_limit FROM ".USERS_TABLE." WHERE user_id = $user_id";
$result = $site_db->query($sql);
$row = $site_db->fetch_array($result);
$upload_limit = ($row['user_limit']);

$site_template->register_vars("upload_limit", $upload_limit);

$sql = "SELECT image_id FROM ".IMAGES_TABLE." WHERE user_id=$user_id";
$result = $site_db->query($sql);
$images_per_user = $site_db->get_numrows($result);

// $sql = "SELECT image_id FROM ".IMAGES_TEMP_TABLE." WHERE user_id=$user_id";
// $result = $site_db->query($sql);
// $tmp_images_per_user = $site_db->get_numrows($result);
// $images_per_user = $tmp_images_per_user + $images_per_user;

// Uncomment above four lines if you also want to check uploaded but not yet validated images against the user limit

$site_template->register_vars("images_per_user", $images_per_user);

if($images_per_user >= $upload_limit) {
return false;
} else {
return true;
   }
}

if ($action == "uploadform") {
 if ($cat_id != 0 && (!isset($cat_cache[$cat_id]) || !check_permission("auth_upload", $cat_id))) {
  show_error_page($lang['no_permission']);
  exit;
 }

if ($cat_id != 0 && (!isset($cat_cache[$cat_id]) || !check_picture_limit($user_id))) {
// if ($cat_id != 0 && (!isset($cat_cache[$cat_id]) || !check_daily_picture_limit($user_id))) {

//
// Depending on your requirements, you can either check against global or daily limit. For global check leave it as it is now.
// For daily limit comment first line and uncomment second one.
//

$site_template->print_template($site_template->parse_template("over_limit"));
include(ROOT_PATH.'includes/page_footer.php');
exit;
}

//-----------------------------------------------------

#
#-----[ OPEN ]----------------------------------------
#

/4images/register.php

#
#-----[ FIND ]----------------------------------------
#

    $sql = "INSERT INTO ".USERS_TABLE."
            (".get_user_table_field("", "user_id").get_user_table_field(", ", "user_level").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password").get_user_table_field(", ", "user_email").get_user_table_field(", ", "user_showemail").get_user_table_field(", ", "user_allowemails").get_user_table_field(", ", "user_invisible").get_user_table_field(", ", "user_joindate").get_user_table_field(", ", "user_activationkey").get_user_table_field(", ", "user_lastaction").get_user_table_field(", ", "user_lastvisit").get_user_table_field(", ", "user_comments").get_user_table_field(", ", "user_homepage").get_user_table_field(", ", "user_icq").$additional_field_sql.")
            VALUES
            ($user_id, $user_level, '$user_name', '".md5($user_password)."', '$user_email', $user_showemail, $user_allowemails, $user_invisible, $current_time, '$activationkey', $current_time, $current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";

#
#-----[ REPLACE WITH ]--------------------------------
#

    $user_limit= $config['default_upload_limit'];
    $sql = "INSERT INTO ".USERS_TABLE."
            (".get_user_table_field("", "user_id").get_user_table_field(", ", "user_level").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password").get_user_table_field(", ", "user_email").get_user_table_field(", ", "user_showemail").get_user_table_field(", ", "user_allowemails").get_user_table_field(", ", "user_invisible").get_user_table_field(", ", "user_joindate").get_user_table_field(", ", "user_activationkey").get_user_table_field(", ", "user_lastaction").get_user_table_field(", ", "user_lastvisit").get_user_table_field(", ", "user_comments").get_user_table_field(", ", "user_homepage").get_user_table_field(", ", "user_icq").(", ").('user_limit').$additional_field_sql.")
            VALUES
            ($user_id, $user_level, '$user_name', '".md5($user_password)."', '$user_email', $user_showemail, $user_allowemails, $user_invisible, $current_time, '$activationkey', $current_time, $current_time, 0, '$user_homepage', '$user_icq', '$user_limit'.$additional_value_sql.")";


#
#-----[ OPEN ]----------------------------------------
#


/4images/admin/users.php

#
#-----[ FIND ]----------------------------------------
#


$user_icq = (intval(trim($HTTP_POST_VARS['user_icq']))) ? intval(trim($HTTP_POST_VARS['user_icq'])) : "";

#
#-----[ AFTER ADD ]------------------------------------
#

$user_limit = intval($HTTP_POST_VARS['user_limit']);

#
#-----[ FIND ]----------------------------------------
#

    $sql = "UPDATE ".USERS_TABLE."
            SET ".get_user_table_field("", "user_level")." = $user_level, ".get_user_table_field("", "user_name")." = '$user_name',$passinsert ".get_user_table_field("", "user_email")." = '$user_email', ".get_user_table_field("", "user_showemail")." = $user_showemail, ".get_user_table_field("", "user_allowemails")." = $user_allowemails, ".get_user_table_field("", "user_invisible")." = $user_invisible, ".get_user_table_field("", "user_joindate")." = $user_joindate, ".get_user_table_field("", "user_lastaction")." = $user_lastaction, ".get_user_table_field("", "user_homepage")." = '$user_homepage', ".get_user_table_field("", "user_icq")." = '$user_icq'".$additional_sql."
            WHERE ".get_user_table_field("", "user_id")." = $user_id";

#
#-----[ REPLACE WITH ]--------------------------------
#

    $sql = "UPDATE ".USERS_TABLE."
    SET ".get_user_table_field("", "user_level")." = $user_level, ".get_user_table_field("", "user_name")." = '$user_name',$passinsert ".get_user_table_field("", "user_email")." = '$user_email', ".get_user_table_field("", "user_showemail")." = $user_showemail, ".get_user_table_field("", "user_allowemails")." = $user_allowemails, ".get_user_table_field("", "user_invisible")." = $user_invisible, ".get_user_table_field("", "user_joindate")." = $user_joindate, ".get_user_table_field("", "user_lastaction")." = $user_lastaction, ".get_user_table_field("", "user_homepage")." = '$user_homepage', ".get_user_table_field("", "user_icq")." = '$user_icq', user_limit='".$user_limit."'".$additional_sql."
            WHERE ".get_user_table_field("", "user_id")." = $user_id";

#
#-----[ FIND ]----------------------------------------
#

      $sql = "INSERT INTO ".USERS_TABLE."
            (".get_user_table_field("", "user_id").get_user_table_field(", ", "user_level").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password").get_user_table_field(", ", "user_email").get_user_table_field(", ", "user_showemail").get_user_table_field(", ", "user_allowemails").get_user_table_field(", ", "user_invisible").get_user_table_field(", ", "user_joindate").get_user_table_field(", ", "user_activationkey").get_user_table_field(", ", "user_lastaction").get_user_table_field(", ", "user_lastvisit").get_user_table_field(", ", "user_comments").get_user_table_field(", ", "user_homepage").get_user_table_field(", ", "user_icq").$additional_field_sql.")
                VALUES
              ($user_id, $user_level, '$user_name', '$user_password', '$user_email', $user_showemail, $user_allowemails, $user_invisible, $current_time, '$activationkey', $current_time, $current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";

#
#-----[ REPLACE WITH ]--------------------------------
#

      $sql = "INSERT INTO ".USERS_TABLE."
            (".get_user_table_field("", "user_id").get_user_table_field(", ", "user_level").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password").get_user_table_field(", ", "user_email").get_user_table_field(", ", "user_showemail").get_user_table_field(", ", "user_allowemails").get_user_table_field(", ", "user_invisible").get_user_table_field(", ", "user_joindate").get_user_table_field(", ", "user_activationkey").get_user_table_field(", ", "user_lastaction").get_user_table_field(", ", "user_lastvisit").get_user_table_field(", ", "user_comments").get_user_table_field(", ", "user_homepage").get_user_table_field(", ", "user_icq").(", user_limit").$additional_field_sql.")
                VALUES
              ($user_id, $user_level, '$user_name', '$user_password', '$user_email', $user_showemail, $user_allowemails, $user_invisible, $current_time, '$activationkey', $current_time, $current_time, 0, '$user_homepage', '$user_icq', '$user_limit'".$additional_value_sql.")";

#
#-----[ FIND ]----------------------------------------
#

show_input_row($lang['field_icq'], "user_icq", $user_row['user_icq'], $textinput_size);

#
#-----[ AFTER ADD ]------------------------------------
#

show_input_row($lang['field_limit'], "user_limit", $user_row['user_limit']);

#
#-----[ OPEN ]----------------------------------------
#

/4images/admin/settings.php

#
#-----[ FIND ]----------------------------------------
#

show_setting_row("max_media_size");

#
#-----[ AFTER ADD ]------------------------------------
#

show_setting_row("default_upload_limit");

#
#-----[ OPEN ]----------------------------------------
#

/4images/lang/english/admin.php

#
#-----[ FIND ]----------------------------------------
#

$setting['max_media_size'] = "Max. image size in KB";

#
#-----[ AFTER ADD ]------------------------------------
#

$setting['default_upload_limit'] = "Maximum number of images to upload<br /><span class=\"smalltext\">This value will be assigned to all new users as a default limit.</span>";

#
#-----[ FIND ]----------------------------------------
#

$lang['field_usergroup_name'] = "Name of User Group";

#
#-----[ AFTER ADD ]------------------------------------
#

$lang['field_limit'] = "Maximum number of images to upload";

#
#-----[ OPEN ]----------------------------------------
#

/4images/lang/english/main.php

#
#-----[ FIND ]----------------------------------------
#

//-----------------------------------------------------
//--- Admin Links -------------------------------------
//-----------------------------------------------------

#
#-----[ BEFORE ADD ]-----------------------------------
#

//-----------------------------------------------------
//--- Over Limits -------------------------------------
//-----------------------------------------------------

$lang['show_my_images'] = "You have uploaded {images_per_user} images to this site. Show all images uploaded by you?";
$lang['already_loaded'] = "<span class=\"smalltext\"><b>For your information:</b> you have uploaded <b>{images_per_user}</b> images out of <b>{upload_limit}</b> allowed for you.</span>";
$lang['no_limits'] = "Limit exceeded";
$lang['no_limits_text'] = "You have the limit of {upload_limit} images to upload to this site, and unfortunately you have reached this limit already.
                     You are not allowed to upload new images, but you still have the possibility to delete one or more of the images,
                     already uploaded by you. After that you will be able to upoad images here again.<br /><br />
                     If you feel, that it's absolutely neccessary for you to upload more images, please contact the <a href=\"mailto:{site_email}\">
                     Site Administrator.</a> Probably, your limits would be reconsidered...";
#
#-----[ COPY FILE ]----------------------------------------
#

over_limit.html to your template directory

#
#-----[ SAVE/UPLOAD ALL FILES ]-------------------------------------
#
#
# EoM