Author Topic: [Mod Req] Guestbook for every member (Read 78470 times)

Stoleti · « **Reply #15 on:** February 27, 2006, 02:09:24 AM »

Quote from: Lucifix on February 26, 2006, 07:05:23 PM

I am just curious if anyone has started building this mod? If not, maybe I could find some time and do it. But I cannot promise...

I hope you can do it , this is a nice features to increase more activity in galleries being used for communities or "dating" site

Lucifix · « **Reply #16 on:** March 02, 2006, 12:00:35 AM »

Just a quick update that I have almost finish this mod, but when it will be public release I could use a help from one exp. user to check it out.

Maybe is anyone already so kind and give me a hand?

Oh think I will publish it at the end of the week...

glitzer · « **Reply #17 on:** March 02, 2006, 10:51:54 AM »

JUPIEEE!!! I am very Happy that somebody create this mod!!

THanks a lot!

Stoleti · « **Reply #18 on:** March 02, 2006, 04:46:26 PM »

Quote from: Lucifix on March 02, 2006, 12:00:35 AM

Just a quick update that I have almost finish this mod, but when it will be public release I could use a help from one exp. user to check it out.

Maybe is anyone already so kind and give me a hand?

Oh think I will publish it at the end of the week...

well if you've none yet , i can help

trez · « **Reply #19 on:** March 04, 2006, 05:35:42 PM »

hey, how is the MOD going? Any release news?

Lucifix · « **Reply #20 on:** March 04, 2006, 05:54:53 PM »

It's saturday and I just came back from work. These days I am to busy to finish this mod.

I could post what it's done, but there are plenty of errors and maybe even some security issues...

Stoleti · « **Reply #21 on:** March 04, 2006, 05:57:06 PM »

About integrate Member Personal Picture (userpic) would be nice to show in comment(s) in user guestbook

Lucifix · « **Reply #22 on:** March 04, 2006, 06:23:06 PM »

All entries are seen in member profile which already contain member picture

trez · « **Reply #23 on:** March 04, 2006, 06:26:33 PM »

"good things require time"

- so we will be patient, because that's a wonderfull MOD

Take your time. If you need additional webspace for betatesting pm me.

Lucifix · « **Reply #24 on:** March 04, 2006, 06:39:30 PM »

As I said, I could post what did I do till now and we all finish it together? Becouse you could wait a week or two...

Stoleti · « **Reply #25 on:** March 04, 2006, 06:40:19 PM »

Quote from: Lucifix on March 04, 2006, 06:23:06 PM

All entries are seen in member profile which already contain member picture

I mean it because some people use "avatar" and another use member personal photo/picture as avatar (my case)

trez · « **Reply #26 on:** March 04, 2006, 06:54:05 PM »

Quote from: Lucifix on March 04, 2006, 06:39:30 PM

As I said, I could post what did I do till now and we all finish it together? Becouse you could wait a week or two...

Yes, maybe thats a idea too, i've created a test-gallery, so i can test it as soon as you post the code

Lucifix · « **Reply #27 on:** March 06, 2006, 11:57:14 PM »

Hi here is what I did till now...

WARNING THIS IS ONLY PRE-BETA VERSION AND IT'S FOR TESTERS! WAIT TILL WE FINISH IT THEN TRY IT

Open constants.php and before

Code: [Select]

define('CATEGORIES_TABLE', $table_prefix.'categories');
add this:

Code: [Select]

define('BOOK_TABLE', $table_prefix.'book');

Open member.php and after

Code: [Select]

    $content = $site_template->parse_template("member_profile");
  }
  else {
    $content = $lang['invalid_user_id'];
  }
}

add this:

Code: [Select]

//-----------------------------------------------------
//--- Save Book ------------------------------------
//-----------------------------------------------------
//$error = 0;

if ($action == "postbook" && isset($HTTP_POST_VARS[URL_ID])) { // postbook - postcomment
echo "aloha tole pa je šlo na save book<br><br>";
  $id2 = intval($HTTP_POST_VARS[URL_ID]);
  $id  = $_GET['user_id']; // pazi zaradi sql injekcij!!!
  $sql = "SELECT user_id, user_allow_book
          FROM ".USERS_TABLE."
          WHERE user_id = $id";
  $row = $site_db->query_firstrow($sql);
  
  echo $sql;

  if ($row['user_allow_book'] == 0) {
    $msg = $lang['book_deactivated'];

  }
  else {
    $user_name = un_htmlspecialchars(trim($HTTP_POST_VARS['user_name']));
    $book_headline = un_htmlspecialchars(trim($HTTP_POST_VARS['book_headline']));
    $book_text = un_htmlspecialchars(trim($HTTP_POST_VARS['book_text']));

    // Flood Check
    $sql = "SELECT book_ip, book_date
            FROM 4images_book
            WHERE book_id = $id
            ORDER BY book_date DESC
            LIMIT 1";
			  echo $sql;
    $spam_row = $site_db->query_firstrow($sql);
    $spamtime = $spam_row['book_date'] + 180;

    if ($session_info['session_ip'] == $spam_row['book_ip'] && time() <= $spamtime && $user_info['user_level'] != ADMIN)  {
      $msg .= (($msg != "") ? "<br />" : "").$lang['spamming'];
      $error = 1;
    }

    $user_name_field = get_user_table_field("", "user_name");
    if (!empty($user_name_field)) {
      if ($site_db->not_empty("SELECT $user_name_field FROM ".USERS_TABLE." WHERE $user_name_field = '".strtolower($user_name)."' AND ".get_user_table_field("", "user_id")." <> '".$user_info['user_id']."'")) {
        $msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
        $error = 1;
			echo "-4-";
      }
    }
    if ($user_name == "")  {
      $msg .= (($msg != "") ? "<br />" : "").$lang['name_required'];
      $error = 1;
	  			echo "-5-";
    }
    if ($book_text == "")  {
      $msg .= (($msg != "") ? "<br />" : "").$lang['book_required'];
      $error = 1;
	  echo "-7-";
    }

    if (!$error)  {
      $sql = "INSERT INTO 4images_book
              (profile_id, user_id, user_name, book_text, book_ip, book_date)
              VALUES
              ($id, ".$user_info['user_id'].", '$user_name', '$book_text', '".$session_info['session_ip']."', ".time().")";
      $site_db->query($sql);

      $bookid = $site_db->get_insert_id();
      update_book_count($id, $user_info['user_id']); 
    }
  }
  unset($row);
  unset($spam_row);
}

//-----------------------------------------------------
//--- Show book -----------------------------------
//-----------------------------------------------------
 if ($user_allow_book == 0) {
  $sql = "SELECT c.book_id, c.profile_id, c.user_id, c.user_name AS book_user_name, c.book_headline, c.book_text, c.book_ip, c.book_date".get_user_table_field(", u.", "user_level").get_user_table_field(", u.", "user_name").get_user_table_field(", u.", "user_email").get_user_table_field(", u.", "user_showemail").get_user_table_field(", u.", "user_invisible").get_user_table_field(", u.", "user_joindate").get_user_table_field(", u.", "user_lastaction").get_user_table_field(", u.", "user_book").get_user_table_field(", u.", "user_homepage").get_user_table_field(", u.", "user_icq")."
          FROM 4images_book c
          LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
          WHERE c.profile_id = $user_id
          ORDER BY c.book_date ASC";
  $result = $site_db->query($sql);


  $book_row = array();
  while ($row = $site_db->fetch_array($result)) {
    $book_row[] = $row;
  }
  $site_db->free_result($result);
  $num_book = sizeof($book_row);

  if (!$num_book) {
    $book = "<tr><td class=\"commentrow1\" colspan=\"2\">".$lang['no_book']."</td></tr>";
  }
  else {
    $book = "";
    $bgcounter = 0;
    for ($i = 0; $i < $num_book; $i++) {
      $row_bg_number = ($bgcounter++ % 2 == 0) ? 1 : 2;

      $book_user_email = "";
      $book_user_email_save = "";
      $book_user_mailform_link = "";
      $book_user_email_button = "";
      $book_user_homepage_button = "";
      $book_user_icq_button = "";
      $book_user_profile_button = "";
      $book_user_status_img = REPLACE_EMPTY;
      $book_user_name = htmlspecialchars($book_row[$i]['book_user_name']);
      $book_user_info = $lang['userlevel_guest'];

      $book_user_id = $book_row[$i]['user_id'];

      if (isset($book_row[$i][$user_table_fields['user_name']]) && $book_user_id != GUEST) {
        $book_user_name = htmlspecialchars($book_row[$i][$user_table_fields['user_name']]);

        $book_user_profile_link = !empty($url_show_profile) ? $site_sess->url(preg_replace("/{user_id}/", $book_user_id, $url_show_profile)) : $site_sess->url(ROOT_PATH."member.php?action=showprofile&amp;".URL_USER_ID."=".$book_user_id);
        $book_user_profile_button = "<a href=\"".$book_user_profile_link."\"><img src=\"".get_gallery_image("profile.gif")."\" border=\"0\" alt=\"".$book_user_name."\" /></a>";

        $book_user_status_img = ($book_row[$i][$user_table_fields['user_lastaction']] >= (time() - 300) && ((isset($book_row[$i][$user_table_fields['user_invisible']]) && $book_row[$i][$user_table_fields['user_invisible']] == 0) || $user_info['user_level'] == ADMIN)) ? "<img src=\"".get_gallery_image("user_online.gif")."\" border=\"0\" alt=\"Online\" />" : "<img src=\"".get_gallery_image("user_offline.gif")."\" border=\"0\" alt=\"Offline\" />";

        $book_user_homepage = (isset($book_row[$i][$user_table_fields['user_homepage']])) ? format_url($book_row[$i][$user_table_fields['user_homepage']]) : "";
        if (!empty($book_user_homepage)) {
          $book_user_homepage_button = "<a href=\"".$book_user_homepage."\" target=\"_blank\"><img src=\"".get_gallery_image("homepage.gif")."\" border=\"0\" alt=\"".$book_user_homepage."\" /></a>";
        }

        $book_user_icq = (isset($book_row[$i][$user_table_fields['user_icq']])) ? $book_row[$i][$user_table_fields['user_icq']] : "";
        if (!empty($book_user_icq)) {
          $book_user_icq_button = "<a href=\"http://wwp.icq.com/scripts/search.dll?to=".$book_user_icq."\" target=\"_blank\"><img src=\"http://web.icq.com/whitepages/online?icq=".$book_user_icq."&img=5\" width=\"18\" height=\"18\" border=\"0\" alt=\"".$book_user_icq."\" /></a>";
        }

        if (!empty($book_row[$i][$user_table_fields['user_email']]) && (!isset($book_row[$i][$user_table_fields['user_showemail']]) || (isset($book_row[$i][$user_table_fields['user_showemail']]) && $book_row[$i][$user_table_fields['user_showemail']] == 1))) {
          $book_user_email = $book_row[$i][$user_table_fields['user_email']];
          $book_user_email_save = str_replace("@", " at ", $book_row[$i][$user_table_fields['user_email']]);
          if (!empty($url_mailform)) {
            $book_user_mailform_link = $site_sess->url(preg_replace("/{user_id}/", $book_user_id, $url_mailform));
          }
          else {
            $book_user_mailform_link = $site_sess->url(ROOT_PATH."member.php?action=mailform&amp;".URL_USER_ID."=".$book_user_id);
          }
          $book_user_email_button = "<a href=\"".$book_user_mailform_link."\"><img src=\"".get_gallery_image("email.gif")."\" border=\"0\" alt=\"".$book_user_email_save."\" /></a>";
        }

        if (!isset($book_row[$i][$user_table_fields['user_level']]) || (isset($book_row[$i][$user_table_fields['user_level']]) && $book_row[$i][$user_table_fields['user_level']] == USER)) {
          $book_user_info = $lang['userlevel_user'];
        }
        elseif ($book_row[$i][$user_table_fields['user_level']] == ADMIN) {
          $book_user_info = $lang['userlevel_admin'];
        }

        $book_user_info .= "<br />";
        $book_user_info .= (isset($book_row[$i][$user_table_fields['user_joindate']])) ? "<br />".$lang['join_date']." ".format_date($config['date_format'], $book_row[$i][$user_table_fields['user_joindate']]) : "";
        $book_user_info .= (isset($book_row[$i][$user_table_fields['user_book']])) ? "<br />".$lang['book']." ".$book_row[$i][$user_table_fields['user_book']] : "";
      }

      $book_user_ip = ($user_info['user_level'] == ADMIN) ? $book_row[$i]['book_ip'] : "";

      $admin_links = "";
      if ($user_info['user_level'] == ADMIN) {
        $admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("book.php?action=editbook&amp;book_id=".$book_row[$i]['book_id']))."\" target=\"_blank\">".$lang['edit']."</a>&nbsp;";
        $admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("book.php?action=removebook&amp;book_id=".$book_row[$i]['book_id']))."\" target=\"_blank\">".$lang['delete']."</a>";
      }
      elseif ($is_image_owner) {
        $admin_links .= ($config['user_edit_book'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=editbook&amp;".URL_book_ID."=".$book_row[$i]['book_id'])."\">".$lang['edit']."</a>&nbsp;";
        $admin_links .= ($config['user_delete_book'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=removebook&amp;".URL_book_ID."=".$book_row[$i]['book_id'])."\">".$lang['delete']."</a>";
      }

      $site_template->register_vars(array(
        "book_id" => $book_row[$i]['book_id'],
        "book_user_id" => $book_user_id,
        "book_user_status_img" => $book_user_status_img,
        "book_user_name" => $book_user_name,
        "book_user_info" => $book_user_info,
        "book_user_profile_button" => $book_user_profile_button,
        "book_user_email" => $book_user_email,
        "book_user_email_save" => $book_user_email_save,
        "book_user_mailform_link" => $book_user_mailform_link,
        "book_user_email_button" => $book_user_email_button,
        "book_user_homepage_button" => $book_user_homepage_button,
        "book_user_icq_button" => $book_user_icq_button,
        "book_user_ip" => $book_user_ip,
        "book_headline" => format_text($book_row[$i]['book_headline'], 0, $config['wordwrap_book'], 0, 0),
        "book_text" => format_text($book_row[$i]['book_text'], $config['html_book'], $config['wordwrap_book'], $config['bb_book'], $config['bb_img_book']),
        "book_date" => format_date($config['date_format']." ".$config['time_format'], $book_row[$i]['book_date']),
        "row_bg_number" => $row_bg_number,
        "admin_links" => $admin_links
      ));
      $book .= $site_template->parse_template("book_bit");
    } // end while
  } //end else
  $site_template->register_vars("book", $book);
  unset($book);

  //-----------------------------------------------------
  //--- BBCode & Form -----------------------------------
  //-----------------------------------------------------
  $allow_posting = check_permission("auth_postbook", $cat_id);
  $bbcode = "";
  if ($config['bb_book'] == 1 && $allow_posting) {
    $site_template->register_vars(array(
      "lang_bbcode" => $lang['bbcode'],
      "lang_tag_prompt" => $lang['tag_prompt'],
      "lang_link_text_prompt" => $lang['link_text_prompt'],
      "lang_link_url_prompt" => $lang['link_url_prompt'],
      "lang_link_email_prompt" => $lang['link_email_prompt'],
      "lang_list_type_prompt" => $lang['list_type_prompt'],
      "lang_list_item_prompt" => $lang['list_item_prompt']
    ));
    $bbcode = $site_template->parse_template("bbcode");
  }

  if (!$allow_posting) {
  $book_form = "";
      $user_name = (isset($HTTP_POST_VARS['user_name']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['user_name']))) : (($user_info['user_level'] != GUEST) ? htmlspecialchars($user_info['user_name']) : "");
    $book_headline = (isset($HTTP_POST_VARS['book_headline']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['book_headline']))) : "";
    $book_text = (isset($HTTP_POST_VARS['book_text']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['book_text']))) : "";

    $site_template->register_vars(array(
      "bbcode" => $bbcode,
      "user_name" => $user_name,
      "book_headline" => $book_headline,
      "book_text" => $book_text,
      "lang_post_book" => $lang['post_book'],
      "lang_name" => $lang['name'],
      "lang_headline" => $lang['headline'],
      "lang_book" => $lang['book']
    ));
    $book_form = $site_template->parse_template("book_form");

  }
  else {
    $user_name = (isset($HTTP_POST_VARS['user_name']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['user_name']))) : (($user_info['user_level'] != GUEST) ? htmlspecialchars($user_info['user_name']) : "");
    $book_headline = (isset($HTTP_POST_VARS['book_headline']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['book_headline']))) : "";
    $book_text = (isset($HTTP_POST_VARS['book_text']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['book_text']))) : "";

    $site_template->register_vars(array(
      "bbcode" => $bbcode,
      "user_name" => $user_name,
      "book_headline" => $book_headline,
      "book_text" => $book_text,
      "lang_post_book" => $lang['post_book'],
      "lang_name" => $lang['name'],
      "lang_headline" => $lang['headline'],
      "lang_book" => $lang['book']
    ));
    $book_form = $site_template->parse_template("book_form");
  }
  $site_template->register_vars("book_form", $book_form);
  unset($book_form);
} // end if allow_book

// Admin Links
$admin_links = "";
if ($user_info['user_level'] == ADMIN) {
  $admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("images.php?action=editimage&amp;image_id=".$image_id))."\" target=\"_blank\">".$lang['edit']."</a>&nbsp;";
  $admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("images.php?action=removeimage&amp;image_id=".$image_id))."\" target=\"_blank\">".$lang['delete']."</a>";
}
elseif ($is_image_owner) {
  $admin_links .= ($config['user_edit_image'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=editimage&amp;".URL_IMAGE_ID."=".$image_id)."\">".$lang['edit']."</a>&nbsp;";
  $admin_links .= ($config['user_delete_image'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=removeimage&amp;".URL_IMAGE_ID."=".$image_id)."\">".$lang['delete']."</a>";
}
$site_template->register_vars("admin_links", $admin_links);

// Update Hits
if ($user_info['user_level'] != ADMIN) {
  $sql = "UPDATE ".IMAGES_TABLE."
          SET image_hits = image_hits + 1
          WHERE image_id = $image_id";
  $site_db->query($sql);
}

Run this SQL sentace (Phpmyadmin):

Code: [Select]

CREATE TABLE `4images_book` (
  `book_id` mediumint(8) NOT NULL auto_increment,
  `profile_id` mediumint(8) NOT NULL default '0',
  `user_id` mediumint(8) NOT NULL default '0',
  `user_name` varchar(100) NOT NULL default '',
  `book_headline` varchar(255) NOT NULL default '',
  `book_text` text NOT NULL,
  `book_ip` varchar(20) NOT NULL default '',
  `book_date` int(10) unsigned NOT NULL default '0',
  `book_track` tinyint(1) NOT NULL default '0',
  `vote` decimal(4,2) unsigned NOT NULL default '0.00',
  `is_read` tinyint(1) NOT NULL default '0',

  PRIMARY KEY  (`book_id`),
  KEY `image_id` (`profile_id`),
  KEY `user_id` (`user_id`),
  KEY `book_date` (`book_date`)
) TYPE=MyISAM

Create new html file (Notepad) and save it as book_form.html

Code: [Select]

 <p>&nbsp;</p>
  

 <script language="Javascript">
function MPsmiley(smiley) {
document.bookform.book_text.value += " "+smiley+" ";
document.bookform.book_text.focus();
}</script>

<table width="100%" border="0" cellspacing="0" cellpadding="1" align="center">
  <tr> 
    <td valign="top" class="head4"> 
      <table width="100%" border="0" cellpadding="3" cellspacing="0">
        <tr> 
          <td valign="top" BACKGROUND="modules/Forums/templates/subSilver/images/cellpic3.gif"><span class="style1"> {lang_post_book}</span></td>
        </tr>
        <tr> 
          <td valign="top" class="row1"> 
            <form name="bookform" action="{self}" method="post" onsubmit="postbutton.disabled=true;">
              <table cellpadding="4" cellspacing="0" border="0">
                <tr> 
                  <td width="140"><b>{lang_user_name}</b></td>
                  <td> 
                    <input type="text" name="user_name" size="30" value="{user_name}" class="bookinput" />
                  </td>
                </tr>
               <tr> 

                  <td width="140" valign="top"><b>{lang_book}</b><br><br>

</td>
                  <td> 
                    <textarea name="book_text" cols="35" rows="10" class="booktextarea">{book_text}</textarea>
                  </td>
                </tr>

               <tr> 
                  <td width="140" valign="top">&nbsp;</td>
                  <td>{bbcode}</td>
               </tr>
			   {ifno image_book_only} 
{if rate_form}				   {endif rate_form}
				   {endifno image_book_only}
<!-- Start book Track -->
<!-- End book Track --> 
                
                <tr> 
                  <td width="140" valign="top">&nbsp;</td>
                  <td>
                    <input type="hidden" name="action" value="postbook" />
                    <input type="hidden" name="id" value="{image_id}" />
                    <input type="submit" name="postbutton" value="Oddaj vpis" class="button" />
</td>
                </tr>
              </table>
            </form>
          </td>
		</tr>
      </table>
    </td>
  </tr>
</table>

Create new html file (Notepad) and save it as book_bit.html

Code: [Select]

<table>
<tr>
  <td title="comment{comment_id}" id="comment{comment_id}" class="bookrow{row_bg_number}" valign="top" nowrap="nowrap">
    <b>{book_user_name}</b><br />
	{book_user_info}<br />	<br />
	{vote}{book_vote}
  </td>
  <td width="100%" class="bookrow{row_bg_number}" valign="top">
    <table width="100%" height="15" >
      <tr>
        <td valign="top"><b>{book_headline}</b></td>
        <td valign="top" align="right"><table width="100%"  border="0" cellspacing="0" cellpadding="0">
          <tr>
            <td width="37%"><span class="smalltext"> <span class="postdetails"><a name="{book_id}"></a><a href="#{book_id}"><img src="modules/Forums/templates/subSilver/images/icon_minipost.gif" border="0"></a>&nbsp;Objavljeno:</span> {book_date}</span></td>
            <td width="63%"><div align="right">{if admin_links}{admin_links}{endif admin_links}</div></td>
			 
          </tr>
        </table></td>
      </tr>
    </table>
		<hr size="1">
    {book_text}<br />
  </td>
</tr>
<tr>
  <td class="bookrow{row_bg_number}" nowrap="nowrap">
    <span class="smalltext">{book_user_ip}{endif book_user_ip} </span>
  </td>
  <td class="bookrow{row_bg_number}"> {vote} {book_user_pm} {book_user_status_img} 
    {book_user_profile_button} {book_user_email_button} {book_user_homepage_button} 
    {book_user_icq_button} {book_user_msn_button} {book_user_yahoo_button} 
    {book_user_aim_button}</td>
</tr></table>

Somewhere in member.html add:

Code: [Select]

{book_form}
and

Code: [Select]

{book}
Warning once more! This mod will defenitly won't work so wait till we finish it, becouse it countins TOO TOO TOO many bugs

Lucifix · « **Reply #28 on:** March 07, 2006, 12:01:30 AM »

Let me quickly tell you what's wrong here:

- users and guest can post comment
- language are not working
- bug when inserting new comment in SQL
- missing admin setting (user can choose if he wants to enable/disable guestbook)
- when pressing send button it will redirect you to wrong page
- ...

Right now I remember only these bugs, but I'm sure there are plenty more... so we have some work to do

IcEcReaM · « **Reply #29 on:** March 07, 2006, 12:20:50 AM »

I didn't looked at the whole code:

But for example:

Code: [Select]

  $id  = $_GET['user_id']; // pazi zaradi sql injekcij!!!
  $sql = "SELECT user_id, user_allow_book
          FROM ".USERS_TABLE."
          WHERE user_id = $id";

this is very dangerrous, cause an attacker can so easily *****.
the inputs should be sanitasied properbly.

[EDITED by V@no]
Sorry, IcEcReaM, better not give anyone wrong ideas how to...

4images Forum & Community

News:

Author Topic: [Mod Req] Guestbook for every member (Read 78470 times)

Stoleti

Re: [Mod Req] Guestbook for every member

Lucifix

Re: [Mod Req] Guestbook for every member

glitzer

Re: [Mod Req] Guestbook for every member

Stoleti

Re: [Mod Req] Guestbook for every member

trez

Re: [Mod Req] Guestbook for every member

Lucifix

Re: [Mod Req] Guestbook for every member

Stoleti

Re: [Mod Req] Guestbook for every member

Lucifix

Re: [Mod Req] Guestbook for every member

trez

Re: [Mod Req] Guestbook for every member

Lucifix

Re: [Mod Req] Guestbook for every member

Stoleti

Re: [Mod Req] Guestbook for every member

trez

Re: [Mod Req] Guestbook for every member

Lucifix

Re: [Mod Req] Guestbook for every member

Lucifix

Re: [Mod Req] Guestbook for every member

IcEcReaM

Re: [Mod Req] Guestbook for every member