[BETA] Ultimate profile mod

Started by JovanT, July 19, 2007, 05:26:00 PM

Previous topic - Next topic

SoulPleX

Quote from: Coldfx on August 05, 2007, 12:36:43 PM
Quote from: SoulPleX on August 05, 2007, 09:54:56 AM
how can i add a third box just like the 'About me' and the 'My interest' box where i can place code for music or videos or that will allow HTML code


In your default themes folder open "Customprofile.template.php".

CTRL + F: ($context['member']['options']['interests']) ,'
</td>
</tr>
<tr>
<td>';


Add after:



if ($context['member']['options']['newbox'] !== '')
echo '
<br />

<table border="0" cellpadding="4" cellspacing="1" class="bordercolor" width="100%" id="newbox">
<tr class="titlebg">
<td height="26" align="center">
New Box Title
</td>
</tr>
<tr>
<td class="windowbg">
', parse_bbc ($context['member']['options']['newbox']) ,'
</td>
</tr>
</td>
</tr>
</table>

</table>';


Make changes accordingly.

Ok, how do i make so members can execute code in new field created

Coldfx

Quote from: SoulPleX on August 05, 2007, 04:38:57 PM
Quote from: Coldfx on August 05, 2007, 12:36:43 PM
Quote from: SoulPleX on August 05, 2007, 09:54:56 AM
how can i add a third box just like the 'About me' and the 'My interest' box where i can place code for music or videos or that will allow HTML code


In your default themes folder open "Customprofile.template.php".

CTRL + F: ($context['member']['options']['interests']) ,'
</td>
</tr>
<tr>
<td>';


Add after:



if ($context['member']['options']['newbox'] !== '')
echo '
<br />

<table border="0" cellpadding="4" cellspacing="1" class="bordercolor" width="100%" id="newbox">
<tr class="titlebg">
<td height="26" align="center">
New Box Title
</td>
</tr>
<tr>
<td class="windowbg">
', parse_bbc ($context['member']['options']['newbox']) ,'
</td>
</tr>
</td>
</tr>
</table>

</table>';


Make changes accordingly.

Ok, how do i make so members can execute code in new field created

Open Profile.template.php;

Now, for something to learn from, I'll borrow code from the [a href=http://custom.simplemachines.org/mods/index.php?mod=424]YouTube Mod[/a].

Search for:
<textarea class="editor" name="default_options[interests]" rows="8" cols="65">', @$context['member']['options']['interests'], '</textarea><br />
</td>
</tr>';


Add after:

</tr><tr>
<td><b>Youtube Video: </b></td> <td><input type="text" name="default_options[youtube]" size="50" value="', @$context['member']['options']['youtube'], '" /></td>


Now, to add the YouTube movie, where I told you to add your own content add"

!empty($context['member']['options']['youtube']) ?'<embed src="http://www.youtube.com/v/'
. $context['member']['options']['youtube'] . '" height="150" width="190"></embed>': '', '


The ' . $context['member']['options']['youtube'] . ' is our variable.  You can alter it to how you want; change the "youtube" name also in all the areas accordingly.

perro88

What I should do to for alloud add pics trough a link like imageshack?
this works with tinyportal?
and disable upload pics?or limit the number of pics.
nice mod btw, thanks

SoulPleX

Parse error for </tr><tr>
<td><b>Youtube Video: </b></td> <td><input type="text" name="default_options[youtube]" size="50" value="', @$context['member']['options']['youtube'], '" /></td>


something wrong with </tr><tr>. missing something.

Coldfx

Quote from: SoulPleX on August 06, 2007, 05:30:44 PM
Parse error for </tr><tr>
<td><b>Youtube Video: </b></td> <td><input type="text" name="default_options[youtube]" size="50" value="', @$context['member']['options']['youtube'], '" /></td>


something wrong with </tr><tr>. missing something.

Oh WOW, my mistake!

echo'</tr><tr>
<td><b>Youtube Video: </b></td> <td><input type="text" name="default_options[youtube]" size="50" value="', @$context['member']['options']['youtube'], '" /></td>';



That should be it.  Can't believe I didn't wrap it in an echo statement.

SoulPleX

parse error this line bellow in Customprofile.template.php

!empty($context['member']['options']['youtube']) ?'<embed src="http://www.youtube.com/v/'

SoulPleX

made

if ($context['member']['options']['youtube'] !== '')
                echo '
                        <br />

                        <table border="0" cellpadding="4" cellspacing="1" class="bordercolor" width="100%" id="youtube">
                                <tr class="titlebg">
                                        <td height="26" align="center">
                                                New Box Title
                                        </td>
                                </tr>
                                <tr>
                                        <td class="windowbg">
                                                ', parse_bbc ($context['member']['options']['youtube']) ,'
                                        </td>
                                </tr>
                                        </td>
                                </tr>
                        </table>

                        </table>';


This works!!!

How can i change code box so HTML enabled

Thanks

Coldfx

I'm just clearing this now: NO ONE should enable HTML in these boxes.  It's a MAJOR security risk.  One user I talked to had all his members abuse the HTML/CSS box to redirect anyone @ their profile to adult-websites.  Bad bad!

SoulPleX

"Session verification failed. Please try logging out and back in again, and then try again."  is what i ge hen i try to delete photos in the profile area. how can i fix?

Tuon

everybody post diferent thing..
but nobody can help with my thing?

QuoteI have a question..
when I had install the ultimate profile mod
in the perfil to the left has add 2 option
Customized profile  and my pictures
well, when I click on Customized profile
there is a checkbox that said "Enable customized profile?"
and is uncheck by default..
and with that, everybody has to check to see the profile like the new..
how can I put that check it by default for all my users and the people that registered later?



and another question... where can I Limit the size of the pictures Upload.. and limit the numbers of pictures too...

MPT.

I get this after saving a profile:

QuoteIllegal mix of collations for operation ' IN 'Bestand: \forum2\Sources\Profile.phpRegel: 1002


Any idea why?

Coldfx

Quote from: MPT. on August 09, 2007, 07:51:17 AM
I get this after saving a profile:

QuoteIllegal mix of collations for operation ' IN 'Bestand: \forum2\Sources\Profile.phpRegel: 1002

Post a copy of your Profile.php so we can take a look.  Any other mods installed that edit profile.php? If you don't know, also copy and paste a list of all mods installed.

Any idea why?

MPT.

Error:
Illegal mix of collations for operation ' IN 'Bestand: \forum2\Sources\Profile.phpRegel: 1002

Modifications:

1.   SMF Arcade   
2.   Ad Managment   
3.   Custom Profile Field Mod   
4.   Karma Description Mod   
5.   Member Color Link   
6.   SMFBlog   
7.   SMF Staff Page   
8.   Ultimate Profile   
9.   Who Voted What?

Sources/Profile.php:

I couldn't  place the sources/profile.php becouse of the 30 seconds load limit and the 65.000 character limit!

Coldfx

Quote from: MPT. on August 10, 2007, 03:38:31 PM
Error:
Illegal mix of collations for operation ' IN 'Bestand: \forum2\Sources\Profile.phpRegel: 1002

Modifications:

1.   SMF Arcade   
2.   Ad Managment   
3.   Custom Profile Field Mod   
4.   Karma Description Mod   
5.   Member Color Link   
6.   SMFBlog   
7.   SMF Staff Page   
8.   Ultimate Profile   
9.   Who Voted What?

Sources/Profile.php:

I couldn't  place the sources/profile.php becouse of the 30 seconds load limit and the 65.000 character limit!

Custom Profile Field Mod   may have been causing problems since it edits the Profile.php

But to be honest, I'm no longer going to be helping anyone using this mod, as it is VERY insecure, and has many wide-open problems in functionability.  If I were you I'd switch to Snake Plisskens Profile Mod instead.  It allows you to limit number of pictures being uploaded by size and dimensions, along with limited number of comments (Or in this case "Shouts" for the shoutbox).

christicehurst

Tried Snake Pit's and it's a dud too...

Type Action Description
1. Extract Tree ./ProfilePics 
2. Extract Tree ./Sources 
3. Extract Tree ./Themes 
4. Execute Modification ./Themes/default/style.css Test successful
5. Execute Modification ./Themes/default/languages/ModSettings.english.php Test successful
6. Execute Modification ./Themes/default/languages/Profile.english.php Test successful
7. Execute Modification ./Sources/Profile.php Test successful
8. Execute Modification ./Sources/ModSettings.php Test successful
9. Execute Modification ./Themes/default/Profile.template.php Test failed
10. Execute Code profilev2_install.php
www.brisbanelionsunited.com - A forum for everyone!

Coldfx

Quote from: christicehurst on August 10, 2007, 07:01:35 PM
Tried Snake Pit's and it's a dud too...

Type Action Description
1. Extract Tree ./ProfilePics 
2. Extract Tree ./Sources 
3. Extract Tree ./Themes 
4. Execute Modification ./Themes/default/style.css Test successful
5. Execute Modification ./Themes/default/languages/ModSettings.english.php Test successful
6. Execute Modification ./Themes/default/languages/Profile.english.php Test successful
7. Execute Modification ./Sources/Profile.php Test successful
8. Execute Modification ./Sources/ModSettings.php Test successful
9. Execute Modification ./Themes/default/Profile.template.php Test failed
10. Execute Code profilev2_install.php


Make sure you don't have any mods installed that edit the Profile.template.php or it may cause problems.  You can install them after Snakes installs and they should work.

christicehurst

1. Sorted Package Manager Listing 0.1   [ Uninstall ] [ List Files ] [ Delete ] 
2. SMF 1.0.11 / 1.1.3 Update 1.1   [ Uninstall ] [ List Files ] [ Delete ] 
3. Dice Roller for Your Forum 1.0   [ Uninstall ] [ List Files ] [ Delete ] 
4. Modbreaktag 1.0   [ Uninstall ] [ List Files ] [ Delete ] 
5. SMF Arcade E2.3.3   [ Uninstall ] [ List Files ] [ Delete ] 
6. TinyPortal 0.983   [ Uninstall ] [ List Files ] [ Delete ] 
7. Youtube Field by Alan S 1.0   [ Uninstall ] [ List Files ] [ Delete ] 
8. SMF Staff Page 1.5.1   [ Uninstall ] [ List Files ] [ Delete ] 
9. Users Online Today Mod 1.3.1   [ Uninstall ] [ List Files ] [ Delete ] 
10. Membergroup Color Legend 1.1   [ Uninstall ] [ List Files ] [ Delete ] 
11. Enhanced Calendar 1.0   [ Uninstall ] [ List Files ] [ Delete ] 
12. Increase/Decrease Postbox Size 1.0   [ Uninstall ] [ List Files ] [ Delete ] 
13. Additional Membergroups on Profile 1.0   [ Uninstall ] [ List Files ] [ Delete ] 
14. Avatars at Index Mod 1.1   [ Uninstall ] [ List Files ] [ Delete ] 
15. Sticky First Post (extends sticky topic) 1.3.2   [ Uninstall ] [ List Files ] [ Delete ] 
16. Global Announcements 1.0   [ Uninstall ] [ List Files ] [ Delete ] 
17. Karma Description Mod 2.0   [ Uninstall ] [ List Files ] [ Delete ] 
18. Monthly Statistics on Profile 1.0   [ Uninstall ] [ List Files ] [ Delete ] 
19. Googlebot & Spiders Mod 2.0.3   [ Uninstall ] [ List Files ] [ Delete ] 
20. Ad Managment 2.3   [ Uninstall ] [ List Files ] [ Delete ] 
21. SMF 1.0.11 / 1.1.3 Update 1.1   [ Uninstall ] [ List Files ] [ Delete ] 
22. FontandSizeDropdown1.1 1.1   [ Uninstall ] [ List Files ] [ Delete ] 
23. Enhanced Forum Statistics 1.0   [ Uninstall ] [ List Files ] [ Delete ] 

These are the current mods installed.
www.brisbanelionsunited.com - A forum for everyone!

Flying Drupalist

Could the custom HTML and CSS be exploited for malicious purposes?

Coldfx

Quote from: Miraploy on August 11, 2007, 11:39:23 PM
Could the custom HTML and CSS be exploited for malicious purposes?

As mentioned, yes, and it's been done by people using this mod already.

Grudge

Indeed. Whilst I think that this is a worthy modification you need to clean up the ability to add any HTML. Personally I would suggest that you only allow BBC in the main text areas (This is enough for most customization)  and then if required allow the user to customize the style by adding a "set style" type box. Then what you'd do is surround the page with something like:

<div style="', $context['user_style'], '">
CONTENT
</div>


Then allow the user to set their style but at the same time preg_match their input to only allow standard CSS characters like:

if (preg_match('~^[A-Za-z0-9-:]+$~', $_GET['user_style']) !== true)
fatal_error('Illegal style');


Obviously my code isn't correct but it gives the idea - allow users to have *some* input into the style but at the same time put the security around it to stop abuse of HTML (Iframes etc) and insertion of javascript and other nasty things.
I'm only a half geek really...

Advertisement: