Guest WebSite

SAFAD · September 09, 2009, 04:37:38 PM

Hey Bro
Will this Be Enough For Security ?

$secure1 = trim($_GET[guss_website]);
$secure2 = addslashes($secure1);

Arantor · September 09, 2009, 05:20:19 PM

If you're using SMF 2, you can skip the second one; SMF does that itself. trim() is just good practice.

It might be worth validating that:
1. It starts with http:// or https://
2. It actually looks like a URL (search Google for regexp URL validation)

SAFAD · September 09, 2009, 05:32:16 PM

this is helpful for now

function isValidURL($url)
{
return preg_match('|^http(s)?://[a-z0-9-]+(.[a-z0-9-]+)*(:[0-9]+)?(/.*)?$|i', $url);
}

and

if(!isValidURL($secure2))
{
$errMsg .= "* Please enter valid URL including http://<br>";
}

But the error
how to do it ?

Arantor · September 09, 2009, 06:24:35 PM

That depends. What's your interface got in that respect? It'll go in whatever code you use to accept URLs and return to the user.

If you're using the regular post interface... you'll add it to Post.php. There's an example of how it's done in my Word Count Limits mod (approved today) where it adds errors to the page upon submission.

SAFAD · September 09, 2009, 07:18:48 PM

ok
another thing
when i searched display.template
i found this

Code Select


<h4>', $message['member']['link'], '</h4>

i think this code is for the member name
then made another research in
display.php
and found this

// Compose the memory eat- I mean message array.

$output = array(

'attachment' => loadAttachmentContext($message['id_msg']),

'alternate' => $counter % 2,

'id' => $message['id_msg'],

'href' => $scripturl . '?topic=' . $topic . '.msg' . $message['id_msg'] . '#msg' . $message['id_msg'],

'link' => '<a href="' . $scripturl . '?topic=' . $topic . '.msg' . $message['id_msg'] . '#msg' . $message['id_msg'] . '" rel="nofollow">' . $message['subject'] . '</a>',

'member' => &$memberContext[$message['id_member']],

'icon' => $message['icon'],

'icon_url' => $settings[$context['icon_sources'][$message['icon']]] . '/post/' . $message['icon'] . '.gif',

'subject' => $message['subject'],

'time' => timeformat($message['poster_time']),

'timestamp' => forum_time(true, $message['poster_time']),

'counter' => $counter,

'modified' => array(

'time' => timeformat($message['modified_time']),

'timestamp' => forum_time(true, $message['modified_time']),

'name' => $message['modified_name']

),

'body' => $message['body'],

'new' => empty($message['is_read']),

'approved' => $message['approved'],

'first_new' => isset($context['start_from']) && $context['start_from'] == $counter,

'can_approve' => !$message['approved'] && $context['can_approve'],

'can_unapprove' => $message['approved'] && $context['can_approve'],

'can_modify' => (!$context['is_locked'] || allowedTo('moderate_board')) && (allowedTo('modify_any') || (allowedTo('modify_replies') && $context['user']['started']) || (allowedTo('modify_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || !$message['approved'] || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time()))),

'can_remove' => allowedTo('delete_any') || (allowedTo('delete_replies') && $context['user']['started']) || (allowedTo('delete_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time())),

'can_see_ip' => allowedTo('moderate_forum') || ($message['id_member'] == $user_info['id'] && !empty($user_info['id'])),

);

i wounder how to modify that URl
so if member show normaly
if guest show website
Am Very Heavy Requester But Sorry
I Don't Know SMF System to much
Best Regards

Arantor · September 09, 2009, 07:26:08 PM

You'll have to modify Load.php for that. Look in loadMemberData and loadMemberContext.

SAFAD · September 09, 2009, 07:31:41 PM

OK THX
Have TO Go To Sleep Now
After 6 hours i complete
thx

SAFAD · September 10, 2009, 05:21:09 AM

// What a monstrous array...

$memberContext[$user] = array(

'username' => $profile['member_name'],

'name' => $profile['real_name'],

'id' => $profile['id_member'],

'is_buddy' => $profile['buddy'],

'is_reverse_buddy' => in_array($user_info['id'], $buddy_list),

'buddies' => $buddy_list,

'title' => !empty($modSettings['titlesEnable']) ? $profile['usertitle'] : '',

'href' => $scripturl . '?action=profile;u=' . $profile['id_member'],

'link' => '<a href="' . $scripturl . '?action=profile;u=' . $profile['id_member'] . '" title="' . $txt['profile_of'] . ' ' . $profile['real_name'] . '">' . $profile['real_name'] . '</a>',

i don't see anything that makes user have a link and guest doesn't

Arantor · September 10, 2009, 05:39:01 AM

Guests won't appear in loadMemberContext, they don't have a user id. Check out loadMemberData to see what that does, as well as Display.php when it's preparing to set up the post, it has a specific section about preparing the guest details.

SAFAD · September 10, 2009, 11:21:19 AM

i FIxed my problem for now
but i wanna last things please
am really heavy requester
i wanna
cureent id_msg variable
and curent id_topic variable
to make my sql request clear
ty

Arantor · September 10, 2009, 11:22:19 AM

Depends where your code is as to what variable it'll be in.

If you're posting a new topic/post, you won't have those until after the post has been made.

SAFAD · September 10, 2009, 11:24:53 AM

in load.php
its the place where i found *all* db querys
and what am doing
is a db query that gets me visitor website from messages table
thats all

Arantor · September 10, 2009, 11:27:02 AM

There are way more queries than just in Load.php.

I don't believe topic or message id are defined by that point in Load.php normally, though it depends where Load.php functions are being called from as to what variables may be available.

SAFAD · September 10, 2009, 11:30:41 AM

hmmmm
i dont know
i will place it @ the end
doesn't matter for me
i only need variables

Arantor · September 10, 2009, 11:36:05 AM

And what are you going to do with those variables?

SAFAD · September 10, 2009, 11:39:52 AM

Quote
and what am doing
is a db query that gets me visitor website from messages table

Arantor · September 10, 2009, 01:36:16 PM

I still don't get where you're trying to put this query.

If you're hoping to put it in loadMemberData or loadMemberContext, I don't believe the topic or message ids are transferred in, meaning you'll have to modify them to import variables from global scope.

SAFAD · September 11, 2009, 05:25:11 AM

I Don't Know Where To Put Em
I Just Was Asking You Where !!

Arantor · September 11, 2009, 05:28:55 AM

What you're trying to do doesn't fit within how SMF works generally, and that's the problem.

SAFAD · September 11, 2009, 05:47:41 AM

what am trying to do is just a small and simple query
that gets to me guest website from DB
and using 2 small variables
$cuerrnttopicid
and
$currentmsgid

News:

Guest WebSite