Bravo List

Bravo List (http://www.bvlist.com/index.php)
-   TBDev (http://www.bvlist.com/forumdisplay.php?f=20)
-   -   about htmlspecialchars (need some help) (http://www.bvlist.com/showthread.php?t=10743)

ndbj 20th February 2016 03:18
about htmlspecialchars (need some help)
 
Cheers!

at my userdetails.php, i have this:
PHP Code:
$modcomment htmlspecialchars($user["modcomment"]);
print("<tr><td class=rowhead>Notes</td><td colspan=2 align=left><textarea cols=60 rows=6 name=modcomment>$modcomment</textarea></td></tr>\n"); 

still, modcomment isn't showing things right.
http://i124.photobucket.com/albums/p...ps6w7wlhbs.png




TBDev2008 here.
can someone point me the direction for solving this?

Thanks in advance.

fireknight 20th February 2016 03:33
Post the code you have for promotion in your modtask.php.
So we can see how the modtask is writing to your comment box.

Example ( original 08 code )
Code:
  if ($curclass != $class)
  {
    // Notify user
    $what = ($class > $curclass ? "promoted" : "demoted");
    $msg = sqlesc("You have been $what to '" . get_user_class_name($class) . "' by $CURUSER[username].");
    $added = sqlesc(get_date_time());
    mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES(0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
    $updateset[] = "class = $class";
    $what = ($class > $curclass ? "Promoted" : "Demoted");
        $modcomment = gmdate("Y-m-d") . " - $what to '" . get_user_class_name($class) . "' by $CURUSER[username].\n". $modcomment;
  }
It will properly be this part that is causing the issue
Code:
    $updateset[] = "class = $class";
    $what = ($class > $curclass ? "Promoted" : "Demoted");
        $modcomment = gmdate("Y-m-d") . " - $what to '" . get_user_class_name($class) . "' by $CURUSER[username].\n".

ndbj 20th February 2016 11:05
@ fireknight: thanks for the quick answer.

my modtask.php has the exact same code, nothing different.
maybe something at global.php where the class colors are defined...
I'll check it later.

fireknight 20th February 2016 12:15
Original code for function get_user_class_name
Code:
function get_user_class_name($class)
{
  switch ($class)
  {
    case UC_USER: return "User";

    case UC_POWER_USER: return "Power User";

    case UC_VIP: return "VIP";

    case UC_UPLOADER: return "Uploader";

    case UC_MODERATOR: return "Moderator";

    case UC_ADMINISTRATOR: return "Administrator";

    case UC_SYSOP: return "SysOp";
  }
  return "";
}
You may have something different
For example
Code:
function get_user_class_name($class)
{
  switch ($class)
  {
    case UC_USER: return "Admin";
  }
  return "";
}
This will work in most areas of your site code.
That is standard HTML coding. ( a little old standard but still working )

But the textarea tag uses bbcode
So you may need to change things around a little ( tweaking )

Create a new function just for the comment box.

Example
Code:
function get_user_class_name_commentbox($class)

  switch ($class) 
  {   
    case UC_USER: return "[font color=blue]Admin[/font]"; 
  }  return "";
 }
Damn code brackets are messing up with the bold bbcode.

Example
case UC_USER: return "[ font color=blue][ b]Admin[ /b][ /font]

Minus the spaces inside the [ ] boxes.

ndbj 20th February 2016 21:16
You were right, so I created the new function at global.php, and called it at modtask.php, but the problem still happens, now with the bbcodes.

http://i124.photobucket.com/albums/p...psjyikg6p7.png

Wonder what am I missing?

fireknight 21st February 2016 04:02
1 Attachment(s)
Sorry mate my bad.
I forgot that textarea does not support bbcode or html code.

You may have to look at doing a work around.

Again sorry for my mistake.:wallbash:

EDIT

I have found a work around solution.

Add this to global.php
( change the colors to suit your existing classes & remove the spaces from the [ ] tags )
Code:

function get_user_class_name_commentbox($class)
{
  switch ($class)
  {
    case UC_USER: return "[ color=#8E35EF][ b]User[ /b][ /color]";

    case UC_POWER_USER: return "[ color=#f9a200][ b]Power User[ /b][ /color]";

    case UC_VIP: return "[ color=#009F00][ b]VIP[ /b][ /color]";

    case UC_UPLOADER: return "[ color=#0000FF][ b]Uploader[ /b][ /color]";

    case UC_MODERATOR: return "[ color=#FE2E2E][ b]Moderator[ /b][ /color]";

    case UC_ADMINISTRATOR: return "[ color=#B000B0][ b]Administrator[ /b][ /color]";

    case UC_SYSOP: return "[ color=#FF0000][ b]SysOp[ /b][ /color]";
  }
  return "";
}
userdetails.php

Find
Code:
$modcomment = htmlspecialchars($user["modcomment"]);
Change To
Code:
$modcomment = format_comment(htmlspecialchars($user["modcomment"]));
Find
Code:
Change To

Code:
$modcomment
modtask.php

Find
Code:
$modcomment = gmdate("Y-m-d") . " - $what to '" . get_user_class_name($class) . "' by $CURUSER[username].\n". $modcomment;
Change To
Code:
$modcomment = gmdate("Y-m-d") . " - $what to '" .  get_user_class_name_commentbox($class) . "' by $CURUSER[username].\n".  $modcomment;
Now the only issue is !
The comment area now becomes Read Only.
And cannot be edited from the userdetails.php page.
But hey you cannot have everything.

ndbj 22nd February 2016 07:47
Thanks, good work.
This solved the same problem inside the pm with info sent to user about demotion/promotion.

And for the comment area now becomes Read Only, I can live with that.

Only one last thing, when I do a promotion/demotion, the new info on the commentbox deletes the older promotions/demotions.

And if I change someother thing to a user, like title, warnings, ability to post in shoutbox, etc, the refresh cleans what was in the commentbox.
I see in your pic that you did some promotions and the page keep those records.

Could you point what I need to seek in my code to have the same result?

Thanks

fireknight 22nd February 2016 08:55
1 Attachment(s)
I am one of the creators of FreeTSP.
Which we based of the TBDev 08.
We made loads of changes and brought the code up to date.

I do remember we had the same issue with the modtask.php
That was almost 6 yrs ago now, and I cannot remember the exact issue.
I do remember we changed the modtask.php.

To the Updated modtask.php MOD by Retro
And we have made many changes to it since then.
I have attached the FreeTSP modtask.php.

Make changes to it, pick it apart.
Do what ever you need to do, to make it work for you.

You may only need to changes all the includes and function names

EXAMPLE

FreeTSP
Code:
require_once(dirname(__FILE__).DIRECTORY_SEPARATOR.'functions'.DIRECTORY_SEPARATOR.'function_main.php');
require_once(FUNC_DIR.'function_user.php');
require_once(FUNC_DIR.'function_vfunctions.php');
require_once(FUNC_DIR.'function_page_verify.php');

db_connect(false);
logged_in();

$newpage = new page_verify();
$newpage->check('_modtask_');

if ($CURUSER['class'] < UC_MODERATOR)
{
    die();
}
TBDev
Code:
require "include/bittorrent.php";

dbconn(false);

loggedinorreturn();

function puke($text = "w00t")
{
  stderr("w00t", $text);
}

if (get_user_class() < UC_MODERATOR)
  puke();
Hope this helps you out.

ndbj 22nd February 2016 09:11
Thanks mate. I'll check it later cause now I need to go to sleep.
7am here... lol

Was all night behind codes and stuff...

I have a tracker running since 2006 and in my config.php I can still see this:
// TBDevnet Versioning info
define ('TBVERSION',"XTBDev 0.10 Beta");

Of course that's full moded and I never gave a chance to TBDev 2009 cause this one I'm running has lots of personal mods made by myself and a friend of mine who knows php better than me.
I integrated punbb forum on it and aside from that, I like old stuff.

Cheers.

fireknight 22nd February 2016 11:39
Sleep well mate.

As I said we based FreeTSP of the 08 code.
So the modtask.php I attached, should be easily backward converted.

And there is nothing wrong with old stuff.
As long as you have it sercured.

If you are happy with the code you are using, the better you will code it.


All times are GMT +2. The time now is 09:56.

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.