Lavalair Mods...

ewanz replied

14.06.11, 16:42
Originally posted by zubaer9 View Post

i got Warning: htmlspecialchars() expects parameter 1 to be string, array given in /home/musicraj/public_html/forum/config.php on line 8 problem, how to solve it? i just put the code on config.php , sud i put something at core.php?

PHP Code:

function ewanz($txt){ $txt = htmlentities($txt, ENT_QUOTES, 'UTF-8'); return $txt;} if(isset($_POST)){foreach($_POST as $key=>$value){$_POST[$key]=ewanz($value);}} if(isset($_GET)){foreach($_GET as $key=>$value){$_GET[$key]=ewanz($value);}} if(isset($_REQUEST)){foreach($_REQUEST as $key=>$value){$_REQUEST[$key]=ewanz($value);}}

thats mine... u also can add for $_SESSION / $_SERVER or other globals.. =)
Leave a comment:
zubaer9 replied

07.05.11, 15:12
Originally posted by something else View Post

yeah you could just add:

PHP Code:

if(isset($_GET)){foreach($_GET as $key=>$value){$_GET[$key]=addslashes(htmlspecialchars($value));}} if(isset($_POST)){foreach($_POST as $key=>$value){$_POST[$key]=addslashes(htmlspecialchars($value));}} if(isset($_SERVER)){foreach($_SERVER as $key=>$value){$_SERVER[$key]=addslashes(htmlspecialchars($value));}} if(isset($_SESSION)){foreach($_SESSION as $key=>$value){$_SESSION[$key]=addslashes(htmlspecialchars($value));}}

to your config.php

i got Warning: htmlspecialchars() expects parameter 1 to be string, array given in /home/musicraj/public_html/forum/config.php on line 8 problem, how to solve it? i just put the code on config.php , sud i put something at core.php?
Leave a comment:
bugmenot2 replied

15.04.11, 13:29
If you put a quote ' after yo $who variable, you'll get an SQL error

i.e.

web/ownercp.php?action=user&sid=616064d42404f02dc07c8d 614cbe2456&who=2'

You'll get Sql error which shows the $who is vuln to SQLi.

Quick fix,

Add this to core.php

function clean_url($text)
{
#### FUNCTION BY Webune - Webune - Web Site Design Development Dedicated Hosting Domains Business Company AND WALLPAPERAMA.COM
## PLEASE DO NOT REMOVE THIS.. THANK YOU

$text=strtolower($text);
$code_entities_match = array( '"' ,'!' ,'@' ,'#' ,'$' ,'%' ,'^' ,'&' ,'*' ,'(' ,')' ,'+' ,'{' ,'}' ,'|' ,':' ,'"' ,'<' ,'>' ,'?' ,'[' ,']' ,'' ,';' ,"'" ,',' ,'.' ,'_' ,'/' ,'*' ,'+' ,'~' ,'`' ,'=' ,' ' ,'---' ,'--','--');
$code_entities_replace = array('' ,'-' ,'-' ,'' ,'' ,'' ,'-' ,'-' ,'' ,'' ,'' ,'' ,'' ,'' ,'' ,'-' ,'' ,'' ,'' ,'' ,'' ,'' ,'' ,'' ,'' ,'-' ,'' ,'-' ,'-' ,'' ,'' ,'' ,'' ,'' ,'-' ,'-' ,'-','-');
$text = str_replace($code_entities_match, $code_entities_replace, $text);
return $text;
}

and also

change

$who = $_GET['who'];

to

$who = (int) $_GET['who'];

in all pages

and finally in .htaccess,

Turn register globals off
Leave a comment:
pmbguy replied

27.11.10, 07:23
yeah... it's not that hard...

create new table called thanks or whatever...

must have 3 fields, or well up to as many as you want depending how much info you plan to log...

1. id
2. postid
3. thankzfrm
4. timethanked (optional)
5. thankzfrmip (really bored, lol)

ok, then by each post you make it get count from thanks where post id = $postid...

in genproc, code a thanks action that inserts into thanks, postid= $postid, thankzfrm = $uid kinda thing...

if you going the whole way n adding a list of thankers too, you can add the timethanked bit so you got something to order it by when getting list...

hope this helps...

I would post the code up, but not coded it yet, lol...
Leave a comment:
tries replied

27.11.10, 05:21
How to create THANKS script on post forum.. Any 1 know? Help plz..
Leave a comment:
Rab Mooney replied

25.11.10, 16:28
Originally posted by something else View Post

oops there is a typo:
mysql_query("UPDATE ibwf_users SET plustime='0', totaltime=toaltime+$newtime, plusses=plusses+50 WHERE id='".$uid."'");
toaltime should be totaltime

PHP Code:

function addonline($uid,$place,$plclink) { $tm = time(); $timeout = $tm - 300; //time out = 5 minutes mysql_query("DELETE FROM ibwf_online WHERE actvtime <'".$timeout."'"); $lttime = mysql_fetch_array(mysql_query("SELECT lastact, plustime FROM ibwf_users WHERE id='".$uid."'")); $limit = $tm - $lttime[0]; if($limit<60){ //limit to 60 seconds away $newtime = $lttime[1] + $limit; if($newtime>3600){ //1 hour mysql_query("UPDATE ibwf_users SET plustime='0', totaltime=totaltime+$newtime, plusses=plusses+50 WHERE id='".$uid."'"); $msg = "Congratulation! You are Have Been Online For 1 Hour. You Have Recieved 50 plusses [br/][small]Note: This is an automated PM[/small]"; autopm($msg, $uid); }else{ mysql_query("UPDATE ibwf_users SET totaltime=totaltime+$newtime, plustime='".$newtime."' WHERE id='".$uid."'"); } } mysql_query("UPDATE ibwf_users SET lastact='".$tm."' WHERE id='".$uid."'"); $res = mysql_query("INSERT INTO ibwf_online SET userid='".$uid."', actvtime='".$tm."', place='".$place."', placedet='".$plclink."'"); if(!$res){ $res = mysql_query("UPDATE ibwf_online SET actvtime='".$tm."', place='".$place."', placedet='".$plclink."', hide='".$hide."' WHERE userid='".$uid."'"); } $maxmem = mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE id='2'")); $result = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_online")); if($result[0]>=$maxmem[0]){ mysql_query("UPDATE ibwf_settings set name='".date("D d M Y - H:i")."', value='".$result[0]."' WHERE id='2'"); } $maxtoday = mysql_fetch_array(mysql_query("SELECT ppl FROM ibwf_mpot WHERE ddt='".date("d m y")."'")); if($maxtoday[0]==0||$maxtoday==""){ mysql_query("INSERT INTO ibwf_mpot SET ddt='".date("d m y")."', ppl='1', dtm='".date("H:i:s")."'"); $maxtoday[0]=1; } if($result[0]>=$maxtoday[0]){ mysql_query("UPDATE ibwf_mpot SET ppl='".$result[0]."', dtm='".date("H:i:s")."' WHERE ddt='".date("d m y")."'"); } }

Thats what I have in the core.php & its giving me a blank page, counted the {} & () and there seems to be 2 more ) than ( is this right ?
Leave a comment:
something else replied

25.11.10, 16:11
oops there is a typo:
mysql_query("UPDATE ibwf_users SET plustime='0', totaltime=toaltime+$newtime, plusses=plusses+50 WHERE id='".$uid."'");
toaltime should be totaltime
Leave a comment:
Rab Mooney replied

25.11.10, 16:01
Originally posted by something else View Post

have you altered the sql?

PHP Code:

ALTER TABLE `ibwf_users` ADD `totaltime` INT(100) NOT NULL DEFAULT '0'; ALTER TABLE `ibwf_users` ADD `plustime` INT( 5 ) NOT NULL DEFAULT '0';

yeah i copied everything you posted a few messages up.

Yet it still shows up as "Total Online Time: 0".

Originally posted by something else View Post

have you altered the sql?

PHP Code:

ALTER TABLE `ibwf_users` ADD `totaltime` INT(100) NOT NULL DEFAULT '0'; ALTER TABLE `ibwf_users` ADD `plustime` INT( 5 ) NOT NULL DEFAULT '0';

yeah i copied everything you posted a few messages up.

Yet it still shows up as "Total Online Time: 0".
Leave a comment:
something else replied

25.11.10, 15:49
have you altered the sql?

PHP Code:

ALTER TABLE `ibwf_users` ADD `totaltime` INT(100) NOT NULL DEFAULT '0'; ALTER TABLE `ibwf_users` ADD `plustime` INT( 5 ) NOT NULL DEFAULT '0';
Leave a comment:
Rab Mooney replied

25.11.10, 13:43
Originally posted by pmbguy View Post

ok, well if you added it but didn't overwrite the previous version of function, i'm guessing if your errors on, it says:

cannot redeclare addonline (already declared in core.php on line ***...)

go to that line n check if it's the modified one, if so remove the double copy of function that isn't the one you modified...

No not getting any error message, the "time online" is just showing up as 0
Leave a comment:
pmbguy replied

25.11.10, 01:47
ok, well if you added it but didn't overwrite the previous version of function, i'm guessing if your errors on, it says:

cannot redeclare addonline (already declared in core.php on line ***...)

go to that line n check if it's the modified one, if so remove the double copy of function that isn't the one you modified...
Leave a comment:
Rab Mooney replied

15.11.10, 12:41
PHP Code:

//////////////////////////////////////////////////////////////////// addonline function addonline($uid,$place,$plclink){ $tm = time(); $timeout = $tm - 300; //time out = 5 minutes mysql_query("DELETE FROM ibwf_online WHERE actvtime <'".$timeout."'"); $lttime = mysql_fetch_array(mysql_query("SELECT lastact, plustime FROM ibwf_users WHERE id='".$uid."'")); $limit = $tm - $lttime[0]; if($limit<60){ //limit to 60 seconds away $newtime = $lttime[1] + $limit; if($newtime>3600){ //1 hour mysql_query("UPDATE ibwf_users SET plustime='0', totaltime=toaltime+$newtime, plusses=plusses+50 WHERE id='".$uid."'"); $msg = "Congratulation! You are Have Been Online For 1 Hour. You Have Recieved 50 plusses [br/][small]Note: This is an automated PM[/small]"; autopm($msg, $uid); }else{ mysql_query("UPDATE ibwf_users SET totaltime=toaltime+$newtime, plustime='".$newtime."' WHERE id='".$uid."'"); } } mysql_query("UPDATE ibwf_users SET lastact='".$tm."' WHERE id='".$uid."'"); $res = mysql_query("INSERT INTO ibwf_online SET userid='".$uid."', actvtime='".$tm."', place='".$place."', placedet='".$plclink."'"); if(!$res){ $res = mysql_query("UPDATE ibwf_online SET actvtime='".$tm."', place='".$place."', placedet='".$plclink."', hide='".$hide."' WHERE userid='".$uid."'"); } $maxmem = mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE id='2'")); $result = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_online")); if($result[0]>=$maxmem[0]){ mysql_query("UPDATE ibwf_settings set name='".date("D d M Y - H:i")."', value='".$result[0]."' WHERE id='2'"); } $maxtoday = mysql_fetch_array(mysql_query("SELECT ppl FROM ibwf_mpot WHERE ddt='".date("d m y")."'")); if($maxtoday[0]==0||$maxtoday==""){ mysql_query("INSERT INTO ibwf_mpot SET ddt='".date("d m y")."', ppl='1', dtm='".date("H:i:s")."'"); $maxtoday[0]=1; } if($result[0]>=$maxtoday[0]){ mysql_query("UPDATE ibwf_mpot SET ppl='".$result[0]."', dtm='".date("H:i:s")."' WHERE ddt='".date("d m y")."'"); } }

Where do I have to add this as I've tried adding it to core.php but it wont work.
Leave a comment:
something else replied

21.09.10, 10:45
works perfect tested aswell:

Originally posted by something else View Post

Total online time and hourly reward of 50 plusses

PHP Code:

//////////////////////////////////////////////////////////////////// addonline function addonline($uid,$place,$plclink){ $tm = time(); $timeout = $tm - 300; //time out = 5 minutes mysql_query("DELETE FROM ibwf_online WHERE actvtime <'".$timeout."'"); $lttime = mysql_fetch_array(mysql_query("SELECT lastact, plustime FROM ibwf_users WHERE id='".$uid."'")); $limit = $tm - $lttime[0]; if($limit<60){ //limit to 60 seconds away $newtime = $lttime[1] + $limit; if($newtime>3600){ //1 hour mysql_query("UPDATE ibwf_users SET plustime='0', totaltime=toaltime+$newtime, plusses=plusses+50 WHERE id='".$uid."'"); $msg = "Congratulation! You are Have Been Online For 1 Hour. You Have Recieved 50 plusses [br/][small]Note: This is an automated PM[/small]"; autopm($msg, $uid); }else{ mysql_query("UPDATE ibwf_users SET totaltime=toaltime+$newtime, plustime='".$newtime."' WHERE id='".$uid."'"); } } mysql_query("UPDATE ibwf_users SET lastact='".$tm."' WHERE id='".$uid."'"); $res = mysql_query("INSERT INTO ibwf_online SET userid='".$uid."', actvtime='".$tm."', place='".$place."', placedet='".$plclink."'"); if(!$res){ $res = mysql_query("UPDATE ibwf_online SET actvtime='".$tm."', place='".$place."', placedet='".$plclink."', hide='".$hide."' WHERE userid='".$uid."'"); } $maxmem = mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE id='2'")); $result = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_online")); if($result[0]>=$maxmem[0]){ mysql_query("UPDATE ibwf_settings set name='".date("D d M Y - H:i")."', value='".$result[0]."' WHERE id='2'"); } $maxtoday = mysql_fetch_array(mysql_query("SELECT ppl FROM ibwf_mpot WHERE ddt='".date("d m y")."'")); if($maxtoday[0]==0||$maxtoday==""){ mysql_query("INSERT INTO ibwf_mpot SET ddt='".date("d m y")."', ppl='1', dtm='".date("H:i:s")."'"); $maxtoday[0]=1; } if($result[0]>=$maxtoday[0]){ mysql_query("UPDATE ibwf_mpot SET ppl='".$result[0]."', dtm='".date("H:i:s")."' WHERE ddt='".date("d m y")."'"); } }

PHP Code:

ALTER TABLE `ibwf_users` ADD `totaltime` INT(100) NOT NULL DEFAULT '0'; ALTER TABLE `ibwf_users` ADD `plustime` INT( 5 ) NOT NULL DEFAULT '0';

Added after 2 minutes:

to call:

PHP Code:

$ttime = mysql_fetch_array(mysql_query("SELECT totaltime FROM ibwf_users WHERE id='".$uid."'")); echo "Total Online Time: $ttime[0]";
Leave a comment:
something else replied

20.09.10, 17:50
Coding-Talk

http://coding-talk.com/f14/auto-update-plusses-staying-1hour-7499.html
Leave a comment:
something else replied

22.08.10, 18:58
oops:

PHP Code:

$forums = mysql_query("SELECT id, name FROM ibwf_forums WHERE cid='".$cid."' AND clubid='0' ORDER BY position, id, name"); while($forum = mysql_fetch_array($forums)) { if(canaccess(getuid_sid($sid), $forum[0])) { $notp = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_topics WHERE fid='".$forum[0]."'")); $tpi = mysql_fetch_array(mysql_query("SELECT id, name FROM ibwf_topics WHERE fid='".$forum[0]."'")); $nops = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_topics WHERE tid='".$tpi0]."'")); if($nops[0]==0) { $pinfo = mysql_fetch_array(mysql_query("SELECT authorid FROM ibwf_topics WHERE id='".$tpi[0]."'")); }else{ $pinfo = mysql_fetch_array(mysql_query("SELECT uid FROM ibwf_posts WHERE tid='".$tpi[0]."'")); } echo "<tr> <td valign=\"middle\" width=\"25\"> <img src=\"images/1.gif\" alt=\"*\"/></td> <td align=\"left\" width=\"200\" class=\"sjena\"> <a href=\"index.php?action=viewfrm&sid=$sid&fid=$forum[0]\">$forum[1]</a></td> <td width=\"50\" align=\"center\" class=\"sjena\">$notp[0]</td> <td width=\"60\" align=\"center\" class=\"sjena\">$nops[0]</td> <td align=\"right\" class=\"style12\"> <a href=\"index.php?action=viewtpc&sid=$sid&tid=$lpt[1]&go=last\">".htmlspecialchars($tpi[1])."</a>  <br/> od: <a href=\"index.php?action=viewuser&sid=$sid&who=$pinfo[0]\">".getnick_uid($pinfo[0])."</a>  </td>
Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment: