Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff
Author Message
doffer83
Worker
Worker


Joined: Apr 17, 2011
Posts: 117
Location: Amsterdam

PostPosted: Sat Sep 22, 2012 1:18 pm Reply with quote

I use my news 3.8.0 module in my old good working phpnuke... it works well exept one thing.. it shows all news of all languages... I have the multi language option on. how can I make it respect the languages...

I think the next code can do it but I dont know where to paste in the index file


Code:


   if ($multilingual == 1) {
      $querylang = "AND (alanguage='$currentlang' OR alanguage='')";
   } else {
      $querylang = "";
   }





index of my news 3.8.0

Code:


<?php
/******************************************************/
/* My News Module 3.8.0 Aug-26-2007         */
/* Written by: Jonathan Estrella            */
/* http://slaytanic.tk                     */
/* Based On The Mod My Stories by Bob Marion   */
/* Copyright 2004-2007 Jonathan Estrella      */
/******************************************************/

if (!defined('MODULE_FILE')) {
   die("Sorry, You can't access this file directly.");
}

define('IN_MNM', TRUE);
$module_name = basename(dirname(__FILE__));
require_once("mainfile.php");
require_once("modules/$module_name/mnconfig.php");
get_lang($module_name);

// Check if My News is set as main module
$sql = "SELECT * FROM ".$prefix."_main";
$result = $db->sql_query($sql);
$mod_row = $db->sql_fetchrow($result);
$main_module = $mod_row[main_module];

if ($main_module==$module_name) {
   $prelink = "index.php?";
} else {
   $prelink = "modules.php?name=$module_name&amp;";
}

include("header.php");

echo "<script type=\"text/javascript\">
<!--
function hideshow(which){
if (!document.getElementById)
return
if (which.style.display==\"block\")
which.style.display=\"none\"
else
which.style.display=\"block\"
}
//-->
</script>\n";

OpenTable();
$count = 0;
echo"<div style=\"text-align: center;\">"._LASTN."<br />\n";
echo "<span style=\"font-weight: bold;\">$sitename";
if($dslogan) {echo ": $slogan";}
echo "</span></div><br />\n";
echo "<table width=\"100%\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\">\n";

$result = $db->sql_query("SELECT count(*) FROM ".$prefix."_stories");
list($total) =  $db->sql_fetchrow($result);

if ($total>$ipp) {
   $pages=ceil($total/$ipp);
   if ($page > $pages) { $page = $pages; }
   if (!$page) { $page=1; }
   $offset=($page-1)*$ipp;
} else {
   $offset=0;
   $pages=1;
   $page=1;
}
 
$result = $db->sql_query("SELECT sid, catid, aid, title, time, counter, informant, score FROM ".$prefix."_stories ORDER BY time DESC limit $offset,$ipp");
while (list($s_sid, $catid, $aid, $title, $time, $counter, $informant, $score) = $db->sql_fetchrow($result)) {
   setlocale (LC_TIME, $locale);
   ereg ("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})", $time, $datetime);
   $datetime = strftime(""._MNDATESTRING."", mktime($datetime[4],$datetime[5],$datetime[6],$datetime[2],$datetime[3],$datetime[1]));
   $datetime = ucfirst($datetime);
   $info = ""._POSTEDB.": <a href=\"$yaccount&amp;op=userinfo&amp;username=$informant\">$informant</a>. "._POSTDATE.": $datetime";
   $infoimg = "<a href=\"javascript:hideshow(document.getElementById('div".$s_sid."'))\"><img src=\"modules/$module_name/images/info.png\" border=\"0\" alt=\""._INFO."\" title=\""._INFO."\" width=\"16\" height=\"16\" /></a>";
   $sid = $s_sid;

   if ($nsnnews) {
      $printP = "<a href=\"modules.php?name=News&amp;op=NEPrint&amp;sid=$s_sid\"><img src=\"modules/$module_name/images/print.png\" border=\"0\" alt=\""._PRINTER."\" title=\""._PRINTER."\" width=\"16\" height=\"16\" /></a>";
      $sendF = "<a href=\"modules.php?name=News&amp;op=NEFriend&amp;sid=$s_sid\"><img src=\"modules/$module_name/images/share.png\" border=\"0\" alt=\""._FRIEND."\" title=\""._FRIEND."\" width=\"16\" height=\"16\" /></a>";
      $printPDF = "<a href=\"modules.php?name=News&amp;op=NEPortable&amp;sid=$s_sid\"><img src=\"modules/$module_name/images/pdf.png\" border=\"0\" alt=\""._PDF."\" title=\""._PDF."\" width=\"16\" height=\"16\" /></a>";
   } else {
      $printP = "<a href=\"modules.php?name=News&amp;file=print&amp;sid=$s_sid\"><img src=\"modules/$module_name/images/print.png\" border=\"0\" alt=\""._PRINTER."\" title=\""._PRINTER."\" width=\"16\" height=\"16\" /></a>";
      $sendF = "<a href=\"modules.php?name=News&amp;file=friend&amp;op=FriendSend&amp;sid=$s_sid\"><img src=\"modules/$module_name/images/share.png\" border=\"0\" alt=\""._FRIEND."\" title=\""._FRIEND."\" width=\"16\" height=\"16\" /></a>";
      $printPDF = "";
   }
 
   if ($nsnnews) {
      $title = "<a href=\"$news&amp;op=NEArticle&amp;sid=$sid\">$title</a>";
   } else {
      $title = "<a href=\"$news&amp;file=article&amp;sid=$sid\">$title</a>";
   }

   echo "<tr bgcolor=\"$bgcolor4\">\n";
   echo "<td width=\"80%\">&nbsp;<span class=\"option\">$title</span><br />\n";
   echo "<div id=\"div".$s_sid."\" style=\"display: none;\">$info ($counter "._HITS.").</div></td>\n";
   echo "<td width=\"20%\" align=\"center\">$infoimg\n$printP\n$sendF\n$printPDF\n</td>\n";
   echo "</tr>\n";
   
   $count ++;
}
   
echo "</table><br />\n";

if ($pages > 1) {
   $pcnt=1;
   echo "<table align=\"center\" cellpadding=\"3\" cellspacing=\"1\" border=\"0\"><tr>\n";
   if ($page > 1) {
      echo "<td align=\"center\" valign=\"middle\"><a href=\"".$prelink."page=" . ($page-1) . "\">\n";
      echo "<img src=\"modules/$module_name/images/previous.png\" title=\""._PREVPAGE."\" alt=\"\" border=\"0\" /></a></td>\n";
      echo "<td align=\"center\" valign=\"middle\">\n";
   } else {
      echo "<td align=\"center\" valign=\"middle\">\n";
      echo "<img src=\"modules/$module_name/images/previous-no.png\" title=\""._NOPREVPAGE."\" alt=\"\" border=\"0\" /></td>\n";
      echo "<td align=\"center\" valign=\"middle\">\n";
   }
   echo "| ";
   while($pcnt < $page) {
      echo "<span style=\"font-weight: bold;\"><a href=\"".$prelink."page=$pcnt\">$pcnt</a></span> |\n";
      $pcnt++;
   }
   echo "<span style=\"font-weight: bold;\">$page</span> |\n";   
   $pcnt++;
   while($pcnt <= $pages) {
      echo " <span style=\"font-weight: bold;\"><a href=\"".$prelink."page=$pcnt\">$pcnt</a></span> |\n";
      $pcnt++;
   }
   if ($page < $pages) {
      echo "</td><td align=\"center\" valign=\"middle\"><a href=\"".$prelink."page=" . ($page+1) . "\">\n";
      echo "<img src=\"modules/$module_name/images/next.png\" title=\""._NEXTPAGE."\" alt=\"\" border=\"0\" /></a></td>\n";
   } else {
      echo "</td><td align=\"center\" valign=\"middle\">\n";
      echo "<img src=\"modules/$module_name/images/next-no.png\" title=\""._NONEXTPAGE."\" alt=\"\" border=\"0\" /></td>\n";
   }
   echo "</tr></table><br />\n";
}

echo "<div style=\"text-align: center;\">[ \n";
echo "<a href=\"$submit\">"._SENDNEWS."</a> |\n";
echo "<a href=\"$news\">"._ALL."</a> |\n";
echo "<a href=\"$topics\">"._TOPICS."</a> |\n";
echo "<a href=\"$arch\">"._ARCHIVE."</a> |\n";
echo "<a href=\"$rss\">RSS/XML</a>\n";
echo "]<br /><br /></div>\n";

CloseTable();
include("footer.php");
?>


the standard news module has it... but I dont like it as the main module..

I wish I could use the nice news module of raven in my nuke site...
 
View user's profile Send private message Visit poster's website
neralex
The Mouse Is Extension Of Arm


Joined: Aug 22, 2007
Posts: 1295
Location: Germany

PostPosted: Mon Sep 24, 2012 10:05 am Reply with quote

Try this...

find:

Code:
$result = $db->sql_query("SELECT sid, catid, aid, title, time, counter, informant, score FROM ".$prefix."_stories ORDER BY time DESC limit $offset,$ipp");


replace it with:

Code:
global $multilingual;

if ($multilingual == 1) {
   $querylang = 'WHERE (alanguage=\'' . $currentlang . '\' OR alanguage=\'\')';
} else {
   $querylang = '';
}
$result = $db->sql_query('SELECT sid, catid, aid, title, time, counter, informant, score FROM ' . $prefix . '_stories ' . $querylang . ' ORDER BY time DESC LIMIT ' . $offset . ',' . $ipp . '');


If you don't have many users, many forum-postings on your page and/or many third party modules, then you can try a switch to the current RN. To convert the news is not hard. Only your theme must a little bit changed.
 
View user's profile Send private message
doffer83
PostPosted: Mon Sep 24, 2012 11:00 am Reply with quote

Let me thank you... yesss it works. I really I wish that I dicoverd RN before I started.. now the news module respect language choice

I use the nice fisubice theme

Now I need to install sentinel cose I suddenly found a new admin witch I did not add to my the CP

Thank you again I feel happy now
 
neralex
PostPosted: Mon Sep 24, 2012 11:12 am Reply with quote

Smile
 
jestrella
Moderator


Joined: Dec 01, 2005
Posts: 593
Location: Santiago, Dominican Republic

PostPosted: Mon Oct 22, 2012 3:50 pm Reply with quote

Wow, there are still people using this module xD... guess I never released version 3.9.0 :S

_________________
"For those whom have not reach the sky... Every mountain seems high"

Best Regards
Jonathan Estrella Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
doffer83
PostPosted: Mon Oct 22, 2012 4:19 pm Reply with quote

jestrella wrote:
Wow, there are still people using this module xD... guess I never released version 3.9.0 :S


If you make a new version I would like to test it online.. few users of my little site ask about show the first of 2 sentence of the article in home.. and share options Fb, twitter bottuns. I repeat if you ever make a new version I can use it/test it on my online litte site

almost forget

2 column is a nice option too

high 5

kind regards
 
neralex
PostPosted: Tue Oct 23, 2012 5:22 pm Reply with quote

doffer83, I'm a little bit flying blind on the index of the module and have modified some things slightly. I'm not sure if this works, so please create a backup of the file before you trying this.
Only registered users can see links on this board! Get registered or login!

Now you can choose between two different views. You found in my modfied file a variable with the name: $column. In the default view is the variable set on 'false'. If you set the variable to 'true' so you have a little 2 columns mode.

Code:
$column = false; // true = 2 columns


A little charcount for the article title was added, too. So you can determine your own length of the article titles.

Code:
if(strlen($title) > 40) {$title = substr(strip_tags($title),0, 37) . '...';}


doffer83 wrote:
few users of my little site ask about show the first of 2 sentence of the article in home..


I have added the hometext in the sql-query and have created two different variables to show the hometext. You have now a charcounter for the the first hometext variable. With this charcounter you can determine your own length of the hometext, if you are not clicked on the info-image.

Code:
if(strlen(strip_tags($hometext)) > 100) {

   $hometext_short = substr(strip_tags($hometext),0, 97) . '...';
} else {
   $hometext_short = strip_tags($hometext);
}


If you click now on the info-image, then you can see the full hometext without the charcount.

I have added also sharebuttons for facebook and twitter. You can found some free icons here:
Only registered users can see links on this board! Get registered or login!

Note: Its an quik and dirty mod, without to know the module but it could work. I would suggest you to put the different styles sheets in classes. It make it more flexible.

Wink
 
doffer83
PostPosted: Thu Oct 25, 2012 3:01 am Reply with quote

neralex,

It works well... but as you said.. quick & dirty mod.

Thank u
 
neralex
PostPosted: Thu Oct 25, 2012 3:14 am Reply with quote

nice Smile
 
doffer83
PostPosted: Thu Oct 25, 2012 11:53 am Reply with quote

one more quistion.. I like to keep using my code but within 2 of those mods... I have added the fb and twitter buttons.. by copy from your code..

second thing I wish like to use the show the first or 2 sentence of the article in home. can I add that to my index file? how ? (blond moment)

once again I wanna thank you, your code works good but the originale code is much cleaner tha's why I like to keep using it ..
 
neralex
PostPosted: Thu Oct 25, 2012 1:29 pm Reply with quote

What do you mean with cleaner?

You need the div containers to realize the 2 columns. You can create css classes for the styles of the containers and you don't have so much styles attributes. You know how you can use css classes in yout theme?

The other lines are from your code but in you code exists many double quotes. The double quotes are not really efficient. The interpreter needs significantly more time to process double qoutes. This also applies to masked code-lines. I have only removed all double quotes and have used commas instead of periods to make it faster. I have added also numeric checks, because in your file is it possible to create an negative value for the page-counter and this creates an sql-error and there is no check against sql-attacks. Your code make it possbile to start an sql-injection. Don't forget, in a standard nuke you haven't installed the sentinel and if you have the sentinel running, then you can't block attacks through open security holes.

You can not count sentences with php, you can count chars or words. Where will the script know where to begin a sentence and where it ends? But if you use an html-editor to write yout text, then you create the specialchars or other elements with html-tags. This breaks the counting.

For Example:

& < has one char
&amp; < you have 5 chars.
"you & me" < 8 chars with free spaces
"you &amp; me" < 12 chars with free spaces

If you set now the counting value to 6, then you have a string like this: "you &a"! The html is broken and you get errors on your page.
 
doffer83
PostPosted: Thu Oct 25, 2012 2:11 pm Reply with quote

neralex wrote:



I have added also numeric checks, because in your file is it possible to create an negative value for the page-counter and this creates an sql-error and there is no check against sql-attacks. Your code make it possbile to start an sql-injection. Don't forget, in a standard nuke you haven't installed the sentinel and if you have the sentinel running, then you can't block attacks through open security holes.


I start now worry about the site... 2 weeks ago I saw an new admin (called junk) was added to the CP. should I use this module or not, please give me advice if this module could be the reason hacking my site.. maybe I better can use the standard one... I am waiting for your tips
 
neralex
PostPosted: Thu Oct 25, 2012 2:36 pm Reply with quote

The problem is not this module alone. The most of all scripts in a "standard" phpnuke are not really protected. So is it possible the attacker has used another way to start the injection. But without to check a server log, nobody can say which way has the attacker used on your page.

Many third party modules have a lot more issues. This is the reason why i'm using RN. In RN you have a good protected code. Many of the third party modules was written a long time ago and are based on old standards. In RavenNuke you have a code on the current standards with a lot optimized features. But in RN you can have the same problems, if you use old not protected and not updated third party addons/modules. RN25 is the most secured nuke distro what i have ever seen. Sure its a big work to convert old scripts to this standard but the result is amazing.


Last edited by neralex on Sat Nov 24, 2012 3:50 pm; edited 2 times in total 
doffer83
PostPosted: Thu Oct 25, 2012 2:47 pm Reply with quote

I understand... when I discovered rn was mijn little site already installed.. I don't like phpuke anymore honestly.. always errors. last week I installed rn on localhost and I was really impressed... so from now on I will only use ravennuke..

The new phpnuke 8.2 is funny nothing works without an error.. so

Just RN from now on.. but I can't start again on my site.. no time long story
Only registered users can see links on this board! Get registered or login!
 
jestrella
PostPosted: Thu Oct 25, 2012 2:49 pm Reply with quote

This module have not beed updated in ages... I released the last version on 2007, that's 5 years from now. Of course code is outdated, and attackers have evolved a lot since then.

PD: You can (must?) update your site to latest RN Very Happy
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©