Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff
Author Message
Doulos
Life Cycles Becoming CPU Cycles


Joined: Jun 06, 2005
Posts: 626

PostPosted: Thu Apr 13, 2017 1:33 pm Reply with quote

Hello, I am trying to pull the username and insert it automatically into a form inside a module. None of the solutions I have found are working. I was hoping that someone here can suggest something the will work, and possibly evaluate it for security holes. I don't know php and only hack at it - very amateurishly. Just so ya know, I have a general grasp of html, but only a very, very rudimentary hint of a grasp of php. I have pulled snippets of code from other modules, and the rest from the internet. I have got it working everywhere except the username. I have not moved on to form validation yet. This module will only be available to logged-in users. Everything works as it is but I would like to users to not have to enter their own forum username.

I realize this forum is all but dead now, but any suggestions would be appreciated. I have not found another CMS I like as much as RN so I'll stick with it until the end.

Thanks in advance.

Here is my module:
Code:
<?php

//Start RN Header Stuff

   if (!defined('MODULE_FILE')) {
      header('Location: ../../index.php');
      die();
      }

   require_once("mainfile.php");
   $module_name = basename(dirname(__FILE__));
   $pagetitle = "- $module_name";
   date_default_timezone_set("America/Chicago");

   global  $admin, $user, $sitename, $slogan, $cookie, $prefix, $db, $nukeurl, $anonymous;
   include("header.php");
?>

<!-- Begin Form -->

 <html>
 <head></head>
 <body>
      <br /><br />
      <div style='width:800px; margin:0 auto; text-align:center'>
         <p><h1>Membership Information Form</h1></p><br />
         <p><h2>Please provide as much information as you feel comfortable sharing.  <br />
               This information will not be shared with anyone and will only be viewable by Council Members</h2></p>
      </div>"
      
      <form method = "post" name="form" action = "<?php $_PHP_SELF ?>">
                 
              <table align="center" width = "400" border = "2" cellspacing = "3"
                     cellpadding = "2" style="border-style:solid">
                 
<!-- BEGIN TRYING TO PUT USERNAME HERE   -->

                <tr>
                        <td style="font-weight:bold; width:93px">&nbsp;Forum User Name </td>
                        <td>
                     <input name = "forumname" type = "text" id="forumname" value="" style="width:279px">
                  </td>
                     </tr>

<!-- END TRYING TO PUT USERNAME HERE -->               
               
                <tr>
                        <td style="font-weight:bold; width:93px">&nbsp;First Name</td>
                        <td>
                     <input name = "firstname" type = "text" id="firstname" value="" style="width:279px">
                  </td>
                     </tr>
                 
                     <tr>
                        <td style="font-weight:bold; width:93px">&nbsp;Last Name</td>
                        <td  cellpadding = "2">
                     <input name = "lastname" type = "text" id="lastname" value="" style="width:279px"  >
                  </td>
                     </tr>
                 
                     <tr>
                        <td style="font-weight:bold; width:93px">&nbsp;Gaming Name</td>
                        <td cellpadding = "2">
                     <input name = "gamename" type = "text" id="gamename" value="" style="width:279px">
                  </td>
                     </tr>
                    <tr>
                        <td style="font-weight:bold; width:93px">&nbsp;Street Address</td>
                        <td cellpadding = "2">
                     <input name = "address" type = "text" id="address" value="" style="width:279px">
                  </td>
                     </tr>
                    <tr>
                        <td style="font-weight:bold; width:93px">&nbsp;City</td>
                        <td cellpadding = "2">
                     <input name = "city" type = "text" id="city" value="" style="width:279px">
                  </td>
                     </tr>
                    <tr>
                        <td style="font-weight:bold; width:93px; width:93px">&nbsp;State/Province</td>
                        <td cellpadding = "2">
                     <input name = "state" type = "text" id="state" value="" style="width:279px">
                  </td>
                     </tr>
                    <tr>
                        <td style="font-weight:bold; width:93px">&nbsp;Zipcode</td>
                        <td cellpadding = "2">
                     <input name = "zipcode" type = "text" id="zipcode" value="" style="width:279px">
                  </td>
                     </tr>
                    <tr>
                        <td style="font-weight:bold; width:93px">&nbsp;Country</td>
                        <td cellpadding = "2">
                     <input name = "country" type = "text" id="country" value="" style="width:279px">
                  </td>
                     </tr>
                    <tr>
                        <td style="font-weight:bold; width:93px">&nbsp;Phone</td>
                        <td cellpadding = "2">
                     <input name = "phone" type = "text" id="phone" value="" style="width:279px">
                  </td>
                     </tr>
                 
                     <tr>
                        <td style="font-weight:bold; width:93px">&nbsp;Working Email</td>
                        <td cellpadding = "2">
                     <input name = "email" type = "text" id="email" value="" style="width:279px">
                  </td>
                     </tr>
            </table>
             
<!-- Begin Testing comment field -->

   <div class="text-center">
      <table align="center" width = "400" border = "2" cellspacing = "3" cellpadding = "2" style="border-style:solid">
          <tr>
                <td style="font-weight:bold; width:193px">&nbsp;We Welcome<br />&nbsp;Your Comments</td>
            <td>   <textarea name="comments"  id= "comments" value"" cols="43" rows="15"></textarea>
            </td>
          </tr>
   </div>

<!-- End Testing comment field -->
               
              </table>             
              <table align="center" width = "400" border = "0" cellspacing = "1" cellpadding = "2" style="top:50px">
                <tr><br />
                        <td cellpadding = "2" style="text-align:center;font-weight:bold">
                           <input name = "add" type = "submit" value = "Submit">
                        </td>
                     </tr>
              </table>   
               </form>
</body>
</html>            

<!-- End of From -->

            
<?php

// Get db config

   include ('modules/Member_Info/include/config.php');
   
// Get username????

   if (is_user($user)) {
      $userinfo = getusrinfo($user);
      $forumname = $userinfo['forumname'];
   } else {
      $userinfo = false;
      $forumname = '';
   }
 
   if (isset($_POST['add'])){
      $forumname =$_POST["forumname"];
      $firstname =$_POST["firstname"];
      $lastname =$_POST["lastname"];
      $gamename =$_POST["gamename"];
      $address =$_POST["address"];
      $city =$_POST["city"];
      $state =$_POST["state"];
      $zipcode =$_POST["zipcode"];
      $country =$_POST["country"];
      $phone =$_POST["phone"];
      $email =$_POST["email"];
      $comments =$_POST["comments"];
   
// Create connection

   $conn = new mysqli($servername, $username, $password, $dbname);

// Insert into database

   $sql = "INSERT INTO members (forumname, firstname, lastname, gamename, address, city, state, zipcode, country, phone, email, comments)
   VALUES ('{$forumname}', '{$firstname}', '{$lastname}', '{$gamename}', '{$address}', '{$city}', '{$state}', '{$zipcode}', '{$country}', '{$phone}', '{$email}', '{$comments}')";

// Send user to Thanks Page after successful submission

   if ($conn->query($sql) === TRUE) {   
      header ("Location: /modules.php?name=Member_Info_Thanks");
   } else {
      echo "Error: " . $sql . "<br>" . $conn->error;
   }

// End Connection

   $conn->close();
   }

// Include RN Footer

   include("footer.php");

?>
 
View user's profile Send private message
neralex
The Mouse Is Extension Of Arm


Joined: Aug 22, 2007
Posts: 1297
Location: Germany

PostPosted: Thu Apr 13, 2017 1:58 pm Reply with quote

I hope you doesn't use it online... This can not work on this way and it contains unfiltered variables, which allows sql-injections. This module needs a complete reconstruct.


Last edited by neralex on Thu Apr 13, 2017 3:52 pm; edited 1 time in total 
View user's profile Send private message
neralex
PostPosted: Thu Apr 13, 2017 3:50 pm Reply with quote

1. If the db-table 'members' is not allready inside your RN database then move it into it. So you doesn't need a useless 2nd db-connection.

2. Create a new folder inside the modules-folder and call it what you want - maybe: members

3. Create inside the new created folder a new file called: index.php and paste this code into it:

php Code:
<?php

if (!defined('MODULE_FILE')) die('You can\'t access this file directly...');

$index = 0;
if (!defined('INDEX_FILE')) define('INDEX_FILE', true); # Set to FALSE to hide right blocks
if (defined('INDEX_FILE') AND INDEX_FILE === true) {
# auto set right blocks for pre patch 3.1 compatibility
$index = 1;
}
$module_name = basename(dirname(__FILE__));
if (!is_user($user)) {
header('Location: /');
exit;
}

date_default_timezone_set("America/Chicago");

if (!isset($op)) $op = '';
if (!isset($forumname)) $forumname = '';
if (!isset($firstname)) $firstname = '';
if (!isset($lastname)) $lastname = '';
if (!isset($gamename)) $gamename = '';
if (!isset($address)) $address = '';
if (!isset($city)) $city = '';
if (!isset($state)) $state = '';
if (!isset($zipcode)) $zipcode = '';
if (!isset($country)) $country = '';
if (!isset($phone)) $phone = '';
if (!isset($email)) $email = '';
if (!isset($comments)) $comments = '';

switch ($op) {
default:
form_index();
break;
case 'sent':
csrf_check();
form_sent($forumname, $firstname, $lastname, $gamename, $address, $city, $state, $zipcode, $country, $phone, $email, $comments);
break;
}
die();

function form_index() {
global $db, $prefix, $module_name, $user, $userinfo, $cookie;

if (is_user($user)) {
$userinfo = getusrinfo($user);
$forumname = $userinfo['username'];
} else {
$userinfo = false;
$forumname = '';
}

include_once 'header.php';
OpenTable();

echo '<div style="width: 800px; margin: 0 auto; text-align: center">' , PHP_EOL
,' <h1>Membership Information Form</h1><br />' , PHP_EOL
,' <h2>Please provide as much information as you feel comfortable sharing.<br />'
,'This information will not be shared with anyone and will only be viewable by Council Members</h2>' , PHP_EOL
,'</div>' , PHP_EOL

,'<br />' , PHP_EOL

,'<form method ="post" name="form" action = "modules.php?name=' , $module_name , '">' , PHP_EOL
,'<input type="hidden" name="op" value="sent" />' , PHP_EOL

,' <table align="center" width="400" border="2" cellspacing="3" cellpadding="2" style="border-style:solid">' , PHP_EOL
,' <tr>' , PHP_EOL
,' <td style="font-weight:bold; width:93px">&nbsp;Forum User Name </td>' , PHP_EOL
,' <td><input name="forumname" type = "text" id="forumname" value="' , $forumname , '" style="width:279px" /></td>' , PHP_EOL
,' </tr>' , PHP_EOL
,' <tr>' , PHP_EOL
,' <td style="font-weight:bold; width:93px">&nbsp;First Name</td>' , PHP_EOL
,' <td><input name="firstname" type="text" id="firstname" value="" style="width:279px" /></td>' , PHP_EOL
,' </tr>' , PHP_EOL
,' <tr>' , PHP_EOL
,' <td style="font-weight:bold; width:93px">&nbsp;Last Name</td>' , PHP_EOL
,' <td><input name = "lastname" type = "text" id="lastname" value="" style="width:279px" /></td>' , PHP_EOL
,' </tr>' , PHP_EOL
,' <tr>' , PHP_EOL
,' <td style="font-weight:bold; width:93px">&nbsp;Gaming Name</td>' , PHP_EOL
,' <td><input name="gamename" type="text" id="gamename" value="" style="width:279px" /></td>' , PHP_EOL
,' </tr>' , PHP_EOL
,' <tr>' , PHP_EOL
,' <td style="font-weight:bold; width:93px">&nbsp;Street Address</td>' , PHP_EOL
,' <td><input name = "address" type = "text" id="address" value="" style="width:279px" /></td>' , PHP_EOL
,' </tr>' , PHP_EOL
,' <tr>' , PHP_EOL
,' <td style="font-weight:bold; width:93px">&nbsp;City</td>' , PHP_EOL
,' <td><input name = "city" type = "text" id="city" value="" style="width:279px" /></td>' , PHP_EOL
,' </tr>' , PHP_EOL
,' <tr>' , PHP_EOL
,' <td style="font-weight:bold; width:93px; width:93px">&nbsp;State/Province</td>' , PHP_EOL
,' <td><input name = "state" type="text" id="state" value="" style="width:279px" /></td>' , PHP_EOL
,' </tr>' , PHP_EOL
,' <tr>' , PHP_EOL
,' <td style="font-weight:bold; width:93px">&nbsp;Zipcode</td>' , PHP_EOL
,' <td><input name="zipcode" type="text" id="zipcode" value="" style="width:279px" /></td>' , PHP_EOL
,' </tr>' , PHP_EOL
,' <tr>' , PHP_EOL
,' <td style="font-weight:bold; width:93px">&nbsp;Country</td>' , PHP_EOL
,' <td><input name="country" type="text" id="country" value="" style="width:279px" /></td>' , PHP_EOL
,' </tr>' , PHP_EOL
,' <tr>' , PHP_EOL
,' <td style="font-weight:bold; width:93px">&nbsp;Phone</td>' , PHP_EOL
,' <td><input name="phone" type="text" id="phone" value="" style="width:279px" /></td>' , PHP_EOL
,' </tr>' , PHP_EOL
,' <tr>' , PHP_EOL
,' <td style="font-weight:bold; width:93px">&nbsp;Working Email</td>' , PHP_EOL
,' <td><input name = "email" type = "text" id="email" value="" style="width:279px" /></td>' , PHP_EOL
,' </tr>' , PHP_EOL
,'</table>' , PHP_EOL

,'<br />' , PHP_EOL

,'<div class="text-center">' , PHP_EOL
,' <table align="center" width="400" border="2" cellspacing="3" cellpadding="2" style="border-style:solid">' , PHP_EOL
,' <tr>' , PHP_EOL
,' <td style="font-weight:bold; width:193px">&nbsp;We Welcome<br />&nbsp;Your Comments</td>' , PHP_EOL
,' <td><textarea name="comments" id="comments" cols="43" rows="15"></textarea></td>' , PHP_EOL
,' </tr>' , PHP_EOL
,'</table>' , PHP_EOL
,'</div>' , PHP_EOL

,'<div class="text-center" style="margin-top: 50px; font-weight: bold;">' , PHP_EOL
,' <input style="cursor: pointer" name="add" type="submit" value="Submit" />' , PHP_EOL
,'</div>' , PHP_EOL

,'</form>' , PHP_EOL;

CloseTable();
include_once 'footer.php';
}

function form_sent($forumname, $firstname, $lastname, $gamename, $address, $city, $state, $zipcode, $country, $phone, $email, $comments) {
global $db, $prefix;

if ($forumname == '') {
include_once 'header.php';
OpenTable();
echo '<div class="text-center">Error! - No username submitted!<br /><br />' , _GOBACK , '</div>' , PHP_EOL;
CloseTable();
include_once 'footer.php';
exit;
}

$forumname = $db->sql_escape_string(htmlspecialchars_decode(check_html($forumname, 'nohtml'), ENT_QUOTES));
$firstname = $db->sql_escape_string(htmlspecialchars_decode(check_html($firstname, 'nohtml'), ENT_QUOTES));
$lastname = $db->sql_escape_string(htmlspecialchars_decode(check_html($lastname, 'nohtml'), ENT_QUOTES));
$gamename = $db->sql_escape_string(htmlspecialchars_decode(check_html($gamename, 'nohtml'), ENT_QUOTES));
$address = $db->sql_escape_string(htmlspecialchars_decode(check_html($address, 'nohtml'), ENT_QUOTES));
$city = $db->sql_escape_string(htmlspecialchars_decode(check_html($city, 'nohtml'), ENT_QUOTES));
$state = $db->sql_escape_string(htmlspecialchars_decode(check_html($state, 'nohtml'), ENT_QUOTES));
$zipcode = $db->sql_escape_string(htmlspecialchars_decode(check_html($zipcode, 'nohtml'), ENT_QUOTES));
$country = $db->sql_escape_string(htmlspecialchars_decode(check_html($country, 'nohtml'), ENT_QUOTES));
$phone = $db->sql_escape_string(htmlspecialchars_decode(check_html($phone, 'nohtml'), ENT_QUOTES));
$email = $db->sql_escape_string(htmlspecialchars_decode(check_html($email, 'nohtml'), ENT_QUOTES));
$comments = str_replace("\r\n", '<br />', $comments);
$comments = $db->sql_escape_string(check_html($comments, ''));

$result = $db->sql_query('INSERT INTO `members` VALUES '."(NULL, '$forumname', '$firstname', '$lastname', '$gamename', '$address', '$city', '$state', '$zipcode', '$country', '$phone', '$email', '$comments')");

include_once 'header.php';
OpenTable();
if ($result) {
echo '<div class="text-center">Thank you!<br /><br />' , _GOBACK , '</div>' , PHP_EOL;
} else {
echo '<div class="text-center">Failed!<br /><br />' , _GOBACK , '</div>' , PHP_EOL;
}
CloseTable();
include_once 'footer.php';

}


You doesn't posted the structur of the used db-table 'members', so I can't figure it out and you have to test it. I hope with this example you can see what is needed to pass sensitive data from your users into a database table. Without the csrf_check and without escaping the passed variables you will have a huge security risk.


Last edited by neralex on Sat Apr 15, 2017 3:42 am; edited 1 time in total 
Doulos
PostPosted: Thu Apr 13, 2017 4:07 pm Reply with quote

neralex wrote:
1. If the db-table 'members' is not allready inside your RN database then move it into it. So you doesn't need a useless 2nd db-connection.

Never thought of that.

[qoute]2. Create a new folder inside the modules-folder and call it what you want - maybe: members[/quote]
Already did this, and the code I posted is inside index.php

Quote:
3. Create inside the new created folder a new file called: index.php and paste this code into it:

Thanks I will try this. Apprectiate the help.

Quote:
You doesn't posted the structur of the used db-table 'members', so I can't figure it out and you have to test it. I hope with this example you can see what is needed to pass sensitive data from your users into a database table. Without the csrf_check and without escaping the passed variables you will have a huge security risk.

Thanks, I will try to see what you are talking about. When I get a chance to look at what you posted.

Thanks again.
 
Doulos
PostPosted: Thu Apr 13, 2017 7:13 pm Reply with quote

Thanks, I want to keep this as a separate database.

However, I tried it by adding the table to my RN database and got the "Failed" message.
 
Doulos
PostPosted: Fri Apr 14, 2017 7:17 pm Reply with quote

You mentioned you didn't know my table structure so I thought I'd post it.

Quote:
--
-- Table structure for table `members`
--

CREATE TABLE IF NOT EXISTS `members` (
`id` int(3) NOT NULL AUTO_INCREMENT,
`forumname` varchar(32) NOT NULL,
`firstname` varchar(36) NOT NULL,
`lastname` varchar(36) NOT NULL,
`gamename` varchar(32) NOT NULL,
`address` varchar(36) NOT NULL,
`city` varchar(32) NOT NULL,
`state` varchar(36) NOT NULL,
`zipcode` varchar(20) NOT NULL,
`country` varchar(20) NOT NULL,
`phone` varchar(13) NOT NULL,
`email` varchar(30) NOT NULL,
`comments` varchar(300) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;


Thanks for you time neralax. However, your suggestion to put this table inside my RN database still gave me the "Failed" message and does not post the data to the db. I tried adding the call to the separate database and same result.
 
neralex
PostPosted: Sat Apr 15, 2017 3:26 am Reply with quote

Oops. Embarassed

It seems I missed some db-fields in the function form_sent(). I made the changes in my post above.
Only registered users can see links on this board! Get registered or login!

I optimized a bit the table structure:

sql Code:
CREATE TABLE `members` (

`id` int(10) NOT NULL,
`forumname` varchar(60) NOT NULL,
`firstname` varchar(60) NOT NULL,
`lastname` varchar(60) NOT NULL,
`gamename` varchar(60) NOT NULL,
`address` text NOT NULL,
`city` varchar(60) NOT NULL,
`state` varchar(60) NOT NULL,
`zipcode` varchar(20) NOT NULL,
`country` varchar(20) NOT NULL,
`phone` varchar(30) NOT NULL,
`email` varchar(60) NOT NULL,
`comments` text NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1;


1. Got to phpmyadmin and klick on the left side on your used RN database

2. After that click on the 'SQL' tab in the top-menue

3. Paste this code into the box and press 'OK'.

Done.

If you should get an error, then paste the message here.


Last edited by neralex on Sun Apr 16, 2017 3:17 pm; edited 1 time in total 
Doulos
PostPosted: Sat Apr 15, 2017 10:01 am Reply with quote

No errors are posting, but still getting the "Failed" message without posting to database.

Once again I appreciate your time.
 
neralex
PostPosted: Sat Apr 15, 2017 11:52 am Reply with quote

You have updated the module code? If not, then copy the code from above and replace it.
 
Doulos
PostPosted: Sat Apr 15, 2017 2:04 pm Reply with quote

Sorry not working -failed. Sent you a PM.
 
neralex
PostPosted: Sun Apr 16, 2017 8:13 am Reply with quote

I used the data of your PM and it works! I got: "Thank you!" Where is the problem?
 
Doulos
PostPosted: Sun Apr 16, 2017 10:27 am Reply with quote

Hmm, I have tried it again and got "Failed" and there is no data in the database - not even from your attempt. I normally use Firefox, but when I tried it with IE I did get "Thank You", but then checked the database and nothing was inserted there. I have verified that the database contains the table "members", and has the structure you gave me. I don't know what else to do. Nor do I understand why I get the message "Failed" with Firefox, and Opera, but "Thank You" with IE (though nothing is stored in db).

Thanks again for your time.
 
neralex
PostPosted: Sun Apr 16, 2017 1:54 pm Reply with quote

Maybe you checked the wrong database?

I'm using also firefox. The issue with the browser could be a caching issue but not sure. Anyway.

Activate the error reporting for PHP and database errors in rnconfig.php and check what is happen, when you enter the form.
 
Doulos
PostPosted: Sun Apr 16, 2017 2:51 pm Reply with quote

Quote:
April 16, 2017, 3:47 pm File: /home/doulos/public_html/ravennuke/db/mysqli.php - Line: 201
Code: 1048 - Message: Column 'id' cannot be null
SQL was: INSERT INTO `members` VALUES (NULL, 'testing', '', '', '', '', '', '', '', '', '', '', '')


I tried removing NULL since it wasn't in the original one I post here that did insert to the db fine, but got this error..

Quote:
April 16, 2017, 3:50 pm File: /home/doulos/public_html/ravennuke/db/mysqli.php - Line: 201
Code: 1136 - Message: Column count doesn't match value count at row 1
SQL was: INSERT INTO `members` VALUES ('testing', '', '', '', '', '', '', '', '', '', '', '')
 
neralex
PostPosted: Sun Apr 16, 2017 3:10 pm Reply with quote

Ok...NULL is important, so change it back.
Open phpmyadmin, click on your RN database and then paste this in the 'SQL' tab:

sql Code:
ALTER TABLE `members`

ADD PRIMARY KEY (`id`);


Press OK and try the form again.
 
Doulos
PostPosted: Mon Apr 17, 2017 4:43 am Reply with quote

I already change the id column to a primary key with auto increment, but I had to go to work before I could add back in NULL.

That did it. Thank you, thank you, thank you.
 
Doulos
PostPosted: Mon Oct 16, 2017 12:12 am Reply with quote

Is there a way to put a check to see if the user is an admin and if so also show a search bar? I have this working - sort of - by making the search portion into a new admin-only module, but this doesn't seem the most efficient way of doing this. I do not want the regular user to be able to search this database as it will include confidential information about other users.

Example: regular user enters module fills in the form and upon submission enters data into db.
user logged in as an admin enters module and can enter data, or search the db.

I have been trying to find examples of this in other modules, but have had no luck so far. For the most part I am a cut and paste kind of guy without the time to learn all this from scratch.
 
neralex
PostPosted: Mon Oct 16, 2017 2:29 am Reply with quote

php Code:
if (is_admin($admin)) {

#php stuff here
}
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©