New Video Mod

Dawg · Posted: Thu Aug 05, 2010 4:41 am

Greetings All,

I have created a New Video Mod for use with You Tube.

Now before you go running to download and install this...
This is Version 1 and I do not recommand that you use this on a production site.

I am a piss poor coder and I am sure there is something I did wrong that will get you hacked. (and I wrote this from scratch)

Link removed for the moment...

Ol' Great RN Staff...Would you please take a look at this and point me in the right direction so that I might learn?

Feel free to tear me a new one...pick it apart...It works and works well...but I know I screwed something up!

Thank you for your time.

Dawg

Dawg · Posted: Thu Aug 05, 2010 4:45 am

Issue #1

I used Greybox javascript to run the videos in. I could not jquery to work with it.

Issue #2

My Santizer code? Did I do this right? I need to make sure that code is santized correctly before it is input into the database.

Those are the two BIG ones that I see!

Dawg

Palbin · Posted: Thu Aug 05, 2010 2:55 pm

I get white screens on both the admin and module. I'll try and look at it tonight.

HP Parse error: syntax error, unexpected $end in /modules/RN_Video/admin/index.php on line 1358

Dawg · Posted: Thu Aug 05, 2010 3:40 pm

Palbin,

Thank You for looking. I am running an older version of RN with a custom 1 off theme. I will go install current RN and get it working and repost it.

Dawg

Dawg · Posted: Thu Aug 05, 2010 5:36 pm

OK....I fixed it.

It was a couple of minor issues mostly related to my theme.

Try this...Should work right out of the box.

Only registered users can see links on this board!
Get registered or login to the forums!

Thank You for your time!

Dawg

Palbin · Posted: Thu Aug 05, 2010 6:52 pm

Still get these.

Code:

[05-Aug-2010 18:49:45] PHP Parse error: syntax error, unexpected $end in /modules/RN_Video/index.php on line 333

[05-Aug-2010 18:50:23] PHP Parse error: syntax error, unexpected $end in /modules/RN_Video/admin/index.php on line 1359

Dawg · Posted: Thu Aug 05, 2010 8:00 pm

Pablin,

That is wierd...I have it on a FRESH install...I mean FRESH...

Hmmm....

I checked the rar file to make sure I updated it.

I also just uploaded a fresh copy.

Look at the top of the index file....

Does it say this?

line 18-19
// $index = 0;
// $hideleft=1;

If it does not....Download a fresh version

Dawg

Dawg · Posted: Fri Aug 06, 2010 4:33 am

A few changes here....

I went through tidy and did all the corrections I could find.

User side should be 100%
Admin side had some left in the theme itself....but the MOD should be clean anyway.

Thanks for the help!

Dawg

New RN_Video/Index.php

Code:

<?php
/**********************************************/
/* RN Video by Dawg
/* Version 1.2 Beta
/* This should NOT be used in Production Sites
/*Help and Support at http://www.ravenphpscripts.com
/**********************************************/

if ( !defined('MODULE_FILE') )
{
die('You can\'t access this file directly...');
}

require_once('mainfile.php');
$module_name = basename(dirname(__FILE__));
get_lang($module_name);
// $index = 0;
// $hideleft=1;
$admingid= '25'; //(The number of posts before people can add videos)
include('header.php');
global $user,$cookie,$prefix,$nukeuser,$db,$prefix;
cookiedecode($user);
$username = $cookie[1];

if ($username == "") {
$username = "Anonymous";
}

if (is_user($user)) {
list($uid, $username) = explode(":", $nukeuser);
$querystr = "SELECT user_posts FROM ".$prefix."_users WHERE user_id=$uid" ;
$result = $db->sql_query($querystr) ;
 if (!$result) {
 echo 'Could not run query: ' . mysql_error();
 exit;
 }
$row = mysql_fetch_row($result);
$postcount = $row[0];
echo $postcount;
}
if (!isset($op)) $op = '';

switch($op) {
default:
display_video();
break;
 case list_video:
list_video();
break;
 case list_single_category:
list_single_category();
break;
 break;
 case video_admin_menu:
video_admin_menu();
}
die();
///////////////////////////////////////// START ADMIN MENU /////////////////////////////////
function video_admin_menu() {
global $postcount, $admingid,$db,$prefix;
?>

 
<center>
<a href='modules.php?name=RN_Video&file=user_admin&op=user_add_video_main'>User Video Admin</a>
 | 
<a href='modules.php?name=RN_Video&file=user_admin&op=user_add_video'>Add Video</a>
 | 
<a href='modules.php?name=RN_Video&file=user_admin&op=user_edit_video'>Edit YOUR Videos</a>
 | 
<a href='modules.php?name=RN_Video&file=user_admin&op=user_edit_video'>Delete YOUR Videos</a>
</center>
 
<?

}
///////////////////////////////////////// FINISH ADMIN MENU /////////////////////////////////

///////////////////////////////////////// START NAV MENU /////////////////////////////////
function nav_video() {
global $postcount, $admingid,$db,$prefix;
if ($postcount>=$admingid) {
video_admin_menu();
}
?>
 
<center>
<a href='modules.php?name=RN_Video'>Video Home</a>
 | 
<a href='modules.php?name=RN_Video&op=list_single_category'>List Single Category</a>
 | 
<a href='modules.php?name=RN_Video&op=list_video'>Category View</a>
</center>
<?
}
///////////////////////////////////////// FINISH NAV MENU /////////////////////////////////

///////////////////////////////////////// Start MOST RECENT /////////////////////////////////
function display_video() {
OpenTable();
global $user,$cookie,$prefix,$nukeuser,$db,$prefix;
?>
<center>
 Most Recent Videos 
</center>
<?
nav_video();
?>
 <hr width='80%' /> 
<table width="100%">
<tr>
<?
$query ="SELECT video FROM ".$prefix."_rnvideo WHERE aut='1'";
$result = $db->sql_query($query)
or die ("invalid query in video display");
//$result= $db->sql_query($query);
$rows=$db->sql_numrows($result);
//// Set number of Videos per page here
$ppp=10;
$nop= ceil($rows / $ppp);
$z=0;
echo "<td>Page : ";
for ($i = 1 ; $i <= $nop ; $i++)
{
echo "  <a href='/modules.php?name=RN_Video&page=$i'> $i </a> ";
}
echo "</td>";
if (isset($_GET['page'])){$page = $_GET['page'];}else{$page = 1;}
$start= ($page - 1) * $ppp;
$ranking=0;
$ranking=(($ranking+$ppp)*$page)-($ppp-1);
$query="SELECT video,title,code,counter FROM ".$prefix."_rnvideo WHERE aut='1' ORDER BY time DESC LIMIT $start,$ppp";
$result = $db->sql_query($query);
while($row=$db->sql_fetchrow($result))
{
$video=$row['0'];
$title=$row['1'];
$code=$row['2'];
$counter=$row['3'];
if ($z % 2 != 1)
{
echo "<tr align='center'>";
}

?>
<td><div align="center">
<? echo strtoupper($title); ?>
 
<?
for($i=1;$i < 5;$i++)
{
if(file_get_contents("http://i$i.ytimg.com/vi/$code/default.jpg"))
{

?>

<table><tr><td>
<a href="modules.php?name=RN_Video&file=most_player&video=<? echo $video; ?>" rel="gb_page_center[640, 425]" title="<? echo $title; ?>" rev="width: 700px; height: 410px; scrolling: no;"><img src='http://i<? echo $i; ?>.ytimg.com/vi/<? echo $code; ?>/default.jpg' width='175' /></a>
</td></tr></table>
<?
Break;
}
}
?>
Views <? echo $counter; ?>
  |  
Ranking <? echo $ranking; ?> <hr width='80%' /> 
</div></td>
<?
$z++;
$ranking++;
}

?>
</tr></table>

 <hr width="80%" size="5" /> 
<?
CloseTable();
include('footer.php');
}
///////////////////////////////////////// END VIDEO DISPLAY /////////////////////////////////

///////////////////////////////////////// Start List Categories /////////////////////////////////
function list_video() {
OpenTable();
global $user,$cookie,$prefix,$nukeuser,$db,$prefix;
?>
<center>
 List All Categories 
</center>
<?
nav_video();
?>
 <hr width='80%' /> 
<table width='80%' align='center'>
<tr>
<?

$sql = "SELECT uid, uname FROM nuke_users";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$result = $db->sql_query("SELECT * FROM ".$prefix."_rnvideo_category");
while($myrow = $db->sql_fetchrow($result)){
// while($myrow = mysql_fetch_array($result)){
 $catid=$myrow[0];
 $category=$myrow[1];
 echo "<td valign='top' align='center' width='200'>";
 echo " $category ";
 echo "<hr width='80%' size='3' />";
$result2 = $db->sql_query("SELECT video,category,title,code,counter FROM ".$prefix."_rnvideo WHERE aut='1' AND category='$catid' ORDER BY time DESC");
while($myrow2 = $db->sql_fetchrow($result2)){
 $video=$myrow2[0];
 $category=$myrow2[1];
 $title=$myrow2[2];
 echo "$title";
 echo " ";
 $code=$myrow2[3];
 $counter=$myrow2[4];
 echo " ";
?>
<a href="modules.php?name=RN_Video&file=most_player&video=<? echo $video; ?>" rel="gb_page_center[640, 425]" title="<? echo $title; ?>" rev="width: 700px; height: 410px; scrolling: no;"><img src='http://i<? echo $i; ?>.ytimg.com/vi/<? echo $code; ?>/default.jpg' width='200' /></a>
<?
 echo " ";
 echo "Views $counter";
 echo " ";
 echo " ";
 echo "<hr width='80%' size='3' />";
 echo " ";
}
 echo"</td>";
}

?>
</table> <hr width='80%' /> 
<?
CloseTable();
include('footer.php');
}
///////////////////////////////////////// End List Categories /////////////////////////////////

///////////////////////////////////////// Begin List Single Catergory/////////////////////////////////
function list_single_category() {
OpenTable();
global $user,$cookie,$prefix,$nukeuser,$db,$prefix;
?>
<center>
 List Single Categories 
</center>
<?
nav_video();
?>
 <hr width='80%' /> 
<table width="100%">
<tr>
<?
///// SET CATEGORY HERE BY ID
$value="89";

/// THIS NEEDS TO BE FIXED
$query ="SELECT video FROM ".$prefix."_rnvideo WHERE aut='1' AND category='$value'";
//$query ="SELECT video FROM ".$prefix."_rnvideo WHERE category='73'";
$result = $db->sql_query($query)
or die ("invalid query in video display");
$rows=$db->sql_numrows($result);
// echo "ROWS = $rows";
//// Set number of Videos per page here
$ppp=10;
$nop= ceil($rows / $ppp);
// echo "NOP=$nop";
$z=0;
echo "<td>Page : ";
for ($i = 1 ; $i <= $nop ; $i++)
{
echo "  <a href='/modules.php?name=RN_Video&op=list_single_category&page=$i'> $i </a> ";
}
echo "</td>";
if (isset($_GET['page'])){$page = $_GET['page'];}else{$page = 1;}
$start= ($page - 1) * $ppp;
$ranking=0;
$ranking=(($ranking+$ppp)*$page)-($ppp-1);
$query="SELECT video,title,code,counter FROM ".$prefix."_rnvideo WHERE aut='1' ORDER BY time DESC LIMIT $start,$ppp";
$result = $db->sql_query($query);
while($row=$db->sql_fetchrow($result))
{
$video=$row['0'];
$title=$row['1'];
$code=$row['2'];
$counter=$row['3'];
if ($z % 2 != 1)
{
echo "<tr align='center'>";
}

?>
<td><div align="center">
<?
 echo "$title";
 echo " ";
for($i=1;$i < 5;$i++)
{
if(file_get_contents("http://i$i.ytimg.com/vi/$code/default.jpg"))
{

?>
<table><tr><td>
<a href="modules.php?name=RN_Video&file=most_player&video=<? echo $video; ?>" rel="gb_page_center[640, 425]" title="<? echo $title; ?>" rev="width: 700px; height: 410px; scrolling: no;"><img src='http://i<? echo $i; ?>.ytimg.com/vi/<? echo $code; ?>/default.jpg' width='175' /></a>
</td></tr></table>
<?
Break;
}
}
?>
Views <? echo $counter; ?>
  |  
Ranking <? echo $ranking; ?> <hr width='80%' /> 
</div></td>
<?
$z++;
$ranking++;
}

?>
</tr></table>
 <hr width='80%' /> 
<?
CloseTable();
include('footer.php');
}
///////////////////////////////////////// End List Single Catergory/////////////////////////////////
?>

Dawg · Posted: Fri Aug 06, 2010 4:38 am

New RN_Video/admin/index.php

Code:

<?php
/**********************************************/
/* RN Video by Dawg
/* Version 1.2 Beta
/* This should NOT be used in Production Sites
/*Help and Support at http://www.ravenphpscripts.com
/**********************************************/

if (!eregi("admin.php", $_SERVER['PHP_SELF'])) { die ("Access Denied"); }
// $hideleft= "1";
include_once("header.php");
$querystr = "SELECT radminsuper, admlanguage FROM ".$prefix."_authors where aid='$aid'";
$result = $db->sql_query($querystr, $db) or die ("invalied query");
list($radminsuper) = $db->sql_fetchrow($result);
if ($radminsuper==1)
{
switch($op) {
 case "admin_video_main":
admin_video_main();
break;

case "add_video_nav":
add_video_nav();
break;

case "edit_bottom_nav":
edit_bottom_nav();
break;

case "Sanitizer":
Sanitizer();
break;

case "add_video":
add_video();
break;

case "add_video2":
add_video2();
break;

case "edit_video":
edit_video();
break;

case "edit_video2":
edit_video2();
break;

case "edit_video3":
edit_video3();
break;

case "admin_category_display":
admin_category_display();
break;

case "admin_category_delete":
admin_category_delete();
break;

case "admin_category_edit":
admin_category_edit();
break;

case "admin_category_edit2":
admin_category_edit2();
break;

case "admin_category_add":
admin_category_add();
break;

case "admin_category_add2":
admin_category_add2();
break;
}
}
else {

OpenTable();

echo "<center>
Sorry Dude, You Do NOT have Permission to use this feature
 
Contact your Site Admin to be included in this Group
 
<a href='modules.php?name=RN_Video'>RN Video Main Page</a>
</center>";
CloseTable();
include('footer.php');

}
admin_video_main();

function test()
{
global $admin, $bgcolor2, $prefix, $db,$user,$cookie,$nukeuser;
include_once("header.php");
OpenTable();
?>
 <hr width='80%' />

<div align="center">
 
Howdy 
<img src="modules/RN_Video/images/RN_Video.png" width="400" height="294" />
Pick a Link above to get started 

</div>
<?
CloseTable();
include('footer.php');
}

///////////////// Sanitizer Start ////////////////
function Sanitizer($variable)
{
$variable=trim($variable);
$variable=strip_tags($variable);
$variable=htmlentities($variable);
$variable=addslashes($variable);
return $variable;
}
///////////////// Sanitizer Finish ////////////////

////////////////////////// Admin Nav /////////////////
function add_video_nav() {
?>
<center>
<a href='admin.php?op=admin_video_main'>Video Admin Home</a>
 | 
<a href='admin.php?op=add_video'>Add Video</a>
 | 
<a href='admin.php?op=edit_video'>Edit Videos</a>
 | 
<a href='admin.php?op=edit_video'>Delete Videos</a>
 
<a href='admin.php?op=admin_category_display'>Display Category</a>
 | 
<a href='admin.php?op=admin_category_add'>Add Category</a>
 | 
<a href='admin.php?op=admin_category_display'>Edit Category</a>
 | 
<a href='admin.php?op=admin_category_display'>Delete Category</a>
</center>
<?
}

////////////////////////// Edit Bottom Nav /////////////////

function edit_bottom_nav() {
echo "<center>";
echo " ";
echo "<a href='admin.php?op=admin_video_main'>Video Home</a>";
echo " ";
echo "<a href='admin.php?op=admin_video_main&op=add_video'>Add A Video</a>";
echo " ";
echo "<a href='admin.php?op=admin_video_main&op=edit_video'>Edit A Video</a>";
echo " ";
echo "<a href='admin.php?op=admin_video_main&op=user_edit_video'>Return to Main Admin Page</a>";
echo " ";
echo "</center>";
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// ADMIN VIDEO MAIN //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
function admin_video_main() {
global $admin, $bgcolor2, $prefix, $db,$user,$cookie,$nukeuser;
include_once("header.php");
OpenTable();
?>
 <hr width='80%' />
<?
add_video_nav();
?>
<div align="center">
 
Welcome to the Video Admin Area 
<img src="modules/RN_Video/images/RN_Video.png" width="400" height="294" />
Pick a Link above to get started 

</div>
<hr width='80%' /> 

<center>
Page generated in <? $end=microtime();$lapsus=($end-$start); echo $lapsus; ?> seconds
 
</center>
</td>
</tr>
</table>
<?
CloseTable();
include('footer.php');
}

/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Add Video //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
function add_video() {
global $user,$cookie,$prefix,$nukeuser,$db,$prefix;
cookiedecode($user);
$username = $cookie[1];
list($uid, $username) = explode(":", $nukeuser);
OpenTable();
?>
 <hr width='80%' />
<?
add_video_nav();
?>
<table width="100%" style="border-collapse:collapse;">
<tr>
<td width="70%" valign="top">
<center> 
<?
 // echo "Username = $username";
 // echo "UID = $uid";
 $user_id = $uid;
 echo "Add New Video";
echo "<form action='admin.php?op=add_video2' method='post'>";
echo "TITLE";
echo " ";;
echo "<input type='text' name='title' size='50' maxlength='50' />";
echo " ";
echo " ";
echo "50 char max";
echo " ";
echo "YOUTUBE EMBED CODE";
echo " ";
echo "<textarea cols='60' rows='7' name='code'></textarea>";
echo " ";
echo "Insert this video into category";
echo " ";
$query="SELECT * FROM ".$prefix."_rnvideo_category ORDER BY catid DESC";
$result=$db->sql_query($query);
while($row=$db->sql_fetchrow($result))
{
$catid=$row['catid'];
$category=$row['category'];
$or=1;
for($i=0; $i < count($category); $i++)
{
if($or > 6){echo " ";$or=1;}
echo "<input type='radio' name='category' value='$category' />$category";
//echo "<input type='radio' name='category' value='$category[$i]'> ".strtoupper($category[$i])."";
echo "     ";

$or++;
}
}
echo " ";
echo "<input type='hidden' name='user_id' value='$user_id' />";
echo "<input type='hidden' name='action' value='Insert_Video' />";
echo " ";
echo "<center><input type='submit' value='Insert Video' /></center>";
echo "</form>";
?>
</center> </td>
</tr>
</table>
 <hr width='80%' /> 
<center>
Page generated in <? $end=microtime();$lapsus=($end-$start); echo $lapsus; ?> seconds
 
<? $time=date("D, d M Y - H:i");echo $time; ?> Server Time
</center>
</td>
</tr>
</table>
<?
CloseTable();
include('footer.php');
}

/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Add Video 2 //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
function add_video2() {
global $gid, $admingid,$db,$prefix;
include_once("header.php");
OpenTable();
$action=Sanitizer($_POST['action']);

if($action=="Insert_Video")
{
echo "<center>";
echo "Attemping to Insert Video";
echo " ";
echo " ";
$title=Sanitizer($_POST['title']);
echo "$title";
echo " ";
echo " ";
if(empty($title))
{
echo "<center>You Forgot to add a Title So Sorry...Try Again</center>";
edit_bottom_nav();
CloseTable();
include('footer.php');
}

if(strlen($title) > 50 )
{

echo "<center>TITLE SIZE TOO LARGE ( only titles of 50 chars. max. allowed ) TRY AGAIN, PLEASE</center>";
edit_bottom_nav();
CloseTable();
include('footer.php');
}

$censored_word= array('f***', 'bitch', 'whore', 'suck', 'harlot', 'cock', 'boobs', 'teats', 'ass', 'cunt');

if(in_array($title, $censored_word))
{
echo "<center>Censored word Play Nice Please! So Sorry...Try Again</center>";
edit_bottom_nav();
CloseTable();
include('footer.php');
}

for ($i = 0; $i < strlen($title); $i++)
{
if (!eregi("[- _ . a-zA-Z0-9]" , $title[$i] ) )
{
echo "<center>";
echo "WARNING !! INCORRECT TITLE";
echo " ";
echo "That is an Invalid symbol";
echo " ";
echo "$title[$i]";
echo " ";
echo "Only Letters and Numbers are allowed";
echo " </center>";
edit_bottom_nav();
CloseTable();
include('footer.php');
}
}
}
////////////////////////////// ADD VIDEO ERRORS ///////////////////////////////////////////
$code=$_POST['code'];
$code= stristr($code, "http://www.youtube.com/v/");
// echo " ";
// echo "Code 2 = $code";
// echo " ";
$code= str_replace("http://www.youtube.com/v/","",$code);
$code= str_replace("&hl","",$code);

// echo " ";
// echo "Code 3 = $code";
// echo " ";

$code= explode('&',$code);

// echo " ";
// echo "Code 4 = $code";
// echo " ";

$code=Sanitizer($code['0']);
$code2=Sanitizer($code['1']);
$category=Sanitizer($_POST['category']);
$video=Sanitizer($_POST['video']);

// echo " ";
// echo "Code 5-0 = $code";
// echo " ";
// echo "Code 5-1 = $code2";
// echo " ";
//edit_bottom_nav();
////////////////////////////// NO VIDEO SUBMITTED ///////////////////////////////////////////
if(empty($code))
{
echo "<center>You Forgot Something... The Embed Code So Sorry...Try Again</center>";
edit_bottom_nav();
CloseTable();
include('footer.php');
}
////////////////////////////// VIDEO ALREADY EXISTS ///////////////////////////////////////////

$query="SELECT video FROM ".$prefix."_rnvideo WHERE code='$code'";
$result=$db->sql_query($query);
if($db->sql_numrows($result)==1)
{
echo " ";
echo "<center>Video Already Exists Sorry Dude Please Try Again</center>";
edit_bottom_nav();
CloseTable();
include('footer.php');
}

////////////////////////////// NO CATEGORY ///////////////////////////////////////////
$category=Sanitizer($_POST['category']);

if(empty($category))
{
echo "<center>No Category Selected You MUST pick a Category So Sorry...Try Again</center>";
edit_bottom_nav();
CloseTable();
include('footer.php');
}
////////////////////////////// NO CATEGORY ///////////////////////////////////////////
$query="SELECT * FROM ".$prefix."_rnvideo_category WHERE category='$category'";
$result=$db->sql_query($query);
while($row=$db->sql_fetchrow($result))
{
$catid=$row['catid'];
//$category=$row['category'];
}

// echo "Category =$category";
// echo " ";
// echo "Title = $title";
// echo " ";
// echo "Code = $code";
// echo " ";

$query="SELECT * FROM ".$prefix."_rnvideo_category WHERE category='$category'";
$result=$db->sql_query($query);
while($row=$db->sql_fetchrow($result))
{
$catid=$row['catid'];
$category=$row['category'];
}
$now = time();
$user_id=Sanitizer($_POST['user_id']);
// echo "User_Id = $user_id";
// echo "CatID = $catid";
// echo " ";
// echo "Category = $category";
// echo " ";
$queryup="INSERT INTO ".$prefix."_rnvideo SET category='$catid',title='$title',code='$code',time='$now',aut='1',user_id='$user_id'";
$resultup=$db->sql_query($queryup) or die(mysql_error());

echo " ";
echo "<center>WOOT WOOT New Video Inserted Thank You for Sharing</center>";
edit_bottom_nav();
CloseTable();
include('footer.php');
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Edit VIDEO //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
function edit_video() {
global $gid, $admingid,$db,$prefix,$uid,$username;
include_once("header.php");
OpenTable();
?>
 <hr width='80%' />
<?

// echo "User ID = $uid";
// $user_id = $uid;
add_video_nav();
$action=Sanitizer($_POST['action']);
$action= $_POST['action'];

if($action=="Disallow")
{
$video=$_POST['video'];

$query="UPDATE ".$prefix."_rnvideo SET aut='0' WHERE video='$video'";
$result=$db->sql_query($query) or die(mysql_error());
echo "<center>";
echo " ";
echo "Video number $video Has been Suspended";
echo " ";
edit_bottom_nav();
CloseTable();
include('footer.php');
}

if($action=="Readmit")
{
$video=$_POST['video'];

$query="UPDATE ".$prefix."_rnvideo SET aut='1' WHERE video='$video'";
$result=$db->sql_query($query) or die(mysql_error());

echo "<center>";
echo " ";
echo "Video number $video Has been Readmited";
echo " ";
edit_bottom_nav();
CloseTable();
include('footer.php');
}

if($action=="Delete_Video")
{
$video=$_POST['video'];

$query="DELETE FROM ".$prefix."_rnvideo WHERE video='$video'";
$result=$db->sql_query($query) or die(mysql_error());

echo " ";
echo "<center>Video number $video Has been Deleted</center>";
echo " ";
edit_bottom_nav();
CloseTable();
include('footer.php');
}
////////////////////// End Delete Video Video ///////////////////////////
////////////////////// Start Edit Video ///////////////////////////
if($action=="edit")
{
$video=$_POST['video'];
//echo $video;
?>
 

<CENTER>
<TABLE width="100%" style="border-collapse:collapse;">
<TR>
<TD width="70%" valign="top">
<center>
<?
$query="SELECT * FROM ".$prefix."_rnvideo WHERE video=$video";
$result=$db->sql_query($query);
while($row=$db->sql_fetchrow($result))
{
$video=$row['video'];
$category=$row['category'];
$title=$row['title'];
$code=$row['code'];
$counter=$row['counter'];
$aut=$row['aut'];
}
//echo $code;
echo "Editing Video #$video $title";
echo " ";
//echo "Category $category";
//echo " ";
echo "<form action='modules.php?name=RN_Video&file=user_admin&op=user_edit_video3' method='post'>";
echo "Title ";
echo "<input type='hidden' name='video' value='$video'";
echo "TITLE";
echo " ";
echo "<input type='text' name='title' size='30' maxlength='50' value='$title' />";
echo " ";
echo " ";
echo "50 char max";
echo " ";
echo "Paste YouTube Embed Code Below";
echo " ";
echo "<textarea cols='60' rows='7' name='code'>$code</textarea>";
echo " ";
echo " Insert this video into category";
echo " ";
$category2=$category;
//echo "Category 2_1 = $category";
$query="SELECT * FROM ".$prefix."_rnvideo_category ORDER BY catid DESC";
$result=$db->sql_query($query);
while($row=$db->sql_fetchrow($result))
{
$catid=$row['catid'];
$category=$row['category'];
$or=1;
for($i=0; $i < count($category); $i++)
{
if($or > 6){echo " ";$or=1;}
echo "<input type='radio' name='category' value='$category' />";
if ($category2==$catid){
echo "checked";
}
echo ">$category";
echo "     ";

$or++;
}
}

echo " ";
//echo $video;
echo "<input type='hidden' name='video' value='$video' />";
echo "<input type='hidden' name='action' value='Insert_Video' />";
echo " ";
echo "<center><input type='submit' value='Edit Video' /></center>";
echo "</form>";
?>
</center>
</TD>
</TR>
</TABLE>
</CENTER>
 <hr width='80%' /> 
</td>
</tr>
</table>

<?
edit_bottom_nav();
CloseTable();
include('footer.php');
}
////////////////////// Start Edit Video ///////////////////////////

// echo "User ID = $uid";
$user_id = $uid;
// echo "User ID = $user_id";
$query="SELECT video FROM ".$prefix."_rnvideo ORDER BY video DESC";
$result= $db->sql_query($query);
$rows=$db->sql_numrows($result);

$ppp=10;
$nop= ceil($rows / $ppp);

echo "Page : ";
for ($i = 1 ; $i <= $nop ; $i++)
{
echo " <a href='./admin.php?op=admin_video_main&op=edit_video&page=$i'> $i </a> ";
}
echo "";

if (isset($_GET['page'])){$page = $_GET['page'];}else{$page = 1;}

$start= ($page - 1) * $ppp;

$query="SELECT * FROM ".$prefix."_rnvideo ORDER BY video DESC LIMIT $start,$ppp";
$result=$db->sql_query($query);
while($row=$db->sql_fetchrow($result))
{

$video=$row['video'];
$category=$row['category'];
$title=$row['title'];
$code=$row['code'];
$counter=$row['counter'];
$aut=$row['aut'];

$query2="SELECT * FROM ".$prefix."_rnvideo_category WHERE catid='$category'";
$result2=$db->sql_query($query2);
while($row2=$db->sql_fetchrow($result2))
{
$category2=$row2['category'];
}
?>
<div align="center">
<TABLE width='90%' border='1' bordercolor='#0000ff' style='border-collapse:collapse;' cellpadding='5'>
<TR>
<TD width='20%' valign='middle'>
<center>
<a href="modules.php?name=RN_Video&file=most_player&video=<? echo $video; ?>" rel="gb_page_center[640, 425]" title="<? echo $title; ?>" rev="width: 700px; height: 410px; scrolling: no;">Video ID<? echo $video; ?></a>
</TD>

<TD width='70%' valign='middle'>
<center>
<table border='0' bordercolor='#0000ff' style='border-collapse:collapse;'>
<tr>
<td valign="middle">
<center>

<a href="modules.php?name=RN_Video&file=most_player&video=<? echo $video; ?>" rel="gb_page_center[640, 425]" title="<? echo $title; ?>" rev="width: 700px; height: 410px; scrolling: no;">

<?
echo "Title = ".strtoupper($title)."";

echo " ";
echo " ";
for($i=1;$i < 5;$i++)
{
if(file_get_contents("http://i$i.ytimg.com/vi/$code/default.jpg"))
{
?>
<a href="modules.php?name=RN_Video&file=most_player&video=<? echo $video; ?>" rel="gb_page_center[640, 425]" title="<? echo $title; ?>" rev="width: 700px; height: 410px; scrolling: no;"><img src='http://i<? echo $i; ?>.ytimg.com/vi/<? echo $code; ?>/default.jpg' width='175' /></a>
<?
echo " ";
echo " ";
echo "CatID= $category";
echo " ";
echo "Category = $category2";
echo " ";
Break;
}
}
?>
 
<? echo $counter; ?> Views
</a>
</td></tr></table>
</TD>

<?if($aut==1){?>

<TD>
<center>
<form action='admin.php?op=edit_video&action=Disallow' method='post'>
<input type='hidden' name='action' value='Disallow' />
<input type='hidden' name='video' value='<? echo $video; ?>' />
<input type='submit' name='submit' value='Disallow' />
</form>
</center>
</TD>
<?}else{?>
<TD>
<center>
<form action='admin.php?op=edit_video&action=Readmit' method='post'>
<input type='hidden' name='action' value='Readmit' />
<input type='hidden' name='video' value='<? echo $video; ?>' />
<input type='submit' name='submit' value='Readmit' />
</form>
</center>
</TD>
<?}?>
<TD>
<center>
<form action='admin.php?op=edit_video&action=edit' method='post'>
<input type='hidden' name='action' value='edit' />
<input type='hidden' name='video' value='<? echo $video; ?>' />
<input type='submit' name='submit' value='edit' />
</form>
</center>
</TD>

<TD>
<center>
<form action='admin.php?op=edit_video&action=Delete' method='post'>
<input type='hidden' name='action' value='Delete_Video' />
<input type='hidden' name='video' value='<? echo $video; ?>' />
<input type='submit' name='submit' value='Delete' />
</form>
</center>
</TD>
</TR>
</TABLE>
</div>

 
<?
}

echo "";
echo "Page ";
for ($i = 1 ; $i <= $nop ; $i++)
{
echo " <a href='./admin_edit_videos.php?page=$i'> $i </a> ";
}
echo "";
?>
 <hr width='80%' /> 

<center>
Page generated in <? $end=microtime();$lapsus=($end-$start); echo $lapsus; ?> seconds
 
<? $time=date("D, d M Y - H:i");echo $time; ?> Server Time
</center>
<?
CloseTable();
include('footer.php');
}
////////////////////// End Edit Video ///////////////////////////
////////////////////// End Edit Video 2///////////////////////////
function edit_video2() {
global $user,$cookie,$prefix,$nukeuser,$db,$prefix;
cookiedecode($user);
$username = $cookie[1];
list($uid, $username) = explode(":", $nukeuser);

?>
 <hr width='80%' />
<?
user_add_video_nav();
?>
<table width="100%" style="border-collapse:collapse;">
<tr>
<td width="70%" valign="top">
<center> 
<?
 echo "Username = $username";
 echo "UID = $uid";
 $user_id = $uid;
echo "<form action='modules.php?name=RN_Video&file=user_admin&op=user_edit_video3' method='post'>";
echo "TITLE";
echo " ";;
echo "<input type='text' name='title' size='50' maxlength='50' />";
echo " ";
echo " ";
echo "50 char max";
echo " ";
echo "YOUTUBE EMBED CODE";
echo " ";
echo "<textarea cols='60' rows='7' name='code'></textarea>";
echo " ";
echo "Insert this video into category";
echo " ";
$query="SELECT * FROM ".$prefix."_rnvideo_category ORDER BY catid DESC";
$result=$db->sql_query($query);
while($row=$db->sql_fetchrow($result))
{
$catid=$row['catid'];
$category=$row['category'];
$or=1;
for($i=0; $i < count($category); $i++)
{
if($or > 6){echo " ";$or=1;}
echo "<input type='radio' name='category' value='$category'>$category";
//echo "<input type='radio' name='category' value='$category[$i]'> ".strtoupper($category[$i])."";
echo "     ";

$or++;
}
}
echo " ";
echo "<input type='hidden' name='user_id' value='$user_id' />";
echo "<input type='hidden' name='action' value='Insert_Video' />";
echo " ";
echo "<center><input type='submit' value='Insert Video' /></center>";
echo "</form>";
?>
</center> </td>
</tr>
</table>
 <hr width='80%' /> 
<center>
Page generated in <? $end=microtime();$lapsus=($end-$start); echo $lapsus; ?> seconds
 
<? $time=date("D, d M Y - H:i");echo $time; ?> Server Time
</center>
</td>
</tr>
</table>
<?
CloseTable();
include('footer.php');
}
////////////////////// End Edit Video 2///////////////////////////
////////////////////// End Edit Video 3///////////////////////////
function edit_video3() {
global $user,$cookie,$prefix,$nukeuser,$db,$prefix;
cookiedecode($user);
$username = $cookie[1];
list($uid, $username) = explode(":", $nukeuser);
include_once("header.php");
$code=$_POST['code'];
 // $code=Sanitizer($code);
$title=$_POST['title'];
 $title=Sanitizer($title);
$catid=$_POST['catid'];
 $catid=Sanitizer($catid);
$video=$_POST['video'];
 $video=Sanitizer($video);
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// This needs to be looked at. Running strister on Code before sanitizer has been through it
if(stristr($code, 'http://www.youtube.com/v/') === FALSE) {
// $code=$_POST['code'];
 //$code=Sanitizer($code);
//echo "Code1= $code";
$query="SELECT video FROM ".$prefix."_rnvideo WHERE code='$code'";
$result=$db->sql_query($query);
if(mysql_numrows($result)==1)
{

$catid=Sanitizer($_POST['catid']);
$category=Sanitizer($_POST['category']);
$video=Sanitizer($_POST['video']);

$query="SELECT * FROM ".$prefix."_rnvideo_category WHERE category='$category'";
$result=$db->sql_query($query);
while($row=$db->sql_fetchrow($result))
{
$catid=$row['catid'];
$category=$row['category'];
}
 $now = time();
// echo "Time = $now";
$queryup="UPDATE ".$prefix."_rnvideo SET category='$catid', title='$title', code='$code', time='$now' WHERE video='$video'";
$resultup=$db->sql_query($queryup) or die(mysql_error());
echo "<center>";
echo " ";
echo "<center>VIDEO $title Edited Thank you for sharing</center>";
edit_bottom_nav();
CloseTable();
include('footer.php');
}
}
///////////////////////////////////////////////////////// END IF /////////////////////////////////////////////////////

$code=$_POST['code'];

$code= stristr($code, "http://www.youtube.com/v/");

// echo " ";
// echo "Code 2 = $code";
// echo " ";

$code= str_replace("http://www.youtube.com/v/","",$code);

echo " ";
echo "Code 3 = $code";
echo " ";

$code= explode('&',$code);

echo " ";
echo "Code 4 = $code";
echo " ";

$code=Sanitizer($code['0']);
// echo "Code = $code";
///////////////////////////////////////////////////////// END IF /////////////////////////////////////////////////////

$category=Sanitizer($_POST['category']);

echo "Category =$category";
echo " ";
echo "Title = $title";
echo " ";
echo "Code = $code";
echo " ";
echo "Category = $category";
echo " ";
echo "Line 160 Code= $code";
echo " ";
echo "video = $video";

$query="SELECT video FROM ".$prefix."_rnvideo WHERE video='$video'";
$result=$db->sql_query($query);
if($db->sql_numrows($result)==1)
{

echo " ";
echo "CatID = $cat_table";
echo " ";
echo "CatID = $category";
echo " ";
$query="SELECT * FROM ".$prefix."_rnvideo_category WHERE category='$category'";
$result=$db->sql_query($query);
while($row=$db->sql_fetchrow($result))
{
$catid=$row['catid'];
//$category=$row['category'];
}
echo " ";
echo "CatID = $catid";
echo " ";
echo "Category = $category";
$now = time();
// echo "Time = $now";
$queryup="UPDATE ".$prefix."_rnvideo SET category='$catid', title='$title', code='$code',time='$now' WHERE video='$video'";
$resultup=$db->sql_query($queryup) or die(mysql_error());
echo " ";
echo "<a href='admin_add_video.php'>Add A Video</a>";
echo " ";
echo "<a href='admin_edit_videos.php'>Edit A Video</a>";
echo " ";
echo "<a href='admin_main.php'>Return to Main Admin Page</a>";
echo "</center>";
}
CloseTable();
include('footer.php');
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Category Admin //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
function admin_category_display() {
global $gid, $admingid,$db,$prefix;
include_once("header.php");
OpenTable();
?>
<center>
 
Edit Categories Administration Page
 
</center>
<?
add_video_nav();
?>
 <hr width='80%' /> 

<?
$query="SELECT category FROM ".$prefix."_rnvideo_category ORDER BY catid DESC";
$result= $db->sql_query($query);
$rows=$db->sql_numrows($result);

$query="SELECT * FROM ".$prefix."_rnvideo_category ORDER BY catid DESC";
$result=$db->sql_query($query);
while($row=$db->sql_fetchrow($result))
{
$video=$row['catid'];
$category=$row['category'];
?>
<TABLE width='90%' align = 'center' border='1' bordercolor='#0000ff' style='border-collapse:collapse;' cellpadding='5'>
<TR>
<TD width='20%' valign='middle'>
<center>
<? echo $category; ?>
 Category #
<? echo $video; ?>
</TD>

<TD width='20%' valign='middle'>
<center>
<form action='admin.php?op=admin_category_edit' method='post'>
<input type='hidden' name='action' value='edit_category' />
<input type='hidden' name='category' value='<? echo $category; ?>' />
<input type='submit' name='submit' value='edit' />
</form>
</center>
</TD>

<TD width='20%' valign='middle'>
<center>
<form action='admin.php?op=admin_category_delete' method='post'>
<input type='hidden' name='action' value='Delete_category' />
<input type='hidden' name='category' value='<? echo $category; ?>' />
<input type='submit' name='submit' value='Delete' />
</form>
</center>
</TD>
</TR>
</TABLE>
</CENTER>

 
<?
}

?>
 <hr width='80%' /> 

<center>
Page generated in <? $end=microtime();$lapsus=($end-$start); echo $lapsus; ?> seconds
 
<? $time=date("D, d M Y - H:i");echo $time; ?> Server Time
</center>
<?
CloseTable();
include('footer.php');
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Category Admin Edit //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
///////////////////////////FUNCTION DELETE CATEGORY////////////////////////////////////////////////////////
function admin_category_delete()
{
global $admin, $bgcolor2, $prefix, $db,$user,$cookie,$nukeuser;
include_once("header.php");
OpenTable();
?>
<center>
 
Delete Category Administration Page
 
</center>
<?
add_video_nav();
$action=Sanitizer($_POST['action']);
if($action=="Delete_category")
{
$category=$_POST['category'];
//echo $category;
$query="DELETE FROM ".$prefix."_rnvideo_category WHERE category='$category'";
$result=$db->sql_query($query) or die(mysql_error());

echo "<center>";
echo " ";
echo "Category $category Has been Deleted";
echo " ";
echo "<a href='admin.php?op=admin_category_add'>Add a Category</a>";
echo " ";
echo "<a href='admin.php?op=admin_category_display'>Edit Categories</a>";
echo " ";
echo "<a href='admin.php?op=admin_category_display'>Category Admin Page</a>";
echo "</center>";
}

CloseTable();
include('footer.php');
}

///////////////////////////FUNCTION Edit Categories////////////////////////////////////////////////////////
function admin_category_edit()
{
global $admin, $bgcolor2, $prefix, $db,$user,$cookie,$nukeuser;
include_once("header.php");
OpenTable();
?>
<center>
 
Edit Category Administration Page
 
</center>
<?
add_video_nav();
echo " <hr color='#0000ff' width='80%'> ";
$action=Sanitizer($_POST['action']);
if($action=="edit_category")
{
$category=$_POST['category'];
$query="SELECT * FROM ".$prefix."_rnvideo_category WHERE category='$category'";
$result=$db->sql_query($query);
while($row=$db->sql_fetchrow($result))
{
$catid=$row['catid'];
$category=$row['category'];
}
//echo $catid;
echo "<form action='admin.php?op=admin_category_edit2' method='post'><center>";
echo "Edit Category";
echo " ";
echo "<input type='text' name='category' size='50' maxlength='50' value='$category' />";
echo " 50 char max ";
echo "<input type='hidden' name='action' value='Edit_Category2' />";
echo "<input type='hidden' name='catid' value='$catid' />";
echo " ";
echo "<center><input type='submit' value='Edit Category' /></center>";
echo "</form>";
echo " <hr color='#0000ff' width='80%'> ";
}
CloseTable();
include('footer.php');

}
///////////////////////////FUNCTION Edit Category2////////////////////////////////////////////////////////
function admin_category_edit2()
{
global $admin, $bgcolor2, $prefix, $db,$user,$cookie,$nukeuser;
include_once("header.php");
OpenTable();
?>
<center>
 
Edit Category Administration Page
 
</center>
<?
add_video_nav();
echo " <hr color='#0000ff' width='80%'> ";
$action=Sanitizer($_POST['action']);
if($action=="Edit_Category2")
{
//echo $action;
$category=$_POST['category'];
$catid=$_POST['catid'];
// echo " ";
// echo "Category = $category";
// echo " ";
// echo "CatID = $catid";
// echo " ";
$query="UPDATE ".$prefix."_rnvideo_category SET `category` = '$category' WHERE `catid` =$catid";
$result=$db->sql_query($query);

while($row=$db->sql_fetchrow($result))
{
$catid=$row['catid'];
$category=$row['category'];
}
echo "<center>";
echo "Category $category Has been Edited";
echo " ";
echo "<a href='admin.php?op=admin_category_add'>Add a Category</a>";
echo " ";
echo "<a href='admin.php?op=admin_category_display'>Edit Categories</a>";
echo " ";
echo "<a href='admin.php?op=admin_category_display'>Category Admin Page</a>";
echo "</center>";
echo " <hr color='#0000ff' width='80%'> ";
}
CloseTable();
include('footer.php');

}

///////////////////////////Function ADD Category////////////////////////////////////////////////////////
function admin_category_add()
{
global $admin, $bgcolor2, $prefix, $db,$user,$cookie,$nukeuser;
include_once("header.php");
OpenTable();
?>
<center>
 
Add Category Administration Page
 
</center>
<?
add_video_nav();
?>

 <hr width='80%' /> 

<TABLE width="100%" style="border-collapse:collapse;">
<TR>
<TD width="70%" valign="top">
<center>
<?
echo "<form action='admin.php?op=admin_category_add2' method='post'>";
echo "Add Category";
echo " ";;
echo "<input type='text' name='category' size='50' maxlength='50' />";
echo " 50 char max ";
echo "<input type='hidden' name='action' value='Insert_Category' />";
echo " ";
echo "<center><input type='submit' value='Insert Category' /></center>";
echo "</form>";
?>
</center>
</TD>
</TR>
</TABLE>
 <hr width='80%' /> 
<?

CloseTable();
include('footer.php');
}

///////////////////////////Function ADD Category2////////////////////////////////////////////////////////
function admin_category_add2()
{
global $admin, $bgcolor2, $prefix, $db,$user,$cookie,$nukeuser;
include_once("header.php");
OpenTable();
?>
<center>
 
Insert Category Administration Page
 
</center>
<?
add_video_nav();
?>

 <hr width='80%' /> 
<?

$action=Sanitizer($_POST['action']);
$category=Sanitizer($_POST['category']);
//echo $action;
if($action=="Insert_Category")
{
echo "<center>";
echo "$action";
echo " ";
echo " ";
echo "$category";
echo " ";
echo " ";
if(empty($category))
{
echo "NO TITLE SUBMITTED. ";
echo "<a href='admin.php?op=admin_category_add'>TRY AGAIN, PLEASE</a>";
echo "</center>";
CloseTable();
include('footer.php');
}

if(strlen($category) > 50 )
{
echo "Catregory SIZE TOO LARGE ( only titles of 50 chars. max. allowed ) ";
echo "<a href='admin.php?op=admin_category_add'>TRY AGAIN, PLEASE</a>";
echo "</center>";
CloseTable();
include('footer.php');
}

$censored_word= array('f***', 'bitch', 'whore', 'suck', 'harlot', 'cock', 'boobs', 'teats', 'ass', 'cunt');

if(in_array($category, $censored_word))
{
echo "Censored word. ";
echo "<a href='admin.php?op=admin_category_add'>TRY AGAIN, PLEASE</a>";
echo "</center>";
CloseTable();
include('footer.php');
}

for ($i = 0; $i < strlen($category); $i++)
{
if (!eregi("[- _ . a-zA-Z0-9]" , $category[$i] ) )
{
echo "<center>";
echo "WARNING !! INCORRECT TITLE";
echo " ";
echo "That is an Invalid symbol";
echo " ";
echo "$category[$i]";
echo " ";
echo "Only Letters and Numbers are allowed";
echo " ";
echo "<a href='admin.php?op=admin_category_add'>TRY AGAIN PLEASE</a>";
echo "</center>";
CloseTable();
include('footer.php');
}
}

//Insertimg cat into database
$queryup="INSERT INTO ".$prefix."_rnvideo_category VALUES('null', '$category')";
$resultup=$db->sql_query($queryup) or die(mysql_error());
echo "Category $category INSERTED ";
echo " ";
echo "<a href='admin.php?op=admin_category_add'>Add a Category</a>";
echo " ";
echo "<a href='admin.php?op=admin_category_display'>Edit Categories</a>";
echo " ";
echo "<a href='admin.php?op=admin_category_display'>Category Admin Page</a>";
echo "</center>";
CloseTable();
include('footer.php');
}
}

?>

Dawg · Posted: Tue Aug 10, 2010 4:45 am

Palbin

Did that fix that for you?

Dawg

Palbin · Posted: Tue Aug 10, 2010 5:01 am

I'll try it tonight if I remember Wink

.

Dawg · Posted: Tue Aug 10, 2010 5:11 am

Thank You for the help.

What I am really interested in is the Santizer code and making sure I am cleaning everything right before I put it in the database.

Again Thank You for the help!

Dave

Palbin · Posted: Tue Aug 10, 2010 4:52 pm

Found the problem. You should be using < ?php ? > instead of < ? ? >. Some people my disagree with me, but I would sugest to people not to do this at all. Simply just echo the html out.

I know you are still working on this, but you really need to indent you code better. It is just about impossible to follow.

I'm still having problems will report back later.

Dawg · Posted: Tue Aug 10, 2010 5:19 pm

Palbin wrote:

Found the problem. You should be using < ?php ? > instead of < ? ? >. Some people my disagree with me, but I would sugest to people not to do this at all. Simply just echo the html out.

I know you are still working on this, but you really need to indent you code better. It is just about impossible to follow.

I'm still having problems will report back later.

Thank You for any and all feedback.

Give me a few mins and I will indent it correctly....or so I think...

Dawg

Palbin · Posted: Tue Aug 10, 2010 6:40 pm

First thing is that you should not have case statements for "utility functions" like Sanitizer. I'm only going to mention few things to get you started ,and we can refine it later once you have made corrections, removed unneeded code and functions, and general code clean up.

1. I do not think you should be using a function to "generally" filter your variables. You should just validate them as you use them.

2. You need to read this article about MagicQuotes.

Only registered users can see links on this board!
Get registered or login to the forums!

3. Instead of strip_tags use the following instead. It will take care of conditionally removing MagicQuotes as discussed above.

Code:

$somevar = check_html($_post['somevar'], 'nohtml');

4. You do not have to do check_html() on every variable. If it is supposed to be a number just use intval() on it. If it is not an integer it will return 0.

5. htmlentites and htmlspecialchars can get a little tricky, but generally speaking you should only be using these when displaying info on the screen. Either from the user or from the database.

6. addslashes() should only be used when variables are being inserted or used to query the database. You should not do this to variables you are displaying on the screen. You would have to addslashes later if you are doing both.

I hope you got all that Wink

If not just ask and later on we can dig a little deeper.

Dawg · Posted: Wed Aug 11, 2010 10:25 pm

Palbin,

Thank You for your time.

I will take a week or so for me to digest this....Thank You for helping me learn!

Dawg

Dawg · Posted: Sun Aug 22, 2010 5:16 am

Palbin,

Palbin wrote:

you really need to indent you code better. It is just about impossible to follow.

I worked my way through the main index...and indented the code. I could not really find ANYTHING that said do this like XYZ....so I tried to go about it in a logical fashion....

If I did not get it right...PLEASE CORRECT ME...Show me right and I will do it right.

You talked about the <? and ?> so I changed all of them to <?php

I am still opening and closing....but once we hit the end of all of this....I will go through and echo everything. To me it is easier to write it this way so that when I make changes I can test the code real easy.

Code:

<?php
/**********************************************/
/* RN Video by Dawg
/* Version 1.0 Beta
/* This should NOT be used in Production Sites
/*Help and Support at http://www.ravenphpscripts.com
/**********************************************/

if ( !defined('MODULE_FILE') )
{
 die('You can\'t access this file directly...');
}

require_once('mainfile.php');
$module_name = basename(dirname(__FILE__));
get_lang($module_name);
$index = 0;
$hideleft=1;
$admingid= '25'; //(The number of posts before people can add videos)
include('header.php');
global $user,$cookie,$prefix,$nukeuser,$db,$prefix;
cookiedecode($user);
$username = $cookie[1];

if ($username == "")
{
 $username = "Anonymous";
}

if (is_user($user))
{
 list($uid, $username) = explode(":", $nukeuser);
 $querystr = "SELECT user_posts FROM ".$prefix."_users WHERE user_id=$uid" ;
 $result = $db->sql_query($querystr) ;
 if (!$result)
 {
 echo 'Could not run query: ' . mysql_error();
 exit;
 }
 $row = mysql_fetch_row($result);
 $postcount = $row[0];
 echo $postcount;
}
if (!isset($op)) $op = '';

switch($op)
{
 default:
 display_video();
 break;
 case list_video:
 list_video();
 break;
 case list_single_category:
 list_single_category();
 break;
 case video_admin_menu:
 video_admin_menu();
 break;
}
die();
///////////////////////////////////////// START ADMIN MENU /////////////////////////////////
function video_admin_menu()
{
 global $postcount, $admingid,$db,$prefix;
 ?>
 
 <center>
 <a href='modules.php?name=RN_Video&file=user_admin&op=user_add_video_main'>User Video Admin</a>
  | 
 <a href='modules.php?name=RN_Video&file=user_admin&op=user_add_video'>Add Video</a>
  | 
 <a href='modules.php?name=RN_Video&file=user_admin&op=user_edit_video'>Edit YOUR Videos</a>
  | 
 <a href='modules.php?name=RN_Video&file=user_admin&op=user_edit_video'>Delete YOUR Videos</a>
 </center>
 
 <?php
}
///////////////////////////////////////// FINISH ADMIN MENU /////////////////////////////////

///////////////////////////////////////// START NAV MENU /////////////////////////////////
function nav_video()
{
 global $postcount, $admingid,$db,$prefix;
 if ($postcount>=$admingid)
 {
 video_admin_menu();
 }
 ?>
 
 <center>
 <a href='modules.php?name=RN_Video'>Video Home</a>
  | 
 <a href='modules.php?name=RN_Video&op=list_single_category'>List Single Category</a>
  | 
 <a href='modules.php?name=RN_Video&op=list_video'>Category View</a>
 </center>
 <?php
}
///////////////////////////////////////// FINISH NAV MENU /////////////////////////////////

///////////////////////////////////////// Start MOST RECENT /////////////////////////////////
function display_video()
{
 OpenTable3();
 global $user,$cookie,$prefix,$nukeuser,$db,$prefix;
 ?>
 <center>
 Most Recent Videos 
 </center>
 <?php
 nav_video();
 ?>
 <hr color="#0000ff" width='80%'> 
 <table width="100%">
 <tr>
 <?php
 $query ="SELECT video FROM ".$prefix."_rnvideo WHERE aut='1'";
 $result = $db->sql_query($query)
 or die ("invalid query in video display");
 //$result= $db->sql_query($query);
 $rows=$db->sql_numrows($result);
 //// Set number of Videos per page here
 $ppp=10;
 $nop= ceil($rows / $ppp);
 $z=0;
 echo "<td>Page : ";
 for ($i = 1 ; $i <= $nop ; $i++)
 {
 echo "  <a href='/modules.php?name=RN_Video&page=$i'> $i </a> ";
 }
 echo "</td>";
 if (isset($_GET['page']))
 {
 $page = $_GET['page'];
 }
 else
 {
 $page = 1;
 }
 $start= ($page - 1) * $ppp;
 $ranking=0;
 $ranking=(($ranking+$ppp)*$page)-($ppp-1);
 $query="SELECT video,title,code,counter FROM ".$prefix."_rnvideo WHERE aut='1' ORDER BY time DESC LIMIT $start,$ppp";
 $result = $db->sql_query($query);
 while($row=$db->sql_fetchrow($result))
 {
 $video=$row['0'];
 $title=$row['1'];
 $code=$row['2'];
 $counter=$row['3'];
 if ($z % 2 != 1)
 {
 echo "<tr align='center'>";
 }

 ?>
 <td><div align="center">
 <?php echo strtoupper($title); ?>
 
 <?php
 for($i=1;$i < 5;$i++)
 {
 if(file_get_contents("http://i$i.ytimg.com/vi/$code/default.jpg"))
 {
 ?>
 <table><tr><td>
 <a href="modules.php?name=RN_Video&file=most_player&video=<?php echo $video; ?>" rel="gb_page_center[640, 425]" title="<?php echo $title; ?>" rev="width: 700px; height: 410px; scrolling: no;"><img src='http://i<?php echo $i; ?>.ytimg.com/vi/<?php echo $code; ?>/default.jpg' width='175' /></a>
 </td></tr></table>
 <?php
 Break;
 }
 }
 ?>
 Views <?php echo $counter; ?>
   |  
 Ranking <?php echo $ranking; ?> <hr color="#0000ff" width='80%'> 
 </div></td>
 <?php
 $z++;
 $ranking++;
 }

 ?>
 </tr></table>
 <hr width="80%" size="5" color="#0000ff"> 
 <?php
 CloseTable3();
 include('footer.php');
}
///////////////////////////////////////// END VIDEO DISPLAY /////////////////////////////////

///////////////////////////////////////// Start List Categories /////////////////////////////////
function list_video()
{
 OpenTable3();
 global $user,$cookie,$prefix,$nukeuser,$db,$prefix;
 ?>
 <center>
 List All Categories 
 </center>
 <?php
 nav_video();
 ?>
 <hr color="#0000ff" width='80%'> 
 <table width='80%' align='center'>
 <tr>
 <?php
 $sql = "SELECT uid, uname FROM nuke_users";
 $result = $db->sql_query($sql);
 $row = $db->sql_fetchrow($result);
 $result = $db->sql_query("SELECT * FROM ".$prefix."_rnvideo_category");
 while($myrow = $db->sql_fetchrow($result))
 {
 $catid=$myrow[0];
 $category=$myrow[1];
 echo "<td valign='top' align='center' width='200'>";
 echo " $category ";
 echo "<hr width='80%' size='3' />";
 $result2 = $db->sql_query("SELECT video,category,title,code,counter FROM ".$prefix."_rnvideo WHERE aut='1' AND category='$catid' ORDER BY time DESC");
 while($myrow2 = $db->sql_fetchrow($result2))
 {
 $video=$myrow2[0];
 $category=$myrow2[1];
 $title=$myrow2[2];
 echo "$title";
 echo " ";
 $code=$myrow2[3];
 $counter=$myrow2[4];
 echo " ";
 ?>
 <a href="modules.php?name=RN_Video&file=most_player&video=<?php echo $video; ?>" rel="gb_page_center[640, 425]" title="<?php echo $title; ?>" rev="width: 700px; height: 410px; scrolling: no;"><img src='http://i<?php echo $i; ?>.ytimg.com/vi/<?php echo $code; ?>/default.jpg' width='200' /></a>
 <?php
 echo " ";
 echo "Views $counter";
 echo " ";
 echo " ";
 echo "<hr width='80%' size='3' />";
 echo " ";
 }
 echo"</center></td>";
 }

 ?>
 </table> <hr color="#0000ff" width='80%'> 
 <?php
 CloseTable3();
 include('footer.php');
}
///////////////////////////////////////// End List Categories /////////////////////////////////

///////////////////////////////////////// Begin List Single Catergory/////////////////////////////////
function list_single_category()
{
 OpenTable3();
 global $user,$cookie,$prefix,$nukeuser,$db,$prefix;
 ?>
 <center> List Single Categories </center>
 <?php
 nav_video();
 ?>
 <hr color="#0000ff" width='80%'> 
 <table width="100%">
 <tr>
 <?php
 ///// SET CATEGORY HERE BY ID
 $value="89";

 ///THIS NEEDS TO BE FIXED
 $query ="SELECT video FROM ".$prefix."_rnvideo WHERE aut='1' AND category='$value'";
 $result = $db->sql_query($query)
 or die ("invalid query in video display");
 $rows=$db->sql_numrows($result);
 // echo "ROWS = $rows";
 //// Set number of Videos per page here
 $ppp=10;
 $nop= ceil($rows / $ppp);
 // echo "NOP=$nop";
 $z=0;
 echo "<td>Page : ";
 for ($i = 1 ; $i <= $nop ; $i++)
 {
 echo "  <a href='/modules.php?name=RN_Video&op=list_single_category&page=$i'> $i </a> ";
 }
 echo "</td>";
 if (isset($_GET['page']))
 {
 $page = $_GET['page'];
 }
 else
 {
 $page = 1;
 }
 $start= ($page - 1) * $ppp;
 $ranking=0;
 $ranking=(($ranking+$ppp)*$page)-($ppp-1);
 $query="SELECT video,title,code,counter FROM ".$prefix."_rnvideo WHERE aut='1' ORDER BY time DESC LIMIT $start,$ppp";
 $result = $db->sql_query($query);
 while($row=$db->sql_fetchrow($result))
 {
 $video=$row['0'];
 $title=$row['1'];
 $code=$row['2'];
 $counter=$row['3'];
 if ($z % 2 != 1)
 {
 echo "<tr align='center'>";
 }
 ?>
 <td><div align="center">
 <?php
 echo "$title";
 echo " ";
 for($i=1;$i < 5;$i++)
 {
 if(file_get_contents("http://i$i.ytimg.com/vi/$code/default.jpg"))
 {
 ?>
 <table><tr><td>
 <a href="modules.php?name=RN_Video&file=most_player&video=<?php echo $video; ?>" rel="gb_page_center[640, 425]" title="<?php echo $title; ?>" rev="width: 700px; height: 410px; scrolling: no;"><img src='http://i<?php echo $i; ?>.ytimg.com/vi/<?php echo $code; ?>/default.jpg' width='175' /></a>
 </td></tr></table>
 <?php
 Break;
 }
 }
 ?>
 Views <?php echo $counter; ?>
   |  
 Ranking <?php echo $ranking; ?> <hr color="#0000ff" width='80%'> 
 </div></td>
 <?php
 $z++;
 $ranking++;
 }
 ?>
 </tr></table>
 <hr color="#0000ff" width='80%'> 
 <?php
 CloseTable3();
 include('footer.php');
}
///////////////////////////////////////// End List Single Catergory/////////////////////////////////
?>

Dawg · Posted: Sun Aug 22, 2010 5:32 am

Palbin,
So now lets talk about MagicQuotes.

I read your link and it makes sence but before I dig into the next part I want to make sure I understand what you are saying.

If I read all this right....I should check to see if MagicQuotes is enabled....and if it is I need to run through stripslashes to get rid of the slashes....Is that correct?

Now we get to the tricky part....Cleaning the code before inserting it.

This is where I always hit a wall becasue I do not really know what I am checking for?

Here is a couple of examples of the main piece of the you tube puzzle...

ChwX__tdqQA
dw2h1qpeU1c
T8taFYpSJs4

This is not an interger....It can have CAPS....lower case.....numbers and symbols in it.

How do I check this or clean this?

I do not expect you to write code for me....A link will do fine...I want to make sure that I clean this code as good as I can to make sure none gets hacked because of something I wrote.

Thank You THANK YOU and thank you for your help!

Dawg

montego · Posted: Sun Aug 22, 2010 7:14 am

Quote:

4. You do not have to do check_html() on every variable. If it is supposed to be a number just use intval() on it. If it is not an integer it will return 0.

Just to add slightly: you also need to make sure that an integer value of 0 doesn't cause a logic problem which also could do bad things. So, consider someone entering in text data in that field, as Palbin says, it will force the value to a 0. If you are not expressly handling that condition or the code and/or db data is such that a 0 could cause a different kind of failure (either immediate or downstream)... not good also.

Palbin · Posted: Sun Aug 22, 2010 11:05 am

Dawg wrote:

Palbin,
If I read all this right....I should check to see if MagicQuotes is enabled....and if it is I need to run through stripslashes to get rid of the slashes....Is that correct?

Yes, but if you use check_html() it takes care of the slashes for you if they are enabled. This is important to not because if you strip slashes twice you could be removing legitimate ones (not that you have any).

Basically if you are displaying submitted text or inserting it into the db you should be running check_html() on it. So typically a person would be using check_html() so they would not have to worry about stripping slashes, but you need to be aware for when specific cases come up.

As I said above if you are expecting a certain variable to be a number only you do not have to worry about slashes or check_html() because when you do intval() if one of those characters exist it will return 0.

PHP as some built in functions that can also be used to filter.validate your data.

Only registered users can see links on this board!
Get registered or login to the forums!

Specifically look at the is_* functions: is_array, is_numeric, is_string, is_null, is_array, etc.

Also the ctype functions can be used.

Only registered users can see links on this board!
Get registered or login to the forums!

The mains ones are: ctype_alnum, ctype_alpha, ctype_digit, etc.

Palbin · Posted: Sun Aug 22, 2010 11:15 am

Dawg, also about indenting your code. There are no official rules on how to do so. Typically speaking every time you have have a set of {} be that for a function or an if statement etc you should indent the code between those one time. The code will step in or out as you close the bracket.

Take a look at this.

Only registered users can see links on this board!
Get registered or login to the forums!

Dawg · Posted: Wed Oct 27, 2010 6:31 am

Palbin wrote:

Dawg, also about indenting your code. There are no official rules on how to do so. Typically speaking every time you have have a set of {} be that for a function or an if statement etc you should indent the code between those one time. The code will step in or out as you close the bracket.

Take a look at this.

Only registered users can see links on this board!
Get registered or login to the forums!

I have not worked on this as of late...but I wanted to say THANK YOU for this piece of advice!

I am now taking the time to indent the code as I go and WOW that sure has helped me see the logic.

I am hopeing over X-Mas this year I will be able to take the time to revisit this video mod...it is pretty cool.

The Wiki...

Guys...This is one of the best resources around for a guy like me...PLEASE continue to update it with examples.

I can just about recite the Coding Standards

Only registered users can see links on this board!
Get registered or login to the forums!

This is the type of things make people like me want to create new stuff for RN!

Thank You again for your time!!

Dawg