| Author |
Message |
JRSweets
Worker
Joined: Aug 06, 2004
Posts: 192
|
 Posted:
Fri Oct 22, 2004 12:17 pm |
 
|
First does anyone know what the difference between NSN YA and CNB YA is? I can't figure it out since that are almost identical in coding.
Now onto the problem, this is from modules/Your_Account/admin/modify_user.php:
| Code: | | echo "<tr><td bgcolor='$bgcolor2'>"._INTERESTS.":</td><td><input type='text' name='chng_user_interest' value='".$chnginfo['user_interests']."' size='25' maxlength='255'></td></tr>\n"; |
Say this is a users interest:
| Code: | | Computer's and stuff |
If you click on edit user as the admin you will see in the interests field is:
Why does it cut everything after the ' ? When I change it from "input" to "textarea" it show the full data. |
|
|
|
|
beetraham
Regular
Joined: Dec 13, 2003
Posts: 94
Location: Finland (EU)
|
| Posted:
Fri Oct 22, 2004 1:32 pm |
|
| JRSweets wrote: | First does anyone know what the difference between NSN YA and CNB YA is? I can't figure it out since that are almost identical in coding.
Now onto the problem, this is from modules/Your_Account/admin/modify_user.php:
| Code: | | echo "<tr><td bgcolor='$bgcolor2'>"._INTERESTS.":</td><td><input type='text' name='chng_user_interest' value='".$chnginfo['user_interests']."' size='25' maxlength='255'></td></tr>\n"; |
Say this is a users interest:
| Code: | | Computer's and stuff |
If you click on edit user as the admin you will see in the interests field is:
Why does it cut everything after the ' ? When I change it from "input" to "textarea" it show the full data. |
Not completely sure whether this could do the job, but why don't you go ahead and try escaping it - i.e.;
Try using...
| Code: | | Computer\'s and stuff |
...instead of;
| Code: | | Computer's and stuff |
Just a wild guess - should have tried it myself before posting this, but let's give it a try.
Let me know if it doesn't work as suspected to - in that case, I'd like to get some more information from you related to code instantiation (it's already above as a reference, I suppose  ) - providing that it suits you.
BR,
-beetraham |
|
|
|
|
JRSweets
Worker
Joined: Aug 06, 2004
Posts: 192
|
| Posted:
Fri Oct 22, 2004 2:22 pm |
|
I tried and then when looking at the users interest's you get:
| Code: | | Computer\'s and stuff |
and then when you go to edit it you get:
[code]Computer\ [\code]
Its very strange, like I said the only way I found around this was to change the <input ... > to <textarea></textarea> like the signatures are. Infact it does this to all the fields that use <input ... >. It stops after a ' . |
Last edited by JRSweets on Fri Oct 22, 2004 4:50 pm; edited 2 times in total |
|
|
|
|
beetraham
Regular
Joined: Dec 13, 2003
Posts: 94
Location: Finland (EU)
|
| Posted:
Fri Oct 22, 2004 2:41 pm |
|
| JRSweets wrote: | I tried and then when looking at the users interest's you get:
| Code: | | Computer\'s and stuff |
and then when you go to edit it you get:
[code]Computer\[code]
Its very strange, like I said the only way I found around this was to change the <input ... > to <textarea></textarea> like the signatures are. Infact it does this to all the fields that use <input ... >. It stops after a ' . |
| JRSweets wrote: | I tried and then when looking at the users interest's you get:
[code]Computer\'s and stuff[/code]
and then when you go to edit it you get:
[code]Computer\[code]
Its very strange, like I said the only way I found around this was to change the <input ... > to <textarea></textarea> like the signatures are. Infact it does this to all the fields that use <input ... >. It stops after a ' . |
Might be an issue related to stripslashes()'ing the data - the flow may not be consistently OK from that perspective - by far any chance got the possibility to receive all the code? |
|
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2499
|
| Posted:
Fri Oct 22, 2004 2:54 pm |
|
Probably developed with magic quotes on I've made that mistake a few times. |
|
|
|
|
|
JRSweets
Worker
Joined: Aug 06, 2004
Posts: 192
|
| Posted:
Fri Oct 22, 2004 4:48 pm |
|
This is that whole file. The full download is
| Code: | <?php
if (!eregi("modules.php", $_SERVER['SCRIPT_NAME'])) {
header("Location: ../../../index.php");
die ();
}
if (($radminsuper==1) OR ($radminuser==1)) {
$pagetitle = ": "._USERADMIN." - "._USERUPDATE;
include("header.php");
title(_USERADMIN." - "._USERUPDATE);
amain();
echo "<br>\n";
$result = $db->sql_query("select * from ".$user_prefix."_users where user_id='$chng_uid' or username='$chng_uid'");
if($db->sql_numrows($result) > 0) {
$chnginfo = $db->sql_fetchrow($result);
$result = $db->sql_query("SELECT * FROM ".$user_prefix."_cnbya_field");
while ($sqlvalue = $db->sql_fetchrow($result)) {
list($value) = $db->sql_fetchrow( $db->sql_query("SELECT value FROM ".$user_prefix."_cnbya_value WHERE fid ='$sqlvalue[fid]' AND uid = '$chnginfo[user_id]'"));
$chnginfo[$sqlvalue[name]] = $value;
}
OpenTable();
echo "<center><table border='0'>\n";
echo "<form action='modules.php?name=$module_name&file=admin' method='post'>\n";
echo "<tr><td bgcolor='$bgcolor2'>"._USERID.":</td><td><b>".$chnginfo['user_id']."</b></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'>"._NICKNAME.":</td><td><input type='text' name='chng_uname' value='".$chnginfo['username']."'><br><b>"._YA_CHNGRISK."</b></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'>"._NAME.":</td><td><input type='text' name='chng_name' value='".$chnginfo['name']."'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'>"._URL.":</td><td><input type='text' name='chng_url' value='".$chnginfo['user_website']."' size='30' maxlength='60'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'>"._EMAIL.":</td><td><input type='text' name='chng_email' value='".$chnginfo['user_email']."' size='30' maxlength='60'> <font class='tiny'>"._REQUIRED."</font></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'>"._FAKEEMAIL.":</td><td><input type='text' name='chng_femail' value='".$chnginfo['femail']."' size='30' maxlength='60'></td></tr>\n";
$result = $db->sql_query("SELECT * FROM ".$user_prefix."_cnbya_field WHERE need <> '0' ORDER BY pos");
while ($sqlvalue = $db->sql_fetchrow($result)) {
$t = $sqlvalue[fid];
$value2 = explode("::", $sqlvalue[value]);
if (strpos($sqlvalue[name],"_")==0) eval( "\$name_exit = $sqlvalue[name];"); else $name_exit = $sqlvalue[name];
if (count($value2) == 1) {
echo "<tr><td bgcolor='$bgcolor2'>$name_exit</td><td bgcolor='$bgcolor3'><input type='text' name='nfield[$t]' value='".$chnginfo[$sqlvalue[name]]."' size='20' maxlength='$sqlvalue[size]'></td></tr>\n";
} else {
echo "<tr><td bgcolor='$bgcolor2'>$name_exit</td><td bgcolor='$bgcolor3'>";
echo "<select name='nfield[$t]'>\n";
for ($i = 0; $i<count($value2); $i++) {
if (trim($chnginfo[$sqlvalue[name]]) == trim($value2[$i])) $sel = "selected"; else $sel = "";
echo "<option value=\"".trim($value2[$i])."\" $sel>$value2[$i]</option>\n";
}
echo "</select>";
echo "</td></tr>\n";
}
}
echo "<tr><td bgcolor='$bgcolor2'>"._ICQ.":</td><td><input type='text' name='chng_user_icq' value='".$chnginfo['user_icq']."' size='20' maxlength='20'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'>"._AIM.":</td><td><input type='text' name='chng_user_aim' value='".$chnginfo['user_aim']."' size='20' maxlength='20'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'>"._YIM.":</td><td><input type='text' name='chng_user_yim' value='".$chnginfo['user_yim']."' size='20' maxlength='20'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'>"._MSNM.":</td><td><input type='text' name='chng_user_msnm' value='".$chnginfo['user_msnm']."' size='20' maxlength='20'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'>"._LOCATION.":</td><td><input type='text' name='chng_user_from' value='".$chnginfo['user_from']."' size='25' maxlength='60'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'>"._OCCUPATION.":</td><td><input type='text' name='chng_user_occ' value='".$chnginfo['user_occ']."' size='25' maxlength='60'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'>"._INTERESTS.":</td><td><input type='text' name='chng_user_interest' value='".$chnginfo['user_interests']."' size='25' maxlength='255'></td></tr>\n";
if ($chnginfo['user_viewemail'] ==1) { $cuv = "checked"; } else { $cuv = ""; }
echo "<tr><td bgcolor='$bgcolor2'>"._OPTION.":</td><td><input type='checkbox' name='chng_user_viewemail' value='1' $cuv> "._ALLOWUSERS."</td></tr>\n";
if ($chnginfo['newsletter'] == 1) { $cnl = "checked"; } else { $cnl = ""; }
echo "<tr><td bgcolor='$bgcolor2'>"._NEWSLETTER.":</td><td><input type='checkbox' name='chng_newsletter' value='1' $cnl> "._YES."</td></tr>\n";
if ($Version_Num > 7.0) {
$yacontent = "";
$subnum = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_subscriptions WHERE userid='$chng_uid'"));
if ($subnum == 0) {
$yacontent .= "<tr><td bgcolor='$bgcolor2'>"._SUBUSERASK.":</td><td><input type='radio' name='subscription' value='1'> "._YES." <input type='radio' name='subscription' value='0' checked> "._NO."</td></tr>";
$yacontent .= "<tr><td bgcolor='$bgcolor2'>"._SUBPERIOD.":</td><td><select name='subscription_expire'>";
$yacontent .= "<option value='0' selected>"._NONE."</option>";
$yacontent .= "<option value='1'>1 "._YEAR."</option>";
$yacontent .= "<option value='2'>2 "._YEARS."</option>";
$yacontent .= "<option value='3'>3 "._YEARS."</option>";
$yacontent .= "<option value='4'>4 "._YEARS."</option>";
$yacontent .= "<option value='5'>5 "._YEARS."</option>";
$yacontent .= "<option value='6'>6 "._YEARS."</option>";
$yacontent .= "<option value='7'>7 "._YEARS."</option>";
$yacontent .= "<option value='8'>8 "._YEARS."</option>";
$yacontent .= "<option value='9'>9 "._YEARS."</option>";
$yacontent .= "<option value='10'>10 "._YEARS."</option>";
$yacontent .= "</select><input type='hidden' name='reason' value='0'></td></tr>";
} elseif ($subnum == 1) {
$yacontent .= "<tr><td bgcolor='$bgcolor2'>"._UNSUBUSER.":</td><td><input type='radio' name='subscription' value='0'> "._YES." <input type='radio' name='subscription' value='1' checked> "._NO."</td></tr>";
$yacontent .= "<tr><td bgcolor='$bgcolor2'>"._ADDSUBPERIOD.":</td><td><select name='subscription_expire'>";
$yacontent .= "<option value='0' selected>"._NONE."</option>";
$yacontent .= "<option value='1'>1 "._YEAR."</option>";
$yacontent .= "<option value='2'>2 "._YEARS."</option>";
$yacontent .= "<option value='3'>3 "._YEARS."</option>";
$yacontent .= "<option value='4'>4 "._YEARS."</option>";
$yacontent .= "<option value='5'>5 "._YEARS."</option>";
$yacontent .= "<option value='6'>6 "._YEARS."</option>";
$yacontent .= "<option value='7'>7 "._YEARS."</option>";
$yacontent .= "<option value='8'>8 "._YEARS."</option>";
$yacontent .= "<option value='9'>9 "._YEARS."</option>";
$yacontent .= "<option value='10'>10 "._YEARS."</option>";
$yacontent .= "</select></td></tr>";
$yacontent .= "<tr><td bgcolor='$bgcolor2'>"._ADMSUBEXPIREIN."</td><td>";
$row = $db->sql_fetchrow($db->sql_query("SELECT * FROM ".$prefix."_subscriptions WHERE userid='$chng_uid'"));
$diff = $row['subscription_expire']-time();
$yearDiff = floor($diff/60/60/24/365);
$diff -= $yearDiff*60*60*24*365;
if ($yearDiff < 1) {
$diff = $row['subscription_expire']-time();
}
$daysDiff = floor($diff/60/60/24);
$diff -= $daysDiff*60*60*24;
$hrsDiff = floor($diff/60/60);
$diff -= $hrsDiff*60*60;
$minsDiff = floor($diff/60);
$diff -= $minsDiff*60;
$secsDiff = $diff;
if ($yearDiff < 1) {
$rest = "$daysDiff "._SBDAYS.", $hrsDiff "._SBHOURS.", $minsDiff "._SBMINUTES.", $secsDiff "._SBSECONDS."";
} elseif ($yearDiff == 1) {
$rest = "$yearDiff "._SBYEAR.", $daysDiff "._SBDAYS.", $hrsDiff "._SBHOURS.", $minsDiff "._SBMINUTES.", $secsDiff "._SBSECONDS."";
} elseif ($yearDiff > 1) {
$rest = "$yearDiff "._SBYEARS.", $daysDiff "._SBDAYS.", $hrsDiff "._SBHOURS.", $minsDiff "._SBMINUTES.", $secsDiff "._SBSECONDS."";
}
$yacontent .= "<font color='#FF0000'>$rest</font></td></tr>";
$yacontent .= "<tr><td bgcolor='$bgcolor2' valign='top'>"._SUBREASON."</td><td><textarea name='reason' cols='60' rows='10'></textarea></td></tr>";
}
echo "$yacontent";
}
if ($Version_Num > 6.9) {
echo "<tr><td bgcolor='$bgcolor2'>"._YA_POINTS.":</td><td bgcolor='$bgcolor1'><input type='test' name='chng_points' value='".$chnginfo['points']."'></td></tr>\n";
}
echo "<tr><td bgcolor='$bgcolor2' valign='top'>"._SIGNATURE.":</td><td><textarea name='chng_user_sig' rows='6' cols='45'>".$chnginfo['user_sig']."</textarea></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'>"._PASSWORD.":</td><td><input type='password' name='chng_pass' size='12' maxlength='12'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'>"._RETYPEPASSWD.":</td><td><input type='password' name='chng_pass2' size='12' maxlength='12'> <font class='tiny'>"._FORCHANGES."</font></td></tr>\n";
//echo "<input type='hidden' name='chng_avatar' value='".$chnginfo['chng_avatar']."'>\n";
echo "<input type='hidden' name='chng_uid' value='$chng_uid'>\n";
echo "<input type='hidden' name='old_uname' value='".$chnginfo['username']."'>\n";
echo "<input type='hidden' name='old_email' value='".$chnginfo['user_email']."'>\n";
echo "<input type='hidden' name='op' value='modifyUserConf'>\n";
if (isset($query)) { echo "<input type='hidden' name='query' value='$query'>\n"; }
if (isset($min)) { echo "<input type='hidden' name='min' value='$min'>\n"; }
if (isset($xop)) { echo "<input type='hidden' name='xop' value='$xop'>\n"; }
echo "<tr><td align='center' colspan='2'><input type='submit' value='"._SAVECHANGES."'></td></tr>\n";
echo "</form>\n";
echo "<form action='modules.php?name=$module_name&file=admin' method='post'>\n";
if (isset($query)) { echo "<input type='hidden' name='query' value='$query'>\n"; }
if (isset($min)) { echo "<input type='hidden' name='min' value='$min'>\n"; }
if (isset($xop)) { echo "<input type='hidden' name='op' value='$xop'>\n"; }
echo "<tr><td align='center' colspan='2'><input type='submit' value='"._CANCEL."'></td></tr>\n";
echo "</form>\n";
echo "</table></center>\n";
CloseTable();
} else {
OpenTable();
echo "<center><b>"._USERNOEXIST."</b></center>\n";
CloseTable();
}
include("footer.php");
}
?> |
|
|
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2499
|
| Posted:
Fri Oct 22, 2004 6:09 pm |
|
I haven't even got that far lol I keep getting a parse error everywhere that
eval() is used! Grrr!
Edit: Doh! it was the 0 in the order of the fields in the first field! |
|
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2499
|
| Posted:
Sat Oct 23, 2004 7:11 am |
|
As a temp fix try adding this to your htaccess file in your webroot
php_flag magic_quotes_gpc on
There is a ton of places were this needs to be fixed it should be submitted to André V Escudero as a legit bug report. |
|
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2499
|
| Posted:
Sat Oct 23, 2004 8:53 am |
|
Update: I submitted a bug report here if you wish to add comments to it.
|
|
|
|
|
|
JRSweets
Worker
Joined: Aug 06, 2004
Posts: 192
|
| Posted:
Sat Oct 23, 2004 11:32 pm |
|
Thank you for submitting the report for me. I tried to go to their site but I cannot speak spanish. There seems to be lots of bugs with CNB YA. Alot of little spelling errors.
$row['femial'] should be $row['femail']
$row['intrests'] should be $row['interests']
These errors are thru out the module.
I tried you suggestion in the htaccess file. It still did not work. The only way I can get it to work, is change the <input> box to a <textarea> then it will display the whole item. |
|
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2499
|
| Posted:
Sun Oct 24, 2004 8:33 am |
|
Ok I found these
Search String: femial
Replace String: femail
Path: \pnuke75\modules\Your_Account\admin
Processing file : \pnuke75\modules\Your_Account\admin\modifyuser.php
Line 32 -
Search String: intrests
Replace String: interests
Path: \pnuke75\modules\Your_Account\admin
Processing file : \pnuke75\modules\Your_Account\admin\detailsuser.php
Line 46 -
Processing file : \pnuke75\modules\Your_Account\admin\finduser.php
Line 37 -
Found 1 occurrences.
Processing file : \pnuke75\modules\Your_Account\admin\modifyuser.php
Line 59 - |
|
|
|
|
|
JRSweets
Worker
Joined: Aug 06, 2004
Posts: 192
|
| Posted:
Mon Oct 25, 2004 6:35 am |
|
What program did you use for that search? |
|
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2499
|
| Posted:
Mon Oct 25, 2004 7:30 am |
|
|
|
|
|
escudero
New Member
Joined: Oct 25, 2004
Posts: 9
|
| Posted:
Mon Oct 25, 2004 11:14 am |
|
| sixonetonoffun wrote: | | Update: I submitted a bug report here if you wish to add comments to it.
|
Hello sixonetonoffun,
thanks for your repost.
Can you test the new file for me?
I think that we can do a great module working together.
Bests regards,
André |
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2499
|
| Posted:
Mon Oct 25, 2004 9:59 pm |
|
André
Seems the quotes are handled ok with the custom form fields but the Interests and the other predefined fields still aren't being escaped. At least not from the admin edit page. |
|
|
|
|
|
escudero
New Member
Joined: Oct 25, 2004
Posts: 9
|
| Posted:
Mon Oct 25, 2004 11:08 pm |
|
Hello sixonetonoffun,
I puted the correct files here
to test.
I think that it can not have more error. I think 
Very thanks.
May I put your name (name, email and site) in the module credits? |
|
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2499
|
| Posted:
Tue Oct 26, 2004 6:00 am |
|
André
No no no! You just go on working on this much needed module and we'll continue breaking it until its as solid as it can be! |
|
|
|
|
|
JRSweets
Worker
Joined: Aug 06, 2004
Posts: 192
|
| Posted:
Tue Oct 26, 2004 7:16 am |
|
| escudero wrote: | Hello sixonetonoffun,
I puted the correct files here
to test.
I think that it can not have more error. I think
Very thanks.
May I put your name (name, email and site) in the module credits? |
Problem still exists in the admin edit page. |
|
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2499
|
| Posted:
Tue Oct 26, 2004 8:46 am |
|
deinstall fails using the CNB_Your_Account_750_430 cnbya.php.
Fix:
Open cnbya.php
Find around line 41
echo "<option value='destall'>Destall $pagetitle</option>\n";
Change to:
echo "<option value='deinstall'>Destall $pagetitle</option>\n";
Then Find:
case "deinstall":
Replace the entire block of code with this:
| Code: |
case "deinstall":
$pagetitle = "CNB Your Account: Destall";
include("header.php");
title("$pagetitle");
OpenTable();
echo "Operation Status!<br>\n";
echo "<hr>\n";
global $db, $prefix, $user_prefix;
$result = $db->sql_query("DROP TABLE ".$prefix."_cnbya_config");
if (!$result) { $result = $db->sql_query("DROP TABLE IF EXISTS ".$user_prefix."_cnbya_config");}
if (!$result) { echo "- Destall ".$prefix."_cnbya_config failed<br>\n"; } else { echo "- Destall ".$prefix."_cnbya_config succeded<br>\n"; }
$result = $db->sql_query("DROP TABLE ".$prefix."_cnbya_field");
if (!$result) { $result = $db->sql_query("DROP TABLE IF EXISTS ".$user_prefix."_cnbya_field");}
if (!$result) { echo "- Destall ".$prefix."_cnbya_field failed<br>\n"; } else { echo "- Destall ".$prefix."_cnbya_field succeded<br>\n"; }
$result = $db->sql_query("DROP TABLE ".$prefix."_cnbya_value");
if (!$result) { $result = $db->sql_query("DROP TABLE IF EXISTS ".$user_prefix."_cnbya_value");}
if (!$result) { echo "- Destall ".$prefix."_cnbya_value failed<br>\n"; } else { echo "- Destall ".$prefix."_cnbya_value succeded<br>\n"; }
$result = $db->sql_query("DROP TABLE ".$prefix."_cnbya_value_temp");
if (!$result) { $result = $db->sql_query("DROP TABLE IF EXISTS ".$user_prefix."_cnbya_value_temp");}
if (!$result) { echo "- Destall ".$prefix."_cnbya_value_temp failed<br>\n"; } else { echo "- Destall ".$prefix."_cnbya_value_temp succeded<br>\n"; }
echo "<hr>\n";
echo "Operation Complete!<br>\n";
echo _GOBACK."\n";
CloseTable();
include("footer.php");
break;
|
This removes most any config possible but not old NSN-YAT table names but they shouldn't exist so I don't think that should be ab issue. |
|
|
|
|
|
escudero
New Member
Joined: Oct 25, 2004
Posts: 9
|
| Posted:
Tue Oct 26, 2004 11:45 am |
|
Hello Community,
thanks for all. Tell me if you found some more error.
Some spelling error are from original NSN YA.
Is difficult found all error alone.
We are found together.
Thanks!!
ps. sorry by my bad english |
|
|
|
|
|
JRSweets
Worker
Joined: Aug 06, 2004
Posts: 192
|
| Posted:
Tue Oct 26, 2004 12:28 pm |
|
Another problem is that you cannot log in as admin using the included blocks. This code in the top of modules/Your_Account/includes/functions.php
| Code: | if (!eregi("modules.php", $_SERVER['SCRIPT_NAME'])) {
header("Location: ../../../index.php");
die ();
} |
This code is in the top of the two included login
blocks.
| Code: | include_once
("modules/Your_Account/includes/functions.php");
$ya_config = ya_get_configs(); |
This code conflicts and won't let you login as the
admin if you use either of the blocks included in your
package. To use the block you have to comment out the
code at the top of the modules/Your_Account/includes/functions.php file.
| Code: | //if (!eregi("modules.php", $_SERVER['SCRIPT_NAME'])) {
//header("Location: ../../../index.php");
//die ();
//} |
|
|
|
|
|
|
escudero
New Member
Joined: Oct 25, 2004
Posts: 9
|
| Posted:
Tue Oct 26, 2004 4:56 pm |
|
Hello,
the beta 2 version is there:
Any more problems with this version?
Do you have idea to solve the problem of this user?:
André |
|
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2499
|
| Posted:
Tue Oct 26, 2004 7:36 pm |
|
cnbya.php line 42 is still a spelling error
deinstall fails using the CNB_Your_Account_750_430 cnbya.php.
Fix:
Open cnbya.php
Find around line 42
echo "<option value='deistall'>Destall $pagetitle</option>\n";
Change to:
echo "<option value='deinstall'>Destall $pagetitle</option>\n";
Still brainstroming the single quote being appended issue no great ideas though  |
|
|
|
|
|
escudero
New Member
Joined: Oct 25, 2004
Posts: 9
|
| Posted:
Tue Oct 26, 2004 8:40 pm |
|
[quote="sixonetonoffun"]cnbya.php line 42 is still a spelling error
deinstall fails using the CNB_Your_Account_750_430 cnbya.php.
Fix:
Open cnbya.php
Find around line 42
echo "<option value='deistall'>Destall $pagetitle</option>\n";
Change to:
echo "<option value='deinstall'>Destall $pagetitle</option>\n";
quote]
 I think that I am blind person. I dont know if is my son, or my work.
I will liberate the 4.3.2 alpha today.
Thanks  |
|
|
|
|
|
escudero
New Member
Joined: Oct 25, 2004
Posts: 9
|
| Posted:
Thu Oct 28, 2004 6:28 pm |
|
Hello sixonetonoffun,
what do you think, to change the original ya_fixtext function:
| Code: | function ya_fixtext($ya_fixtext) {
if ($ya_fixtext == "") { return $ya_fixtext; }
$ya_fixtext = stripslashes($ya_fixtext);
$ya_fixtext = ereg_replace("\'","´",$ya_fixtext);
$ya_fixtext = ereg_replace("\"",""",$ya_fixtext);
$ya_fixtext = strip_tags($ya_fixtext);
if (!get_magic_quotes_gpc()) { $ya_fixtext = addslashes($ya_fixtext); }; $ya_fixtext = addslashes($ya_fixtext);
return $ya_fixtext;
} |
to just this:
| Code: | function ya_fixtext($ya_fixtext) {
$ya_fixtext = addslashes($ya_fixtext);
return $ya_fixtext;
} |
?
Bests regards,
André |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::