Joined: Jan 02, 2003 Posts: 668 Location: Vancouver Island
Posted:
Sun Nov 23, 2003 9:52 am
I've been trying to install the Site_Messenger Module for 6.5 into my nuke 6.9. Anyone familiar with it? It runs a site_messenger.php in the root directory. Odd, eh?
I've spent an hour or more searching around nukecops and missed any reference to this module, and both support sites mentioned in the index.php author comments are useless right now.
Install was easy enough and no problems showed up in testing. So, I put it up on the production site and almost immediately users started getting the infamous "I don't like you" message when submitting "wordy" messages.
Submit is working fine for short messages.
This is my guess ... the "I don't like you" page is indication that the message text and mysql are not playing nice, php-nuke reacts as if someone was hacking something? It doesn't really have anything to do with the length of the message because the nuke_priv_msgs table the column msg_text is a TEXT type, 64000 characters.
Or maybe it is something else entirely, a previous mod somewhere on the site? I also turned off the bbcode and the html user controls in the Site_Messenger config.
Conclusion... "I don't like you" message is still a mystery.... it's mainfile thingy isn't it? Anyone care to enlighten us with the translation of this code?
Code:
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("I don't like you...");
In anycase my users, would freak at getting that message ... "I don't like you..." I just need to know what it indicates in order to change it. Right? In old mainfile.php I changed it to Incorrect Function, but I've only seen that error once... a long time ago.
Some other thoughts...
Maybe not a relevant topic, but this bit jumps out of the sendmessage() in the mod index.php for Site_Messenger.
Code:
while (list ($key, $file) = each ($filelist)) {
if (ereg(".gif|.jpg",$file)) {
if ($file == $msg_image) {
$sel = " checked";
}
else {
$sel = "";
}
What's this $sel variable all about? I had to muck with those $sels in the scripts for the authors table when I was installing Calendar etc. I think I'm up to $sel18 or something.
Site_Messsenger, if it ever wants to play nice, is going to be way too much fun.
Joined: Aug 27, 2002 Posts: 16987 Location: Kansas
Posted:
Sun Nov 23, 2003 11:22 am
First of all let's try to figure out which module is sending the infamous "I don't like you" message . Or do you know for sure it is the one above? If you do not know for sure, mainfile has this code
Joined: Jan 02, 2003 Posts: 668 Location: Vancouver Island
Posted:
Sun Nov 23, 2003 12:05 pm
"I don't like you" I posted above IS from the mainfile.php. I'm even more confused. I've tried a dozen different ways to replicate the error and I can't. I'll keep trying though.
Joined: Jan 02, 2003 Posts: 668 Location: Vancouver Island
Posted:
Sun Nov 23, 2003 4:13 pm
"Script" didn't cause any problem. Sheesh, I just can't replicate this error on my machine, but my users can. One of them is saying the error happens when she takes too long to reply. odd.
I have had this happen when something contained a ( or ), I believe, I do know it was a special character that caused it. I believe it was set up so someone could not inject via text... maybe... sort of..
// (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("Incorrect function...go back");
}
I tested with (round brackets), got no error.
I put the line back in, posted a SM IM with ( round brackets, ) and got the error again. Of course, there may be other characters who don't want to play either.
Seems to me that there are many other forms on the site that will allow (round brackets) and don't result in that mainfile error So, what's up with that?
I've got the Site Messenger installed on thisdayinastrohistory.com, but one needs to be registered to use it. I'm setting up another test domain right now, will install SM and keep it open to all for a little while.
It's one funky module. Terrific, but buggy imho. You should see what it does to the Site Info block! ... some mystery user from table_nuke sessions shows up.
I've gotten that 'I don't like you' message, too. Right clicking on it and viewing src just shows a Notepad with only that line. It is a good idea, though, and if this bug can be removed it'll be even better... perhaps someday it will be cross-site, so members of one site can message members of another site? To answer Raven's question, it can be found here and here:
Only registered users can see links on this board! Get registered or login to the forums!
Only registered users can see links on this board! Get registered or login to the forums!
/************************************************************************/
/* Original from PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi (fbc@mandrakesoft.com) */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
# alte User aus session loeschen
sql_query("DELETE FROM ${prefix}_session WHERE time < $past",$dbi);
# ermitteln ob aktueller User bereits in Session eingetragen
$result = sql_query("SELECT time FROM ${prefix}_session WHERE uname='$uname'",$dbi);
if ($row = sql_fetch_row($result,$dbi)) { # falls ja, Daten aktualisieren
sql_query("UPDATE ${prefix}_session SET uname='$uname', time='$ctime', host_addr='$ip', guest='$guest' WHERE uname='$uname'",$dbi);
}
else { # falls nein, User in Session eintragen
sql_query("INSERT INTO ${prefix}_session (uname, time, host_addr, guest) VALUES ('$uname', '$ctime', '$ip', '$guest')",$dbi);
}
# Anzahl aller User ermitteln
$qry="select COUNT(user_id) from ${user_prefix}_users where user_id<>1 and username<>'".$anonymous."';";
list($totalmembers) = sql_fetch_row(sql_query($qry,$dbi),$dbi);
# neusten User ermitteln
$qry="select username from ${user_prefix}_users where user_id<>1 and username<>'".$anonymous."' order by user_id DESC limit 0,1;";
$result = sql_query($qry,$dbi); # neusten User ermitteln
list($lastuser) = sql_fetch_row($result,$dbi);
# Alle User und Gaeste ermitteln, evtl auflisten
$qry="SELECT DISTINCT guest, uname FROM ${prefix}_session where (guest=0 or guest=1) and uname not in($excludedusers) order by uname;";
$result2 = sql_query($qry,$dbi);
while (list($sesionguest, $uname2) = sql_fetch_row($result2,$dbi)) {
if ($sesionguest==0) { # wenn angemeldeter User
if(isset($uname))
if(strtolower($uname2)==strtolower($uname)) {$sel="selected";} else{$sel="";}
else
if(strtolower($uname2)==strtolower($username)) {$sel="selected";} else{$sel="";}
$uname3 = substr("$uname2", 0, 20); # Kurzen Usernamen erstellen
$whoonlineselect.="<option value=\"$uname2\" $sel>$uname3</OPTION>\n"; # options fuer auswahlselect erstellen
$member_online_num++; # Anzahl User hochzaehlen
}
else{
$guest_online_num++; # Anzahl Gaeste hochzaehlen
}
}
$member_online_num=$member_online_num-1; # Wieder einen User abziehen (war bei init 1)
# Private Nachrichten
if ($guest == 0) { # Wenn aktueller User registriert ist (kein Gast)
$pmactiv=is_active("$pm_module_name"); # feststellen ob pm-modul aktiv ist
if ($pmactiv){ # falls pm-modul aktiv ist
$qry="SELECT read_msg, Count(msg_id) FROM ${prefix}_priv_msgs WHERE to_userid='$user_id' group by read_msg;";
$result = sql_query($qry,$dbi);
while (list($read_msg, $nums) = sql_fetch_row($result,$dbi)) {
if ($read_msg==0) { # wenn angemeldeter User
$countpmunread=$nums; # Anzahl ungelesene ermitteln
}
else{
$countpm=$nums; #++; # Anzahl aller pm's ermitteln
}
}
}
else{
$checkpmtime=0; # private Nachrichten nicht abfragen!
}
}
# Usergaestebuch
if ($guest == 0) { # Wenn aktueller User registriert ist (kein Gast)
$gbactiv=file_exists("guestbook.php"); # feststellen ob gaestebuch vorhanden
if ($gbactiv){ # falls gaestebuch vorhanden
$qry="SELECT Count(gid) FROM ${prefix}_userguest WHERE touserid='$user_id' and dummy=0;";
$result = sql_query($qry,$dbi);
list($gbnewentries) = sql_fetch_row($result,$dbi);
}
}
# weitere Variablen initialisieren zur Zeitberechnung :(
# den Mist muss man aendern! da gehoert ein anstaendiges Datumsfeld in die Tabelle
$Today = getdate();
//Formatting Current Date
$month = $Today['month'];
$mday = $Today['mday'];
$year = $Today['year'];
//Formatting Previous Date
$pmonth = $Today['mon'];
$pmday = $Today['mday'];
$pmday = $mday-1;
$pyear = $Today['year'];
$test = mktime (0,0,0,$pmonth,$pmday,$pyear,1);
//Creating SQL parameter
$curDate2 = "%".$month[0].$month[1].$month[2]."%".$mday."%".$year."%";
$preday = strftime ("%d",$test);
$premonth = strftime ("%B",$test);
$preyear = strftime ("%Y",$test);
$curDateP = "%".$premonth[0].$premonth[1].$premonth[2]."%".$preday."%".$preyear."%";
# Heute neu angemeldete User ermitteln
$qry = "SELECT COUNT(user_id) from ${user_prefix}_users WHERE user_regdate LIKE '$curDate2' and user_id<>1 and username not in($excludedusers);";
list($userCount) = sql_fetch_row(sql_query($qry,$dbi),$dbi);
# Gestern neu angemeldete User ermitteln
$qry = "SELECT COUNT(user_id) from ${user_prefix}_users WHERE user_regdate LIKE '$curDateP' and user_id<>1 and username not in($excludedusers);";
list($userCount2) = sql_fetch_row(sql_query($qry,$dbi),$dbi);
# Ausgabe ...................................
$content = "\n<!-- $thisfile output start -->\n<div class=\"content\" align=\"center\">\n"
."<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\" style=\"border: 0px; margin-bottom: 5px;\">\n"
."</table>\n";
if ($guest == 0 || $isseradmin) { # Wenn angemeldeter User oder Admin
# Onlineliste anzeigen wenn User online sind
if($member_online_num>0){
if($guest){
$script = "";
}
else{
$script = " onDblClick=\"whob_clickit()\"";
$content .= "<script language=\"JavaScript\">
<!--
function whob_clickit(){
var y=document.onlineuserinfo.username.selectedIndex;
var x=document.onlineuserinfo.username.options[y].value;
window.open('modules.php?name=$pm_module_name&file=buddy&op=compose&to='+x, '".md5(time())."','left=370,top=150,width=360,height=200,toolbar=no,location=no,menubar=no,scrollbars=yes,resizeable=yes,status=no');
return false;
}
//-->
</script>";
}
#background-color: $bgcolor1; font-size: 9px; font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; color: $txtcolor1; width: 90%; border: 0px $bgcolor1;
View next topic View previous topic
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
. Or do you know for sure it is the one above? If you do not know for sure, mainfile has this code
