Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RavenNuke(tm) v2.5x
Author Message
Anders
Worker
Worker



Joined: Jun 16, 2004
Posts: 159
Location: Sweden

PostPosted: Sun Apr 08, 2012 1:03 am Reply with quote

Hi..
I have search and search but cant find any related!
its the signature that dont show when i put it in my profile

This work!!
[*img]http://www.mysite/modules/Sig/images/Anders.png[/img]
This dont!!
[img]http://www.mysite/modules/Signature/getsignature.php?id=1&baseimage=0[/img]

I will be really happy if ya guys or gals can solve this Wink


Last edited by Anders on Sun Apr 08, 2012 5:17 am; edited 1 time in total 
View user's profile Send private message
eldorado
Involved
Involved



Joined: Sep 10, 2008
Posts: 424
Location: France,Translator

PostPosted: Sun Apr 08, 2012 2:32 am Reply with quote

use htaccess

RewriteRule ^/tmp/([^\.]+)\.png$ /image.php?file=$1.png [NC,L]
You could check for other extensions as well:

RewriteRule ^/tmp/([^\.]+)\.(png|jpg|gif)$ /image.php?file=$1.$2 [NC,L]
Or if you don't care (everything is an image in your tmp folder. Though i wouldn't recommend this)

RewriteRule ^/tmp/(.*)$ /image.php?file=$1 [NC,L]
If it's not a physical file you can put any one of these at the end of your rules.

_________________
United-holy-dragons.net (My RN site)- Rejekz(cod4 clan) - gamerslounge 
View user's profile Send private message Visit poster's website MSN Messenger
eldorado







PostPosted: Sun Apr 08, 2012 2:35 am Reply with quote

***deleted post****
 
Anders







PostPosted: Sun Apr 08, 2012 5:15 am Reply with quote

thx but
Nothing of it works Confused
 
nuken
RavenNuke(tm) Development Team



Joined: Mar 11, 2007
Posts: 2024
Location: North Carolina

PostPosted: Sun Apr 08, 2012 8:55 am Reply with quote

For security reasons, you would not want to allow a file to be displayed in a sig. Even though the one you want to display may be a harmless rendered image, someone else could use one that redirects your forum to a malicious site.

_________________
Tricked Out News 
View user's profile Send private message Send e-mail Visit poster's website
eldorado







PostPosted: Sun Apr 08, 2012 9:49 am Reply with quote

nuken wrote:
For security reasons, you would not want to allow a file to be displayed in a sig. Even though the one you want to display may be a harmless rendered image, someone else could use one that redirects your forum to a malicious site.

would using htaccess to manually overide the .php?blabla=id
to *id.png lead to unwanted script?

If image.php comes with injection protection wouldn't that be viable?

Anders , if you put the .htaccess in /images/ in which is located /images/image.php?blabla=id
, then you need to pull the image from /images/tmp/images-id.png
or....
you can use http://php.net/manual/en/function.imagepng.php
and create the image
 
Anders







PostPosted: Sun Apr 08, 2012 10:18 am Reply with quote

Its a script i use that creat that link and that will show a created image
but i have no clue how to write a correct line in .htaccess
 
nuken







PostPosted: Sun Apr 08, 2012 10:32 am Reply with quote

There are security measures in place to only allow image files to be added in the img bbcode. I am not sure how .htaccess would address that. It seems to me if you were to allow a php file to be used with the img tag than you would have to some how keep other php files from being used with the img tag.
 
Anders







PostPosted: Sun Apr 08, 2012 10:43 am Reply with quote

ok then maybe there is nothing todo Sad
 
nuken







PostPosted: Sun Apr 08, 2012 10:59 am Reply with quote

What kind of info are you trying to display in the signature image?
It wouldn't be that hard to code a module to make a dynamic png sig...
 
spasticdonkey
RavenNuke(tm) Development Team



Joined: Dec 02, 2006
Posts: 1693
Location: Texas, USA

PostPosted: Sun Apr 08, 2012 11:13 am Reply with quote

You could probably use bbcode to do this. I have no way of testing, and it's just a quicky, but something like:

modules/Forums/includes/bbcode.php
FIND
Code:
$bbcode_tpl['email'] = str_replace('{EMAIL}', '\\1', $bbcode_tpl['email']);

AFTER ADD
Code:
$bbcode_tpl['customsig'] = str_replace('{CUSTOMSIGNATURE}', '\\1', $bbcode_tpl['customsig']);


FIND
Code:
// [i] and [/i] for italicizing text.

$text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text);

AFTER ADD
Code:
// sigs

$text = preg_replace("#\[sig\](.*?)\[/sig\]#si", "[sig:$uid]\\1[/sig:$uid]", $text);



FIND
Code:
// [email]user@domain.tld[/email] code..

$patterns[] = "#\[email\]([a-z0-9&\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)\[/email\]#si";
$replacements[] = $bbcode_tpl['email'];

AFTER ADD
Code:
// [sig]1[/sig] code..

$patterns[] = "#\[sig:$uid\]([0-9]*)\[/sig:$uid\]#si";
$replacements[] = $bbcode_tpl['customsig'];


This edit can be placed anywhere within your bbcode.tpl (on a new line), which is either located at themes/YourTheme/forums/ or if that does not exist, at modules/Forums/templates/subSilver/
Code:
<!-- BEGIN customsig --><img src="modules/Signature/getsignature.php?id={CUSTOMSIGNATURE}&amp;baseimage=0" alt="" /><!-- END customsig -->


If I understood correctly, these sigs are coming from your site, if not, adjust the image path accordingly.

You would use the sig like so:
[sig]1[/sig]

Just an idea Smile If you give it a shot let us know how it goes...
 
View user's profile Send private message Visit poster's website
eldorado







PostPosted: Sun Apr 08, 2012 11:17 am Reply with quote

Well Done spaticdonkey
That would be the best solution , internal signatures.

However using .htaccess would have worked (it works on my site) however it's trickier to manage.
 
Anders







PostPosted: Sun Apr 08, 2012 11:17 am Reply with quote

its show diffrent deers images and it show the highest score under each animal
there is a mysql database to it and updates every 24 hours ..it use curl...to grab info
and to many users use it on diffrent forums and i dont want F-up ..and remake it
will users be piss of then they have to change there links...hehehe
 
Anders







PostPosted: Sun Apr 08, 2012 11:21 am Reply with quote

spasticdonkey, i will try this...naaa s**t there is 6 diffrent images they can choose on...i give up
 
nuken







PostPosted: Sun Apr 08, 2012 11:36 am Reply with quote

Eldorado, I understand how the .htaccess rewrite would allow a php file to be used in the sig, but how does it keep someone from placing a remote php file in the img tag? I am a little slow today.
 
Anders







PostPosted: Sun Apr 08, 2012 11:38 am Reply with quote

did gave it a test any way gives this when i look at sig lol [sig:3ccbb5c6c6]1[/sig:3ccbb5c6c6]
 
spasticdonkey







PostPosted: Sun Apr 08, 2012 11:57 am Reply with quote

ok that means the first pass is working and the issue is with the edit within the bbencode_second_pass function. A little difficult to write a forum mod in the "dark" Rolling Eyes

Try replacing
Code:
// [sig]1[/sig] code..

$patterns[] = "#\[sig:$uid\]([0-9]*)\[/sig:$uid\]#si";
$replacements[] = $bbcode_tpl['customsig'];

with
Code:
// [sig]1[/sig] code..

$patterns[] = "#\[sig:$uid\](.*?)\[/sig:$uid\]#si";
$replacements[] = $bbcode_tpl['customsig'];


it will allow passing of invalid values, but let's get it working first. When you cay they can select from six images, what do those URL's look like?
 
eldorado







PostPosted: Sun Apr 08, 2012 11:58 am Reply with quote

Ok ,
To people wondering how to generate .png on the fly and make it work on forums (without url injection though i wonder)
There is a sample code with 2 identifiers to generate a .png
Code:


<?php
$id=$_GET["id"];   //put some anti urlinjection function here
$id2=$_GET["id2"];  //put some anti urlinjection function here
$my_img = imagecreate( 200, 80 );
$background = imagecolorallocate( $my_img, 0, 0, 255 );
$text_colour = imagecolorallocate( $my_img, 255, 255, 0 );
$line_colour = imagecolorallocate( $my_img, 128, 255, 0 );
imagestring( $my_img, 4, 30, 25, $id.$id2,
  $text_colour );
imagesetthickness ( $my_img, 5 );
imageline( $my_img, 30, 45, 165, 45, $line_colour );

header( "Content-type: image/png" );
imagepng( $my_img );
imagecolordeallocate( $line_color );
imagecolordeallocate( $text_color );
imagecolordeallocate( $background );
imagedestroy( $my_img );
?>


name it create.php and put it in /images/
try http://yoursite.com/images/create.php?id=Eldo%20&id2=is%20the%20best

Ok , sorry for this beginner lesson.

Now the "hard" part
put this in a .htaccess file in /images/
Code:
RewriteEngine On

RewriteRule ^([^/]*)/([^/]*)\.png$ /image/create.php?id=$1&id2=$2 [L]

try http://yoursite.com/images/Eldo/%20is%20the%20best.png

and then [img*]http://yoursite.com/images//Eldo/%20is%20the%20best.png[/img]

btw just inputing the following works on ravennuke , so i guess it should work without any problem with offsites Smile
[img*]http://localhost/test/Eldo/%20is%20the%20best.png[/img]
 
eldorado







PostPosted: Sun Apr 08, 2012 12:00 pm Reply with quote

nuken wrote:
Eldorado, I understand how the .htaccess rewrite would allow a php file to be used in the sig, but how does it keep someone from placing a remote php file in the img tag? I am a little slow today.

As far as i know , sanitazing identifiers would be enough to prevent hijacking a website
 
Anders







PostPosted: Sun Apr 08, 2012 12:05 pm Reply with quote

iam the first 1 so number 1 stand which user and 0 is first image 5 last thats all 6


[img]http://mysite/ddt/modules/Sig/getsignature.php?id=1&baseimage=0[/img]

[img]http://mysite/ddt/modules/Sig/getsignature.php?id=2&baseimage=5[/img]

there u go now i will try the new code u gave me
 
eldorado







PostPosted: Sun Apr 08, 2012 12:10 pm Reply with quote

try this in .htaccess

Code:


RewriteEngine On
RewriteRule ^([^/]*)/([^/]*)\.png$ /ddt/modules/Sig/getsignature.php?id=$1&baseimage=$2 [L]

and afterward
go to [img*]http://mysite/ddt/modules/Sig/{id}/{baseimage}.png[/img]


so for [img*]http://mysite/ddt/modules/Sig/getsignature.php?id=2&baseimage=5[/img]
it's [img*]http://mysite/ddt/modules/Sig/2/5.png[/img]


Last edited by eldorado on Sun Apr 08, 2012 12:28 pm; edited 1 time in total 
Anders







PostPosted: Sun Apr 08, 2012 12:14 pm Reply with quote

last code gave me this [sig]1[/sig]

eldorado, i cant use that b4 every 1 need to change there images on all other forums or??
 
eldorado







PostPosted: Sun Apr 08, 2012 12:15 pm Reply with quote

I don't think they would have to , it works both ways with either the *.php and *.png file
 
Anders







PostPosted: Sun Apr 08, 2012 12:18 pm Reply with quote

ok i can have a test
 
Anders







PostPosted: Sun Apr 08, 2012 12:25 pm Reply with quote

eldorado, Just blank shows nothing
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RavenNuke(tm) v2.5x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©