Welcome to Geeklog, Anonymous Sunday, December 22 2024 @ 07:33 am EST
Geeklog Forums
custom memberinfo
Status: offline
junaidy
Forum User
Newbie
Registered: 10/01/03
Posts: 4
no plugins installed.. only want to add more field for custom memberinfo..
and when users submited the form, its failed to insert into dbase using saveuser()
--
function custom_usersave($uid) {
global $_CONF, $_TABLES, $HTTP_POST_VARS;
// Note you will need to ensure all data is prepared correctly before inserts - as quotes may need to be escaped with addslashes()
$fullname =addslashes($HTTP_POST_VARS['fullname']);
$nickname =addslashes($HTTP_POST_VARS['nickname']);
$birth =addslashes($HTTP_POST_VARS['birth_day'] . $HTTP_POST_VARS['birth_month'] . $HTTP_POST_VARS['birth_year']);
$address =addslashes($HTTP_POST_VARS['address']);
$postcode =addslashes($HTTP_POST_VARS['postcode']);
$email =addslashes($HTTP_POST_VARS['email']);
$country =addslashes($HTTP_POST_VARS['country']);
$gender =addslashes($HTTP_POST_VARS['gender']);
$race =addslashes($HTTP_POST_VARS['race']);
$language =addslashes($HTTP_POST_VARS['language']);
$status =addslashes($HTTP_POST_VARS['status']);
$mobile_maker =addslashes($HTTP_POST_VARS['mobile_maker']);
$house =addslashes($HTTP_POST_VARS['house']);
$transport =addslashes($HTTP_POST_VARS['transport']);
$occupation =addslashes($HTTP_POST_VARS['occupation']);
$monthly_income =addslashes($HTTP_POST_VARS['monthly_income']);
$job_stud =addslashes($HTTP_POST_VARS['job_stud']);
$education =addslashes($HTTP_POST_VARS['education']);
$interest =addslashes($HTTP_POST_VARS['interest']);
$leisure =addslashes($HTTP_POST_VARS['leisure']);
$smoker =addslashes($HTTP_POST_VARS['smoker']);
$cc_usage =addslashes($HTTP_POST_VARS['cc_usage']);
$if_cc_usage =addslashes($HTTP_POST_VARS['if_cc_usage']);
$know_friend =addslashes($HTTP_POST_VARS['know_friend']);
$result = DB_query("SELECT * FROM {$_TABLES['custom_memberinfo']} WHERE uid = $uid");
$nrows = DB_numRows($result);
if ($nrows == 0) { // no such user
DB_query("INSERT INTO {$_TABLES['custom_memberinfo']} ("
." uid,fullname,nickname,birth,address,postcode,country,"
."gender,race,language,status,mobile_maker,house,transport,"
."occupation,monthly_income,job_stud,education,interest,leisure,"
."smoker,cc_usage,if_cc_usage,know_friend,last_update"
.") VALUES ("
."$uid,'$fullname','$nickname','$birth','$address','$postcode',"
."'$country','$gender','$race','$language','$status','$mobile_maker',"
."'$house','$transport','$occupation','$monthly_income','$job_stud',"
."'$education','$interest','$leisure','$smoker','$cc_usage','$if_cc_usage','$know_friend',"
."NOW() )");
} else {
DB_query("UPDATE {$_TABLES['custom_memberinfo']} SET "
."fullname='$fullname',"
."nickname='$nickname',"
."birth='$birth',"
."address='$address',"
."postcode='$postcode',"
."country='$country',"
."gender='$gender',"
."race='$race',"
."language='$language',"
."status='$status',"
."mobile_maker='$mobile_maker',"
."house='$house',"
."transport='$transport',"
."occupation='$occupation',"
."monthly_income='$monthly_income',"
."job_stud='$job_stud',"
."education='$education',"
."interest='$interest',"
."leisure='$leisure',"
."smoker='$smoker',"
."cc_usage='$cc_usage',"
."if_cc_usage='$if_cc_usage',"
."know_friend='$know_friend',"
."last_update=NOW() "
."WHERE uid=$uid");
}
DB_query("UPDATE {$_TABLES['users']} SET "
// not used ."fullname='{$HTTP_POST_VARS['firstname']} {$HTTP_POST_VARS['lastname']}' "
."email='{$HTTP_POST_VARS['email']}',"
."homepage='{$HTTP_POST_VARS['homepage']}' "
."WHERE uid=$uid");
return true;
}
in userform()
--
/* Main Form used for Custom membership to add/edit and display custom user form */
function custom_userform($mode,$uid="",$msg="") {
global $_CONF, $_TABLES, $LANG04;
if (!empty($msg)) {
$retval .= COM_startBlock($LANG04[21]) . $msg . COM_endBlock();
}
if ($mode == "edit") {
$post_url = $_CONF['site_url']."/usersettings.php";
$postmode = "saveuser";
$submitbutton = "<input type='submit' value='{$LANG04[9]}'>";
$passwd_input = '<tr bgcolor="#FFFFFF">' . LB
. '<td align="right"><b>' .$LANG04[4]. '</b></td>' . LB
. '<td> </td>' . LB
. '<td><input type="password" name="passwd" size="25" maxlength="32" value=""></td>' . LB
. '<td> </td>' . LB
. '</tr>' . LB;
$result = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid=$uid");
$A = DB_fetchArray($result);
$result = DB_query("SELECT * FROM {$_TABLES['custom_memberinfo']} WHERE uid=$uid");
$B = DB_fetchArray($result);
$message = "<br><font size=3><br></font><font size=2 color=black><b>{$LANG04[1]} {$A['username']}</b></font>";
} elseif ($mode == "moderate" ) {
$submitbutton = '<input type="button" value="Back" onclick="javascript:history.go(-1)">';
$result = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid=$uid");
$A = DB_fetchArray($result);
$result = DB_query("SELECT * FROM {$_TABLES['custom_memberinfo']} WHERE uid=$uid");
$B = DB_fetchArray($result);
} else {
$post_url = $_CONF['site_url']."/users.php";
$postmode = "create";
$submitbutton = "<font color=red>$LANG04[24]</font><br><input type='submit' value='{$LANG04[27]}'>";
$passwd_input = "";
$message = "<br><font size=2 color=black>$LANG04[23]</font>";
$A=array();
$B=array();
}
$user_templates = new Template ($_CONF['path'] . 'system');
$user_templates->set_file('memberdetail', 'memberdetail.thtml');
$user_templates->set_var('layout_url', $_CONF['layout_url']);
$user_templates->set_var('post_url', $post_url);
$user_templates->set_var('startblock', COM_startBlock("$LANG04[22]"));
$user_templates->set_var('message', $message);
$user_templates->set_var('USERNAME', "$LANG04[2]");
$user_templates->set_var('USERNAME_HELP', "");
$user_templates->set_var('username', $A['username']);
$user_templates->set_var('passwd_input', $passwd_input);
$user_templates->set_var('FULLNAME', "");
$user_templates->set_var('FULLNAME_HELP', "");
$user_templates->set_var('fullname', $B['fullname']);
$user_templates->set_var('NICKNAME', "");
$user_templates->set_var('NICKNAME_HELP', "Enter Your SMS Nickname");
$user_templates->set_var('nickname', $B['nickname']);
$user_templates->set_var('ADDRESS', "");
$user_templates->set_var('ADDRESS_HELP', "");
$user_templates->set_var('address', $B['address']);
$user_templates->set_var('POSTCODE', "");
$user_templates->set_var('POSTCODE_HELP', "");
$user_templates->set_var('postcode', $B['postcode']);
$user_templates->set_var('EMAIL', "");
$user_templates->set_var('EMAIL_HELP', "");
$user_templates->set_var('email', $A['email']);
$user_templates->set_var('GENDER', "");
$user_templates->set_var('GENDER_HELP', "");
$user_templates->set_var('gender', $B['gender']);
$user_templates->set_var('RACE', "");
$user_templates->set_var('RACE_HELP', "");
$user_templates->set_var('race', $B['race']);
$user_templates->set_var('LANGUAGE', "");
$user_templates->set_var('LANGUAGE_HELP', "Choose Your Prefered Language");
$user_templates->set_var('language', $B['language']);
$user_templates->set_var('STATUS', "");
$user_templates->set_var('STATUS_HELP', "");
$user_templates->set_var('status', $B['status']);
$user_templates->set_var('MOBILE_MAKER', "");
$user_templates->set_var('MOBILE_MAKER_HELP', "");
$user_templates->set_var('mobile_maker', $B['mobile_maker']);
$user_templates->set_var('HOUSE', "");
$user_templates->set_var('HOUSE_HELP', "");
$user_templates->set_var('house', $B['house']);
$user_templates->set_var('TRANSPORT', "");
$user_templates->set_var('TRANSPORT_HELP', "");
$user_templates->set_var('transport', $B['transport']);
$user_templates->set_var('OCCUPATION', "");
$user_templates->set_var('OCCUPATION_HELP', "");
$user_templates->set_var('occupation', $B['occupation']);
$user_templates->set_var('MONTHLY_INCOME', "");
$user_templates->set_var('MONTHLY_INCOME_HELP', "");
$user_templates->set_var('monthly_income', $B['monthly_income']);
$user_templates->set_var('JOB_STUD', "");
$user_templates->set_var('JOB_STUD_HELP', "");
$user_templates->set_var('job_stud', $B['job_stud']);
$user_templates->set_var('EDUCATION', "");
$user_templates->set_var('EDUCATION_HELP', "");
$user_templates->set_var('education', $B['education']);
$user_templates->set_var('INTEREST', "");
$user_templates->set_var('INTEREST_HELP', "");
$user_templates->set_var('interest', $B['interest']);
$user_templates->set_var('LEISURE', "");
$user_templates->set_var('LEISURE_HELP', "");
$user_templates->set_var('leisure', $B['leisure']);
$user_templates->set_var('SMOKER', "");
$user_templates->set_var('SMOKER_HELP', "");
$user_templates->set_var('smoker', $B['smoker']);
$user_templates->set_var('CC_USAGE', "");
$user_templates->set_var('CC_USAGE_HELP', "");
$user_templates->set_var('cc_usage', $B['cc_usage']);
$user_templates->set_var('IF_CC_USAGE', "");
$user_templates->set_var('IF_CC_USAGE_HELP', "");
$user_templates->set_var('if_cc_usage', $B['if_cc_usage']);
$user_templates->set_var('KNOW_FRIEND', "");
$user_templates->set_var('KNOW_FRIEND_HELP', "");
$user_templates->set_var('know_friend', $B['know_friend']);
$user_templates->set_var('user_id', $user);
$user_templates->set_var('postmode', $postmode);
$user_templates->set_var('submitbutton', $submitbutton);
$user_templates->set_var('endblock', COM_endBlock());
if (!empty($A['photo']) AND $_CONF['allow_user_photo'] == 1) {
$user_templates->set_var('user_photo','<img src="' . $_CONF['site_url'] . '/images/userphotos/' . $A['photo'] . '" alt="">');
} else {
$user_templates->set_var('user_photo','');
}
$user_templates->parse('output', 'memberdetail');
$retval .= $user_templates->finish($user_templates->get_var('output'));
return $retval;
}
and this msg show in access.log when users try update their profile
--
(121@219.94.88.57) - An attempt was made to illegally change the account information of user 121.
(121@219.94.88.57) - An attempt was made to illegally change the account information of user 121.
(2@219.94.88.57) - An attempt was made to illegally change the account information of user 2.
(2@219.94.88.57) - An attempt was made to illegally change the account information of user 2.
and when users submited the form, its failed to insert into dbase using saveuser()
--
Text Formatted Code
function custom_usersave($uid) {
global $_CONF, $_TABLES, $HTTP_POST_VARS;
// Note you will need to ensure all data is prepared correctly before inserts - as quotes may need to be escaped with addslashes()
$fullname =addslashes($HTTP_POST_VARS['fullname']);
$nickname =addslashes($HTTP_POST_VARS['nickname']);
$birth =addslashes($HTTP_POST_VARS['birth_day'] . $HTTP_POST_VARS['birth_month'] . $HTTP_POST_VARS['birth_year']);
$address =addslashes($HTTP_POST_VARS['address']);
$postcode =addslashes($HTTP_POST_VARS['postcode']);
$email =addslashes($HTTP_POST_VARS['email']);
$country =addslashes($HTTP_POST_VARS['country']);
$gender =addslashes($HTTP_POST_VARS['gender']);
$race =addslashes($HTTP_POST_VARS['race']);
$language =addslashes($HTTP_POST_VARS['language']);
$status =addslashes($HTTP_POST_VARS['status']);
$mobile_maker =addslashes($HTTP_POST_VARS['mobile_maker']);
$house =addslashes($HTTP_POST_VARS['house']);
$transport =addslashes($HTTP_POST_VARS['transport']);
$occupation =addslashes($HTTP_POST_VARS['occupation']);
$monthly_income =addslashes($HTTP_POST_VARS['monthly_income']);
$job_stud =addslashes($HTTP_POST_VARS['job_stud']);
$education =addslashes($HTTP_POST_VARS['education']);
$interest =addslashes($HTTP_POST_VARS['interest']);
$leisure =addslashes($HTTP_POST_VARS['leisure']);
$smoker =addslashes($HTTP_POST_VARS['smoker']);
$cc_usage =addslashes($HTTP_POST_VARS['cc_usage']);
$if_cc_usage =addslashes($HTTP_POST_VARS['if_cc_usage']);
$know_friend =addslashes($HTTP_POST_VARS['know_friend']);
$result = DB_query("SELECT * FROM {$_TABLES['custom_memberinfo']} WHERE uid = $uid");
$nrows = DB_numRows($result);
if ($nrows == 0) { // no such user
DB_query("INSERT INTO {$_TABLES['custom_memberinfo']} ("
." uid,fullname,nickname,birth,address,postcode,country,"
."gender,race,language,status,mobile_maker,house,transport,"
."occupation,monthly_income,job_stud,education,interest,leisure,"
."smoker,cc_usage,if_cc_usage,know_friend,last_update"
.") VALUES ("
."$uid,'$fullname','$nickname','$birth','$address','$postcode',"
."'$country','$gender','$race','$language','$status','$mobile_maker',"
."'$house','$transport','$occupation','$monthly_income','$job_stud',"
."'$education','$interest','$leisure','$smoker','$cc_usage','$if_cc_usage','$know_friend',"
."NOW() )");
} else {
DB_query("UPDATE {$_TABLES['custom_memberinfo']} SET "
."fullname='$fullname',"
."nickname='$nickname',"
."birth='$birth',"
."address='$address',"
."postcode='$postcode',"
."country='$country',"
."gender='$gender',"
."race='$race',"
."language='$language',"
."status='$status',"
."mobile_maker='$mobile_maker',"
."house='$house',"
."transport='$transport',"
."occupation='$occupation',"
."monthly_income='$monthly_income',"
."job_stud='$job_stud',"
."education='$education',"
."interest='$interest',"
."leisure='$leisure',"
."smoker='$smoker',"
."cc_usage='$cc_usage',"
."if_cc_usage='$if_cc_usage',"
."know_friend='$know_friend',"
."last_update=NOW() "
."WHERE uid=$uid");
}
DB_query("UPDATE {$_TABLES['users']} SET "
// not used ."fullname='{$HTTP_POST_VARS['firstname']} {$HTTP_POST_VARS['lastname']}' "
."email='{$HTTP_POST_VARS['email']}',"
."homepage='{$HTTP_POST_VARS['homepage']}' "
."WHERE uid=$uid");
return true;
}
Text Formatted Code
in userform()
--
/* Main Form used for Custom membership to add/edit and display custom user form */
function custom_userform($mode,$uid="",$msg="") {
global $_CONF, $_TABLES, $LANG04;
if (!empty($msg)) {
$retval .= COM_startBlock($LANG04[21]) . $msg . COM_endBlock();
}
if ($mode == "edit") {
$post_url = $_CONF['site_url']."/usersettings.php";
$postmode = "saveuser";
$submitbutton = "<input type='submit' value='{$LANG04[9]}'>";
$passwd_input = '<tr bgcolor="#FFFFFF">' . LB
. '<td align="right"><b>' .$LANG04[4]. '</b></td>' . LB
. '<td> </td>' . LB
. '<td><input type="password" name="passwd" size="25" maxlength="32" value=""></td>' . LB
. '<td> </td>' . LB
. '</tr>' . LB;
$result = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid=$uid");
$A = DB_fetchArray($result);
$result = DB_query("SELECT * FROM {$_TABLES['custom_memberinfo']} WHERE uid=$uid");
$B = DB_fetchArray($result);
$message = "<br><font size=3><br></font><font size=2 color=black><b>{$LANG04[1]} {$A['username']}</b></font>";
} elseif ($mode == "moderate" ) {
$submitbutton = '<input type="button" value="Back" onclick="javascript:history.go(-1)">';
$result = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid=$uid");
$A = DB_fetchArray($result);
$result = DB_query("SELECT * FROM {$_TABLES['custom_memberinfo']} WHERE uid=$uid");
$B = DB_fetchArray($result);
} else {
$post_url = $_CONF['site_url']."/users.php";
$postmode = "create";
$submitbutton = "<font color=red>$LANG04[24]</font><br><input type='submit' value='{$LANG04[27]}'>";
$passwd_input = "";
$message = "<br><font size=2 color=black>$LANG04[23]</font>";
$A=array();
$B=array();
}
$user_templates = new Template ($_CONF['path'] . 'system');
$user_templates->set_file('memberdetail', 'memberdetail.thtml');
$user_templates->set_var('layout_url', $_CONF['layout_url']);
$user_templates->set_var('post_url', $post_url);
$user_templates->set_var('startblock', COM_startBlock("$LANG04[22]"));
$user_templates->set_var('message', $message);
$user_templates->set_var('USERNAME', "$LANG04[2]");
$user_templates->set_var('USERNAME_HELP', "");
$user_templates->set_var('username', $A['username']);
$user_templates->set_var('passwd_input', $passwd_input);
$user_templates->set_var('FULLNAME', "");
$user_templates->set_var('FULLNAME_HELP', "");
$user_templates->set_var('fullname', $B['fullname']);
$user_templates->set_var('NICKNAME', "");
$user_templates->set_var('NICKNAME_HELP', "Enter Your SMS Nickname");
$user_templates->set_var('nickname', $B['nickname']);
$user_templates->set_var('ADDRESS', "");
$user_templates->set_var('ADDRESS_HELP', "");
$user_templates->set_var('address', $B['address']);
$user_templates->set_var('POSTCODE', "");
$user_templates->set_var('POSTCODE_HELP', "");
$user_templates->set_var('postcode', $B['postcode']);
$user_templates->set_var('EMAIL', "");
$user_templates->set_var('EMAIL_HELP', "");
$user_templates->set_var('email', $A['email']);
$user_templates->set_var('GENDER', "");
$user_templates->set_var('GENDER_HELP', "");
$user_templates->set_var('gender', $B['gender']);
$user_templates->set_var('RACE', "");
$user_templates->set_var('RACE_HELP', "");
$user_templates->set_var('race', $B['race']);
$user_templates->set_var('LANGUAGE', "");
$user_templates->set_var('LANGUAGE_HELP', "Choose Your Prefered Language");
$user_templates->set_var('language', $B['language']);
$user_templates->set_var('STATUS', "");
$user_templates->set_var('STATUS_HELP', "");
$user_templates->set_var('status', $B['status']);
$user_templates->set_var('MOBILE_MAKER', "");
$user_templates->set_var('MOBILE_MAKER_HELP', "");
$user_templates->set_var('mobile_maker', $B['mobile_maker']);
$user_templates->set_var('HOUSE', "");
$user_templates->set_var('HOUSE_HELP', "");
$user_templates->set_var('house', $B['house']);
$user_templates->set_var('TRANSPORT', "");
$user_templates->set_var('TRANSPORT_HELP', "");
$user_templates->set_var('transport', $B['transport']);
$user_templates->set_var('OCCUPATION', "");
$user_templates->set_var('OCCUPATION_HELP', "");
$user_templates->set_var('occupation', $B['occupation']);
$user_templates->set_var('MONTHLY_INCOME', "");
$user_templates->set_var('MONTHLY_INCOME_HELP', "");
$user_templates->set_var('monthly_income', $B['monthly_income']);
$user_templates->set_var('JOB_STUD', "");
$user_templates->set_var('JOB_STUD_HELP', "");
$user_templates->set_var('job_stud', $B['job_stud']);
$user_templates->set_var('EDUCATION', "");
$user_templates->set_var('EDUCATION_HELP', "");
$user_templates->set_var('education', $B['education']);
$user_templates->set_var('INTEREST', "");
$user_templates->set_var('INTEREST_HELP', "");
$user_templates->set_var('interest', $B['interest']);
$user_templates->set_var('LEISURE', "");
$user_templates->set_var('LEISURE_HELP', "");
$user_templates->set_var('leisure', $B['leisure']);
$user_templates->set_var('SMOKER', "");
$user_templates->set_var('SMOKER_HELP', "");
$user_templates->set_var('smoker', $B['smoker']);
$user_templates->set_var('CC_USAGE', "");
$user_templates->set_var('CC_USAGE_HELP', "");
$user_templates->set_var('cc_usage', $B['cc_usage']);
$user_templates->set_var('IF_CC_USAGE', "");
$user_templates->set_var('IF_CC_USAGE_HELP', "");
$user_templates->set_var('if_cc_usage', $B['if_cc_usage']);
$user_templates->set_var('KNOW_FRIEND', "");
$user_templates->set_var('KNOW_FRIEND_HELP', "");
$user_templates->set_var('know_friend', $B['know_friend']);
$user_templates->set_var('user_id', $user);
$user_templates->set_var('postmode', $postmode);
$user_templates->set_var('submitbutton', $submitbutton);
$user_templates->set_var('endblock', COM_endBlock());
if (!empty($A['photo']) AND $_CONF['allow_user_photo'] == 1) {
$user_templates->set_var('user_photo','<img src="' . $_CONF['site_url'] . '/images/userphotos/' . $A['photo'] . '" alt="">');
} else {
$user_templates->set_var('user_photo','');
}
$user_templates->parse('output', 'memberdetail');
$retval .= $user_templates->finish($user_templates->get_var('output'));
return $retval;
}
and this msg show in access.log when users try update their profile
--
Text Formatted Code
(121@219.94.88.57) - An attempt was made to illegally change the account information of user 121.
(121@219.94.88.57) - An attempt was made to illegally change the account information of user 121.
(2@219.94.88.57) - An attempt was made to illegally change the account information of user 2.
(2@219.94.88.57) - An attempt was made to illegally change the account information of user 2.
14
15
Quote
All times are EST. The time is now 07:33 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content