Userinfo profile problems, incorrect information display

  Post new topicReply to topicPrintable Version
<< View previous topic View next topic >>
Share: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
#1   Userinfo profile problems, incorrect information display
Cirque
CZ Newbie
Cirque has been a member for over 20 year's 20 Year Member
usa.gif newyork.gif
Gender: Male
Status: Offline
Joined: Sep 03, 2004
0.00 posts per day
Posts: 18
Points: 2,150
   
When viewing other user profiles through "your account" "userinfo" function as admin, I see incorrect user info displayed for points, and subscriptions. It appears to be showing MY Points and perhaps even MY subscription info. If I display my own while logged in as admin, I see two sets of subscription time left.

Using nuke 7.4 and Chatserve 2.6 patched Modules\Your_Account\index.php and the only thing I edited was adding the case to redirect user edits to forum profile instead, which shouldnt really matter. [ Register or login to view links on this board. ] if you need the url.

Does anyone have an idea what causes this problem, how exactly to fix it or have a version of Your_Account\index.php that is more constinent in its coding? This seems kinda sloppy where it displays the "userinfo" stuff. I am wondering, is it some variable that I might have in a block thats carrying over where it shouldn't? If so, what would I look for?


function userinfo($username, $bypass=0, $hid=0, $url=0) {
    global $articlecomm, $user, $cookie, $sitename, $prefix, $user_prefix, $db, $admin, $broadcast_msg, $my_headlines, $module_name, $subscription_url;
    $username = substr("$username", 0,25);
    $sql = "SELECT * FROM ".$prefix."_bbconfig";
    $result = $db->sql_query($sql);
    while ( $row = $db->sql_fetchrow($result) )
    {
    $board_config[$row['config_name']] = $row['config_value'];
    }
    $sql2 = "SELECT * FROM ".$user_prefix."_users WHERE username='$username'";
    $result2 = $db->sql_query($sql2);
    $num = $db->sql_numrows($result2);
    $userinfo = $db->sql_fetchrow($result2);
    if(!$bypass) cookiedecode($user);
    include("header.php");
    OpenTable();
    echo "<center>";
    if((strtolower($username) == strtolower($cookie[1])) AND ($userinfo[user_password] == $cookie[2])) {
   echo "<font class=\"option\">$username, "._WELCOMETO." $sitename!</font><br><br>";
   echo "<font class=\"content\">"._THISISYOURPAGE."</font></center><br><br>";
   nav(1);
   echo "<br><br>";
    } else {
   echo "<font class=\"title\">"._PERSONALINFO.": $username</font></center><br><br>";
    }
    if ($userinfo[user_website]) {
   if (!eregi("http://", $userinfo[user_website])) {
       $userinfo[user_website] = "http://$userinfo[user_website]";
   }
    }
    if ($userinfo[user_avatar_type] == 1) {
       $userinfo[user_avatar] = $board_config['avatar_path']."/".$userinfo[user_avatar];
       } elseif ($userinfo[user_avatar_type] == 2) {
       $userinfo[user_avatar] = $userinfo[user_avatar];
       } else {
       $userinfo[user_avatar] = $board_config[avatar_gallery_path]."/".$userinfo[user_avatar];
       }
    if(($num == 1) && ($userinfo[user_website] || $userinfo[femail] || $userinfo[bio] || $userinfo[user_avatar] || $userinfo[user_icq] || $userinfo[user_aim] || $userinfo[user_yim] || $userinfo[user_msnm] || $userinfo[user_location] || $userinfo[user_occ] || $userinfo[user_interests] || $userinfo[user_sig])) {
   echo "<center><font class=\"content\">";
   echo "<img src=\"$userinfo[user_avatar]\"><br><br>\n";
   if ($userinfo[user_website] != "http://" AND $userinfo[user_website] != "") { echo ""._MYHOMEPAGE." <a href=\"$userinfo[user_website]\" target=\"new\">$userinfo[user_website]</a><br>\n"; }
   if ($userinfo[femail]) { echo ""._MYEMAIL." <a href=\"mailto:$userinfo[femail]\">$userinfo[femail]</a><br>\n"; }
   if ($userinfo[user_icq]) echo ""._ICQ.": $userinfo[user_icq]<br>\n";
   if ($userinfo[user_aim]) echo ""._AIM.": $userinfo[user_aim]<br>\n";
   if ($userinfo[user_yim]) echo ""._YIM.": $userinfo[user_yim]<br>\n";
   if ($userinfo[user_msnm]) echo ""._MSNM.": $userinfo[user_msnm]<br>\n";
   if ($userinfo[user_from]) echo ""._LOCATION.": $userinfo[user_from]<br>\n";
   if ($userinfo[user_occ]) echo ""._OCCUPATION.": $userinfo[user_occ]<br>\n";
   if ($userinfo[user_interests]) echo ""._INTERESTS.": $userinfo[user_interests]<br>\n";
   $userinfo[user_sig] = nl2br($userinfo[user_sig]);
   if ($userinfo[user_sig]) echo "<br><b>"._SIGNATURE.":</b><br>$userinfo[user_sig]<br>\n";
   if ($userinfo[bio]) { echo "<br><b>"._EXTRAINFO.":</b><br>$userinfo[bio]<br>\n"; }
   $sql2 = "SELECT uname FROM ".$prefix."_session WHERE uname='$username'";
   $result2 = $db->sql_query($sql2);
   $row2 = $db->sql_fetchrow($result2);
   $username_pm = $username;
   $username_online = $row2[uname];
   if ($username_online == "") {
       $online = _OFFLINE;
   } else {
       $online = _ONLINE;
   }
   echo ""._USERSTATUS.": <b>$online</b><br>\n";
   if (($userinfo[newsletter] == 1) AND ($username == $cookie[1]) AND ($userinfo[user_password] == $cookie[2]) OR (is_admin($admin) AND ($userinfo[newsletter] == 1))) {
       echo "<i>"._SUBSCRIBED."</i><br>";
   } elseif (($userinfo[newsletter] == 0) AND ($username == $cookie[1]) AND ($userinfo[user_password] == $cookie[2]) OR (is_admin($admin) AND ($userinfo[newsletter] == 0))) {
       echo "<i>"._NOTSUBSCRIBED."</i><br>";
   }
   if (is_user($user) AND $cookie[1] == "$username" OR is_admin($admin)) {
       $numpoints = $db->sql_fetchrow($db->sql_query("SELECT points FROM ".$user_prefix."_users WHERE username='$cookie[1]'"));
       $n_points = intval($numpoints['points']);
       echo ""._YOUHAVEPOINTS." <b>$n_points</b><br>";
      if (paid()) {
         $row = $db->sql_fetchrow($db->sql_query("SELECT * FROM ".$prefix."_subscriptions WHERE userid='$cookie[0]'"));
         if ($subscription_url != "") {
            $content = "<br><center>"._YOUARE." <a href='$subscription_url'>"._SUBSCRIBER."</a> "._OF." $sitename<br>";
         } else {
            $content = "<br><center>"._YOUARE." "._SUBSCRIBER." "._OF." $sitename<br>";
         }
         $diff = $row[subscription_expire]-time();
         $yearDiff = floor($diff/60/60/24/365);
         $diff -= $yearDiff*60*60*24*365;
         if ($yearDiff < 1) {
            $diff = $row[subscription_expire]-time();
         }
         $daysDiff = floor($diff/60/60/24);
         $diff -= $daysDiff*60*60*24;
         $hrsDiff = floor($diff/60/60);
         $diff -= $hrsDiff*60*60;
         $minsDiff = floor($diff/60);
         $diff -= $minsDiff*60;
         $secsDiff = $diff;
         if ($yearDiff < 1) {
            $rest = "$daysDiff "._SBDAYS.", $hrsDiff "._SBHOURS.", $minsDiff "._SBMINUTES.", $secsDiff "._SBSECONDS."";
         } elseif ($yearDiff == 1) {
            $rest = "$yearDiff "._SBYEAR.", $daysDiff "._SBDAYS.", $hrsDiff "._SBHOURS.", $minsDiff "._SBMINUTES.", $secsDiff "._SBSECONDS."";
         } elseif ($yearDiff > 1) {
            $rest = "$yearDiff "._SBYEARS.", $daysDiff "._SBDAYS.", $hrsDiff "._SBHOURS.", $minsDiff "._SBMINUTES.", $secsDiff "._SBSECONDS."";
         }
         $content .= "<b>"._SUBEXPIREIN."<br><font color='#FF0000'>$rest</font></b></center>";
      } else {
         if ($subscription_url != "") {
            $content .= "<br><center>"._NOTSUB." $sitename. "._SUBFROM." <a href='$subscription_url'>"._HERE."</a> "._NOW."";
         } else {
            $content .= "<br><center>"._NOTSUB." $sitename.";
         }
      }
      echo "$content<br><br>";
      if (is_admin($admin)) {
         $subnum = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_subscriptions WHERE userid='$userinfo[user_id]'"));
         if ($subnum != 0) {
            echo "<center><b>"._ADMSUB."</b></center><br>";
            $row = $db->sql_fetchrow($db->sql_query("SELECT * FROM ".$prefix."_subscriptions WHERE userid='$userinfo[user_id]'"));
            $diff = $row[subscription_expire]-time();
            $yearDiff = floor($diff/60/60/24/365);
            $diff -= $yearDiff*60*60*24*365;
            if ($yearDiff < 1) {
               $diff = $row[subscription_expire]-time();
            }
            $daysDiff = floor($diff/60/60/24);
            $diff -= $daysDiff*60*60*24;
            $hrsDiff = floor($diff/60/60);
            $diff -= $hrsDiff*60*60;
            $minsDiff = floor($diff/60);
            $diff -= $minsDiff*60;
            $secsDiff = $diff;
            if ($yearDiff < 1) {
               $rest = "$daysDiff "._SBDAYS.", $hrsDiff "._SBHOURS.", $minsDiff "._SBMINUTES.", $secsDiff "._SBSECONDS."";
            } elseif ($yearDiff == 1) {
               $rest = "$yearDiff "._SBYEAR.", $daysDiff "._SBDAYS.", $hrsDiff "._SBHOURS.", $minsDiff "._SBMINUTES.", $secsDiff "._SBSECONDS."";
            } elseif ($yearDiff > 1) {
               $rest = "$yearDiff "._SBYEARS.", $daysDiff "._SBDAYS.", $hrsDiff "._SBHOURS.", $minsDiff "._SBMINUTES.", $secsDiff "._SBSECONDS."";
            }
            $content = "<b>"._ADMSUBEXPIREIN."<br><font color='#FF0000'>$rest</font></b></center><br><br>";
            echo "$content";
         } else {
            echo "<center><b>"._ADMNOTSUB."</b></center><br><br>";
         }
      }
   }
   if (is_active("Journal") AND $cookie[1] != $username) {
       $sql3 = "SELECT jid FROM ".$prefix."_journal WHERE aid='$username' AND status='yes' ORDER BY pdate,jid DESC LIMIT 0,1";
       $result3 = $db->sql_query($sql3);
       $row3 = $db->sql_fetchrow($result3);
       $jid = intval($row3[jid]);
       if ($jid != "" AND isset($jid)) {
      echo "[ <a href=\"modules.php?name=Journal&amp;file=search&amp;bywhat=aid&amp;forwhat=$username\">"._READMYJOURNAL."</a> ]<br>";
       }
   }
   if (is_admin($admin)) {
       echo "<br>";
          OpenTable2();
          if ($userinfo[last_ip] != 0) {
              echo "<center>"._LASTIP." <b>$userinfo[last_ip]</b><br><br>";
           echo "[ <a href='admin.php?op=ipban&ip=$userinfo[last_ip]'>"._BANTHIS."</a> | <a href=\"admin.php?op=modifyUser&chng_uid=$userinfo[user_id]\">"._EDITUSER."</a> ]</center>";
          } else {
           echo "<center>[ <a href=\"admin.php?op=modifyUser&chng_uid=$userinfo[user_id]\">"._EDITUSER."</a> ]</center>";
       }
          CloseTable2();
   }
   if (((is_user($user) AND $cookie[1] != $username) OR is_admin($admin)) AND is_active("Private_Messages")) { echo "<br>[ <a href=\"modules.php?name=Private_Messages&amp;mode=post&amp;u=$userinfo[user_id]\">"._USENDPRIVATEMSG." $username_pm</a> ]<br>\n"; }
   echo "</center></font>";
    } else {
   echo "<center>"._NOINFOFOR." $username</center>";
    }
    CloseTable();
    if ($my_headlines == 1 AND ($username == $cookie[1]) AND ($userinfo[user_password] == $cookie[2])) {
    echo "<br>";
    OpenTable();
    echo "<center><b>"._MYHEADLINES."</b><br><br>"
   .""._SELECTASITE."<br><br>"
   ."<form action=\"modules.php?name=$module_name\" method=\"post\">"
   ."<input type=\"hidden\" name=\"op\" value=\"userinfo\">"
   ."<input type=\"hidden\" name=\"username\" value=\"$username\">"
   ."<input type=\"hidden\" name=\"bypass\" value=\"$bypass\">"
   ."<input type=\"hidden\" name=\"url\" value=\"0\">"
   ."<select name=\"hid\" onChange='submit()'>\n"
   ."<option value=\"0\">"._SELECTASITE2."</option>";
    $sql4 = "SELECT hid, sitename FROM ".$prefix."_headlines ORDER BY sitename";
    $headl = $db->sql_query($sql4);
    while($row4 = $db->sql_fetchrow($headl)) {
   $nhid = intval($row4[hid]);
   $hsitename = $row4[sitename];
   if ($hid == $nhid ) {
       $sel = "selected";
   } else {
       $sel = "";
   }
   echo "<option value=\"$nhid\" $sel>$hsitename</option>\n";
    }
    echo "</select></form>"
   .""._ORTYPEURL."<br><br>"
   ."<form action=\"modules.php?name=$module_name\" method=\"post\">"
   ."<input type=\"hidden\" name=\"op\" value=\"userinfo\">"
   ."<input type=\"hidden\" name=\"username\" value=\"$username\">"
   ."<input type=\"hidden\" name=\"bypass\" value=\"$bypass\">"
   ."<input type=\"hidden\" name=\"hid\" value=\"0\">"
   ."<input type=\"text\" name=\"url\" size=\"40\" maxlength=\"200\" value=\"http://\"> ;; ;;"
   ."<input type=\"submit\" value=\""._GO."\"></form>"
   ."</center><br>";
    if ($hid != 0 OR ($hid == 0 AND $url != "0" AND $url != "http://") AND $url != "") {
   if ($hid != 0) {
           $sql5 = "SELECT sitename, headlinesurl FROM ".$prefix."_headlines WHERE hid='$hid'";
       $result5 = $db->sql_query($sql5);
       $row5 = $db->sql_fetchrow($result5);
       $nsitename = $row5[sitename];
       $url = $row5[headlinesurl];
       $title = stripslashes(check_html($nsitename, "nohtml"));
       $siteurl = eregi_replace("http://", "", $url);
       $siteurl = explode("/", $siteurl);
   } else {
       if (!ereg("http://", $url)) {
      $url = "http://$url";
       }
       $siteurl = eregi_replace("http://", "", $url);
       $siteurl = explode("/", $siteurl);
       $title = "http://$siteurl[0]";
   }
   $rdf = parse_url($url);
   $fp = fsockopen($rdf['host'], 80, $errno, $errstr, 15);
   if (!$fp) {
           $content = "<center><font class=\"content\">"._RSSPROBLEM."</font></center>";
   }
   if ($fp) {
           fputs($fp, "GET " . $rdf['path'] . "?" . $rdf['query'] . " HTTP/1.0\r\n");
           fputs($fp, "HOST: " . $rdf['host'] . "\r\n\r\n");
           $string   = "";
           while(!feof($fp)) {
      $pagetext = fgets($fp,300);
      $string .= chop($pagetext);
       }
       fputs($fp,"Connection: close\r\n\r\n");
       fclose($fp);
       $items = explode("</item>",$string);
       $content = "<font class=\"content\">";
       for ($i=0;$i<10;$i++) {
      $link = ereg_replace(".*<link>","",$items[$i]);
      $link = ereg_replace("</link>.*","",$link);
      $title2 = ereg_replace(".*<title>","",$items[$i]);
      $title2 = ereg_replace("</title>.*","",$title2);
      if ($items[$i] == "" AND $cont != 1) {
              $content = "<center>"._RSSPROBLEM."</center>";
      } else {
              if (strcmp($link,$title2) AND $items[$i] != "") {
             $cont = 1;
         $content .= "<img src=\"images/arrow.gif\" border=\"0\" hspace=\"5\"><a href=\"$link\" target=\"new\">$title2</a><br>\n";
          }
      }
       }
   }
   if ($content != "") {
       OpenTable2();
       echo "<center><b>"._HEADLINESFROM." <a href=\"http://$siteurl[0]\" target=\"new\">$title</a></b></center><br>";
       echo "$content";
       CloseTable2();
   } elseif (($cont == 0) OR ($content == "")) {
       OpenTable2();
       echo "<center>"._RSSPROBLEM."</center><br>";
       CloseTable2();
   }
   echo "<br>";
    }
    CloseTable();
    }
    if ($broadcast_msg == 1 AND ($username == $cookie[1]) AND ($userinfo[user_password] == $cookie[2])) {
   echo "<br>";
   OpenTable();
   echo "<center><b>"._BROADCAST."</b><br><br>"._BROADCASTTEXT."<br><br>"
       ."<form action=\"modules.php?name=$module_name\" method=\"post\">"
       ."<input type=\"hidden\" name=\"who\" value=\"$username\">"
       ."<input type=\"hidden\" name=\"op\" value=\"broadcast\">"
       ."<input type=\"text\" size=\"60\" maxlength=\"255\" name=\"the_message\"> ;; ;;<input type=\"submit\" value=\""._SEND."\">"
       ."</form></center>";
   CloseTable();
    }
    if (is_active("Private_Messages") AND ($username == $cookie[1]) AND ($userinfo[user_password] == $cookie[2])) {
   echo "<br>";
   OpenTable();
   echo "<center><b>"._PRIVATEMESSAGES."</b><br><br>";
   $numrow = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_bbprivmsgs WHERE privmsgs_to_userid='$userinfo[user_id]' AND (privmsgs_type='1' OR privmsgs_type='5' OR privmsgs_type='0')"));
   if (is_active("Members_List")) {
       $mem_list = "<a href=\"modules.php?name=Members_List\">"._BROWSEUSERS."</a>";
   } else {
       $mem_list = "";
   }
   if (is_active("Search")) {
       $mod_search = "<a href=\"modules.php?name=Search&amp;type=users\">"._SEARCHUSERS."</a>";
   } else {
       $mod_search = "";
   }
   if ($mem_list != "" AND $mod_search != "") { $a = " | "; } else { $a = ""; }
   if ($mem_list != "" OR $mod_search != "") {
       $links = "[ $mem_list $a $mod_search ]";
   } elseif ($mem_list == "" AND $mod_search == "") {
       $links = "";
   }
   echo ""._YOUHAVE." <a href=\"modules.php?name=Private_Messages\"><b>$numrow</b></a> "._PRIVATEMSG."<br><br>"
       ."<form action=\"modules.php?name=Private_Messages\" method=\"post\">"
       .""._USENDPRIVATEMSG.": <input type=\"text\" name=\"pm_username\" size=\"20\"> ;; ;;$links"
       ."<input type=\"hidden\" name=\"send\" value=\"1\">"
       ."</form></center>";
   CloseTable();
    }
    if ($articlecomm == 1) {
   echo "<br>";
   OpenTable();
   echo "<b>"._LAST10COMMENTS." $userinfo[username]:</b><br>";
   $sql6 = "SELECT tid, sid, subject FROM ".$prefix."_comments WHERE name='$userinfo[username]' ORDER BY tid DESC LIMIT 0,10";
   $result6 = $db->sql_query($sql6);
   while($row6 = $db->sql_fetchrow($result6)) {
   $tid = intval($row6[tid]);
   $sid = intval($row6[sid]);
   $subject = stripslashes(check_html($row6[subject], "nohtml"));
           echo "<li><a href=\"modules.php?name=News&file=article&thold=-1&mode=flat&order=0&sid=$sid#$tid\">$subject</a><br>";
   }
   CloseTable();
    }
    echo "<br>";
    OpenTable();
    echo "<b>"._LAST10SUBMISSIONS." $userinfo[username]:</b><br>";
    $sql7 = "SELECT sid, title FROM ".$prefix."_stories WHERE informant='$userinfo[username]' ORDER BY sid DESC LIMIT 0,10";
    $result7 = $db->sql_query($sql7);
    while($row7 = $db->sql_fetchrow($result7)) {
   $sid = intval($row7[sid]);
   $title = stripslashes(check_html($row7['title'], "nohtml"));
        echo "<li><a href=\"modules.php?name=News&file=article&sid=$sid\">$title</a><br>";
    }
    CloseTable();
    include("footer.php");
}




_________________
[ Register or login to view links on this board.]
Back to top Reply with quote
Display posts from previous:      
Add To: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
<< View previous topic View next topic >>
Post new topicReply to topic

Jump to 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum