Codezwiz >> Forums >> General PHP Nuke Help >> Userinfo profile problems, incorrect information display

Official Server Time: May 16, 2024, 5:19 am EDT

Quick Links

Forum Tools

Userinfo profile problems, incorrect information display

<< View previous topic

View next topic >>

Share:

Del.icio.us

Digg

Google

Spurl

Blink

Furl

Y! MyWeb

#1. Fri Nov 19, 2004 10:36 am Userinfo profile problems, incorrect information display

Cirque
CZ Newbie

CZ Newbie

19 Year Member

Gender: Male

Status: Offline
Joined: Sep 03, 2004
0.00 posts per day
Posts: 18
Points: 2,150

When viewing other user profiles through "your account" "userinfo" function as admin, I see incorrect user info displayed for points, and subscriptions. It appears to be showing MY Points and perhaps even MY subscription info. If I display my own while logged in as admin, I see two sets of subscription time left.

Using nuke 7.4 and Chatserve 2.6 patched Modules\Your_Account\index.php and the only thing I edited was adding the case to redirect user edits to forum profile instead, which shouldnt really matter. [ Register or login to view links on this board. ] if you need the url.

Does anyone have an idea what causes this problem, how exactly to fix it or have a version of Your_Account\index.php that is more constinent in its coding? This seems kinda sloppy where it displays the "userinfo" stuff. I am wondering, is it some variable that I might have in a block thats carrying over where it shouldn't? If so, what would I look for?

function userinfo($username, $bypass=0, $hid=0, $url=0) {
global $articlecomm, $user, $cookie, $sitename, $prefix, $user_prefix, $db, $admin, $broadcast_msg, $my_headlines, $module_name, $subscription_url;
$username = substr("$username", 0,25);
$sql = "SELECT * FROM ".$prefix."_bbconfig";
$result = $db->sql_query($sql);
while ( $row = $db->sql_fetchrow($result) )
{
$board_config[$row['config_name']] = $row['config_value'];
}
$sql2 = "SELECT * FROM ".$user_prefix."_users WHERE username='$username'";
$result2 = $db->sql_query($sql2);
$num = $db->sql_numrows($result2);
$userinfo = $db->sql_fetchrow($result2);
if(!$bypass) cookiedecode($user);
include("header.php");
OpenTable();
echo "<center>";
if((strtolower($username) == strtolower($cookie[1])) AND ($userinfo[user_password] == $cookie[2])) {
echo "<font class=\"option\">$username, "._WELCOMETO." $sitename!</font><br><br>";
echo "<font class=\"content\">"._THISISYOURPAGE."</font></center><br><br>";
nav(1);
echo "<br><br>";
} else {
echo "<font class=\"title\">"._PERSONALINFO.": $username</font></center><br><br>";
}
if ($userinfo[user_website]) {
if (!eregi("http://", $userinfo[user_website])) {
   $userinfo[user_website] = "http://$userinfo[user_website]";
}
}
if ($userinfo[user_avatar_type] == 1) {
$userinfo[user_avatar] = $board_config['avatar_path']."/".$userinfo[user_avatar];
} elseif ($userinfo[user_avatar_type] == 2) {
$userinfo[user_avatar] = $userinfo[user_avatar];
} else {
$userinfo[user_avatar] = $board_config[avatar_gallery_path]."/".$userinfo[user_avatar];
}
if(($num == 1) && ($userinfo[user_website] || $userinfo[femail] || $userinfo[bio] || $userinfo[user_avatar] || $userinfo[user_icq] || $userinfo[user_aim] || $userinfo[user_yim] || $userinfo[user_msnm] || $userinfo[user_location] || $userinfo[user_occ] || $userinfo[user_interests] || $userinfo[user_sig])) {
echo "<center><font class=\"content\">";
echo "<img src=\"$userinfo[user_avatar]\"><br><br>\n";
if ($userinfo[user_website] != "http://" AND $userinfo[user_website] != "") { echo ""._MYHOMEPAGE." <a href=\"$userinfo[user_website]\" target=\"new\">$userinfo[user_website]</a><br>\n"; }
if ($userinfo[femail]) { echo ""._MYEMAIL." <a href=\"mailto:$userinfo[femail]\">$userinfo[femail]</a><br>\n"; }
if ($userinfo[user_icq]) echo ""._ICQ.": $userinfo[user_icq]<br>\n";
if ($userinfo[user_aim]) echo ""._AIM.": $userinfo[user_aim]<br>\n";
if ($userinfo[user_yim]) echo ""._YIM.": $userinfo[user_yim]<br>\n";
if ($userinfo[user_msnm]) echo ""._MSNM.": $userinfo[user_msnm]<br>\n";
if ($userinfo[user_from]) echo ""._LOCATION.": $userinfo[user_from]<br>\n";
if ($userinfo[user_occ]) echo ""._OCCUPATION.": $userinfo[user_occ]<br>\n";
if ($userinfo[user_interests]) echo ""._INTERESTS.": $userinfo[user_interests]<br>\n";
$userinfo[user_sig] = nl2br($userinfo[user_sig]);
if ($userinfo[user_sig]) echo "<br><b>"._SIGNATURE.":</b><br>$userinfo[user_sig]<br>\n";
if ($userinfo[bio]) { echo "<br><b>"._EXTRAINFO.":</b><br>$userinfo[bio]<br>\n"; }
$sql2 = "SELECT uname FROM ".$prefix."_session WHERE uname='$username'";
$result2 = $db->sql_query($sql2);
$row2 = $db->sql_fetchrow($result2);
$username_pm = $username;
$username_online = $row2[uname];
if ($username_online == "") {
   $online = _OFFLINE;
} else {
   $online = _ONLINE;
}
echo ""._USERSTATUS.": <b>$online</b><br>\n";
if (($userinfo[newsletter] == 1) AND ($username == $cookie[1]) AND ($userinfo[user_password] == $cookie[2]) OR (is_admin($admin) AND ($userinfo[newsletter] == 1))) {
   echo "<i>"._SUBSCRIBED."</i><br>";
} elseif (($userinfo[newsletter] == 0) AND ($username == $cookie[1]) AND ($userinfo[user_password] == $cookie[2]) OR (is_admin($admin) AND ($userinfo[newsletter] == 0))) {
   echo "<i>"._NOTSUBSCRIBED."</i><br>";
}
if (is_user($user) AND $cookie[1] == "$username" OR is_admin($admin)) {
   $numpoints = $db->sql_fetchrow($db->sql_query("SELECT points FROM ".$user_prefix."_users WHERE username='$cookie[1]'"));
   $n_points = intval($numpoints['points']);
   echo ""._YOUHAVEPOINTS." <b>$n_points</b><br>";
   if (paid()) {
      $row = $db->sql_fetchrow($db->sql_query("SELECT * FROM ".$prefix."_subscriptions WHERE userid='$cookie[0]'"));
      if ($subscription_url != "") {
         $content = "<br><center>"._YOUARE." <a href='$subscription_url'>"._SUBSCRIBER."</a> "._OF." $sitename<br>";
      } else {
         $content = "<br><center>"._YOUARE." "._SUBSCRIBER." "._OF." $sitename<br>";
      }
      $diff = $row[subscription_expire]-time();
      $yearDiff = floor($diff/60/60/24/365);
      $diff -= $yearDiff*60*60*24*365;
      if ($yearDiff < 1) {
         $diff = $row[subscription_expire]-time();
      }
      $daysDiff = floor($diff/60/60/24);
      $diff -= $daysDiff*60*60*24;
      $hrsDiff = floor($diff/60/60);
      $diff -= $hrsDiff*60*60;
      $minsDiff = floor($diff/60);
      $diff -= $minsDiff*60;
      $secsDiff = $diff;
      if ($yearDiff < 1) {
         $rest = "$daysDiff "._SBDAYS.", $hrsDiff "._SBHOURS.", $minsDiff "._SBMINUTES.", $secsDiff "._SBSECONDS."";
      } elseif ($yearDiff == 1) {
         $rest = "$yearDiff "._SBYEAR.", $daysDiff "._SBDAYS.", $hrsDiff "._SBHOURS.", $minsDiff "._SBMINUTES.", $secsDiff "._SBSECONDS."";
      } elseif ($yearDiff > 1) {
         $rest = "$yearDiff "._SBYEARS.", $daysDiff "._SBDAYS.", $hrsDiff "._SBHOURS.", $minsDiff "._SBMINUTES.", $secsDiff "._SBSECONDS."";
      }
      $content .= "<b>"._SUBEXPIREIN."<br><font color='#FF0000'>$rest</font></b></center>";
   } else {
      if ($subscription_url != "") {
         $content .= "<br><center>"._NOTSUB." $sitename. "._SUBFROM." <a href='$subscription_url'>"._HERE."</a> "._NOW."";
      } else {
         $content .= "<br><center>"._NOTSUB." $sitename.";
      }
   }
   echo "$content<br><br>";
   if (is_admin($admin)) {
      $subnum = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_subscriptions WHERE userid='$userinfo[user_id]'"));
      if ($subnum != 0) {
         echo "<center><b>"._ADMSUB."</b></center><br>";
         $row = $db->sql_fetchrow($db->sql_query("SELECT * FROM ".$prefix."_subscriptions WHERE userid='$userinfo[user_id]'"));
         $diff = $row[subscription_expire]-time();
         $yearDiff = floor($diff/60/60/24/365);
         $diff -= $yearDiff*60*60*24*365;
         if ($yearDiff < 1) {
            $diff = $row[subscription_expire]-time();
         }
         $daysDiff = floor($diff/60/60/24);
         $diff -= $daysDiff*60*60*24;
         $hrsDiff = floor($diff/60/60);
         $diff -= $hrsDiff*60*60;
         $minsDiff = floor($diff/60);
         $diff -= $minsDiff*60;
         $secsDiff = $diff;
         if ($yearDiff < 1) {
            $rest = "$daysDiff "._SBDAYS.", $hrsDiff "._SBHOURS.", $minsDiff "._SBMINUTES.", $secsDiff "._SBSECONDS."";
         } elseif ($yearDiff == 1) {
            $rest = "$yearDiff "._SBYEAR.", $daysDiff "._SBDAYS.", $hrsDiff "._SBHOURS.", $minsDiff "._SBMINUTES.", $secsDiff "._SBSECONDS."";
         } elseif ($yearDiff > 1) {
            $rest = "$yearDiff "._SBYEARS.", $daysDiff "._SBDAYS.", $hrsDiff "._SBHOURS.", $minsDiff "._SBMINUTES.", $secsDiff "._SBSECONDS."";
         }
         $content = "<b>"._ADMSUBEXPIREIN."<br><font color='#FF0000'>$rest</font></b></center><br><br>";
         echo "$content";
      } else {
         echo "<center><b>"._ADMNOTSUB."</b></center><br><br>";
      }
   }
}
if (is_active("Journal") AND $cookie[1] != $username) {
   $sql3 = "SELECT jid FROM ".$prefix."_journal WHERE aid='$username' AND status='yes' ORDER BY pdate,jid DESC LIMIT 0,1";
   $result3 = $db->sql_query($sql3);
   $row3 = $db->sql_fetchrow($result3);
   $jid = intval($row3[jid]);
   if ($jid != "" AND isset($jid)) {
   echo "[ <a href=\"modules.php?name=Journal&file=search&bywhat=aid&forwhat=$username\">"._READMYJOURNAL."</a> ]<br>";
   }
}
if (is_admin($admin)) {
   echo "<br>";
OpenTable2();
if ($userinfo[last_ip] != 0) {
echo "<center>"._LASTIP." <b>$userinfo[last_ip]</b><br><br>";
   echo "[ <a href='admin.php?op=ipban&ip=$userinfo[last_ip]'>"._BANTHIS."</a> | <a href=\"admin.php?op=modifyUser&chng_uid=$userinfo[user_id]\">"._EDITUSER."</a> ]</center>";
} else {
   echo "<center>[ <a href=\"admin.php?op=modifyUser&chng_uid=$userinfo[user_id]\">"._EDITUSER."</a> ]</center>";
   }
CloseTable2();
}
if (((is_user($user) AND $cookie[1] != $username) OR is_admin($admin)) AND is_active("Private_Messages")) { echo "<br>[ <a href=\"modules.php?name=Private_Messages&mode=post&u=$userinfo[user_id]\">"._USENDPRIVATEMSG." $username_pm</a> ]<br>\n"; }
echo "</center></font>";
} else {
echo "<center>"._NOINFOFOR." $username</center>";
}
CloseTable();
if ($my_headlines == 1 AND ($username == $cookie[1]) AND ($userinfo[user_password] == $cookie[2])) {
echo "<br>";
OpenTable();
echo "<center><b>"._MYHEADLINES."</b><br><br>"
.""._SELECTASITE."<br><br>"
."<form action=\"modules.php?name=$module_name\" method=\"post\">"
."<input type=\"hidden\" name=\"op\" value=\"userinfo\">"
."<input type=\"hidden\" name=\"username\" value=\"$username\">"
."<input type=\"hidden\" name=\"bypass\" value=\"$bypass\">"
."<input type=\"hidden\" name=\"url\" value=\"0\">"
."<select name=\"hid\" onChange='submit()'>\n"
."<option value=\"0\">"._SELECTASITE2."</option>";
$sql4 = "SELECT hid, sitename FROM ".$prefix."_headlines ORDER BY sitename";
$headl = $db->sql_query($sql4);
while($row4 = $db->sql_fetchrow($headl)) {
$nhid = intval($row4[hid]);
$hsitename = $row4[sitename];
if ($hid == $nhid ) {
   $sel = "selected";
} else {
   $sel = "";
}
echo "<option value=\"$nhid\" $sel>$hsitename</option>\n";
}
echo "</select></form>"
.""._ORTYPEURL."<br><br>"
."<form action=\"modules.php?name=$module_name\" method=\"post\">"
."<input type=\"hidden\" name=\"op\" value=\"userinfo\">"
."<input type=\"hidden\" name=\"username\" value=\"$username\">"
."<input type=\"hidden\" name=\"bypass\" value=\"$bypass\">"
."<input type=\"hidden\" name=\"hid\" value=\"0\">"
."<input type=\"text\" name=\"url\" size=\"40\" maxlength=\"200\" value=\"http://\"> ;; ;;"
."<input type=\"submit\" value=\""._GO."\"></form>"
."</center><br>";
if ($hid != 0 OR ($hid == 0 AND $url != "0" AND $url != "http://") AND $url != "") {
if ($hid != 0) {
   $sql5 = "SELECT sitename, headlinesurl FROM ".$prefix."_headlines WHERE hid='$hid'";
   $result5 = $db->sql_query($sql5);
   $row5 = $db->sql_fetchrow($result5);
   $nsitename = $row5[sitename];
   $url = $row5[headlinesurl];
   $title = stripslashes(check_html($nsitename, "nohtml"));
   $siteurl = eregi_replace("http://", "", $url);
   $siteurl = explode("/", $siteurl);
} else {
   if (!ereg("http://", $url)) {
   $url = "http://$url";
   }
   $siteurl = eregi_replace("http://", "", $url);
   $siteurl = explode("/", $siteurl);
   $title = "http://$siteurl[0]";
}
$rdf = parse_url($url);
$fp = fsockopen($rdf['host'], 80, $errno, $errstr, 15);
if (!$fp) {
   $content = "<center><font class=\"content\">"._RSSPROBLEM."</font></center>";
}
if ($fp) {
   fputs($fp, "GET " . $rdf['path'] . "?" . $rdf['query'] . " HTTP/1.0\r\n");
   fputs($fp, "HOST: " . $rdf['host'] . "\r\n\r\n");
   $string = "";
   while(!feof($fp)) {
   $pagetext = fgets($fp,300);
   $string .= chop($pagetext);
   }
   fputs($fp,"Connection: close\r\n\r\n");
   fclose($fp);
   $items = explode("</item>",$string);
   $content = "<font class=\"content\">";
   for ($i=0;$i<10;$i++) {
   $link = ereg_replace(".*<link>","",$items[$i]);
   $link = ereg_replace("</link>.*","",$link);
   $title2 = ereg_replace(".*<title>","",$items[$i]);
   $title2 = ereg_replace("</title>.*","",$title2);
   if ($items[$i] == "" AND $cont != 1) {
      $content = "<center>"._RSSPROBLEM."</center>";
   } else {
      if (strcmp($link,$title2) AND $items[$i] != "") {
      $cont = 1;
      $content .= "<img src=\"images/arrow.gif\" border=\"0\" hspace=\"5\"><a href=\"$link\" target=\"new\">$title2</a><br>\n";
      }
   }
   }
}
if ($content != "") {
   OpenTable2();
   echo "<center><b>"._HEADLINESFROM." <a href=\"http://$siteurl[0]\" target=\"new\">$title</a></b></center><br>";
   echo "$content";
   CloseTable2();
} elseif (($cont == 0) OR ($content == "")) {
   OpenTable2();
   echo "<center>"._RSSPROBLEM."</center><br>";
   CloseTable2();
}
echo "<br>";
}
CloseTable();
}
if ($broadcast_msg == 1 AND ($username == $cookie[1]) AND ($userinfo[user_password] == $cookie[2])) {
echo "<br>";
OpenTable();
echo "<center><b>"._BROADCAST."</b><br><br>"._BROADCASTTEXT."<br><br>"
   ."<form action=\"modules.php?name=$module_name\" method=\"post\">"
   ."<input type=\"hidden\" name=\"who\" value=\"$username\">"
   ."<input type=\"hidden\" name=\"op\" value=\"broadcast\">"
   ."<input type=\"text\" size=\"60\" maxlength=\"255\" name=\"the_message\"> ;; ;;<input type=\"submit\" value=\""._SEND."\">"
   ."</form></center>";
CloseTable();
}
if (is_active("Private_Messages") AND ($username == $cookie[1]) AND ($userinfo[user_password] == $cookie[2])) {
echo "<br>";
OpenTable();
echo "<center><b>"._PRIVATEMESSAGES."</b><br><br>";
$numrow = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_bbprivmsgs WHERE privmsgs_to_userid='$userinfo[user_id]' AND (privmsgs_type='1' OR privmsgs_type='5' OR privmsgs_type='0')"));
if (is_active("Members_List")) {
   $mem_list = "<a href=\"modules.php?name=Members_List\">"._BROWSEUSERS."</a>";
} else {
   $mem_list = "";
}
if (is_active("Search")) {
   $mod_search = "<a href=\"modules.php?name=Search&type=users\">"._SEARCHUSERS."</a>";
} else {
   $mod_search = "";
}
if ($mem_list != "" AND $mod_search != "") { $a = " | "; } else { $a = ""; }
if ($mem_list != "" OR $mod_search != "") {
   $links = "[ $mem_list $a $mod_search ]";
} elseif ($mem_list == "" AND $mod_search == "") {
   $links = "";
}
echo ""._YOUHAVE." <a href=\"modules.php?name=Private_Messages\"><b>$numrow</b></a> "._PRIVATEMSG."<br><br>"
   ."<form action=\"modules.php?name=Private_Messages\" method=\"post\">"
   .""._USENDPRIVATEMSG.": <input type=\"text\" name=\"pm_username\" size=\"20\"> ;; ;;$links"
   ."<input type=\"hidden\" name=\"send\" value=\"1\">"
   ."</form></center>";
CloseTable();
}
if ($articlecomm == 1) {
echo "<br>";
OpenTable();
echo "<b>"._LAST10COMMENTS." $userinfo[username]:</b><br>";
$sql6 = "SELECT tid, sid, subject FROM ".$prefix."_comments WHERE name='$userinfo[username]' ORDER BY tid DESC LIMIT 0,10";
$result6 = $db->sql_query($sql6);
while($row6 = $db->sql_fetchrow($result6)) {
$tid = intval($row6[tid]);
$sid = intval($row6[sid]);
$subject = stripslashes(check_html($row6[subject], "nohtml"));
   echo "<li><a href=\"modules.php?name=News&file=article&thold=-1&mode=flat&order=0&sid=$sid#$tid\">$subject</a><br>";
}
CloseTable();
}
echo "<br>";
OpenTable();
echo "<b>"._LAST10SUBMISSIONS." $userinfo[username]:</b><br>";
$sql7 = "SELECT sid, title FROM ".$prefix."_stories WHERE informant='$userinfo[username]' ORDER BY sid DESC LIMIT 0,10";
$result7 = $db->sql_query($sql7);
while($row7 = $db->sql_fetchrow($result7)) {
$sid = intval($row7[sid]);
$title = stripslashes(check_html($row7['title'], "nohtml"));
echo "<li><a href=\"modules.php?name=News&file=article&sid=$sid\">$title</a><br>";
}
CloseTable();
include("footer.php");
}

_________________
[ Register or login to view links on this board.]

Add To:

Del.icio.us

Digg

Google

Spurl

Blink

Furl

Y! MyWeb

<< View previous topic

View next topic >>

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

∧