Topic: silly modifications
I made 2 silly modifications to userlist.php.
1 - Removed guest access to user list.
2 - In user list, added a column called last visit for moderators and admins
Re: silly modifications
Another silly modification, basically allows to exclude forum id's from search.
For example, Insted of using search.php?action=show_24h, which retrives posts from all forums, I added an exclude param, which excludes specified forum id's from search. eg. search.php?action=show_24h&exclude=8,10,15
Changed files: footer.php and search.php
Demo: http://jobs.gotoguide.org/index.php - try 'show recent posts' and 'show unasnwered posts'
in case anyone think this can be useful, download http://www.gotoguide.org/jobs.zip
in footer.php file, line 47, modify $exclude_forum_ids ="8,10,15"; change '8,10,15' with your forum ids.
6 2005-04-22 18:00 (edited by Smartys 2005-04-22 18:00)
Re: silly modifications
Erm, I think that has an SQL inject in it 
Edit: I'm talking about the exclusion
Re: silly modifications
Smartys wrote:
Erm, I think that has an SQL inject in it
Sorry, I dint follow you. Did you receive any err msgs.
If you are talking abt the SQL change, I jst added a NOT IN ($exclude_forum_ids). it can be reversed by making it IN for include.
Re: silly modifications
Smartys is saying that your code is insecure and can be used to compromise your server by a hacker.
You should "scrub" the exclude= parameter to make sure that it doesn't contain any harmful SQL code.
$exclude = -1;
if (isset($_GET['exclude'])) {
$excludes = explode(',', trim($_GET['exclude']));
$excludes = array_map('intval', $excludes);
if (!empty($excludes))
$exclude=implode(',', $excludes);
}9 2005-04-23 14:15 (edited by druvans 2005-04-24 15:43)
Re: silly modifications
Thanks - Miles and Smartys.
I modified the code.
thanks again Miles.