Support Forums - All Posts - XOOPS Web Application System

11

The XOOPS way to avoid SQL injections from forms?

2007/1/2 0:21
BadAngler
Just popping in
Posts: 36
Since: 2006/11/28

Hi,

I've been writing a series of input forms for a XOOPS site. My work is mostly done with the exception of disinfecting browser input. I usually write perl code where you drop control characters (most often allowing only a specific list of characters), any markup, escape quotes, etc before any database insertion. I'm trying to figure out the safest way to do this for php and thought there might be a generic XOOPS function to do so. If there isn't does anyone have a function with the correct mix of strip_tags, stripslashes and magic_quotes_gpc? Extra credit for a solution no matter what the server setting for magic quotes...it'd be great if we don't have to deal with that at every hosting site.

TIA, BA

12

Simple XoopsFormDateTime question

2006/12/26 4:23
BadAngler
Just popping in
Posts: 36
Since: 2006/11/28

Hi,

I'm building a form with the elements from the form library. One of the fields in my form is the popup js date. I create an entry with

$form->addElement(new XoopsFormDateTime('Date of Trip', 'Date', $size=15,$value=0,'YYYY-MM-DD'));

When I receive the 'post'ed contents back I try to parse out the date with

$RV0 = '';
$RV0 = isset($HTTP_POST_VARS['Date']) ? trim($HTTP_POST_VARS['Date']) : $RV0;
$RV0 = $RV0['Date'] ;

Unfortunately no matter what I do I cannot pull the data into a field. Addtionally when using this field is there a method of suppressing the time field supplied next to the calendar?

TIA. BA

13

Re: SmartProfile

2006/12/16 17:54
BadAngler
Just popping in
Posts: 36
Since: 2006/11/28

Hi Vaughn,

It appears my problem is in the smartobject module which I have problems installing and uninstalling. The key to getting admin back was

rm adminmenu.php
and then
UPDATE `xoops_modules` SET `isactive` = '0' WHERE `dirname` = 'smartobject' LIMIT 1;

Uninstall smartobject. The error appears again and you do the remove and the same sql update once more and it's uninstalled. I tested the menus and jumped around to be sure all was ok. I then went back to reinstall smartobject again and immediately after clicking install this module I get this


Parse error: syntax error, unexpected T_STRING in /w3/xoops/cache/adminmenu.php on line 750

All errors (10) queries (60) blocks (0) extra (1) timers (3)

Errors

Notice: Constant _CO_SOBJECT_WARNING_BETA already defined in file /modules/smartobject/language/english/common.php line 151

Notice: Constant _CO_SOBJECT_WARNING_FINAL already defined in file /modules/smartobject/language/english/common.php line 152

Notice: Constant _CO_SOBJECT_WARNING_RC already defined in file /modules/smartobject/language/english/common.php line 153

Notice: Use of undefined constant _MI_REG_CODES_MENU_MAIN_USERMANAGER_DESC - assumed '_MI_REG_CODES_MENU_MAIN_USERMANAGER_DESC' in file /modules/reg_codes/admin/menu.php line 37

Notice: Constant _MI_formulize_NOTIFY_FORM already defined in file /modules/formulize/language/english/modinfo.php line 16

Notice: Constant _MI_VERSION already defined in file /modules/formulize/language/english/modinfo.php line 63

Notice: Use of undefined constant _MI_formulize_NOTIFY_FORM_DESC - assumed '_MI_formulize_NOTIFY_FORM_DESC' in file /modules/formulize/xoops_version.php line 164

Notice: Use of undefined constant desc - assumed 'desc' in file /modules/myguestbook/xoops_version.php line 92

Notice: Use of undefined constant desc - assumed 'desc' in file /modules/myguestbook/xoops_version.php line 115

Notice: Constant _MI_SMEDIA_MD_DESC already defined in file /modules/smartmedia/language/english/modinfo.php line 17

I'm using this smartobject version XOOPS2_mod_smartobject_0.9_beta_smartfactory.zip with an md5 of 403eb7ae7bce5793200ec7485ae26f88. If I can assist with more analysis let me know. For the moment I'll put to the side. Thanks everyone who assisted here. BA

14

Re: SmartProfile

2006/12/16 1:38
BadAngler
Just popping in
Posts: 36
Since: 2006/11/28

Hey Monty,

Xoops 2.0.16
Php 5.1.6
mysql 4.1.5 gamma.

Sorry for the second post. This post was to solve smartprofile install. The second was to work around to get my admin page back. I understand the duplicate effort issues.

Thanks, BA

15

Help. Locked out of admin page

2006/12/15 19:55
BadAngler
Just popping in
Posts: 36
Since: 2006/11/28

Howdy All,

I installed SmartProfile and then SmartObject to add new registration fields for my members. I've an error described in this thread
https://xoops.org/modules/newbb/viewtopic.php?topic_id=55746&forum=28

Whenever I access the admin page I get this error message:
Parse error: syntax error, unexpected T_STRING in /xoops/cache/adminmenu.php on line 768

Line 768 of this file looks like this.


<div style='margin-top: 5px; font-size: smaller; text-align: right;'><a href='#' onmouseover='shutdown();'>[Close]</a></div></td></tr><tr><th style='font-size: smaller; text-align: left;'><img src='".XOOPS_URL."/modules/smartmedia/images/smartmedia_logo.png' alt='' /><br /><b>"._VERSION.":</b> 0.85<br /><b>"._DESCRIPTION.":</b> "Framework providing functionnalities to SmartModules"</th></tr></table></div>

Since this is in the cache diretory can I delete this file? I tried moving the modules/smartobject and modules/smartprofile out of the XOOPS tree but I get the same object. To get here I had a working site, installed smartprofile module and then smartobject when I realized I needed it for smartprofile. At smartobject install I got my error message.

Thanks for any help, BA

16

Re: SmartProfile

2006/12/15 16:08
BadAngler
Just popping in
Posts: 36
Since: 2006/11/28

Mith,

From debug I see it's looking for smartobject which I missed in the install. I download smartobject and click under modules to install smartobject and get


Parse error: syntax error, unexpected T_STRING in /xoops/cache/adminmenu.php on line 768



All errors (0) queries (3) blocks (0) extra (0) timers (3) 

Errors 

Queries 

SELECT * FROM xoops_config WHERE (conf_modid = '0' AND conf_catid = '1') ORDER BY conf_order ASC 

SELECT sess_data FROM xoops_session WHERE sess_id = '63582ca4312ce9191985e01c6a45ddf1' 

SELECT * FROM xoops_users WHERE uid=1 

Total: 3 queries

To find line 768


grep -n ^ /xoops/cache/adminmenu.php | grep 768



768:<div style='margin-top: 5px; font-size: smaller; text-align: right;'><a href='#' onmouseover='shutdown();'>[Close]</a></div></td></tr><tr><th style='font-size: smaller; text-align: left;'><img src='".XOOPS_URL."/modules/smartmedia/images/smartmedia_logo.png' alt='' /><br /><b>"._VERSION.":</b> 0.85<br /><b>"._DESCRIPTION.":</b> "Framework providing functionnalities to SmartModules"</th></tr></table></div>

Do I need a specific order to install smartfactory modules? I've a number installed.
smartclient
smartfaq
smartmedia
smartobject
smartpartner
smartprofile
smartsection

Thanks, BA

17

Re: SmartProfile

2006/12/15 14:22
BadAngler
Just popping in
Posts: 36
Since: 2006/11/28

Hi Mith,

That's the problem. The module appears to be installed but when I click on any of the options nothing happens. When you click on preferences it does take you to the general XOOPS preferences page. But all the other options (including access to reg_codes ) clears the screen and redraws the screen. All modules are listed down the left hand column. But there is nothing else shown. Looking thru the apache logs I see each module is called. But nothing is displayed in the center column.

Thanks for assist, BA

18

SmartProfile

2006/12/15 3:59
BadAngler
Just popping in
Posts: 36
Since: 2006/11/28

Hi,

I've installed SmartProfile to expand my user registration fields. I noted it's supported in 2.0.16.
The module installs fine with no errors and shows up in my list of active modules. But I cannot access the module. When I click on SmartProfile on the modules page I get the normal list of modules down the left hand side of the page but nothing else. Is there some secret to accessing this module?

tia, BA

19

Re: SmartFaq

2006/12/5 23:09
BadAngler
Just popping in
Posts: 36
Since: 2006/11/28

I had the same problem an hour ago. I found the newest release works great. Try thishttp://smartfactory.ca/uploads/smartfaq_1.08_beta_3.zip

20

Re: Content module permissions?

2006/12/5 20:19
BadAngler
Just popping in
Posts: 36
Since: 2006/11/28

Hi,

I am using the 'Content' module. The readme.txt file mentions the history of this module (the Content module is based on XT Conteudo which is based on tiny content). There is not much other information provided. But a lot of people in the forums seem to like this module.

I have a handful of Content pages defined. The first one (id=1) is to be shown to members when they first login. This is working. I have a custom block defined which I show to anonymous users. The problem is the Content page shows up for Anonymous users underneath the Anonymous user block. I want anonymous users to be denied access to this Content module page. They should only see the block for anonymous users. All works except I cannot figure out how to remove access to content for anonymous users.

Additionally when I want to change to another page so that logged in users first see Content page id=10 how would you do that? Basically I'm looking for docs on how to use this module.

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

The XOOPS way to avoid SQL injections from forms?

Simple XoopsFormDateTime question

Re: SmartProfile

Re: SmartProfile

Help. Locked out of admin page

Re: SmartProfile

Re: SmartProfile

SmartProfile

Re: SmartFaq

Re: Content module permissions?

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}