Welcome to Geeklog, Anonymous Wednesday, August 17 2022 @ 07:09 am EDT

Geeklog Forums

custom memberinfo


Status: offline

junaidy

Forum User
Newbie
Registered: 10/01/03
Posts: 4
working
i got this msg in logs/access.log
--
An attempt was made to illegally change the account information of user 4
--

i cant find the string error in usersettings.php,lib-custom.php
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Look again ...
Text Formatted Code
COM_accessLog ("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
 
(line 648 in usersettings.php).

bye, Dirk
 Quote

Status: offline

junaidy

Forum User
Newbie
Registered: 10/01/03
Posts: 4
still got that msg when try to chang my custom profile..
need help with this
thanks
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by junaidy: need help with this

Then please provide more information. What exactly, for example, do you mean by "custom memberinfo"? Do you have any plugins installed?

bye, Dirk
 Quote

Status: offline

junaidy

Forum User
Newbie
Registered: 10/01/03
Posts: 4
no plugins installed.. only want to add more field for custom memberinfo..
and when users submited the form, its failed to insert into dbase using saveuser()
--
Text Formatted Code

function custom_usersave($uid) {
    global $_CONF, $_TABLES, $HTTP_POST_VARS;

// Note you will need to ensure all data is prepared correctly before inserts - as quotes may need to be escaped with addslashes()

    $fullname =addslashes($HTTP_POST_VARS['fullname']);
    $nickname =addslashes($HTTP_POST_VARS['nickname']);
    $birth =addslashes($HTTP_POST_VARS['birth_day'] . $HTTP_POST_VARS['birth_month'] . $HTTP_POST_VARS['birth_year']);
    $address =addslashes($HTTP_POST_VARS['address']);
    $postcode =addslashes($HTTP_POST_VARS['postcode']);
    $email =addslashes($HTTP_POST_VARS['email']);
    $country =addslashes($HTTP_POST_VARS['country']);
    $gender =addslashes($HTTP_POST_VARS['gender']);
    $race =addslashes($HTTP_POST_VARS['race']);
    $language =addslashes($HTTP_POST_VARS['language']);
    $status =addslashes($HTTP_POST_VARS['status']);
    $mobile_maker =addslashes($HTTP_POST_VARS['mobile_maker']);
    $house =addslashes($HTTP_POST_VARS['house']);
    $transport =addslashes($HTTP_POST_VARS['transport']);
    $occupation =addslashes($HTTP_POST_VARS['occupation']);
    $monthly_income =addslashes($HTTP_POST_VARS['monthly_income']);
    $job_stud =addslashes($HTTP_POST_VARS['job_stud']);
    $education =addslashes($HTTP_POST_VARS['education']);
    $interest =addslashes($HTTP_POST_VARS['interest']);
    $leisure =addslashes($HTTP_POST_VARS['leisure']);
    $smoker =addslashes($HTTP_POST_VARS['smoker']);
    $cc_usage =addslashes($HTTP_POST_VARS['cc_usage']);
    $if_cc_usage =addslashes($HTTP_POST_VARS['if_cc_usage']);
    $know_friend =addslashes($HTTP_POST_VARS['know_friend']);

    $result = DB_query("SELECT * FROM {$_TABLES['custom_memberinfo']} WHERE uid = $uid");
    $nrows = DB_numRows($result);
    if ($nrows == 0) { // no such user
       DB_query("INSERT INTO {$_TABLES['custom_memberinfo']} ("
               ." uid,fullname,nickname,birth,address,postcode,country,"
               ."gender,race,language,status,mobile_maker,house,transport,"
               ."occupation,monthly_income,job_stud,education,interest,leisure,"
               ."smoker,cc_usage,if_cc_usage,know_friend,last_update"
               .") VALUES ("
               ."$uid,'$fullname','$nickname','$birth','$address','$postcode',"
            ."'$country','$gender','$race','$language','$status','$mobile_maker',"
            ."'$house','$transport','$occupation','$monthly_income','$job_stud',"
            ."'$education','$interest','$leisure','$smoker','$cc_usage','$if_cc_usage','$know_friend',"
            ."NOW() )");
    } else {
       DB_query("UPDATE {$_TABLES['custom_memberinfo']} SET "
               ."fullname='$fullname',"
               ."nickname='$nickname',"
               ."birth='$birth',"
               ."address='$address',"
               ."postcode='$postcode',"
               ."country='$country',"
               ."gender='$gender',"
               ."race='$race',"
               ."language='$language',"
               ."status='$status',"
               ."mobile_maker='$mobile_maker',"
               ."house='$house',"
               ."transport='$transport',"
               ."occupation='$occupation',"
               ."monthly_income='$monthly_income',"
               ."job_stud='$job_stud',"
               ."education='$education',"
               ."interest='$interest',"
               ."leisure='$leisure',"
               ."smoker='$smoker',"
               ."cc_usage='$cc_usage',"
               ."if_cc_usage='$if_cc_usage',"
               ."know_friend='$know_friend',"
               ."last_update=NOW()  "
               ."WHERE uid=$uid");
    }
    DB_query("UPDATE {$_TABLES['users']} SET "
// not used ."fullname='{$HTTP_POST_VARS['firstname']} {$HTTP_POST_VARS['lastname']}' "
            ."email='{$HTTP_POST_VARS['email']}',"
            ."homepage='{$HTTP_POST_VARS['homepage']}' "
            ."WHERE uid=$uid");
    return true;

}

 
Text Formatted Code

in userform()
--
/* Main Form used for Custom membership to add/edit and display custom user form */
function custom_userform($mode,$uid="",$msg="") {
    global $_CONF, $_TABLES, $LANG04;
    if (!empty($msg)) {
       $retval .= COM_startBlock($LANG04[21]) . $msg . COM_endBlock();
    }

    if ($mode == "edit") {
        $post_url = $_CONF['site_url']."/usersettings.php";
        $postmode = "saveuser";
        $submitbutton = "<input type='submit' value='{$LANG04[9]}'>";
        $passwd_input = '<tr bgcolor="#FFFFFF">' . LB
                      . '<td align="right"><b>' .$LANG04[4]. '</b></td>' . LB
                      . '<td> </td>' . LB
                      . '<td><input type="password" name="passwd" size="25" maxlength="32" value=""></td>' . LB
                      . '<td> </td>' . LB
                      . '</tr>' . LB;
        $result = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid=$uid");
        $A = DB_fetchArray($result);
        $result = DB_query("SELECT * FROM {$_TABLES['custom_memberinfo']} WHERE uid=$uid");
        $B = DB_fetchArray($result);
        $message = "<br><font size=3><br></font><font size=2 color=black><b>{$LANG04[1]} {$A['username']}</b></font>";

    } elseif ($mode == "moderate" ) {
             $submitbutton = '<input type="button" value="Back" onclick="javascript:history.go(-1)">';
             $result = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid=$uid");
             $A = DB_fetchArray($result);
             $result = DB_query("SELECT * FROM {$_TABLES['custom_memberinfo']} WHERE uid=$uid");
             $B = DB_fetchArray($result);
   
    } else {
        $post_url = $_CONF['site_url']."/users.php";
        $postmode = "create";
        $submitbutton = "<font color=red>$LANG04[24]</font><br><input type='submit' value='{$LANG04[27]}'>";
        $passwd_input = "";
        $message = "<br><font size=2 color=black>$LANG04[23]</font>";
        $A=array();
        $B=array();
    }

    $user_templates = new Template ($_CONF['path'] . 'system');
    $user_templates->set_file('memberdetail', 'memberdetail.thtml');
    $user_templates->set_var('layout_url', $_CONF['layout_url']);
    $user_templates->set_var('post_url', $post_url);
    $user_templates->set_var('startblock', COM_startBlock("$LANG04[22]"));
    $user_templates->set_var('message', $message);
    $user_templates->set_var('USERNAME', "$LANG04[2]");
    $user_templates->set_var('USERNAME_HELP', "");
    $user_templates->set_var('username', $A['username']);
    $user_templates->set_var('passwd_input', $passwd_input);
    $user_templates->set_var('FULLNAME', "");
    $user_templates->set_var('FULLNAME_HELP', "");
    $user_templates->set_var('fullname', $B['fullname']);
    $user_templates->set_var('NICKNAME', "");
    $user_templates->set_var('NICKNAME_HELP', "Enter Your SMS Nickname");
    $user_templates->set_var('nickname', $B['nickname']);
    $user_templates->set_var('ADDRESS', "");
    $user_templates->set_var('ADDRESS_HELP', "");
    $user_templates->set_var('address', $B['address']);
    $user_templates->set_var('POSTCODE', "");
    $user_templates->set_var('POSTCODE_HELP', "");
    $user_templates->set_var('postcode', $B['postcode']);
    $user_templates->set_var('EMAIL', "");
    $user_templates->set_var('EMAIL_HELP', "");
    $user_templates->set_var('email', $A['email']);
    $user_templates->set_var('GENDER', "");
    $user_templates->set_var('GENDER_HELP', "");
    $user_templates->set_var('gender', $B['gender']);
    $user_templates->set_var('RACE', "");
    $user_templates->set_var('RACE_HELP', "");
    $user_templates->set_var('race', $B['race']);
    $user_templates->set_var('LANGUAGE', "");
    $user_templates->set_var('LANGUAGE_HELP', "Choose Your Prefered Language");
    $user_templates->set_var('language', $B['language']);
    $user_templates->set_var('STATUS', "");
    $user_templates->set_var('STATUS_HELP', "");
    $user_templates->set_var('status', $B['status']);
    $user_templates->set_var('MOBILE_MAKER', "");
    $user_templates->set_var('MOBILE_MAKER_HELP', "");
    $user_templates->set_var('mobile_maker', $B['mobile_maker']);
    $user_templates->set_var('HOUSE', "");
    $user_templates->set_var('HOUSE_HELP', "");
    $user_templates->set_var('house', $B['house']);
    $user_templates->set_var('TRANSPORT', "");
    $user_templates->set_var('TRANSPORT_HELP', "");
    $user_templates->set_var('transport', $B['transport']);
    $user_templates->set_var('OCCUPATION', "");
    $user_templates->set_var('OCCUPATION_HELP', "");
    $user_templates->set_var('occupation', $B['occupation']);
    $user_templates->set_var('MONTHLY_INCOME', "");
    $user_templates->set_var('MONTHLY_INCOME_HELP', "");
    $user_templates->set_var('monthly_income', $B['monthly_income']);
    $user_templates->set_var('JOB_STUD', "");
    $user_templates->set_var('JOB_STUD_HELP', "");
    $user_templates->set_var('job_stud', $B['job_stud']);
    $user_templates->set_var('EDUCATION', "");
    $user_templates->set_var('EDUCATION_HELP', "");
    $user_templates->set_var('education', $B['education']);
    $user_templates->set_var('INTEREST', "");
    $user_templates->set_var('INTEREST_HELP', "");
    $user_templates->set_var('interest', $B['interest']);
    $user_templates->set_var('LEISURE', "");
    $user_templates->set_var('LEISURE_HELP', "");
    $user_templates->set_var('leisure', $B['leisure']);
    $user_templates->set_var('SMOKER', "");
    $user_templates->set_var('SMOKER_HELP', "");
    $user_templates->set_var('smoker', $B['smoker']);
    $user_templates->set_var('CC_USAGE', "");
    $user_templates->set_var('CC_USAGE_HELP', "");
    $user_templates->set_var('cc_usage', $B['cc_usage']);
    $user_templates->set_var('IF_CC_USAGE', "");
    $user_templates->set_var('IF_CC_USAGE_HELP', "");
    $user_templates->set_var('if_cc_usage', $B['if_cc_usage']);
    $user_templates->set_var('KNOW_FRIEND', "");
    $user_templates->set_var('KNOW_FRIEND_HELP', "");
    $user_templates->set_var('know_friend', $B['know_friend']);
    $user_templates->set_var('user_id', $user);
    $user_templates->set_var('postmode', $postmode);
    $user_templates->set_var('submitbutton', $submitbutton);
    $user_templates->set_var('endblock', COM_endBlock());
    if (!empty($A['photo']) AND $_CONF['allow_user_photo'] == 1) {
        $user_templates->set_var('user_photo','<img src="' . $_CONF['site_url'] . '/images/userphotos/' . $A['photo'] . '" alt="">');
    } else {
        $user_templates->set_var('user_photo','');
    }
    $user_templates->parse('output', 'memberdetail');
    $retval .= $user_templates->finish($user_templates->get_var('output'));

    return $retval;
}

 

and this msg show in access.log when users try update their profile
--
Text Formatted Code

(121@219.94.88.57) - An attempt was made to illegally change the account information of user 121.
(121@219.94.88.57) - An attempt was made to illegally change the account information of user 121.
(2@219.94.88.57) - An attempt was made to illegally change the account information of user 2.
(2@219.94.88.57) - An attempt was made to illegally change the account information of user 2.

 
 Quote

All times are EDT. The time is now 07:09 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content