Regarding ranks...

Discussion forum for MOD Writers regarding MOD Development.
Locked
User avatar
ivobg92
Registered User
Posts: 21
Joined: Wed Mar 19, 2008 9:29 am

Regarding ranks...

Post by ivobg92 » Sun Mar 01, 2009 9:10 am

Hi,

I made a script which my site's users can use to change their forum rank to custom of their choice (they're able to type own rank text and upload own image) at the cost of very small amount of money.

The problem is that when the rank is changed, it isn't visible in the forum, but everything seems alright - image is uploaded to the right folder, user_rank field updated in the phpbb_users table with the rank_id from the newest entry at phpbb_ranks table.

I'm posting a lite version of the script I made:

Code: Select all

<?
//mysql connection already made
$new_rank_text = htmlspecialchars(trim(iconv("windows-1251", "utf-8", $_POST['new_rank_text'])));
$user_id = $user->data['user_id'];

//then I upload the image file to forum/images/ranks/

$rank_image="new_rank.gif";
mysql_query("INSERT INTO phpbb_ranks 
(rank_title, rank_min, rank_special, rank_image) VALUES('$new_rank_text', '0', '1', '$rank_image')") 
or die(mysql_error());

$result = mysql_query("SELECT rank_id FROM phpbb_ranks ORDER BY rank_id DESC LIMIT 1") or die(mysql_error());
$row = mysql_fetch_array( $result );
$new_rank_id = $row['rank_id'];

$result = mysql_query("UPDATE phpbb_users SET user_rank='$new_rank_id' WHERE user_id='$user_id'") 
or die(mysql_error());
?>
In the forum it isn't visible like I said above, but when I try this script it shows up correctly:

Code: Select all

$user_rank = $user->data['user_rank'];
$result = mysql_query("SELECT rank_title, rank_image FROM phpbb_ranks WHERE rank_id='$user_rank'") or die(mysql_error());
$row = mysql_fetch_array( $result );
echo iconv("utf-8", "windows-1251", $row['rank_title']).'<br />'; if(!empty($row['rank_image'])){echo '<img src="http://cs-bg.info/forum/images/ranks/'.$row['rank_image'].'" alt="rank image" />';
Can someone help me solve this?

Thanks in advance.
Last edited by ric323 on Sun Mar 01, 2009 9:31 pm, edited 1 time in total.
Reason: Topic icon changed

User avatar
ric323
Former Team Member
Posts: 22909
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: Regarding ranks...

Post by ric323 » Sun Mar 01, 2009 9:22 am

-- moved from General Support to "MOD Writers Discussion".
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions

User avatar
Nelsaidi
Registered User
Posts: 525
Joined: Mon Feb 11, 2008 1:59 pm
Location: London, UK
Contact:

Re: Regarding ranks...

Post by Nelsaidi » Sun Mar 01, 2009 10:15 am

Escape '$new_rank_text' before putting it in the DB, since your using mysql, use $new_rank_text=mysql_real_escape_string($new_rank_text); . Also make sure users can ONLY upload a gif or png or jpg file for security purposes.

As for why its not working, you are missing a few ; at the end of the lines, although because of the or it might not be that., forget the part about the die(myssql_error()), there is no need in that tbh, unless you know theres an error, only use it for debugging.
Image
Click here to find out what eRepublik is.

User avatar
ivobg92
Registered User
Posts: 21
Joined: Wed Mar 19, 2008 9:29 am

Re: Regarding ranks...

Post by ivobg92 » Sun Mar 01, 2009 11:05 am

I've added mysql_real_escape_string and it's still the same.

And I already have file type restrictions for the uploaded images.

I didn't understood what you said about ; ?

User avatar
Nelsaidi
Registered User
Posts: 525
Joined: Mon Feb 11, 2008 1:59 pm
Location: London, UK
Contact:

Re: Regarding ranks...

Post by Nelsaidi » Sun Mar 01, 2009 11:11 am

escapeing a string wont make a difference, all it means is someone cant perform an sql injection.

Remove the 'or die(mysql_error())' part and try it.
Image
Click here to find out what eRepublik is.

User avatar
Brf
Support Team Member
Support Team Member
Posts: 51890
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: Regarding ranks...

Post by Brf » Sun Mar 01, 2009 2:17 pm

The ranks table is cached.
After adding a new rank you would have to clear the ranks cache.
The standard phpBB ranks routine uses:

Code: Select all

$cache->destroy('_ranks');

User avatar
ivobg92
Registered User
Posts: 21
Joined: Wed Mar 19, 2008 9:29 am

Re: Regarding ranks...

Post by ivobg92 » Sun Mar 01, 2009 6:03 pm

Brf wrote:The ranks table is cached.
After adding a new rank you would have to clear the ranks cache.
The standard phpBB ranks routine uses:

Code: Select all

$cache->destroy('_ranks');
Thank you very much, it worked! :)

User avatar
ivobg92
Registered User
Posts: 21
Joined: Wed Mar 19, 2008 9:29 am

Re: Regarding ranks...

Post by ivobg92 » Fri Apr 02, 2010 4:47 pm

Now that I upgraded to the latest phpBB version, the code to clean the rank's cache - $cache->destroy('_ranks');, doesn't work anymore.

It gives the following error when called:
Fatal error: Call to a member function destroy() on a non-object
How should I clear the cache now?

User avatar
Brf
Support Team Member
Support Team Member
Posts: 51890
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: Regarding ranks...

Post by Brf » Fri Apr 02, 2010 10:17 pm

That means you are probably not globalizing the $cache object correctly.

User avatar
ivobg92
Registered User
Posts: 21
Joined: Wed Mar 19, 2008 9:29 am

Re: Regarding ranks...

Post by ivobg92 » Sat Apr 03, 2010 8:22 am

Brf wrote:That means you are probably not globalizing the $cache object correctly.
Sorry, my fault. I was using the $cache var in one of my own scripts, which is included on every page and was causing the problem.

User avatar
imkingdavid
Former Team Member
Posts: 2667
Joined: Sun Jul 26, 2009 7:59 pm
Location: EST
Name: David King

Re: Regarding ranks...

Post by imkingdavid » Sat Apr 03, 2010 3:56 pm

BTW, on a slightly related note, $db->sql_escape() should be used instead of mysql_real_escape_string(). When in the phpBB code always try and use phpBB functions instead of the default php ones, since the phpBB ones are made to work better and more efficiently. :)
Don't forget to smile today. :)
Please do NOT contact for support via PM or email.
Remember, the enemy's gate is down.

User avatar
Nelsaidi
Registered User
Posts: 525
Joined: Mon Feb 11, 2008 1:59 pm
Location: London, UK
Contact:

Re: Regarding ranks...

Post by Nelsaidi » Sat Apr 03, 2010 4:42 pm

imkingdavid wrote:BTW, on a slightly related note, $db->sql_escape() should be used instead of mysql_real_escape_string(). When in the phpBB code always try and use phpBB functions instead of the default php ones, since the phpBB ones are made to work better and more efficiently. :)
Actually the only difference is the appropiate sql escape call is made for the conected driver, for example if its mysql then the db::sql_escape() method will call mysql_real_escape_string() - this is an advantage in terms that multi driver support exists, and for phpBB mods this is required, however private modifications the use of mysql_real_escape_string() is fine and will not cause any security issues nor performance issues.
Image
Click here to find out what eRepublik is.

Locked

Return to “[3.0.x] MOD Writers Discussion”