Thread: Need Help Thingy
View Single Post
  #10  
Old 12-22-2014, 05:01 PM
IntoRain's Avatar
IntoRain IntoRain is offline
Moderator
  
Join Date: Jul 2013
Location: Portugal
Posts: 461
Gender: Female
Credits: 22,479
IntoRain is on a distinguished road
Default
Quote:
Originally Posted by Kyttias View Post
As for the friending yourself thing... perhaps we can make a check so that if you are the user that the page belongs to, to not display the trade, message, or friend options. In class_userprofile.php, near the bottom of the page near the bottom of the contactinfo function, you can surround stuff with

PHP Code:
 if (!$mysidia->user == $mysidia->input->get("user")){ ... } 
which reads 'if not the user whose page this is, you can display this' implying that that if you are the user whose page this is, the stuff inside it will therefore not display.
Just a tip relating to this: Hiding the options/links from the users isn't enough to avoid having users visiting those links. Specially with frameworks like mysidia that are public, so people might have some knowledge about which links work. Even if you hide the profile stuff, they still can friend themselves by going through /friends/request/their_id

To really prevent it, in friends.php, request() function, do the following:

PHP Code:
    public function request(){
        $mysidia Registry::get("mysidia");
        if(!$mysidia->input->get("id")) throw new InvalidIDException("friend_id");
        $friend = new Friend(new Member($mysidia->input->get("id")), $this->friendlist);
        
    //addthis
    $input $mysidia->input->get("id");    
    if($input instanceof String$input $input->getValue();
    $user_id is_numeric($input) ? $mysidia->user->uid $mysidia->user->username;

    if($user_id == $input)
        throw new InvalidIDException("<br>Invalid Action! You can't add yourself to your friendlist.");
        
        if(!$friend->isfriend){      
            if($friend->sendrequest()) $this->setField("friend", new String($friend->username));
            else throw new DuplicateIDException("<br>Invalid Action! This is a duplicate friend request between you and {$friend->username}.");
        }
        else throw new InvalidIDException("<br>Invalid Action! The user {$friend->username} is already on your friendlist.");
    } 
That way, accessing the link directly will throw an error if you try to add yourself to your friendslist.

And to hide it, try:

PHP Code:
$member = new Member($mysidia->input->get("user"));

if($mysidia->user->uid != $member->uid){
//put what you want to show here
__________________


asp.net stole my soul.
Last edited by IntoRain; 12-22-2014 at 05:27 PM.
Reply With Quote