Mysidia Adoptables Support Forum - Mysidia Adoptables v1.3.0[Security Release]

Mysidia Adoptables Support Forum (http://www.mysidiaadoptables.com/forum/index.php)

- Mysidia Adoptables Official Announcement (http://www.mysidiaadoptables.com/forum/forumdisplay.php?f=2)

- - Mysidia Adoptables v1.3.0[Security Release] (http://www.mysidiaadoptables.com/forum/showthread.php?t=3514)

I uploaded the wrong profile file to the server... ^^;

@ Iris:
I believe a solution was posted before, lemme find it out for you.

Edit: Find the following parts in your shoutbox.php:

PHP Code:


		
			
if ($comment != "") 
{
    $date = date("Y-m-d H:i:s");
    // $date = "10-23-3 21:02:35";
    $user = $loggedinname;
    if ($isloggedin!="yes")  $user = "Guest";
    $comment = formattext($comment);
    $adopts->query("INSERT INTO {$prefix}shoutbox VALUES ('', '$user', '$date', '$comment')");
    $article_content = $article_content."<p>Your comment has been posted. Click <a href='shoutbox.php'>here</a> to view it.</p>";
    
}

And replace with:

PHP Code:


		
			
if ($comment != "") 
{
    $date = date("Y-m-d H:i:s");
    // $date = "10-23-3 21:02:35";
    $user = $loggedinname;
    if ($isloggedin == "yes"){
      $comment = formattext($comment);
      $adopts->query("INSERT INTO {$prefix}shoutbox VALUES ('', '$user', '$date', '$comment')");
      $article_content .= "<p>Your comment has been posted. Click <a href='shoutbox.php'>here</a> to view it.</p>";
    }
    else $article_content .= "You need to log in before using the shoutbox!";
    
}

This should fix your problem I think.

@ Nyxi:
lol I see, now please give a try on resolving the css glitch if you have time. It's a shame I cant fix it myself, perhaps time to learn more css...

I think it's font based. I'll take a good look once my head clears...

Alright then Nyxi, take your time then. I hope it will be fixed by the time Mys v1.3.1 is released though, still plenty of time for us at this moment.

Since moving my site to a new domain, I can't log out of my forum and members can log in and it says successful but still says they need to log in... :coloness:

Edit: Stupid mistake on my part. Fixed...

Hm, HoF, didn't seem to work. I put it in exactly, and when I log out, I can still post in the shout box just fine...

umm weird, it works perfectly fine for me. What did it do to you btw? Link me to your site and Id like to take a look on my own.

Nothing, it didn't seem to alter anything at all:
My Site

Let me know if you can still see and post in the shout box.

I cannot post in the shoutbox, get this message:

Quote:

You need to log in before using the shoutbox!

So it appears the method is working.

Okay, I wonder if it still allows me to when I log out because it recognizes my IP or something...it's a little odd, but I'm very much relieved to know it is working! Thank you for all of the help, HoF <3 Haha, I give you major credits for being so patient with me! Hope all goes well from here!

Bonne Chance,
Iris

Thanks. And are you saying you can post in shoutbox after logging out? Can you show me a screenshot of how you can post as guest?

Huh...was working earlier, I wonder what changed..? At any rate, it is now working properly :)

Oh alright then, I have no idea why lots of problems you guys/gals posted got automatically resolved after a short period of time lol. Anyway good to know it works, so good luck.

Ok so I hate the new cookie thing. When we click on a new page of adopt or member list or anything it logs us out. And when I close the window and come back it logs us out too. It's irritating.

umm you sure about this? It never happened to me, nor did I hear from other members talking about it.

umm it never logs me out when I click on anything on your site, except for the logout url.

Hmmm.... well maybe it's because you don't have any pets. But when I go to view my dragons and click on the 2nd page it logs me out sometimes.

umm I see. Did you pay attention to the url change such as http://yoursite.com/file.php becomes http://www.yoursite.com/file.php?

That makes a difference? Where do I check to make sure of that?

Edit: Found it :) Will see if this makes the difference.

Yes it does make a difference. On My pokemansion site, if you are logged in using the url http://www.pokemansion.net, your cookie does not work for http://pokemansion.net(the one without www). I'd say all old Rusnak Adoptables sites have this problem, not sure for Mysidia Adoptables though.

You're sooo smart HoF :) Thank you buddy!

XD I figured this could be the only cause for a malfunctioning cookie. Did you manage to resolve this problem?

I found where it was putting in www. so I removed it... we shall see I guess.

A member is saying that forgot password is not working.

"it says my details don't match any user in the system"

I see, same old story with forgotpass.php lol. I will look into the codes and have it fixed soon. Thx for reporting.

Will be watching for the fix :)

Can you post the forgotpass.php file? I will look into it and fix it for you.

Code:

<?php



include("functions/functions.php");

include("functions/functions_users.php");

include("inc/rand.php");

include("inc/lang.php");



//***************//

//  START SCRIPT //

//***************//



if($isloggedin == "yes"){



//This is the one page where logged in users can't access the page

//If you are logged in, you know your damn password!



$article_title = "You are already logged in";

$article_content = "You are already logged in.  There is no need for you to be here.";



}

else{



$uname = $_GET["uname"];

$email = $_GET["email"];

$code = $_GET["code"];



if($uname != "" and $email != ""){



//We have submitted values, so we are going to make a new password reset request



if($code != ""){



//We've got an activation code, so let's check and see if we have a match in the database for this...



$stmt = $adopts->query("SELECT * FROM {$prefix}passwordresets WHERE username = '{$uname}' and email = '{$email}' and code='{$code}' ORDER BY id DESC LIMIT 1") ;

$passwordresets = $stmt->fetchObject();



if($passwordresets->username == $uname and $passwordresets->email == $email and $passwordresets->code == $code){



//We have a match, so make a new user password

$newpw = get_rand_id(12);

$newsalt = codegen(15,0);

$newpass = passencr($dbusername, $newpw, $newsalt);



//Update the database with the new password...

$stmt = $adopts->prepare("UPDATE {$prefix}users SET password='{$newpass}' WHERE username='{$dbusername}' and email='{$savedemail}'");

$stmt->execute();



//Delete the entry from the password reset table

$stmt = $adopts->prepare("DELETE FROM {$prefix}passwordresets WHERE code='{$code}'");

$stmt->execute();



$article_title = "Password Reset Successfully";

$article_content = "Dear {$passwordresets->username},<br>Your password has been reset successfully.<br><br>Here is your new password: <b>{$newpw}</b><br><br>

You may now <a href='login.php'>Log In</a> with this new password.  You can also change the password to something that is easier to remember

once you are logged in.";





}

else{

$article_title = "Incorrect activation code";

$article_content = "The activation code you entered is incorrect.  It is possible that the code is invalid.";

}



}

else{



//No code, so we're requesting a new password reset.............



//First thing we do is make sure the requested combination does indeed exist.  Then verify...



$stmt = $adopts->query("SELECT * FROM {$prefix}users WHERE username = '{$uname}' and email = '{$email}'");

$user = $stmt->fetchObject();

//Loop out code



if($num > 0 and $user->username == $uname and $user->email == $email){



//First we generate a random code that will be the reset code



$rand = get_rand_id(10);  //Get a random letter-number combination





//Then we log the user's IP address and the date



$ip = $_SERVER['REMOTE_ADDR'];

$ip = preg_replace("/[^a-zA-Z0-9.]/", "", $ip);



$date = date('Y-m-d');



//Then we insert the info into the passwordresets table in the database



$adopts->query("INSERT INTO {$prefix}passwordresets (id, username, email, code, ip, date)

VALUES ('', '{$uname}', '{$email}', '{$rand}', '{$ip}', '{$date}')");



//Then we send an email to the user with the link to the password reset



$message = "Hello there {$uname}:\n\nOur records indicate that you requested a password reset for your account.  Below is your reset code:\n

Reset Code: {$rand}\n\nTo have your password changed please visit the following URL:\n

http://www.{$domain}{$scriptpath}/forgotpass.php?uname={$uname}&email={$email}&code={$rand}\n\n

If you did NOT request a password reset then please ignore this email to keep your current password.\n\n

Thanks,\n

The {$sitename} team.";



$systememail = grabanysetting("systememail");

$headers = "From: {$systememail}";



mail($email, "Password Reset Request for ".$uname, $message, $headers);



//All done, output message to user. :)



$article_title = "Password Reset Email Sent";

$article_content = "We've sent an email to <b>{$email}</b> with instructions on how to reset your password.  Please

click the password reset link in the email to reset your password.  If you do not get the email shortly then please check

your spam or junk email folder as it may have gotten caught in there.";





}

else{



//We've got an incorrect or fraud request to reset a password...



$article_title = "There's been an error";

$article_content = "There's been an error.  The details you entered do not match any user in our system!  We cannot

reset your password at this time.";



}



}



}

else{



$article_title = "Reset Password";

$article_content = "So, you've forgotten your password?  Don't worry, it happens to the best of us.  Simply 

fill out the form below with your username and email address and we'll email you a link to reset your password.<br><br>

<form name='form1' method='get' action='forgotpass.php'>

  <p>Username: 

    <input name='uname' type='text' id='uname'>

</p>

  <p>Email Address: 

    <input name='email' type='text' id='email'>

</p>

  <p>

    <input type='submit' name='Submit' value='Request Password Reset'>

  </p>

</form>";



}





}





//***************//

//  OUTPUT PAGE  //

//***************//



echo showpage($article_title, $article_content, $date);



?>

You are not using the updated version of Mys v1.3.0 I uploaded on March 20th, are you? Now to fix this problem, simply get rid of this:

PHP Code:


		
			
$num > 0 and

I thought I was.... will edit once I try it.

Edit: Worked :)

Edit 2:
it works up until i try to enter the new password it gives me, it says it cannot log me in with the details specified

I see, thanks for informing me this. I will take a look again.

Edit: Download this file...

Thank you :) Perfect!

Oh btw, please download this file too since I found that change password was not working from the demo site...

Hmmm... Trading isn't working. I haven't touched that file either...

When you submit a trade you get no error or anything. Just goes right back to trades.php

Ohhhh it's this

Code:

if(is_numeric($adoptwanted)){

and

Code:

if(is_numeric($adoptgiven)){

Since mine are not numeric. Now what?

change is_numeric($adoptwanted) to !empty($adoptwanted) should suffice.

Thanks. And how can I make the levelup page so that non members can level up adopts?

Use this file then, I did not realize the default option had all guests actions disabled lol.

Can you tell me which lines you changed? You know my script is all modified and shtuff :)

Just this part right?

Code:





        if($userstatus['canlevel'] == "no"){

           $article_content .= "It appears that you have been banned from leveling up adoptables. Please contact an administrator for assistance.";   

        }

        elseif(!is_object($voters)){



        // The number of results is still zero, so we did not vote on this adoptable yet today...