User Info Block help with security code

Regular Joined: May 22, 2005 Posts: 78

I just installed a userinfo block and where the security code should be it shows whats in the alt="" here is the script

Code:




<?php





if (eregi("block-block-User_Info.php",$_SERVER['PHP_SELF'])) {


    Header("Location: index.php");


}





$content = "";


global $nukeurl, $prefix, $startdate, $dbi;


$nbhits = "<center>";


$content = "";





///////////////////////////////////////////////////////////////////////////////////////////////////////





$type = "text";   // defines type of counter (text or gfx)





////////////////////////////////////////////////////////////////////////////////////////////////////////





global $user, $cookie, $prefix, $user_prefix, $db, $anonymous, $sitekey;


mt_srand ((double)microtime()*1000000);


$maxran = 1000000;


$random_num = mt_rand(0, $maxran);


$datekey = date("F j");


$rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));


$code = substr($rcode, 2, 10);


cookiedecode($user);


$uname = $cookie[1];





$sql = "SELECT username FROM $user_prefix"._users." ORDER BY user_id DESC LIMIT 0,1";


$result = $db->sql_query($sql);


$row = $db->sql_fetchrow($result);


$lastuser = $row[username];


$numrows = $db->sql_numrows($db->sql_query("SELECT user_id FROM $user_prefix"._users.""));





$sql = "SELECT uname, guest FROM $prefix"._session." WHERE guest=0";


$result = $db->sql_query($sql);


$member_online_num = $db->sql_numrows($result);


$who_online_now = "";


$i = 1;


while ($session = $db->sql_fetchrow($result)) {


    if (isset($session["guest"]) and $session["guest"] == 0) {


        if ($i < 10) {


            $who_online_now .= "0$i:&nbsp;<A HREF=\"modules.php?name=Your_Account&amp;op=userinfo&amp;username=$session[uname]\">$session[uname]</a><br>\n";


        } else {


            $who_online_now .= "$i:&nbsp;<A HREF=\"modules.php?name=Your_Account&amp;op=userinfo&amp;username=$session[uname]\">$session[uname]</a><br>\n";


        }


        $who_online_now .= ($i != $member_online_num ? "  " : "");


        $i++;


    }


}


$Today = getdate();


//Formatting Current Date


$month = $Today['month'];


$mday = $Today['mday'];


$year = $Today['year'];


//Formatting Previous Date


$pmonth = $Today['month'];


$pmday = $Today['mday'];


$pmday = $mday-1;


$pyear = $Today['year'];


//Month conversion into numeric mode


if ($pmonth=="January") { $pmonth=1; } else


if ($pmonth=="February") { $pmonth=2; } else


if ($pmonth=="March") { $pmonth=3; } else


if ($pmonth=="April") { $pmonth=4; } else


if ($pmonth=="May") { $pmonth=5; } else


if ($pmonth=="June") { $pmonth=6; } else


if ($pmonth=="July") { $pmonth=7; } else


if ($pmonth=="August") { $pmonth=8; } else


if ($pmonth=="September") { $pmonth=9; } else


if ($pmonth=="October") { $pmonth=10; } else


if ($pmonth=="November") { $pmonth=11; } else


if ($pmonth=="December") { $pmonth=12; };


$test = mktime (0,0,0,$pmonth,$pmday,$pyear,1);





//Creating SQL parameter


$curDate2 = "%".$month[0].$month[1].$month[2]."%".$mday."%".$year."%";


$preday = strftime ("%d",$test);


$premonth = strftime ("%B",$test);


$preyear = strftime ("%Y",$test);


$curDateP = "%".$premonth[0].$premonth[1].$premonth[2]."%".$preday."%".$preyear."%";





//Executing SQL Today


$sql = "SELECT COUNT(user_id) AS userCount FROM $user_prefix"._users." WHERE user_regdate LIKE '$curDate2'";


$result = $db->sql_query($sql);


$row = $db->sql_fetchrow($result);


$userCount = $row[userCount];


//end





//Executing SQL Today


$sql = "SELECT COUNT(user_id) AS userCount FROM $user_prefix"._users." WHERE user_regdate LIKE '$curDateP'";


$result = $db->sql_query($sql);


$row = $db->sql_fetchrow($result);


$userCount2 = $row[userCount];


//end





$guest_online_num = $db->sql_numrows($db->sql_query("SELECT uname FROM ".$prefix."_session WHERE guest=1"));


$member_online_num = $db->sql_numrows($db->sql_query("SELECT uname FROM ".$prefix."_session WHERE guest=0"));





$who_online_num = $guest_online_num + $member_online_num;


$content .= "<form action=\"account.html\" method=\"post\">";





if (is_user($user)) {


    $content .= "<br><img src=\"images/blocks/group-4.gif\" height=\"14\" width=\"17\"> "._BWEL.", <b>$uname</b>.<br>\n<hr>\n";


    $sql = "SELECT user_id FROM $user_prefix"._users." WHERE username='$uname'";


    $result = $db->sql_query($sql);


    $row = $db->sql_fetchrow($result);


    $uid = $row[user_id];


    $newpms = $db->sql_numrows($db->sql_query("SELECT privmsgs_to_userid FROM $prefix"._bbprivmsgs." WHERE privmsgs_to_userid='$uid' AND (privmsgs_type='5' OR privmsgs_type='1')"));


    $oldpms = $db->sql_numrows($db->sql_query("SELECT privmsgs_to_userid FROM $prefix"._bbprivmsgs." WHERE privmsgs_to_userid='$uid' AND privmsgs_type='0'"));


    $content .= "<img src=\"images/blocks/email-y.gif\" height=\"10\" width=\"14\"> <a href=\"messages.html\"><b>"._BPM."</b></a><br>\n";


    $content .= "<img src=\"images/blocks/email-r.gif\" height=\"10\" width=\"14\"> "._BUNREAD.": <b>$newpms</b><br>\n";


    $content .= "<img src=\"images/blocks/email-g.gif\" height=\"10\" width=\"14\"> "._BREAD.": <b>$oldpms</b><br>\n<hr>\n";


} else {


    $content .= "<img src=\"images/blocks/group-4.gif\" height=\"14\" width=\"17\"> "._BWEL.", <b>$anonymous</b>\n<hr>";


    $content .= "<center><font class=\"content\">"._ASREGISTERED."</font></center><hr>";


    $content .="<form action=\"account.html\" method=\"post\">\n";


    $content .="&nbsp;&nbsp;&nbsp;&nbsp;"._USERLOGIN."<br>\n";


    $content .="<table border=\"0\"><tr><td>\n";


    $content .="&nbsp;&nbsp;&nbsp;"._NICKNAME.":</td></tr>\n";


    $content .="<tr><td><input type=\"text\" name=\"username\" size=\"15\" maxlength=\"25\"></td></tr>\n";


    $content .="<tr><td>&nbsp;&nbsp;&nbsp;"._PASSWORD.":</td></tr>\n";


    $content .="<tr><td><input type=\"password\" name=\"user_password\" size=\"15\" maxlength=\"20\"></td></tr>\n";


       if (extension_loaded("gd")) {


    $content .="<tr><td colspan='2'>&nbsp;&nbsp;&nbsp;"._SECURITYCODE.":<br>&nbsp;&nbsp;&nbsp;<img src='modules.php?name=Your_Account&op=gfx&random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'></td></tr>\n";


    $content .="<tr><td colspan='2'>&nbsp;&nbsp;&nbsp;"._TYPESECCODE.": &nbsp;<input type=\"text\" NAME=\"gfx_check\" SIZE=\"15\" MAXLENGTH=\"10\"></td></tr>\n";


    $content .="<input type=\"hidden\" name=\"random_num\" value=\"$random_num\">\n";


       }


    $content .="</table><input type=\"hidden\" name=\"redirect\" value=$redirect>\n";


    $content .="<input type=\"hidden\" name=\"mode\" value=$mode>\n";


    $content .="<input type=\"hidden\" name=\"f\" value=$f>\n";


    $content .="<input type=\"hidden\" name=\"t\" value=$t>\n";


    $content .="&nbsp;<input type=\"hidden\" name=\"op\" value=\"login\">\n";


    $content .="<input type=\"submit\" value=\""._LOGIN."\"></form>\n\n";


 }


$content .= "<p>&nbsp</p><img src=\"images/blocks/group-2.gif\" height=\"14\" width=\"17\"> <b><u>"._BMEMP.":</u></b><br>\n";


$content .= "<img src=\"images/blocks/ur-moderator.gif\" height=\"14\" width=\"17\"> "._BLATEST.": <A HREF=\"modules.php?name=Your_Account&amp;op=userinfo&amp;username=$lastuser\"><b>$lastuser</b></a><br>\n";


$content .= "<img src=\"images/blocks/ur-author.gif\" height=\"14\" width=\"17\"> "._BTD.": <b>$userCount</b><br>\n";


$content .= "<img src=\"images/blocks/ur-admin.gif\" height=\"14\" width=\"17\"> "._BYD.": <b>$userCount2</b><br>\n";


$content .= "<img src=\"images/blocks/ur-guest.gif\" height=\"14\" width=\"17\"> "._BOVER.": <b>$numrows</b><br>\n<hr>\n";


$content .= "<img src=\"images/blocks/group-3.gif\" height=\"14\" width=\"17\"> <b><u>"._BVISIT.":</u></b>\n<br>\n";


$content .= "<img src=\"images/blocks/ur-anony.gif\" height=\"14\" width=\"17\"> "._BVIS.": <b>$guest_online_num</b><br>\n";


$content .= "<img src=\"images/blocks/ur-member.gif\" height=\"14\" width=\"17\"> "._BMEM.": <b>$member_online_num</b><br>\n";


$content .= "<img src=\"images/blocks/ur-registered.gif\" height=\"14\" width=\"17\"> "._BTT.": <b>$who_online_num</b><br>\n";


if ($member_online_num > 0) {


    $content .= "<hr>\n<img src=\"images/blocks/group-1.gif\" height=\"14\" width=\"17\"> <b><u>"._BON.":</u></b><br>$who_online_now";


}


$content .= "</form><br><hr>";


$content .= "<CENTER><a href=\"account-new_user.html\">"._DL_UMBREG."</a><BR>\n";


$content .= "<a href=\"modules.php?name=Your_Account&amp;op=pass_lost\">"._DL_UMBLOST."</a><BR>\n";


$content .= "<CENTER><a href=\"account-logout.html\">"._LOGOUTOFHERE."</a><BR><hr>\n";


$content .= "<CENTER><a href=\"admin.php\">"._ADMINISTRATION."</a><BR>\n";





/* Hits Total */


$result = sql_query("SELECT count FROM $prefix"._counter." WHERE type='total' AND var='hits'", $dbi);


$count_holder = sprintf ("%07d", implode(mysql_fetch_row($result), $dbi));


mysql_free_result ($result);


if ($type == "text")


$nbhits .= $count_holder;


else


for ($n = 0; $n < strlen($count_holder); $n++) ($nbhits .= "<img src=\"images/led/{$count_holder[$n]}.gif\" bordercolor=\"#FFFFFF\" border=\"1\">");





/* Hits for Today */


$t_time = time();


$t_year = date("Y", $t_time);


$t_month = date("n", $t_time);


$t_date = date("j", $t_time);


$result = sql_query("SELECT hits FROM $prefix"._stats_date." WHERE year='$t_year' AND month='$t_month' AND date='$t_date'", $dbi);


list($today) = sql_fetch_row($result, $dbi);





/* Hits for Yesterday */


$y_time = $t_time - 86400;


$y_year = date("Y", $y_time);


$y_month = date("n", $y_time);


$y_date = date("j", $y_time);


$result = sql_query("SELECT hits FROM $prefix"._stats_date." WHERE year='$y_year' AND month='$y_month' AND date='$y_date'", $dbi);


list($yesterday) = sql_fetch_row($result, $dbi);





/* Hourly Hits */


$result = sql_query("SELECT count(*) FROM $prefix"._stats_hour."", $dbi);


list($hours) = sql_fetch_row($result, $dbi);


$hourly = number_format($count_holder/$hours, 0);





/* Daily Hits */


$result = sql_query("SELECT count(*) FROM $prefix"._stats_date."", $dbi);


list($days) = sql_fetch_row($result, $dbi);


$daily = number_format($count_holder/$days, 0);





/* Monthly Hits */


$result = sql_query("SELECT count(*) FROM $prefix"._stats_month."", $dbi);


list($months) = sql_fetch_row($result, $dbi);


$monthly = number_format($count_holder/$months, 0);





/* Yearly Hits */


$result = sql_query("SELECT count(*) FROM $prefix"._stats_year."", $dbi);


list($years) = sql_fetch_row($result, $dbi);


$yearly = number_format($count_holder/$years, 0);





/* Server Time */


$Time   = date("d M Y");


$Today  = date("H:i:s");


$Offset = date("O");


$nbhits .= " </center>";





//////////////////////////////////////////////////////////////////////////////////////////////////////////////





/* TOTAL HITS */


$content .= "<div align=\"center\"><table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse: collapse\" width=\"95%\"><br><hr>\n";


$content .= "<tr><td><center><small>"._WERECEIVED."</small><br><br>$nbhits<br><small>"._PAGESVIEWS." $startdate</small></center></td></tr>\n";


$content .= "</table><hr>\n";


$content .= "<b><u>"._BHITS."</u></b><br>";


$content .= "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse: collapse\" width=\"95%\">\n";


$content .= "<tr><td width=\"65%\"><big><b>&middot;</b></big> "._BTD."</td>\n";


$content .= "<td width=\"35%\"><p align=\"right\"><b><a href=\"modules.php?name=Statistics&op=DailyStats&year=$t_year&month=$t_month&date=$t_date\">$today</a></b></td></tr>\n";


$content .= "<tr><td width=\"65%\"><big><b>&middot;</b></big> "._BYD."</td>\n";


$content .= "<td width=\"35%\"><p align=\"right\"><b><a href=\"modules.php?name=Statistics&op=DailyStats&year=$y_year&month=$y_month&date=$y_date\">$yesterday</a></b></td></tr>\n";


$content .= "</table><hr>\n";


$content .= "<b><u>"._BHITA."</u></b><br>";


$content .= "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse: collapse\" width=\"95%\">\n";


$content .= "<tr><td width=\"65%\"><big><b>&middot;</b></big> "._BHOUR."</td>\n";


$content .= "<td width=\"35%\"><p align=\"right\">$hourly</td></tr>\n";


$content .= "<tr><td width=\"65%\"><big><b>&middot;</b></big> "._BDAIL."</td>\n";


$content .= "<td width=\"35%\"><p align=\"right\">$daily</td></tr>\n";


$content .= "<tr><td width=\"65%\"><big><b>&middot;</b></big> "._BMONT."</td>\n";


$content .= "<td width=\"35%\"><p align=\"right\">$monthly</td></tr>\n";


$content .= "<tr><td width=\"65%\"><big><b>&middot;</b></big> "._BYEAR."</td>\n";


$content .= "<td width=\"35%\"><p align=\"right\">$yearly</td></tr>\n";


$content .= "</table><hr>";


$content .= "<b><u>Server "._BTIME."</u></b><br>";


$content .= "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse: collapse\" width=\"95%\">\n";


$content .= "<tr><td width=\"40%\"><big><b>&middot;</b></big> "._BTIME."</td>\n";


$content .= "<td width=\"60%\"><p align=\"right\">$Today</td></tr>\n";


$content .= "<tr><td width=\"40%\"><big><b>&middot;</b></big> "._BDATE."</td>\n";


$content .= "<td width=\"60%\"><p align=\"right\">$Time</td></tr>\n";


$content .= "<tr><td width=\"40%\"><big><b>&middot;</b></big> "._BZONE."</td>\n";


$content .= "<td width=\"60%\"><p align=\"right\">$Offset</td></tr>\n";


$content .= "</table></div>";


$content .= "<hr>";


/************************/


/*      Variables       */


/************************/





$downloadstoshow = 5;


$usemarquee = 1;


$scrolldirection = "Up";





$most = "Most Downloaded";


$latest = "Latest Downloads";


$totalfiles = "Total Files";


$totalcategories = "Total Categories";


$totaldownloads = "Total Downloads";


$hitstext = "Hits";





/************************/


/*     End Variables    */


/************************/





// Make sure people don't try and access it directly


if (eregi("block-Advanced_Downloads.php",$PHP_SELF)) {


    Header("Location: index.php");


    die();


}





global $prefix, $dbi;





// Total Files


$result = sql_query("select * from ".$prefix."_downloads_downloads", $dbi);


$files = sql_num_rows($result, $dbi);





// Total Categories


$result = sql_query("select * from ".$prefix."_downloads_categories", $dbi);


$cats = sql_num_rows($result, $dbi);





// Total Downloads


$result = sql_query("select hits from ".$prefix."_downloads_downloads", $dbi);





$a = 1;


while(list($hits) = sql_fetch_row($result, $dbi)) {


     $total_hits = $total_hits + $hits;


      $a++;


}





$content .= "<b>$totalfiles: $files<br>$totalcategories: $cats<br> $totaldownloads: $total_hits<br></b>";


  


if ($usemarquee == 1) {


   $content .= "<Marquee Behavior=\"Scroll\" Direction=\"$scrolldirection\" Height=\"140\" ScrollAmount=\"2\" ScrollDelay=\"100\" onMouseOver=\"this.stop()\" onMouseOut=\"this.start()\"><br>";


}





// Latest added


$content .= "<center><br><img src=\"images/newest.gif\"><br></center>";


$a = 1;


$result = sql_query("select lid, title, hits from ".$prefix."_downloads_downloads order by date DESC limit 0,$downloadstoshow", $dbi);





while(list($lid, $title, $hits) = sql_fetch_row($result, $dbi)) {


      $title2 = ereg_replace("_", " ", $title);


     $content .= "<img src=\"images/icon_minipost.gif\">&nbsp;$a: <a href=\"modules.php?name=Downloads&amp;d_op=viewdownloaddetails&amp;lid=$lid&amp;title=$title\">$title2</a><br>[$hitstext: $hits]<br>";


      $a++;


}





// Most downloaded


$content .= "<center><br><img src=\"images/popular.gif\"><br></center>";


$a = 1;


$result = sql_query("select lid, title, hits from ".$prefix."_downloads_downloads order by hits DESC limit 0,$downloadstoshow", $dbi);





while(list($lid, $title, $hits) = sql_fetch_row($result, $dbi)) {


    $title2 = ereg_replace("_", " ", $title);


    $content .= "<img src=\"images/icon_minipost.gif\">&nbsp;$a: <a href=\"modules.php?name=Downloads&amp;d_op=viewdownloaddetails&amp;lid=$lid&amp;title=$title\">$title2</a><br>[$hitstext: $hits]<br>";


    $a++;


}





?>

please tell me how to fix this

Max

Posted: Sun May 22, 2005 2:39 am

I fixed it in the code I found the first occurence of modules?name=Your_Account&op=gfx and changed it to modules?gfx=gfx and it works fine now

Max