Multiheadlines 2.1

Posted: Wed Jul 17, 2013 12:24 am

For me my files work on PHP 5.4.11 now I have problems only charset saved in database but go to fix all module

registered · Site Admin Joined: Aug 22, 2007 Posts: 1775

I don't have this module and i have only try to show what for possible ways you can have. I have added also is_numeric checks for maybe numeric variables before its passed into a sql-query. Check is_numeric on php.net. If the variables are really numeric - i don't know but this you can only test it self.

But you haven't fixed because you should really use $db->sql_escape_string() instead of mysql_escape_string(), because RN25x works with mysqli and not more with the old mysql. eregi_replace() is also deprecated in PHP5. Filterings like stripslashes() are outdated. Try a look at htmlspecialchars and htmlspecialchars_decode on php.net. What you have posted is not the solution - that is the old written code of the module.

At the end i can only say again, don't try to fix a old module on a live-page and use local test environments like WAMP. Otherwise it could be you will open closed doors for attackers on your live page!

Posted: Wed Jul 17, 2013 9:06 am

can u post what kind of modification u did on the module misterstereus?

neralex: I tested everything first on localhost and later I put it on live. eregi is not a problem. The problem is in function.php. I tried to use $db->sql_escape_string() but it didn't work at all. I would like to use the new sql but unfortunately it doesn't.

Posted: Wed Jul 17, 2013 10:59 am

It works in the whole CMS and then it must work also in the module. The simple answer to your problem is, you make something wrong.

Believe me, eregi is deprecated! I have only my changes described. It makes no sense to leave deprecated code in a module that should work with php5.4. Check please php.net before you mean that is not a problem. It creates errors since php version 5.3:

http://www.php.net/manual/en/function.eregi-replace.php
http://php.net/manual/en/migration53.deprecated.php

Posted: Wed Jul 17, 2013 4:38 pm

I think you're right. I thought it has nothing to do with eregi deprecated but after making some changes I got some errors.

I'm lost on this part.

Code:

if ((eregi("<rdf:RDF", $contents)) || (eregi("<RSS", $contents))) {


   if (eregi("<RDF", $contents)) {


      $is_type="RDF";


      $info=getextrainfos($is_type, $contents, $url_id);


      $contents=stristr($contents, "<ITEM rdf:");


      $contents=stristr(strrev($contents), ">METI/<");


      $contents=strrev($contents);


      $contents="<zbang>\n".$contents."\n</zbang>";


   } elseif (eregi("<RSS", $contents)){


      $is_type="RSS";


      $info=getextrainfos($is_type, $contents, $url_id);


      $contents=stristr($contents, "<ITEM>");


      $contents=stristr(strrev($contents), ">METI/<");


      $contents=strrev($contents);


      $contents="<zbang>\n".$contents."\n</zbang>";


   }


   $xml_parser = xml_parser_create();


   xml_parse_into_struct($xml_parser, $contents, $vals, $index);


   xml_parser_free($xml_parser);


   for ($i=0; $i < count($index["TITLE"]); $i++){


      $title=filtering($vals[$index["TITLE"][$i]]["value"], $info["encoding"]);


      $link=$vals[$index["LINK"][$i]]["value"];


      if (eregi("rd.yahoo.com/", $link)) {


         $l=explode("*", $link);


         $link=$l[1];


      }


      $link=ereg_replace("http%3A//", "http://", $link);


      if (array_key_exists("DESCRIPTION", $index)){


         $description=filtering($vals[$index["DESCRIPTION"][$i]]["value"], $info["encoding"]);


      } else {


         $description="N/A";      


      }

I did it like this but it didn't work

Code:

if ((preg_match("/<rdf:RDF/i", $contents)) || (preg_match("/<RSS/i", $contents))) {


   if (preg_match("/<RDF/i", $contents)) {


      $is_type="RDF";


      $info=getextrainfos($is_type, $contents, $url_id);


      $contents=stristr($contents, "<ITEM rdf:");


      $contents=stristr(strrev($contents), ">METI/<");


      $contents=strrev($contents);


      $contents="<zbang>\n".$contents."\n</zbang>";


   } elseif (preg_match("/<RSS/i", $contents)){


      $is_type="RSS";


      $info=getextrainfos($is_type, $contents, $url_id);


      $contents=stristr($contents, "<ITEM>");


      $contents=stristr(strrev($contents), ">METI/<");


      $contents=strrev($contents);


      $contents="<zbang>\n".$contents."\n</zbang>";


   }


   $xml_parser = xml_parser_create();


   xml_parse_into_struct($xml_parser, $contents, $vals, $index);


   xml_parser_free($xml_parser);


   for ($i=0; $i < count($index["TITLE"]); $i++){


      $title=filtering($vals[$index["TITLE"][$i]]["value"], $info["encoding"]);


      $link=$vals[$index["LINK"][$i]]["value"];


      if (preg_match("/rd.yahoo.com/\/i", $link)) {


         $l=explode("*", $link);


         $link=$l[1];


      }


      $link=preg_replace("/http%3A///", "http://", $link);


      if (array_key_exists("DESCRIPTION", $index)){


         $description=filtering($vals[$index["DESCRIPTION"][$i]]["value"], $info["encoding"]);


      } else {


         $description="N/A";      


      }

Any suggestion?
Shocked

registered · Posted: Wed Jul 17, 2013 5:05 pm

Almost there on the preg-matches... replace, however, from the for on down to be this instead as your escaping of the forward slashes are not correct I think so I'm suggesting to make this easier by changing out the start/end characters for the pattern and the preg_replace wasn't correct:

Code:




   for ($i=0; $i < count($index["TITLE"]); $i++){ 


      $title=filtering($vals[$index["TITLE"][$i]]["value"], $info["encoding"]); 


      $link=$vals[$index["LINK"][$i]]["value"]; 


      if (preg_match("~rd.yahoo.com/~i", $link)) { 


         $l=explode("*", $link); 


         $link=$l[1]; 


      } 


      $link=preg_replace("~http%3A//~", "http://", $link); 


      if (array_key_exists("DESCRIPTION", $index)){ 


         $description=filtering($vals[$index["DESCRIPTION"][$i]]["value"], $info["encoding"]); 


      } else { 


         $description="N/A";       


      }

See if that works... but if you get errors, please post what they are as it is difficult to figure out what is wrong without that.

Posted: Wed Jul 17, 2013 5:33 pm

Montego, thanks for replying. I am getting error on this part

Code:




if ((preg_match("/<rdf:RDF/i", $contents)) || (preg_match("/<RSS/i", $contents))) {


   if (preg_match("/<RDF/i", $contents)) {

I don't know why but I guess there is something wrong since <RDF doesn't have any > at the end.
Shocked

This is what I did so far and now I am not getting any error but feeds doesn't work. It doesn't store any data in database.

function.php
http://www.bestbuildpc.org/pastebin/tOWmwNj7

Neralex, what could be wrong now? Shocked

Posted: Sat Jul 20, 2013 6:51 am

hicuxunicorniobestbuildpc, I would still replace that bit of code I posted above for other reasons (it will not work properly otherwise).

You might want to try to escape the "<" character. While I am not certain, that might be viewed as an Only registered users can see links on this board! Get registered or login!.

So, just with the example code you've given, maybe try this:

Code:







if ((preg_match("/\<rdf:RDF/i", $contents)) || (preg_match("/\<RSS/i", $contents))) { 


   if (preg_match("/\<RDF/i", $contents)) {

The following doesn't have anything to do with the issue just so you know:

Quote:

<RDF doesn't have any > at the end

Posted: Sun Jul 21, 2013 5:33 am

Montego, I followed your steps but unfortunately it is not working. I can't believe it is not storing the feeds on database. Here u can see the function.php updated.

http://www.bestbuildpc.org/pastebin/lKXdXGBj

I am getting only this error message by rnlog

Code:

Column count doesn't match value count at row 1





July 21, 2013, 1:36 pm File: /www.bestbuildpc.org/db/mysqli.php - Line: 201


Code: 1136 - Message: Column count doesn't match value count at row 1


SQL was: INSERT INTO `nuke_multiheadlines_news` VALUES ('1', '2', 'Terry McAuliffe looks gubernatorial, mostly - Washington Post (blog)', 'http://news.google.com/news/url?sa=t&>', '1374368161', '1374406610')

This is my index.php from admin

http://www.bestbuildpc.org/pastebin/PSVXM7xT

Posted: Sun Jul 21, 2013 11:28 am

looks like there is a mismatch between the number of values you are trying to save to the db, and the number of columns in your db table. Does the _multiheadlines_news table have six columns?

Posted: Sun Jul 21, 2013 4:55 pm

No, it has 11

Code:

CREATE TABLE IF NOT EXISTS `nuke_multiheadlines_news` (


  `news_id` int(11) NOT NULL auto_increment,


  `news_cat` smallint(6) NOT NULL default '0',


  `news_site` tinyint(4) NOT NULL default '0',


  `news_title` text NOT NULL,


  `news_link` varchar(200) NOT NULL default '',


  `news_description` text NOT NULL,


  `news_buildate` tinytext NOT NULL,


  `news_pubdate` tinytext NOT NULL,


  `news_time` varchar(14) NOT NULL default '',


  `news_status` tinyint(1) NOT NULL default '1',


  `news_active` tinyint(1) NOT NULL default '1',


  PRIMARY KEY  (`news_id`)


) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=820 ;

Posted: Sun Jul 21, 2013 5:13 pm

In your sql-error you have only 6 values. Try to replace the insert query in the function insert_todb from:

Code:

$db->sql_query('INSERT INTO `' . $prefix . '_multiheadlines_news` VALUES '."('$cat', '$url_id', '$title', '$link', '$description', '$pubdate', '$news_time')");

to:

Code:

$db->sql_query('INSERT INTO `' . $prefix . '_multiheadlines_news` VALUES '."(NULL, '$cat', '$url_id', '$title', '$link', '$description', '', '$pubdate', '$news_time', '', '')");

or:

Code:

$db->sql_query('INSERT INTO `' . $prefix . '_multiheadlines_news` VALUES '."(NULL, '$cat', '$url_id', '$title', '$link', '$description', '', '$pubdate', '$news_time', 1, 1)");

Posted: Mon Jul 22, 2013 12:48 am

Mornig neralex,

After testing both of them local and live I found out the image from the news dissapear but finally the news are storing in database.

Working!

Code:

$db->sql_query('INSERT INTO `' . $prefix . '_multiheadlines_news` VALUES '."(NULL, '$cat', '$url_id', '$title', '$link', '$description', '', '$pubdate', '$news_time', 1, 1)");

Working too!

Code:

$db->sql_query('INSERT INTO `' . $prefix . '_multiheadlines_news` VALUES '."(NULL, '$cat', '$url_id', '$title', '$link', '$description', '', '$pubdate', '$news_time', '', '')");

Note: The idea to make this module was good but really bad programmed. I've been cleaning lots of white spaces. Lots of html errors. I stilll need to clean a lot. It is a disaster! speedtype

Posted: Sun Jul 28, 2013 2:07 pm

I got this one from the second line you gave me neralex.

Code:

Code: 1064 - Message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-32020, -32015' at line 1


SQL was: SELECT * FROM nuke_multiheadlines_news ORDER BY news_status ASC, news_pubdate DESC LIMIT -32020, -32015

Posted: Mon Jul 29, 2013 2:48 am

Your error is a SELECT and not INSERT query! So it could not be the both lines. Search the function with this SELECT and then you must check it again.

Posted: Mon Jul 29, 2013 6:30 pm

Code:

            if ($conf["fullview"]!=="full")  {


               $title=eregi_replace($searchnews,"<font color=\"red\">".$searchnews."</font>",$row["news_title"]);


               $row["news_description"]="";


               $image="&diams;";


               echo "<tr>


                  <td width=\"1%\"><a href=\"".$row1["urls_site"]."\" target=\"_blank\">".$image."</a></td>


                 <td width=\"94%\"><a href=\"".$row["news_link"]."\" target=\"_blank\">".$title."</a></td>";


                 if ($conf["showtime"]=="1") {


                    echo "<td nowrap width=\"5%\">".showing_time($row["news_pubdate"])."</td>";


                 }   


              echo "</tr>";         


            } else {


               if ($searchwhere==1){


                  $title=eregi_replace($searchnews,"<font color=\"red\">".$searchnews."</font>",$row["news_title"]);


                 $description=$row["news_description"];


               } elseif ($searchwhere==2) {


                  $title=$row["news_title"];


                $description=$row["news_description"];


                $description=eregi_replace(" ".$searchnews,"&nbsp;<font color=\"red\">".$searchnews."</font>",$row["news_description"]);


                $description=eregi_replace(" ".$searchnews." ","&nbsp;<font color=\"red\">".$searchnews."</font>&nbsp;",$row["news_description"]);       


                $description=eregi_replace($searchnews." ","<font color=\"red\">".$searchnews."</font>&nbsp;",$row["news_description"]);


               } elseif ($searchwhere==3) {   


                  $title=eregi_replace($searchnews,"<font color=\"red\">".$searchnews."</font>",$row["news_title"]);


                   $description=eregi_replace(" ".$searchnews,"&nbsp;<font color=\"red\">".$searchnews."</font>",$row["news_description"]);


                $description=eregi_replace(" ".$searchnews." ","&nbsp;<font color=\"red\">".$searchnews."</font>&nbsp;",$row["news_description"]);       


                $description=eregi_replace($searchnews." ","<font color=\"red\">".$searchnews."</font>&nbsp;",$row["news_description"]);

Anyone can tell me how to replace these old deprecated eregi?

Posted: Tue Jul 30, 2013 4:43 am

try it with str_replace: http://www.php.net/manual/en/function.str-replace.php

Posted: Wed Jul 31, 2013 10:39 am

neralex, I tried to update the whole modules making lots of changes but unfortunately it doesn't work anymore.

https://gist.github.com/bestbuildpc/5970957/revisions

Can anyone help me to fix this module?

Sad

Posted: Wed Jul 31, 2013 11:44 am

Then change it back and start again from a working point.

Posted: Fri Aug 02, 2013 11:04 am

In your module you see news?
http://www.goldnuke.com/Multiheadlines.html

Posted: Mon Aug 05, 2013 3:06 pm

I updated getrss.php. Please let me know if u see any error. Thanks in advance.

Code:

<?php





if (!defined('MODULE_FILE')) {


   header('Location: ../../index.php');


   die();


}





global $db, $prefix;


include_once 'modules/Multiheadlines/functions.php';








if (is_active('Multiheadlines')) {


   $config = $db->sql_fetchrow($db->sql_query('SELECT * FROM `' . $prefix . '_multiheadlines_config`'));


   


   if (!($config['colect']=='colect')) {


      $daysold = $config['delnewsold'];


      $maxnews = $config['delnewsmany'];


      $homenews = $config['leavenews'];


      $deltime = $config['deltime'];


      $homecat = $config['home_cat'];


      $num_news = $db->sql_numrows($db->sql_query('SELECT * FROM `' . $prefix . '_multiheadlines_news`'));


      if ($daysold==0) {


         if ($num_news > $maxnews) {


            $sql = 'SELECT * FROM `' . $prefix . '_multiheadlines_categ`';


            $result=$db->sql_query($sql);


            while ($categnews = $db->sql_fetchrow($result)) {


               $num_cat = $db->sql_numrows($db->sql_query('SELECT * FROM `' . $prefix . '_multiheadlines_news` WHERE `news_cat` = \'' . intval($categnews['categ_id']) . '\''));


               if (intval($homenews) < intval($num_cat)) {


                  $db->sql_query('DELETE FROM `' . $prefix . '_multiheadlines_news` WHERE `news_cat` = \'' . intval($categnews['categ_id']) . '\' ORDER BY `news_time` ASC LIMIT ' . (intval($num_cat) - intval($homenews)));


               }


            }


            $db->sql_query('UPDATE `' . $prefix . '_multiheadlines_config` SET `deltime` = \''.time() . '\'');


         }


      } elseif ((time() > $deltime+$daysold*24*60*60) || ($num_news > $maxnews)) {


         $sql = 'SELECT * FROM `' . $prefix . '_multiheadlines_categ`';


         $result=$db->sql_query($sql);


         while ($categnews = $db->sql_fetchrow($result)) {


            $num_cat = $db->sql_numrows($db->sql_query('SELECT * FROM `' . $prefix . '_multiheadlines_news` WHERE `news_cat` = \'' . intval($categnews['categ_id']) . '\''));


            if (intval($homenews) < intval($num_cat)) {   


               $db->sql_query('DELETE FROM `' . $prefix . '_multiheadlines_news` WHERE `news_cat` = \'' . intval($categnews['categ_id']) . '\' ORDER BY `news_time` ASC LIMIT ' . (intval($num_cat) - intval($homenews)));


            }


         }


         $db->sql_query('UPDATE `' . $prefix . '_multiheadlines_config` SET `deltime` = \'' . time() . '\'');


      }


   }





   if (intval($config['turnon'])==1) {


      $sql = 'SELECT * FROM `' . $prefix . ' _multiheadlines_urls` WHERE `urls_active` = 1 AND ' . time() . '> (urls_time+urls_ref) ORDER BY `urls_time` ASC LIMIT 0, 1';


      $result = $db->sql_query($sql);


      $k=1;


      while ($check = $db->sql_fetchrow($result)) {


            get_news($check['urls_id'], $check['urls_categ'], 'save');


            $db->sql_query('UPDATE `' . $prefix . '_multiheadlines_urls` SET `urls_time` = \'' . time() . '\' WHERE `urls_id` = \'' . intval($check['urls_id']) . '\'');


         $k++;


      }


   }


}

Posted: Tue Aug 20, 2013 2:28 am

Guys,

I changed these lines

Code:

if (preg_match("/getrss.php/i", $_SERVER['PHP_SELF'])) {


    Header("Location: http://www.google.com/search?hl=en&q=define%3A+stupid&btnG=Google+Search");


    die();


}

for this one but I can't enter to admin.

Code:




if (!defined('MODULE_FILE')) {


   header('Location: http://www.google.com/search?hl=en&q=define%3A+stupid&btnG=Google+Search');


   die();


}

I tried this one but no luck

Code:




if (!defined('MODULE_FILE')) {


   header('Location: ../../index.php');


   die();


}

Any explanation about it?