Custom User Pages - Users make pages using html/bbcode on any template safely
Mod Version: 1.00, by carcomp
| vB Version: 3.8.2 | Rating:  (0 vote - 0 average) |
Installs: 11 |
| Released: 06 Apr 2009 | Last Update: Never | Downloads: 2 |
 Not Supported
 Uses Plugins
Template Edits
|
||
Ok this is just something i've been slapping together the past few days, using code from here, google, and whatnot. I didn't write 99% of it, but I thought up the idea!
Ok heres the deal. You want your users to be able to customize a page such as MEMBERINFO. Problem is, really customizations all look EXACTLY the same. So I thought, why not let the users just program their own html css stuff like on myspace, as well as allow bbcode. If it messes up their memberinfo page, so what. Its their own fault and they should fix it. (My members are really a close knit family of computer / car people so I think they can handle this). I trust most of them, but since this mod only allows what you specify, you can't add things like <SCRIPT> tags or php code etc.
The following code works in conjunction with a custom template and an eval'd variable.
To get this to work, you first have to create a new custom profile field. I don't know what the number of this field will be, so you'll have to figure that one out yourself. You should probably specify a multi line field with a lot of space. Once you create the profile field, enter the number in the code below.
Next, you need to create a new template. Call it user_custompage. In this template, put one line...
$mypage
Then, create a plugin and link it to global_start
in the plugin, put the following code...
See there where it says 'field65'? Thats where you put your profile field number.
Now all that you have to do is put $mypage in whatever template you want your user's custom profile field html to show.
This is possibly the most unsafe hack ever for your website, but it demonstrates a really cool principal that by specifying which tags a user can use, they can make a website. And yes, if they mess up the code, everyone will see your website all broken.
This is my first whack at posting something i've hacked together, so please bear with me
Here is a link to see it in action. All the stuff you see between the "MOD STARTS HERE" and "MOD STOPS HERE" is a profile field.
http://www.quad4forums.com/test/member.php?u=3472
Here is the code i've entered in the profile field. I spent about 30 seconds on it, so its not a definitive example of whats possible, but it gets the idea across. I've also added the script tag so you can view my page's source and notice its not there.
(I have to use strikeout so vbulletin.org doesn't parse the bbcode)
MOD STARTS HERE
<B><TABLE style="width: 100%; padding: 0px; border: 1px; border: 1px solid #789DB3; background-image: url(http://www.travelblog.org/Wallpaper/pix/waterfall_desktop_background-1600x1200.jpg)"><TD>
<p align="center">
[B]Here is my test page[/B]
[img]http://mediaengine.org/mitcht/gallery/albums/misc/My_Car_010.sized.jpg[/img]
</p>
<TR></TR> </TD></B></table>
<DIV>
<SCRIPT>
<?
MOD ENDS HERE
BTW. This is my test forum, so its not going to be doing much!
Ok heres the deal. You want your users to be able to customize a page such as MEMBERINFO. Problem is, really customizations all look EXACTLY the same. So I thought, why not let the users just program their own html css stuff like on myspace, as well as allow bbcode. If it messes up their memberinfo page, so what. Its their own fault and they should fix it. (My members are really a close knit family of computer / car people so I think they can handle this). I trust most of them, but since this mod only allows what you specify, you can't add things like <SCRIPT> tags or php code etc.
The following code works in conjunction with a custom template and an eval'd variable.
To get this to work, you first have to create a new custom profile field. I don't know what the number of this field will be, so you'll have to figure that one out yourself. You should probably specify a multi line field with a lot of space. Once you create the profile field, enter the number in the code below.
Next, you need to create a new template. Call it user_custompage. In this template, put one line...
$mypage
Then, create a plugin and link it to global_start
in the plugin, put the following code...
Code:
function SafeHTML($str, $allow_font = true, $allow_img = true, $allow_lists = true)
{
$approvedtags = array(
'p' => 2, // 2 means accept all qualifiers: <foo bar>
'b' => 1, // 1 means accept the tag only: <foo>
'i' => 1,
'u' => 1,
's' => 1,
'a' => 2,
'em' => 1,
'br' => 1,
'strong' => 1,
'strike' => 1,
'blockquote' => 1,
'tt' => 1,
'hr' => 1,
'table' => 2,
'tr' => 2,
'td' => 2,
'div' => 2
);
if ($allow_font == true)
{
$approvedtags['font'] = 2;
$approvedtags['big'] = 1;
$approvedtags['sup'] = 1;
$approvedtags['sub'] = 1;
}
if ($allow_img == true)
$approvedtags['img'] = 2;
if ($allow_lists == true)
{
$approvedtags['li'] = 1;
$approvedtags['ol'] = 1;
$approvedtags['ul'] = 1;
}
$keys = array_keys($approvedtags);
$str = stripslashes($str);
$str = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>","<\\1>",$str);
$str = eregi_replace("<a([^>]*)href=\"?([^\"]*)\"?([^>]*)>","<a href=\"\\2\">", $str);
$tmp = '';
while (eregi("<([^> ]*)([^>]*)>",$str,$reg))
{
$i = strpos($str,$reg[0]);
$l = strlen($reg[0]);
if ($reg[1][0] == "/")
$tag = strtolower(substr($reg[1],1));
else
$tag = strtolower($reg[1]);
if ((in_array($tag, $keys))&&($a = $approvedtags[$tag]))
{
if ($reg[1][0] == "/")
$tag = "</$tag>";
elseif ($a == 1)
$tag = "<$tag>";
else
$tag = "<$tag " . $reg[2] . ">";
}
else
$tag = '';
$tmp .= substr($str,0,$i) . $tag;
$str = substr($str,$i+$l);
}
$str = $tmp . $str;
// Squash PHP tags unconditionally
$str = ereg_replace("<\?","NO PHP ALLOWED",$str);
$str = ereg_replace("<?php","NO PHP ALLOWED",$str);
// Squash SCRIPT Tags unconditionally
$str = ereg_replace("<script","NO SCRIPT ALLOWED",$str);
// Squash comment tags unconditionally
$str = ereg_replace("<!--","NO COMMENT TAGS ALLOWED",$str);
return $str;
}
function process_message_preview($message)
{
global $vbulletin, $vbphrase, $stylevar, $show;
require_once(DIR . '/includes/class_bbcode.php');
$bbcode_parser =& new vB_BbCodeParser($vbulletin, fetch_tag_list());
$previewhtml = '';
if ($previewmessage = $bbcode_parser->do_parse($message, $do_html = true, $do_smilies = true, $do_bbcode = true, $do_imgcode = true, $do_nl2br = true, $cachable = false))
{
$previewhtml = $previewmessage;
}
return $previewhtml;
}
$mypage = unhtmlspecialchars(process_message_preview($vbulletin->userinfo['field65']));
$mypage = Safehtml($mypage);
eval('$mypage = "' . fetch_template('user_custompage') . '";');
Now all that you have to do is put $mypage in whatever template you want your user's custom profile field html to show.
This is possibly the most unsafe hack ever for your website, but it demonstrates a really cool principal that by specifying which tags a user can use, they can make a website. And yes, if they mess up the code, everyone will see your website all broken.
This is my first whack at posting something i've hacked together, so please bear with me
Here is a link to see it in action. All the stuff you see between the "MOD STARTS HERE" and "MOD STOPS HERE" is a profile field.
http://www.quad4forums.com/test/member.php?u=3472
Here is the code i've entered in the profile field. I spent about 30 seconds on it, so its not a definitive example of whats possible, but it gets the idea across. I've also added the script tag so you can view my page's source and notice its not there.
(I have to use strikeout so vbulletin.org doesn't parse the bbcode)
MOD STARTS HERE
<B><TABLE style="width: 100%; padding: 0px; border: 1px; border: 1px solid #789DB3; background-image: url(http://www.travelblog.org/Wallpaper/pix/waterfall_desktop_background-1600x1200.jpg)"><TD>
<p align="center">
[B]Here is my test page[/B]
[img]http://mediaengine.org/mitcht/gallery/albums/misc/My_Car_010.sized.jpg[/img]
</p>
<TR></TR> </TD></B></table>
<DIV>
<SCRIPT>
<?
MOD ENDS HERE
BTW. This is my test forum, so its not going to be doing much!
Download
No files for download.
Screenshots
