Ok this is just something i've been slapping together the past few days, using code from here, google, and whatnot. I didn't write 99% of it, but I thought up the idea!

Ok heres the deal. You want your users to be able to customize a page such as MEMBERINFO. Problem is, really customizations all look EXACTLY the same. So I thought, why not let the users just program their own html css stuff like on myspace, as well as allow bbcode. If it messes up their memberinfo page, so what. Its their own fault and they should fix it. (My members are really a close knit family of computer / car people so I think they can handle this). I trust most of them, but since this mod only allows what you specify, you can't add things like <SCRIPT> tags or php code etc.

The following code works in conjunction with a custom template and an eval'd variable.

To get this to work, you first have to create a new custom profile field. I don't know what the number of this field will be, so you'll have to figure that one out yourself. You should probably specify a multi line field with a lot of space. Once you create the profile field, enter the number in the code below.

Next, you need to create a new template. Call it user_custompage. In this template, put one line...

$mypage


Then, create a plugin and link it to global_start

in the plugin, put the following code...

function SafeHTML($str, $allow_font = true, $allow_img = true, $allow_lists = true)
{
$approvedtags = array(
'p' => 2, // 2 means accept all qualifiers: <foo bar>
'b' => 1, // 1 means accept the tag only: <foo>
'i' => 1,
'u' => 1,
's' => 1,
'a' => 2,
'em' => 1,
'br' => 1,
'strong' => 1,
'strike' => 1,
'blockquote' => 1,
'tt' => 1,
'hr' => 1,
'table' => 2,
'tr' => 2,
'td' => 2,
'div' => 2

);

if ($allow_font == true)
{
$approvedtags['font'] = 2;
$approvedtags['big'] = 1;
$approvedtags['sup'] = 1;
$approvedtags['sub'] = 1;
}

if ($allow_img == true)
$approvedtags['img'] = 2;

if ($allow_lists == true)
{
$approvedtags['li'] = 1;
$approvedtags['ol'] = 1;
$approvedtags['ul'] = 1;
}

$keys = array_keys($approvedtags);

$str = stripslashes($str);
$str = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>","<\\1>",$str);
$str = eregi_replace("<a([^>]*)href=\"?([^\"]*)\"?([^>]*)>","<a href=\"\\2\">", $str);

$tmp = '';
while (eregi("<([^> ]*)([^>]*)>",$str,$reg))
{
$i = strpos($str,$reg[0]);
$l = strlen($reg[0]);
if ($reg[1][0] == "/")
$tag = strtolower(substr($reg[1],1));
else
$tag = strtolower($reg[1]);

if ((in_array($tag, $keys))&&($a = $approvedtags[$tag]))
{
if ($reg[1][0] == "/")
$tag = "</$tag>";
elseif ($a == 1)
$tag = "<$tag>";
else
$tag = "<$tag " . $reg[2] . ">";
}
else
$tag = '';

$tmp .= substr($str,0,$i) . $tag;
$str = substr($str,$i+$l);
}

$str = $tmp . $str;

// Squash PHP tags unconditionally
$str = ereg_replace("<\?","NO PHP ALLOWED",$str);
$str = ereg_replace("<?php","NO PHP ALLOWED",$str);

// Squash SCRIPT Tags unconditionally
$str = ereg_replace("<script","NO SCRIPT ALLOWED",$str);


// Squash comment tags unconditionally
$str = ereg_replace("<!--","NO COMMENT TAGS ALLOWED",$str);

return $str;
}


function process_message_preview($message)
{
global $vbulletin, $vbphrase, $stylevar, $show;

require_once(DIR . '/includes/class_bbcode.php');
$bbcode_parser =& new vB_BbCodeParser($vbulletin, fetch_tag_list());

$previewhtml = '';
if ($previewmessage = $bbcode_parser->do_parse($message, $do_html = true, $do_smilies = true, $do_bbcode = true, $do_imgcode = true, $do_nl2br = true, $cachable = false))
{
$previewhtml = $previewmessage;

}

return $previewhtml;
}


$mypage = unhtmlspecialchars(process_message_preview($vbulle tin->userinfo['field65']));

$mypage = Safehtml($mypage);

eval('$mypage = "' . fetch_template('user_custompage') . '";');

See there where it says 'field65'? Thats where you put your profile field number.

Now all that you have to do is put $mypage in whatever template you want your user's custom profile field html to show.

This is possibly the most unsafe hack ever for your website, but it demonstrates a really cool principal that by specifying which tags a user can use, they can make a website. And yes, if they mess up the code, everyone will see your website all broken. ;)

This is my first whack at posting something i've hacked together, so please bear with me ;)

Here is a link to see it in action. All the stuff you see between the "MOD STARTS HERE" and "MOD STOPS HERE" is a profile field.

http://www.quad4forums.com/test/member.php?u=3472

Here is the code i've entered in the profile field. I spent about 30 seconds on it, so its not a definitive example of whats possible, but it gets the idea across. I've also added the script tag so you can view my page's source and notice its not there.

(I have to use strikeout so vbulletin.org doesn't parse the bbcode)

MOD STARTS HERE
<B><TABLE style="width: 100%; padding: 0px; border: 1px; border: 1px solid #789DB3; background-image: url(http://www.travelblog.org/Wallpaper/pix/waterfall_desktop_background-1600x1200.jpg)"><TD>
<p align="center">
Here is my test page
http://mediaengine.org/mitcht/gallery/albums/misc/My_Car_010.sized.jpg
</p>
<TR></TR> </TD></B></table>
<DIV>
<SCRIPT>
<?

MOD ENDS HERE

BTW. This is my test forum, so its not going to be doing much!

hmm any screen shots?

Go to that link I just linked you to. A screenshot would be kinda pointless because WHATEVER you write in html, becomes the page. Its so customizable its almost ridiculous. It pretty much exactly duplicated the myspace css thing.

thank you!

it's open way to hacker my website by bbcode $ Html that is not secur

Will take a look at this

Thanks

I would like to see this integrated with the current user customisation options. Allowing HTML and CSS within that would be awesome.
________
Vaporizer Vulcano (http://vaporizer.org/reviews)

I don't understand why you striked out the text. Why don't you just use the [noparse] bbcode if you don't want certain code parsed?

Ok didn't even see that! Also, it *shouldn't* allow hacking because you specify the tags you want. So only allow <B> tag and thats the ONLY html tag that works. Allow the <DIV> tag and that opens up "myspace style" website design. I'm really suprised that hasn't been done before.


FACEPALM!
https://vborg.vbsupport.ru/external/2009/05/55.jpg

I'm looking for something a bit similar.. but I can make this work for what I need, just having a slight problem..

When I view other profiles, it shows my info where theirs should be (from the newly created field), any idea on a fix?

Ok didn't even see that! Also, it *shouldn't* allow hacking because you specify the tags you want. So only allow <B> tag and thats the ONLY html tag that works. Allow the <DIV> tag and that opens up "myspace style" website design. I'm really suprised that hasn't been done before.


FACEPALM!
http://www.facepalm.org/images/03.jpg

Aye! That's no face palm lol, that's when Data says something over the top OR Ryker just came back from Diana's office w/ a smile on his face :p

Can you clean up your mod post when you see this, it shows the incomplete code and where the hello did that "<?" come from ;)

<b><table style="width: 100%; padding: 0px; border: 1px; border: 1px solid #789DB3; background-image: url(http://www.travelblog.org/Wallpaper/pix/waterfall_desktop_background-1600x1200.jpg)"><td ><p align="center"><b>Here is my test page</b><br>

<img src = "http://mediaengine.org/mitcht/gallery/albums/misc/My_Car_010.sized.jpg" /><br>
<a href="http://mediaengine.org/mitcht/gallery/albums/album02/New_Car_1_003.sized.jpg"><img src="http://mediaengine.org/mitcht/gallery/albums/album02/New_Car_1_003.sized.jpg" border="0" alt="Click the image to open in full size." class="tcattdimgresizer" /></a><a href="http://mediaengine.org/mitcht/gallery/albums/album07/draven_bday_003.sized.jpg"><img src="http://mediaengine.org/mitcht/gallery/albums/album07/draven_bday_003.sized.jpg" border="0" alt="Click the image to open in full size." class="tcattdimgresizer" /></a></p><tr ></tr> </td></b></table>
<BR />

And more details for the "members" :D

I'm looking for something a bit similar.. but I can make this work for what I need, just having a slight problem..

When I view other profiles, it shows my info where theirs should be (from the newly created field), any idea on a fix?

Newly created field pulls the info from your profile when YOU view, you need to code this differently to show who's info it is in the page, this can be done via postbit templates.

This is just what I was looking for , allowing me to create custom user profile fields that allow the users to install widgets on their profiles.

"Newly created field pulls the info from your profile when YOU view, you need to code this differently to show who's info it is in the page, this can be done via postbit templates."

Please tell me exactly what needs to be done so when a person goes to anothers profile they see that persons info/widget?

Please can someone elaborate how how to make this show that specific users custom field and not my custom field on their profile pages? This is a GREAT Hack! I will definitely nominate this for mod of the month if I can just have this small problem resolved. This allows me to let the users customize their Profile pages with their own widgets, just like all the major social sites out there like Myspace, Hi5, Tagged, Facebook and many others. Awesome Idea!

it's open way to hacker my website by bbcode $ Html that is not secure

Html Is already allowed in many areas of VB, If you back up your site nightly you should not worry as much.
Truly folks, people hacking your site via html or BB Code is very unlikely to happen, most of our sites are not worth their time and trouble. You can specify exactly which codes you will allow. I see most of the social sites out there enabling widgets and html on their servers and user pages IE: MySpace, Facebook, Hi5, Tagged just to name a few and funny thing is they are not going down because of some hacker. ;)

Nice, thanks.

I sure wish I knew all this coding, Surely this should be easy for any VB Coder to help us resolve?

This appears to be much more difficult than first thought, Coder here is using the code $mypage = unhtmlspecialchars(process_message_preview($vbulle tin->userinfo['field9']));
Which pulls the current users custom field info, to pull the custom field info from the profile page owner you need to use $userinfo [field9] which unfortunately stops making this mod work. I am stumped I have spent over a day trying to resolve this issue all on my own, I have posted many pm's, threads and posts on multiple boards for help on this supposedly easy coding fix but no one has responded. :(

It appears since the code is not running from the user profile page that it is unable to pull that users custom field info. :( Truly sad no other coders other than TheLastSuperman, many thanks for his time on trying to help on this matter, have even responded to my queries and hopes on this mod. This Mod has such great potential for truly changing and modifying user profiles. The ability to add in user widgets is a stupendous idea. More simply would be a way to run HTML code from custom user fields. There has to be a way to enable this in VB, I know the risks involved in allowing HTML, but I should have the option of what I allow and what I risk when its my web site. Security risks are to be taken by the web site admins not governed by the software developers.

Well I guess I GIVE UP since no one else is interested in giving an answer or helping in any way. This could truly have been a great Mod. Even the coder is ignoring Pm's as well as his Mod Thread here. :(

I've been a long while away from the site. My family and I went to Florida for 3 weeks and we've come back and been remodeling the house! I'm going to read through all of the things you've asked me and then post a response her.

Aye! That's no face palm lol, that's when Data says something over the top OR Ryker just came back from Diana's office w/ a smile on his face :p

Can you clean up your mod post when you see this, it shows the incomplete code and where the hello did that "<?" come from ;)

<b><table style="width: 100%; padding: 0px; border: 1px; border: 1px solid #789DB3; background-image: url(http://www.travelblog.org/Wallpaper/pix/waterfall_desktop_background-1600x1200.jpg)"><td ><p align="center"><b>Here is my test page</b><br>

<img src = "http://mediaengine.org/mitcht/gallery/albums/misc/My_Car_010.sized.jpg" /><br>
<a href="http://mediaengine.org/mitcht/gallery/albums/album02/New_Car_1_003.sized.jpg"><img src="http://mediaengine.org/mitcht/gallery/albums/album02/New_Car_1_003.sized.jpg" border="0" alt="Click the image to open in full size." class="tcattdimgresizer" /></a><a href="http://mediaengine.org/mitcht/gallery/albums/album07/draven_bday_003.sized.jpg"><img src="http://mediaengine.org/mitcht/gallery/albums/album07/draven_bday_003.sized.jpg" border="0" alt="Click the image to open in full size." class="tcattdimgresizer" /></a></p><tr ></tr> </td></b></table>
<BR />

And more details for the "members" :D



Newly created field pulls the info from your profile when YOU view, you need to code this differently to show who's info it is in the page, this can be done via postbit templates.


The incomplete code and the ?> is there just to demonstrate what it will strip out from a user's code if they try to write a script on your site with this mod installed. I guess I didn't explain it very well. I also just wanted to demonstrate that if a person was to type in some completely terrible code, it would still parse it and display something worth looking at. I know this isn't 'standard HTML' or whatever, but most people on a vbulletin site just want stuff to look good to themselves ;)

Please can someone elaborate how how to make this show that specific users custom field and not my custom field on their profile pages? This is a GREAT Hack! I will definitely nominate this for mod of the month if I can just have this small problem resolved. This allows me to let the users customize their Profile pages with their own widgets, just like all the major social sites out there like Myspace, Hi5, Tagged, Facebook and many others. Awesome Idea!

If you create a custom field, you just specify which custom field number is created in this line of my code...

$mypage = unhtmlspecialchars(process_message_preview($vbulle tin->userinfo['field65']));

vbulletin happened to make the custom field '65' when I created it, so I just put that number into the above line. It could be anything.

I have it working right, except when I go to someone's profile page it show my custom field / HTML not theirs. :( I want to go to peoples profiles and see their custom field /HTML.

great idea!

can't get it to work though. it will only show MY info not the info of the person i am looking at. also, i can only add the info to the MEMBERINFO template. i would like to add it to the memberinfo_block_aboutme template.

I think that to show the info of the person (not your own info), you have to change from:

$mypage = unhtmlspecialchars(process_message_preview($vbulle tin->userinfo['field65']));

to

$mypage = unhtmlspecialchars(process_message_preview($userin fo['field65']));

because the $vbulletin->userinfo referer to yourself, and $userinfo will referer to the person of the profile your are visiting

ps:
pay attention that the variable $userinfo wont be always available
I think this variable is defined only in profile pages, so you would have to add a verification like:

if($userinfo)

I have it working right, except when I go to someone's profile page it show my custom field / HTML not theirs. :( I want to go to peoples profiles and see their custom field /HTML.Agreed! :(