PDA

View Full Version : Reset Notices

chrissyplum79
12-22-2011, 01:57 PM
I am trying to reset notices I removed on my forum I have a code here:
<?php
if ($_COOKIE['bbuserid']==0 || $_COOKIE['bbuserid']==null)
{ die('You must be logged in to reset dismissed notices.'); }
include('includes/config.php');
$servername = $config['MasterServer']['servername'];
$port = $config['MasterServer']['port'] ? $config['MasterServer']['port'] : 2082;
$con = mysql_connect("$servername:$port",$config['MasterServer']['username'],$config['MasterServer']['password']);
mysql_select_db($config['Database']['dbname'], $con);
mysql_query("DELETE FROM tta_noticedismissed WHERE userid=" . intval($_COOKIE['bbuserid']));
mysql_close($con);
echo '<script type="text/javascript">
<!--
window.location = "http://toontownmania.com/forums/"
//-->
</script>';

?>
I am currently running on vBulletin 4.1.8 but when I go to mysite.com/forums/resetdismiss.php it says You must be logged in to reset banners. Can anyone help me?
chrissyplum79
01-25-2012, 10:50 PM
Can anyone help me at all?
kh99
01-25-2012, 11:13 PM
Are you sure those are the correct cookie names? The code for determining the cookie prefix is:

define('COOKIE_PREFIX', (empty($this->config['Misc']['cookieprefix']) ? 'bb' : $this->config['Misc']['cookieprefix']) . '_');

So I think it would be "bb_userid" unless you have something else defined in config.php.

Maybe it would be better to include config.php before the check and use the above code, like:
include('includes/config.php');
define('COOKIE_PREFIX', (empty($config['Misc']['cookieprefix']) ? 'bb' : $config['Misc']['cookieprefix']) . '_');
if ($_COOKIE[COOKIE_PREFIX . 'userid']==0 || $_COOKIE[COOKIE_PREFIX . 'userid']==null)
{ die('You must be logged in to reset dismissed notices.'); }


Also, where is the script that you're running? If it's not in the same directory as the vb scripts then you need to have "Path to Save Cookies" (under Cookies and HTTP Header Options) set to / or else the cookies won't be sent to your script.

Checking the cookies doesn't give you much security - anyone could send a fake cookie and it only needs to have a non-zero userid. If this is a concern you could include the vb global.php in your script then check to see if the user is actually logged in.