Palmer ofShinra
10-31-2001, 08:39 AM
OK... as we have HTML enabled in some users titles... there is obviously some concern with malicious tag use.
So I simply wanted to whip up a little script that sniffs out everyone with certain tags in their title and returns a list, with links to edit them in the CP.
Not being a super whiz at this, I simply copy/pasted code from another file that I know DOES work and tweaked a few things.
However... for some reason... it seems to take FOREVER to run and returns EVERY user, no matter what their title is.
It's supposed to find everyone with <img in their title... and returns people who have the default Junior Member title.
Anyhow... here's the code... can anyone tell me what's wrong?
<?php
require("./global.php");
cpheader("<title>Shinra Online vB Utilities</title>");
$badtags=array(1 => "<IMG", "<FORM", "<STYLE", "CSS", "<EMBED", "<FRAME", "<SCRIPT");
// ###################### Start findbadtitles #######################
if ($action=="findbadtitles") {
// $titlelog = fopen ("./titlelog.txt", "a");
echo "<p><a href=\"utils.php?action=stripbadtitles\">Click here to automatically strip all HTML from the below listed titles</a><p><a href=\"utils.php?action=replacebadtitles\">Click here to replace all the below titles with warnings</a><p>The above links will not affect Turks.<p><table>";
for ($count = 1; count <= sizeof($badtags); $count++) {
$users=$DB_site->query("SELECT userid,username,usertitle,usergroupid FROM user WHERE usertitle LIKE '".$badtags[$count]."%' ORDER BY username");
if ($DB_site->num_rows($users)>0) {
echo "<tr><td nowrap><p><b>Users Found:</b></p></td><td nowrap><p> </p></td><td nowrap><p> </p></td></tr>\n";
while ($user=$DB_site->fetch_array($users)) {
if ($user[usergroupid]==5 OR $user[usergroupid]==6) {
// Flag admins and Super mods differently
echo "<tr><td nowrap><p>$user[username] </p></td><td nowrap><a href=\"user.php?action=edituser&userid=$user[userid]\" target=\"_blank\"><p>This User has a $badtags[$count] tag in their title... but is a Turk!</a><br>Title is: <font color=red>".addslashes(htmlspecialchars($user[usertitle]))."</font></td></tr>\n";
} else {
echo "<tr><td nowrap><p>$user[username] </p></td><td nowrap><a href=\"user.php?action=edituser&userid=$user[userid]\" target=\"_blank\"><p>This User has a $badtags[$count] tag in their title</a><br>Title is: <font color=red>".addslashes(htmlspecialchars($user[usertitle]))."</font></td></tr>\n";
// fwrite ($titlelog, "$user[username] (Userid $user[userid]) had this for a title\n $user[usertitle]\n\n");
}
}
echo "<hr>";
} else {
echo "<td><p>No users found with $badtags[$count] tags, thankfully.</p></td><hr>";
}
}
echo "</table><p><p><a href=\"utils.php?action=stripbadtitles\">Click here to automatically strip all HTML from the above listed titles</a><p><a href=\"utils.php?action=replacebadtitles\">Click here to replace all the above titles with warnings</a><p>The above links will not affect Turks.";
fclose ($titlelog);
}
echo "<p>DONE!";
cpfooter();
?>
So I simply wanted to whip up a little script that sniffs out everyone with certain tags in their title and returns a list, with links to edit them in the CP.
Not being a super whiz at this, I simply copy/pasted code from another file that I know DOES work and tweaked a few things.
However... for some reason... it seems to take FOREVER to run and returns EVERY user, no matter what their title is.
It's supposed to find everyone with <img in their title... and returns people who have the default Junior Member title.
Anyhow... here's the code... can anyone tell me what's wrong?
<?php
require("./global.php");
cpheader("<title>Shinra Online vB Utilities</title>");
$badtags=array(1 => "<IMG", "<FORM", "<STYLE", "CSS", "<EMBED", "<FRAME", "<SCRIPT");
// ###################### Start findbadtitles #######################
if ($action=="findbadtitles") {
// $titlelog = fopen ("./titlelog.txt", "a");
echo "<p><a href=\"utils.php?action=stripbadtitles\">Click here to automatically strip all HTML from the below listed titles</a><p><a href=\"utils.php?action=replacebadtitles\">Click here to replace all the below titles with warnings</a><p>The above links will not affect Turks.<p><table>";
for ($count = 1; count <= sizeof($badtags); $count++) {
$users=$DB_site->query("SELECT userid,username,usertitle,usergroupid FROM user WHERE usertitle LIKE '".$badtags[$count]."%' ORDER BY username");
if ($DB_site->num_rows($users)>0) {
echo "<tr><td nowrap><p><b>Users Found:</b></p></td><td nowrap><p> </p></td><td nowrap><p> </p></td></tr>\n";
while ($user=$DB_site->fetch_array($users)) {
if ($user[usergroupid]==5 OR $user[usergroupid]==6) {
// Flag admins and Super mods differently
echo "<tr><td nowrap><p>$user[username] </p></td><td nowrap><a href=\"user.php?action=edituser&userid=$user[userid]\" target=\"_blank\"><p>This User has a $badtags[$count] tag in their title... but is a Turk!</a><br>Title is: <font color=red>".addslashes(htmlspecialchars($user[usertitle]))."</font></td></tr>\n";
} else {
echo "<tr><td nowrap><p>$user[username] </p></td><td nowrap><a href=\"user.php?action=edituser&userid=$user[userid]\" target=\"_blank\"><p>This User has a $badtags[$count] tag in their title</a><br>Title is: <font color=red>".addslashes(htmlspecialchars($user[usertitle]))."</font></td></tr>\n";
// fwrite ($titlelog, "$user[username] (Userid $user[userid]) had this for a title\n $user[usertitle]\n\n");
}
}
echo "<hr>";
} else {
echo "<td><p>No users found with $badtags[$count] tags, thankfully.</p></td><hr>";
}
}
echo "</table><p><p><a href=\"utils.php?action=stripbadtitles\">Click here to automatically strip all HTML from the above listed titles</a><p><a href=\"utils.php?action=replacebadtitles\">Click here to replace all the above titles with warnings</a><p>The above links will not affect Turks.";
fclose ($titlelog);
}
echo "<p>DONE!";
cpfooter();
?>