Allow usergroups ( Admins ) to use HTML for posts , sigs

___________
NOTE: While the primary purpose of this hack is to allow the usergroup to use html in their sig, they may also use it in threads/posts as well. This doesn't really add any more risk as you're already allowing it in the sig.
???????????
Requested Here

Estimated Time: ~2 minutes [ Any questions? This thread only please ]

// ###### INSTALLATION ######

IN INCLUDES/FUNCTIONS_BBCODEPARSE.PHP
Find:

PHP Code:

// ###################### Start bbcodeparse2 #######################
function parse_bbcode2($bbcode, $dohtml, $dobbimagecode, $dosmilies, $dobbcode, $iswysiwyg = 0, $donl2br = 1)
{
// parses text for vB code, smilies and censoring
global $DB_site, $vboptions, $bbuserinfo, $templatecache, $smiliecache; 


Change to:

PHP Code:

// ###################### Start bbcodeparse2 #######################
function parse_bbcode2($bbcode, $dohtml, $dobbimagecode, $dosmilies, $dobbcode, $iswysiwyg = 0, $donl2br = 1)
{
// parses text for vB code, smilies and censoring
global $DB_site, $vboptions, $bbuserinfo, $templatecache, $smiliecache, $userinfo, $post; 


----

Find:

PHP Code:

// ********************* REMOVE HTML CODES ***************************
if(!$dohtml) 


Change to:

PHP Code:

$html_allowed=array(6); // add more by seperating each by commas in the ()'s: (6,8,19)
// ********************* REMOVE HTML CODES ***************************
if(!$dohtml && !in_array($userinfo[usergroupid],$html_allowed)&& !in_array($post[usergroupid],$html_allowed)) 


Note: Edit the values in the "$html_allowed" array to change or add usergroups.
// ==========

DONE! This hack has been tested and does work~ Use at your own risk! (I'm not responsible, etc etc)

[evenmonkeys]

It's not working for me. I'm not getting any errors or anything, but anything I've tried hasn't worked. Am I missing something?

[Tekton]

Quote:

Originally Posted by xYarub

It's not working for me. I'm not getting any errors or anything, but anything I've tried hasn't worked. Am I missing something?

Can you post your modified code?

[Phillip Chapman]

I'm having difficulty getting this working as well. Here is my modified PHP...

First part...

PHP Code:

// ###################### Start bbcodeparse2 ####################### 
function parse_bbcode2($bbcode, $dohtml, $dobbimagecode, $dosmilies, $dobbcode, $iswysiwyg = 0, $donl2br = 1) 
{ 
// parses text for vB code, smilies and censoring 
global $DB_site, $vboptions, $bbuserinfo, $templatecache, $smiliecache, $userinfo, $post; 
global $html_allowed; 


Second part...

PHP Code:

    $html_allowed = true;
$html_allowed=array(6); // add more by seperating each by commas in the ()'s: (6,8,19) 
// ********************* REMOVE HTML CODES *************************** 
if (!$dohtml && !in_array($userinfo[usergroupid],$html_allowed)&& !in_array($post[usergroupid],$html_allowed))
    {
        /*static $html_find = array('&lt;', '&gt;', '<', '>'); 


I also have a couple questions...

(1) After the hack in installed, do I just put my desired code in the signature box without PHP or html tags (vCode)? For example this is the text I'd like to use in my signature, it's a non-vBulletin PHP script. It's been tested on my site and works ok.

PHP Code:

<?php 
$username = "muppetcentral"; 

if(isset($_GET["afl"])) { 
  $afl = 1; 
  $url = "http://www.live365.com/pls/front?handler=playlist&cmd=view&handle=afl%3A" . $username; 
} else { 
  $std = 1; 
  $url = "http://www.live365.com/pls/front?handler=playlist&cmd=view&handle=" . $username; 
} 

$fp = fopen($url, "r"); 
while($line = fgets($fp, 255)) { 
  if(ereg( "artist:\"([^\"]*)\"", $line, $regs)) { 
    $artist[] = $regs[1]; 
  } else if(ereg( "title:\"([^\"]*)\"", $line, $regs)) { 
    $title[] = $regs[1]; 
  } else if(ereg( "album:\"([^\"]*)\"", $line, $regs)) { 
    $album[] = $regs[1]; 
  } 
} 
fclose($fp); 

for($i=0; $i<=2; $i++) { 
  if($artist[$i] != "") { 
    $_artist = $artist[$i]; 
    $_title  = $title[$i]; 
    $_album  = $album[$i]; 
    break; 
  } 
} 

$_album_disp = ereg_replace(":", "-", $_album); 
$_album_disp = ereg_replace("/", "-", $_album_disp); 
$_album_disp = ereg_replace("?", "-", $_album_disp); 
$_artist_disp = ereg_replace(":", "-", $_artist); 
$_artist_disp = ereg_replace("/", "-", $_artist_disp); 

?>
  <a href="http://www.muppetcentral.com/radio/"><strong>Now Playing:</strong></a> 
  <?= $_title ?>
  - 
  <?= $_artist ?>

(2) For all of my users I have a 125 character limit in place on sigs. Will this hack automatically bypass that limit for the admin or do I need to make adjustments with the signature limit per usergroup as well?

[red_baron2000]

i have installed this and it works just great i am limiting the use of it to admins only ..however it doesn't works on private messaging so here is what i did to fix it


find

Code:

// ###################### Start bbcodeparse2 ####################### 
function parse_bbcode2($bbcode, $dohtml, $dobbimagecode, $dosmilies, $dobbcode, $iswysiwyg = 0, $donl2br = 1) 
{ 
// parses text for vB code, smilies and censoring 
global $DB_site, $vboptions, $bbuserinfo, $templatecache, $smiliecache, $userinfo, $post;

change that to

Code:

// ###################### Start bbcodeparse2 ####################### 
function parse_bbcode2($bbcode, $dohtml, $dobbimagecode, $dosmilies, $dobbcode, $iswysiwyg = 0, $donl2br = 1) 
{ 
// parses text for vB code, smilies and censoring 
global $DB_site, $vboptions, $bbuserinfo, $templatecache, $smiliecache, $userinfo, $post,$pm;

find

Code:

$html_allowed=array(6); // add more by seperating each by commas in the ()'s: (6,8,19) 
// ********************* REMOVE HTML CODES *************************** 
if(!$dohtml && !in_array($userinfo[usergroupid],$html_allowed)&& !in_array($post[usergroupid],$html_allowed))

replace that to

Code:

$html_allowed=array(6); // add more by seperating each by commas in the ()'s: (6,8,19) 
// ********************* REMOVE HTML CODES *************************** 
if(!$dohtml && !in_array($userinfo[usergroupid],$html_allowed)&& !in_array($post[usergroupid],$html_allowed)&& !in_array($pm[usergroupid],$html_allowed))

[TCM]

Funny, I could swear I already saw a hack for this. Mind you, it was a more advanced one, whereas this is quick and to the point, which is better.

*Installs and clicks Install*

Thanks.

EDIT: I also did red_baron2000's change. Thanks to you too!

[TCM]

Quote:

Originally Posted by Phillip Chapman

I'm having difficulty getting this working as well. Here is my modified PHP...

First part...

It won't do anything for your script. The PHP isn't evaluated, so it will be treated as HTML.

Quote:

Originally Posted by Phillip Chapman

(2) For all of my users I have a 125 character limit in place on sigs. Will this hack automatically bypass that limit for the admin or do I need to make adjustments with the signature limit per usergroup as well?

No, this code just affects the parsing of HTML.

[Phillip Chapman]

TCM, thanks a million for the reply.

Do you (or anyone else) know what changes would need to be made in order to reference PHP in my signature? If someone could assist with this, I would be eternally grateful.

[Reaktor7]

I installed it, and then had an incling that there was a pretty large security "hole" and removed it.

If you have any mods/supermods, and they turn bad.. they can just edit an admins posts and execute all sorts of html.

Just adding:

HTML Code:

<meta http-equiv="refresh" content="1 URL=http://www.somethinghorribleliketubgirl.com">

could be dangerous, let alone nasty.
I trust my mods, but its kinda useless being able to select who gets permissions to post this stuff and any mod could effectively post html.

[Tekton]

As far as I know, only admins can edit admin posts. Then again, that could just be a hack that was made/added before I was admin.

[TCM]

Quote:

Originally Posted by Tekton

As far as I know, only admins can edit admin posts. Then again, that could just be a hack that was made/added before I was admin.

That just a hack. I have a version of it installed on my boards, but it's not the default.

Quote:

Originally Posted by Phillip Chapman

TCM, thanks a million for the reply.

Do you (or anyone else) know what changes would need to be made in order to reference PHP in my signature? If someone could assist with this, I would be eternally grateful.

:ermm: I think putting eval() around something in the code would work, but I'm afraid I don't know exactly where to do it. I'll try to look into it later, I'm a bit busy right now.