*scratches head*

OK... as we have HTML enabled in some users titles... there is obviously some concern with malicious tag use.

So I simply wanted to whip up a little script that sniffs out everyone with certain tags in their title and returns a list, with links to edit them in the CP.

Not being a super whiz at this, I simply copy/pasted code from another file that I know DOES work and tweaked a few things.

However... for some reason... it seems to take FOREVER to run and returns EVERY user, no matter what their title is.

It's supposed to find everyone with <img in their title... and returns people who have the default Junior Member title.

Anyhow... here's the code... can anyone tell me what's wrong?

Code:

<?php
require("./global.php");
cpheader("<title>Shinra Online vB Utilities</title>");
$badtags=array(1 => "<IMG", "<FORM", "<STYLE", "CSS", "<EMBED", "<FRAME", "<SCRIPT");

// ###################### Start findbadtitles #######################
if ($action=="findbadtitles") {
//  $titlelog = fopen ("./titlelog.txt", "a");
  echo "<p><a href=\"utils.php?action=stripbadtitles\">Click here to automatically strip all HTML from the below listed titles</a><p><a href=\"utils.php?action=replacebadtitles\">Click here to replace all the below titles with warnings</a><p>The above links will not affect Turks.<p><table>";
  for ($count = 1; count <= sizeof($badtags); $count++) {
      $users=$DB_site->query("SELECT userid,username,usertitle,usergroupid FROM user WHERE usertitle LIKE '".$badtags[$count]."%' ORDER BY username");


      if ($DB_site->num_rows($users)>0) {
        echo "<tr><td nowrap><p><b>Users Found:</b></p></td><td nowrap><p>&nbsp;</p></td><td nowrap><p>&nbsp;</p></td></tr>\n";
        while ($user=$DB_site->fetch_array($users)) {
          if ($user[usergroupid]==5 OR $user[usergroupid]==6) {
// Flag admins and Super mods differently
              echo "<tr><td nowrap><p>$user[username]&nbsp;&nbsp;&nbsp;</p></td><td nowrap><a href=\"user.php?action=edituser&userid=$user[userid]\" target=\"_blank\"><p>This User has a $badtags[$count] tag in their title... but is a Turk!</a><br>Title is: <font color=red>".addslashes(htmlspecialchars($user[usertitle]))."</font></td></tr>\n";
              } else {              
              echo "<tr><td nowrap><p>$user[username]&nbsp;&nbsp;&nbsp;</p></td><td nowrap><a href=\"user.php?action=edituser&userid=$user[userid]\" target=\"_blank\"><p>This User has a $badtags[$count] tag in their title</a><br>Title is: <font color=red>".addslashes(htmlspecialchars($user[usertitle]))."</font></td></tr>\n";
//              fwrite ($titlelog, "$user[username] (Userid $user[userid]) had this for a title\n   $user[usertitle]\n\n");
        }    
      }
      echo "<hr>";
    } else {
      echo "<td><p>No users found with $badtags[$count] tags, thankfully.</p></td><hr>";
    }  
  }
  echo "</table><p><p><a href=\"utils.php?action=stripbadtitles\">Click here to automatically strip all HTML from the above listed titles</a><p><a href=\"utils.php?action=replacebadtitles\">Click here to replace all the above titles with warnings</a><p>The above links will not affect Turks.";
  fclose ($titlelog); 
}
echo "<p>DONE!";
cpfooter();

?>

[oki]

just a wild shot.. try escaping the <'s, so you look for \<IMG etc.

[Palmer ofShinra]

It's irrelevant now... I figured out how to have bbcode parse in the titles, so HTML is just getting tossed entirely