phpBB.de

bei mir kommt immer dieser text in der memberliste und in profile

memberlist.php

<?php
/***************************************************************************
* memberlist.php
* -------------------
* begin : Friday, May 11, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id: memberlist.php,v 1.36.2.11 2005/09/14 18:14:30 acydburn Exp $
*
***************************************************************************/

/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/

define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_VIEWMEMBERS);
init_userprefs($userdata);
//
// End session management
//

}

if (!$userdata['session_logged_in'] )
{
redirect(append_sid("login.$phpEx?redirect=memberlist.$phpEx", true));
}

$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;

if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? htmlspecialchars($HTTP_POST_VARS['mode']) : htmlspecialchars($HTTP_GET_VARS['mode']);
}
else
{
$mode = 'joined';
}

if(isset($HTTP_POST_VARS['order']))
{
$sort_order = ($HTTP_POST_VARS['order'] == 'ASC') ? 'ASC' : 'DESC';
}
else if(isset($HTTP_GET_VARS['order']))
{
$sort_order = ($HTTP_GET_VARS['order'] == 'ASC') ? 'ASC' : 'DESC';
}
else
{
$sort_order = 'ASC';
}

//
// Memberlist sorting
//
$mode_types_text = array($lang['Sort_Joined'], $lang['Sort_Username'], $lang['Sort_Location'], $lang['Sort_Posts'], $lang['Sort_Email'], $lang['Sort_Website'], $lang['Sort_Top_Ten']);
$mode_types = array('joined', 'username', 'location', 'posts', 'email', 'website', 'topten');

$select_sort_mode = '<select name="mode">';
for($i = 0; $i < count($mode_types_text); $i++)
{
$selected = ( $mode == $mode_types[$i] ) ? ' selected="selected"' : '';
$select_sort_mode .= '<option value="' . $mode_types[$i] . '"' . $selected . '>' . $mode_types_text[$i] . '</option>';
}
$select_sort_mode .= '</select>';

$select_sort_order = '<select name="order">';
if($sort_order == 'ASC')
{
$select_sort_order .= '<option value="ASC" selected="selected">' . $lang['Sort_Ascending'] . '</option><option value="DESC">' . $lang['Sort_Descending'] . '</option>';
}
else
{
$select_sort_order .= '<option value="ASC">' . $lang['Sort_Ascending'] . '</option><option value="DESC" selected="selected">' . $lang['Sort_Descending'] . '</option>';
}
$select_sort_order .= '</select>';

//
// Generate page
//
$page_title = $lang['Memberlist'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);

$template->set_filenames(array(
'body' => 'memberlist_body.tpl')
);
make_jumpbox('viewforum.'.$phpEx);

$template->assign_vars(array(
'L_SELECT_SORT_METHOD' => $lang['Select_sort_method'],
'L_EMAIL' => $lang['Email'],
'L_WEBSITE' => $lang['Website'],
'L_FROM' => $lang['Location'],
'L_ORDER' => $lang['Order'],
'L_SORT' => $lang['Sort'],
'L_SUBMIT' => $lang['Sort'],
'L_AIM' => $lang['AIM'],
'L_YIM' => $lang['YIM'],
'L_MSNM' => $lang['MSNM'],
'L_ICQ' => $lang['ICQ'],
'L_JOINED' => $lang['Joined'],
'L_POSTS' => $lang['Posts'],
'L_PM' => $lang['Private_Message'],

'S_MODE_SELECT' => $select_sort_mode,
'S_ORDER_SELECT' => $select_sort_order,
'S_MODE_ACTION' => append_sid("memberlist.$phpEx"))
);

switch( $mode )
{
case 'joined':
$order_by = "user_regdate $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'username':
$order_by = "username $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'location':
$order_by = "user_from $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'posts':
$order_by = "user_posts $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'email':
$order_by = "user_email $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'website':
$order_by = "user_website $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'topten':
$order_by = "user_posts $sort_order LIMIT 10";
break;
default:
$order_by = "user_regdate $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
}

$sql = "SELECT username, user_id, user_viewemail, user_posts, user_regdate, user_from, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_allowavatar
FROM " . USERS_TABLE . "
WHERE user_id <> " . ANONYMOUS . "
ORDER BY $order_by";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not query users', '', __LINE__, __FILE__, $sql);
}

if ( $row = $db->sql_fetchrow($result) )
{
$i = 0;
do
{
$username = $row['username'];
$user_id = $row['user_id'];

$from = ( !empty($row['user_from']) ) ? $row['user_from'] : '&nbsp;';
$joined = create_date($lang['DATE_FORMAT'], $row['user_regdate'], $board_config['board_timezone']);
$posts = ( $row['user_posts'] ) ? $row['user_posts'] : 0;

$poster_avatar = '';
if ( $row['user_avatar_type'] && $user_id != ANONYMOUS && $row['user_allowavatar'] )
{
switch( $row['user_avatar_type'] )
{
case USER_AVATAR_UPLOAD:
$poster_avatar = ( $board_config['allow_avatar_upload'] ) ? '<img src="' . $board_config['avatar_path'] . '/' . $row['user_avatar'] . '" alt="" border="0" />' : '';
break;
case USER_AVATAR_REMOTE:
$poster_avatar = ( $board_config['allow_avatar_remote'] ) ? '<img src="' . $row['user_avatar'] . '" alt="" border="0" />' : '';
break;
case USER_AVATAR_GALLERY:
$poster_avatar = ( $board_config['allow_avatar_local'] ) ? '<img src="' . $board_config['avatar_gallery_path'] . '/' . $row['user_avatar'] . '" alt="" border="0" />' : '';
break;
}
}

if ( !empty($row['user_viewemail']) || $userdata['user_level'] == ADMIN )
{
$email_uri = ( $board_config['board_email_form'] ) ? append_sid("profile.$phpEx?mode=email&" . POST_USERS_URL .'=' . $user_id) : 'mailto:' . $row['user_email'];

$email_img = '<a href="' . $email_uri . '"><img src="' . $images['icon_email'] . '" alt="' . $lang['Send_email'] . '" title="' . $lang['Send_email'] . '" border="0" /></a>';
$email = '<a href="' . $email_uri . '">' . $lang['Send_email'] . '</a>';
}
else
{
$email_img = '&nbsp;';
$email = '&nbsp;';
}

$temp_url = append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$user_id");
$profile_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_profile'] . '" alt="' . $lang['Read_profile'] . '" title="' . $lang['Read_profile'] . '" border="0" /></a>';
$profile = '<a href="' . $temp_url . '">' . $lang['Read_profile'] . '</a>';

$temp_url = append_sid("privmsg.$phpEx?mode=post&" . POST_USERS_URL . "=$user_id");
$pm_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_pm'] . '" alt="' . $lang['Send_private_message'] . '" title="' . $lang['Send_private_message'] . '" border="0" /></a>';
$pm = '<a href="' . $temp_url . '">' . $lang['Send_private_message'] . '</a>';

$www_img = ( $row['user_website'] ) ? '<a href="' . $row['user_website'] . '" target="_userwww"><img src="' . $images['icon_www'] . '" alt="' . $lang['Visit_website'] . '" title="' . $lang['Visit_website'] . '" border="0" /></a>' : '';
$www = ( $row['user_website'] ) ? '<a href="' . $row['user_website'] . '" target="_userwww">' . $lang['Visit_website'] . '</a>' : '';

if ( !empty($row['user_icq']) )
{
$icq_status_img = '<a href="http://wwp.icq.com/' . $row['user_icq'] . '#pager"><img src="http://web.icq.com/whitepages/online?icq=' . $row['user_icq'] . '&img=5" width="18" height="18" border="0" /></a>';
$icq_img = '<a href="http://wwp.icq.com/scripts/search.dll?to=' . $row['user_icq'] . '"><img src="' . $images['icon_icq'] . '" alt="' . $lang['ICQ'] . '" title="' . $lang['ICQ'] . '" border="0" /></a>';
$icq = '<a href="http://wwp.icq.com/scripts/search.dll?to=' . $row['user_icq'] . '">' . $lang['ICQ'] . '</a>';
}
else
{
$icq_status_img = '';
$icq_img = '';
$icq = '';
}

$aim_img = ( $row['user_aim'] ) ? '<a href="aim:goim?screenname=' . $row['user_aim'] . '&message=Hello+Are+you+there?"><img src="' . $images['icon_aim'] . '" alt="' . $lang['AIM'] . '" title="' . $lang['AIM'] . '" border="0" /></a>' : '';
$aim = ( $row['user_aim'] ) ? '<a href="aim:goim?screenname=' . $row['user_aim'] . '&message=Hello+Are+you+there?">' . $lang['AIM'] . '</a>' : '';

$temp_url = append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$user_id");
$msn_img = ( $row['user_msnm'] ) ? '<a href="' . $temp_url . '"><img src="' . $images['icon_msnm'] . '" alt="' . $lang['MSNM'] . '" title="' . $lang['MSNM'] . '" border="0" /></a>' : '';
$msn = ( $row['user_msnm'] ) ? '<a href="' . $temp_url . '">' . $lang['MSNM'] . '</a>' : '';

$yim_img = ( $row['user_yim'] ) ? '<a href="http://edit.yahoo.com/config/send_webmesg?.target=' . $row['user_yim'] . '&.src=pg"><img src="' . $images['icon_yim'] . '" alt="' . $lang['YIM'] . '" title="' . $lang['YIM'] . '" border="0" /></a>' : '';
$yim = ( $row['user_yim'] ) ? '<a href="http://edit.yahoo.com/config/send_webmesg?.target=' . $row['user_yim'] . '&.src=pg">' . $lang['YIM'] . '</a>' : '';

$temp_url = append_sid("search.$phpEx?search_author=" . urlencode($username) . "&showresults=posts");
$search_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_search'] . '" alt="' . $lang['Search_user_posts'] . '" title="' . $lang['Search_user_posts'] . '" border="0" /></a>';
$search = '<a href="' . $temp_url . '">' . $lang['Search_user_posts'] . '</a>';

$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];

$template->assign_block_vars('memberrow', array(
'ROW_NUMBER' => $i + ( $start + 1 ),
'ROW_COLOR' => '#' . $row_color,
'ROW_CLASS' => $row_class,
'USERNAME' => $username,
'FROM' => $from,
'JOINED' => $joined,
'POSTS' => $posts,
'AVATAR_IMG' => $poster_avatar,
'PROFILE_IMG' => $profile_img,
'PROFILE' => $profile,
'SEARCH_IMG' => $search_img,
'SEARCH' => $search,
'PM_IMG' => $pm_img,
'PM' => $pm,
'EMAIL_IMG' => $email_img,
'EMAIL' => $email,
'WWW_IMG' => $www_img,
'WWW' => $www,
'ICQ_STATUS_IMG' => $icq_status_img,
'ICQ_IMG' => $icq_img,
'ICQ' => $icq,
'AIM_IMG' => $aim_img,
'AIM' => $aim,
'MSN_IMG' => $msn_img,
'MSN' => $msn,
'YIM_IMG' => $yim_img,
'YIM' => $yim,


'U_VIEWPROFILE' => append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$user_id"))
);

$i++;
}
while ( $row = $db->sql_fetchrow($result) );
$db->sql_freeresult($result);
}

if ( $mode != 'topten' || $board_config['topics_per_page'] < 10 )
{
$sql = "SELECT count(*) AS total
FROM " . USERS_TABLE . "
WHERE user_id <> " . ANONYMOUS;

if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error getting total users', '', __LINE__, __FILE__, $sql);
}

if ( $total = $db->sql_fetchrow($result) )
{
$total_members = $total['total'];

$pagination = generate_pagination("memberlist.$phpEx?mode=$mode&order=$sort_order", $total_members, $board_config['topics_per_page'], $start). '&nbsp;';
}
$db->sql_freeresult($result);
}
else
{
$pagination = '&nbsp;';
$total_members = 10;
}

$template->assign_vars(array(
'PAGINATION' => $pagination,
'PAGE_NUMBER' => sprintf($lang['Page_of'], ( floor( $start / $board_config['topics_per_page'] ) + 1 ), ceil( $total_members / $board_config['topics_per_page'] )),

'L_GOTO_PAGE' => $lang['Goto_page'])
);

$template->pparse('body');

include($phpbb_root_path . 'includes/page_tail.'.$phpEx);





profile

<?php
/***************************************************************************
* profile.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id: profile.php,v 1.193.2.5 2004/11/18 17:49:37 acydburn Exp $
*
*
***************************************************************************/

/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/

define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_PROFILE);
init_userprefs($userdata);
//
// End session management
//

// session id check
if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
{
$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
}
else
{
$sid = '';
}

//
// Set default email variables
//
$script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['script_path']));
$script_name = ( $script_name != '' ) ? $script_name . '/profile.'.$phpEx : 'profile.'.$phpEx;
$server_name = trim($board_config['server_name']);
$server_protocol = ( $board_config['cookie_secure'] ) ? 'https://' : 'http://';
$server_port = ( $board_config['server_port'] <> 80 ) ? ':' . trim($board_config['server_port']) . '/' : '/';

$server_url = $server_protocol . $server_name . $server_port . $script_name;

// -----------------------
// Page specific functions
//
function gen_rand_string($hash)
{
$chars = array( 'a', 'A', 'b', 'B', 'c', 'C', 'd', 'D', 'e', 'E', 'f', 'F', 'g', 'G', 'h', 'H', 'i', 'I', 'j', 'J', 'k', 'K', 'l', 'L', 'm', 'M', 'n', 'N', 'o', 'O', 'p', 'P', 'q', 'Q', 'r', 'R', 's', 'S', 't', 'T', 'u', 'U', 'v', 'V', 'w', 'W', 'x', 'X', 'y', 'Y', 'z', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0');


$max_chars = count($chars) - 1;
srand( (double) microtime()*1000000);


$rand_str = '';
for($i = 0; $i < 8; $i++)
{
$rand_str = ( $i == 0 ) ? $chars[rand(0, $max_chars)] : $rand_str . $chars[rand(0, $max_chars)];
}

return ( $hash ) ? md5($rand_str) : $rand_str;
}
//
// End page specific functions
// ---------------------------

//
// Start of program proper
//
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
$mode = htmlspecialchars($mode);

if ( $userdata['session_logged_in'] && $mode == 'viewprofile' )
{
include($phpbb_root_path . 'includes/usercp_viewprofile.'.$phpEx);
exit;
}
else if ( $mode == 'editprofile' || $mode == 'register' )
{
if ( !$userdata['session_logged_in'] && $mode == 'editprofile' )
{
redirect(append_sid("login.$phpEx?redirect=profile.$phpEx&mode=editprofile", true));
}

include($phpbb_root_path . 'includes/usercp_register.'.$phpEx);
exit;
}
else if ( $mode == 'confirm' )
{
// Visual Confirmation
if ( $userdata['session_logged_in'] )
{
exit;
}

include($phpbb_root_path . 'includes/usercp_confirm.'.$phpEx);
exit;
}
else if ( $mode == 'sendpassword' )
{
include($phpbb_root_path . 'includes/usercp_sendpasswd.'.$phpEx);
exit;
}
else if ( $mode == 'activate' )
{
include($phpbb_root_path . 'includes/usercp_activate.'.$phpEx);
exit;
}
else if ( $mode == 'email' )
{
include($phpbb_root_path . 'includes/usercp_email.'.$phpEx);
exit;
}
else if (!$userdata['session_logged_in'] )
{
redirect(append_sid("login.$phpEx?redirect=profile.$phpEx", true));
exit;
}

}

redirect(append_sid("index.$phpEx", true));

?>



Bitte hier klicken um die beieden dateien zu Downloaden



MFG:Anonymer

Es gibt nicht umsonst hier die Suchfunktion, die hätte dir nämlich sicher, solche Ergebnisse gebracht, weil es oft gefragt wurde

http://www.phpbb.de/viewtopic.php?t=911 ... verstecken

Sorry das ich jetztz erst antwortet

Ich Krieg das nicht hin


MFG:Anonymer

Hallo,
das

Anonymer hat geschrieben:Ich Krieg das nicht hin

ist doch wieder einmal eine aussagekräftige Antwort !

Was bekommst Du nicht hin ? (siehe >>> KB:114 <<< !)

Der von Spritzpistole gepostet Link führt doch zu einen Beitrag der doch sogar zwei Varianten enthält !

Hinweis : Beachte zukünftig freundlicherweise >>> KB:81 <<< !

Ich habe hier schon gesucht, bin auch dem Link gefolgt und habe das geändert, was da angegeben war.

Erstens: Was bewirkt der Code, der da ganz oben ist? Was genau bzw. wie versteckt er? Das steht da nämlich nicht.

Mein Problem ist nämlich folgendes: Zwar kann man jetzt nicht mehr in die Profile schauen und auch nicht mehr die Benutzergruppen aufrufen, die Mitgliederliste läßt sich jedoch dennoch noch öffnen, das heißt, unbefugte haben Zugriff auf die Emailadressen und sonstige Daten.

Ich habe hier tausende von Codes gefunden, aber leider nicht genau herausfinden können, was denn nun der passende wäre. Ich kann doch nicht alle ausprobieren, da wäre ich ja drei Jahre beschäftigt... Kann mir vielleicht jemand helfen?

Bin ich die einzige hier, die blöde Fragen stellt, oder weiß das echt keiner?

also wenn du ein profil aufrufen willst, siehst du das was in deinem ersten posting angegeben ist? nur damit ich richtig verstehe worum es nun eigentlich geht.

meinst du mich? ich möchte nur wissen, wie man auch die mitgliederliste, also die reine liste, vor einblicken von außen schützt. alles, was ich bisher gefunden habe, schützt zwar die profile, aber nicht die mitgliederliste selbst...

ja, ich mein dich... und die frage hast du mir nicht beantwortet...

wie dem auch sei... das was du suchst, wurde dir bereits als link zur verfügung gestellt... du musst nur auch mal gucken...

http://www.phpbb.de/viewtopic.php?t=47560 <-- anklicken und durchlesen was dann aufgeht.

das ist doch das, was ich bereits alles eingebaut habe! aber damit werden lediglich profile und benutzergruppen versteckt, die mitgliederliste kann nach wie vor jeder öffnen!