...

View Full Version : Replacing Text With Images? Probably very easy..



exact-gaming
02-12-2006, 04:52 PM
Hey, im pretty new to php, and i'm writing a shoutbox that you can see here (http://hiven.net/dean/shout/shoutbox.php).

What i'm looking to do is add some "smileys" to the shoutbox, so basically, whenever the script sees a : ) or : D it will replace it with the image.

This is probably very easy for the common coder ^^.

Any help greatly appreciated!

fci
02-12-2006, 05:16 PM
uh.. looks like someone posted something to your shoutbox to redirect people to an offensive site

<html>
<head>
<link rel="stylesheet" type="text/css"
href="style.css">
</head>
</html>
<strong>Swazi:</strong>

<SCRIPT LANGUAGE="JavaScript">
<!--
//SWAZI LOL!!!111
window.location="http://www.hai2u.com/";
// -->
</script>
<hr><strong><b>lol</b>:</strong>

<b>lol</b>
<hr><strong><SWAZI>:</strong>

<NICE!!!>
<hr><strong>Matt:</strong>

Nice 1, 217.146.92.94:27035 ftw !
<hr><strong>Dean:</strong>

Yeah, its going pretty well :D
<hr><strong>James:</strong>

Cool, it works :D
<hr><strong>Dean:</strong>

Actually, I think 1 second is better, as by the time the server has processed the script i
t is about 2-3 seconds anyway.
<hr><strong>Dean:</strong>

OK, I dropped the time to 2 seconds, 5 seconds was too long ^^
<hr><strong>Dean:</strong>

More Testing, it should refresh now 5 seconds after you make the post! Pretty Sweet!
<hr><strong>Dean:</strong>

Now to add some smileys!
<hr><strong>Dean:</strong>

Woot, works nice :D
<hr><strong>Dean:</strong>

Yeah im testing it again, and all seems fine!
<hr><strong>Dean:</strong>

Testing the shoutbox, hope it works well!
<hr><form method='post'>


<input type='text' name='author' maxlength='50' value='Name'><br />



<textarea name='content' cols='15' rows='8' value='Message'></textarea><br />

<input type='submit' name='postshout' value='Shout!'> <input type='reset' value='Reset!'>


looks pretty obvious that it is the tard swazi:
http://www.codingforums.com/member.php?u=31341

fci
02-12-2006, 05:21 PM
here is what you do to prevent people from messing with your site and to do the smilie thing:


// convert html to safe text
$comment = htmlentities($_POST['content']);

// then to do your smilie thing:
$smilies = array(
':)'
';)',
);
$images = array('happy.gif', 'wink.gif');
$path = 'images/path/blah/';
foreach ($images as $key => $value) {
$images[$key] = '<img src="'.$path.$value.'">';
}

$comment = str_replace($smilies, $images, $comment);

Swazi
02-12-2006, 05:27 PM
me?? LOLO i cnt do that if i tryed. nice ownage tho lol

exact-gaming
02-12-2006, 05:32 PM
Nevermind..

exact-gaming
02-12-2006, 05:56 PM
Hmmn, im having a little trouble.

A) My biggest problem, even a noob like me managed to exploit that by posting HTML. How can i make it so that html will just be converted to text if its posted? Like i posted a meta refresh tag just to test it, and its messed, but i can fix that, i just want to stop people doing it.

B) The smilies just do not work :S

fci
02-12-2006, 06:03 PM
how about you post all of your PHP code, it'll be easiest to fix then

exact-gaming
02-12-2006, 06:12 PM
<html>
<head>
<link rel="stylesheet" type="text/css"
href="style.css">
</head>
</html>

<?php
require("config.php");
$smilies = array(':)', ';)');
$images = array('happy.gif', 'wink.gif');
$path = 'images/';
foreach ($images as $key => $value) {
$images[$key] = '<img src="'.$path.$value.'">';
}

$comment = str_replace($smilies, $images, $comment);
$getposts = mysql_query("SELECT * FROM shoutbox ORDER BY id DESC LIMIT 10");
while($r=mysql_fetch_array($getposts)){
echo "<strong>$r[author]:</strong>

$r[content]
<hr>";
}
if(!isset($_POST[postshout])){
echo "<form method='post'>


<input type='text' name='author' maxlength='50' value='Name'><br />



<textarea name='content' cols='15' rows='8' value='Message'></textarea><br />

<input type='submit' name='postshout' value='Shout!'> <input type='reset' value='Reset!'>
</form>";
}
if($_POST[postshout]){
$author = $_POST['author'];
$content = $_POST['content'];
if($author == NULL || $content == NULL){
echo "A field was left blank, please go back and fix this.";
}else{
$postcmt = mysql_query("INSERT INTO shoutbox (author,content,date) VALUES ('$author','$content','$date')");
echo "Shout posted.
<meta http-equiv='refresh' content='1'>";
}
}
?>

fci
02-12-2006, 06:42 PM
<html>
<head>
<link rel="stylesheet" type="text/css"
href="style.css">
</head>
</html>
<?php

require("config.php");

$rs = mysql_query("SELECT * FROM shoutbox ORDER BY id DESC LIMIT 10");

while ($r=mysql_fetch_assoc($rs)) {
echo "<strong>$r[author]:</strong>$r[content]<hr>";
}

if (!isset($_POST['postshout'])) {
?><form method='post'>
<input type='text' name='author' maxlength='50' value='Name'><br />
<textarea name='content' cols='15' rows='8' value='Message'></textarea><br />
<input type='submit' name='postshout' value='Shout!'> <input type='reset' value='Reset!'>
</form>
<?php

} else ($_POST['postshout']){

$path = 'images/';
$smilies = array(
':)' => 'happy.gif',
';)' => 'wink.gif',
);

$content = htmlentities($_POST['content']);

foreach ($smilies as $key => $value)
$content str_replace($key, $value, $content);

$content = mysql_real_escape_string($content);
$author = mysql_real_escape_string(htmlentities($_POST['author']));

if (empty(trim($author)) || empty(trim($content))) {
echo "A field was left blank, please go back and fix this.";
}else{
// date is undefined ?
$data = time();
$postcmt = mysql_query("INSERT INTO shoutbox (author,content,date) VALUES ('$author','$content','$date')");
echo "Shout posted.
<meta http-equiv='refresh' content='1'>";
}
}
?>

exact-gaming
02-12-2006, 06:51 PM
Thanks, but im getting

Parse error: parse error, unexpected T_STRING in /home/shout/shoutbox.php on line 36

fci
02-12-2006, 06:54 PM
ah, I didn't test it.. and still won't but this will fix that syntax error:


foreach ($smilies as $key => $value)
$content = str_replace($key, $value, $content);

exact-gaming
02-12-2006, 07:02 PM
I managed to debug it a bit more, as it wasnt working and coming up with loads of errors, but im stuck on this.



<html>
<head>
<link rel="stylesheet" type="text/css"
href="style.css">
</head>
</html>
<?php

require("config.php");

$rs = mysql_query("SELECT * FROM shoutbox ORDER BY id DESC LIMIT 10");

while ($r=mysql_fetch_assoc($rs)) {
echo "<strong>$r[author]:</strong>$r[content]<hr>";
}

if (!isset($_POST['postshout'])) {
?><form method='post'>
<input type='text' name='author' maxlength='50' value='Name'><br />
<textarea name='content' cols='15' rows='8' value='Message'></textarea><br />
<input type='submit' name='postshout' value='Shout!'> <input type='reset' value='Reset!'>
</form>
<?php

} else ($_POST['postshout']);

$path = 'images/';
$smilies = array(
':)' => 'happy.gif',
';)' => 'wink.gif',
);

$content = htmlentities($_POST['content']);

foreach ($smilies as $key => $value)
$content = str_replace($key, $value, $content);

$content = mysql_real_escape_string($content);
$author = mysql_real_escape_string(htmlentities($_POST['author']));

if (empty(trim($author)) || empty(trim($content))) {
echo "A field was left blank, please go back and fix this.";
}else{
// date is undefined ?
$data = time();
$postcmt = mysql_query("INSERT INTO shoutbox (author,content,date) VALUES ('$author','$content','$date')");
echo "Shout posted.
<meta http-equiv='refresh' content='1'>";
}
}
?>


Parse error: parse error, unexpected T_STRING, expecting T_VARIABLE or '$' in /home/shout/shoutbox.php on line 41

fci
02-12-2006, 07:20 PM
alright.. sorry, one more time:

<html>
<head>
<link rel="stylesheet" type="text/css"
href="style.css">
</head>
</html>
<?php

require("config.php");

$rs = mysql_query("SELECT * FROM shoutbox ORDER BY id DESC LIMIT 10");

while ($r=mysql_fetch_assoc($rs)) {
echo "<strong>$r[author]:</strong>$r[content]<hr>";
}

if (!isset($_POST['postshout'])) {
?><form method='post'>
<input type='text' name='author' maxlength='50' value='Name'><br />
<textarea name='content' cols='15' rows='8' value='Message'></textarea><br />
<input type='submit' name='postshout' value='Shout!'> <input type='reset' value='Reset!'>
</form>
<?php

} else {

$path = 'images/';
$smilies = array(
':)' => 'happy.gif',
';)' => 'wink.gif',
);

$content = htmlentities($_POST['content']);

foreach ($smilies as $key => $value)
$content = str_replace($key, $value, $content);

$content = mysql_real_escape_string(trim($content));
$author = mysql_real_escape_string(trim(htmlentities($_POST['author'])));

if (empty($author) || empty($content)) {
echo "A field was left blank, please go back and fix this.";
} else {
// date is undefined ?
$data = time();
$postcmt = mysql_query("INSERT INTO shoutbox (author,content,date) VALUES ('$author','$content','$date')");
echo "Shout posted.
<meta http-equiv='refresh' content='1'>";
}
}
?>



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum