Forums

Unfortunately no one can be told what FluxBB is - you have to see it for yourself.

You are not logged in.

#1 2009-06-16 16:04:57

kierownik
Member
From: Tilburg, Netherlands
Registered: 2008-05-10
Posts: 339

Random Style switcher

I just made this for my site but I am wondering if it is secure enough!

Can someone check my code and if something is wrong please tell me.

function RemoveExtension($strName)
{
    $ext = strrchr($strName, '.');
    if($ext !== false)
        $strName = substr($strName, 0, -strlen($ext));

    return $strName;
}
if ($pun_user['is_guest'])
{
    if (isset($_COOKIE['kierownik_style']))
    {
        if (file_exists(PUN_ROOT.'/style/'.$_COOKIE['kierownik_style'].'.css'))
            $pun_user['style'] = $_COOKIE['kierownik_style'];
    }
    else
    {
        if ($dir = opendir(PUN_ROOT.'style'))
        {
            $files = array();
            while (false !== ($file = readdir($dir)))
            {
                if ($file != "." && $file != ".." && $file != "index.html" && $file != "imports")
                    $files[] = $file;
            }

            $random_file = array_rand($files, 2);
            $pun_user['style'] = RemoveExtension($files[$random_file[0]]);
            closedir($dir);
        }
        setcookie("kierownik_style", $pun_user['style']);
    }
}

// Load the template
if (defined('PUN_ADMIN_CONSOLE'))
      $tpl_main = file_get_contents(PUN_ROOT.'include/template/'.$pun_user['style'].'/admin.tpl');
    else if (defined('PUN_HELP'))
      $tpl_main = file_get_contents(PUN_ROOT.'include/template/'.$pun_user['style'].'/help.tpl');
    else if (defined('toernooi'))
      $tpl_main = file_get_contents(PUN_ROOT.'include/template/'.$pun_user['style'].'/toernooi.tpl');
    else if (defined('INDEX'))
        $tpl_main = file_get_contents(PUN_ROOT.'include/template/'.$pun_user['style'].'/home.tpl');
    else
        $tpl_main = file_get_contents(PUN_ROOT.'include/template/'.$pun_user['style'].'/main.tpl');

Last edited by kierownik (2009-06-16 17:21:03)


My GitHub Profile

Offline

#2 2009-06-16 16:08:59

MattF
Member
From: South Yorkshire, England
Registered: 2008-05-06
Posts: 1,233
Website

Re: Random Style switcher

Other than what Smarty's suggested yesterday in a similar subject, I can't see anything out of place personally. I would use basename on that filename though, just to err on the side of caution.

basename($_COOKIE['kierownik_style']);

Last edited by MattF (2009-06-16 16:09:46)


Screw the chavs and God save the Queen!

Offline

#3 2009-06-16 17:24:56

kierownik
Member
From: Tilburg, Netherlands
Registered: 2008-05-10
Posts: 339

Re: Random Style switcher

Thanks MattF

Do you mean like this:

$pun_user['style'] = basename($_COOKIE['kierownik_style']);

What topic do you mean about Smarty?


My GitHub Profile

Offline

#4 2009-06-16 17:50:52

MattF
Member
From: South Yorkshire, England
Registered: 2008-05-06
Posts: 1,233
Website

Re: Random Style switcher

Pretty much. I'd change this snippet of code:

   if (isset($_COOKIE['kierownik_style']))
    {
        if (file_exists(PUN_ROOT.'/style/'.$_COOKIE['kierownik_style'].'.css'))
            $pun_user['style'] = $_COOKIE['kierownik_style'];
    }

to:

   if (isset($_COOKIE['kierownik_style']))
    {
        $stylesheet = basename($_COOKIE['kierownik_style']);

        if (file_exists(PUN_ROOT.'/style/'.$stylesheet.'.css'))
            $pun_user['style'] = $stylesheet;
    }

I was referring to the topic below yours in this forum, btw. smile


Screw the chavs and God save the Queen!

Offline

#5 2009-06-16 18:51:46

kierownik
Member
From: Tilburg, Netherlands
Registered: 2008-05-10
Posts: 339

Re: Random Style switcher

Aha Thanks smile


My GitHub Profile

Offline

Board footer

Powered by FluxBB