Forums

Unfortunately no one can be told what FluxBB is - you have to see it for yourself.

You are not logged in.

#1 2014-02-19 19:03:35

chris98
Member
From: England, United Kingdom
Registered: 2013-05-31
Posts: 1,292
Website

Another Reputation System

This will allow the use of reputation in FluxBB 1.5.3 and above. It includes various different capabilities, including the ability to limit the amount of reputation given/taken in one day per user group, a reputation interval (or none), stopping user groups from using it, controlling which forums it is active in and enabling or disabling it forum-wide

Extremely flexible modification for FluxBB 1.5.3 and above. Tested on my heavily modified 1.5.3 forum, and a clean version of 1.5.7, both with the exact same results. Note that it should be compatible between these versions, but hasn't been tested apart from on those two.

- Decide which user groups can (and cannot) use the reputation system

- Decide how long user groups have to wait between giving/taking user's reputation

- Having trouble with a reputation abuser? - Easy! Remove any reputation you need.

- Guests can (depending on whether you allow them to) can use the reputation system.

- Easy ways to see who has given and received what reputation

- Set the amount of points allowed to be given/taken from each user group per day

- Uses install_mod.php to automatically update the database

- Once integrated with FluxBB, you won't even know it's a mod!

You can view it at my site: http://forums.strongholdnation.co.uk

Screenshots

viewtopic.php

screenshot.png

screenshot.png

screenshot.png

screenshot.png

profile.php

screenshot.png

screenshot.png

admin_groups.php

screenshot.png

reputation.php

rep5.png

admin_options.php

rep2.png

admin_forums.php

screenshot.png

Link to mod: http://fluxbb.org/resources/mods/anothe … on-system/

Last edited by chris98 (2014-11-19 10:58:09)

Offline

#2 2014-02-19 20:05:15

Franz
Lead developer
From: Germany
Registered: 2008-05-13
Posts: 6,618
Website

Re: Another Reputation System

Wow, looks like you put quite a bit of work into this one. smile


fluxbb.de | develoPHP

"As code is more often read than written it's really important to write clean code."

Offline

#3 2014-02-19 20:15:25

chris98
Member
From: England, United Kingdom
Registered: 2013-05-31
Posts: 1,292
Website

Re: Another Reputation System

Thanks smile

It did take a while, but it's finally done, and I'm very pleased at the way it's turned out in the end. Much better than anything I imagined!

Offline

#4 2014-02-19 20:17:29

Franz
Lead developer
From: Germany
Registered: 2008-05-13
Posts: 6,618
Website

Re: Another Reputation System

How long did it take you?


fluxbb.de | develoPHP

"As code is more often read than written it's really important to write clean code."

Offline

#5 2014-02-20 01:33:52

Visman
Member
From: Siberia
Registered: 2010-07-10
Posts: 1,196
Website

Re: Another Reputation System

Modification has vulnerabilities like SQL injection!
Modification doesn't support change of languages.

Offline

#6 2014-02-20 02:06:25

Visman
Member
From: Siberia
Registered: 2010-07-10
Posts: 1,196
Website

Re: Another Reputation System

+ index.php

<?php header('location: http://www.strongholdnation.co.uk/errors/401.php'); ?>

Good redirect wink

Offline

#7 2014-02-20 08:32:55

chris98
Member
From: England, United Kingdom
Registered: 2013-05-31
Posts: 1,292
Website

Re: Another Reputation System

In all, it probably took several weeks, but that's not constant work on it. The last two-three days I've given it a final push to get it finished, as I felt it was unfinished for too long.

Possibly the reason it took so long was because I built it up around my site, which is heavily modified and then tested it on a clean version of 1.5.6 before uploading.

Visman wrote:

Modification has vulnerabilities like SQL injection!

That's exactly what I was afraid of. It's the first time properly I've used mysqli, I normally use PDO. Which part(s) are susceptible (and how can I fix it)?

Offline

#8 2014-02-20 08:38:36

seven
Member
From: Torino, Italy
Registered: 2010-08-19
Posts: 314
Website

Re: Another Reputation System

By using prepared statements, and escaping every string with $db->escape() (or mysqli_real_escape_string()) before doing any DB query.

Last edited by seven (2014-02-20 08:39:46)


gamezoo.org - serious gaming services for serious gamers.

Offline

#9 2014-02-20 09:04:59

Franz
Lead developer
From: Germany
Registered: 2008-05-13
Posts: 6,618
Website

Re: Another Reputation System

You should use $db->escape().


fluxbb.de | develoPHP

"As code is more often read than written it's really important to write clean code."

Offline

#10 2014-02-20 16:20:21

chris98
Member
From: England, United Kingdom
Registered: 2013-05-31
Posts: 1,292
Website

Re: Another Reputation System

On everything I do with the DB? (Select, Insert, Delete.etc) or just certain parts?

Last edited by chris98 (2014-02-20 16:35:41)

Offline

#11 2014-02-20 19:41:36

Different55
Member
Registered: 2011-11-18
Posts: 177

Re: Another Reputation System

Anything that a user can control should be $db->escape'd before it's put into the query.

For example, this:

$input = $db->escape($_POST['input']);
$db->query("SELECT id, user, somethingelse FROM table WHERE user = ".$input);

Instead of this:

$input = $_POST['input'];
$db->query("SELECT id, user, somethingelse FROM table WHERE user = ".$input);

Offline

#12 2014-02-20 21:11:23

chris98
Member
From: England, United Kingdom
Registered: 2013-05-31
Posts: 1,292
Website

Re: Another Reputation System

Version 1.1 released. Fixes:

- If the reputation system is disabled in administration, then it is no longer displayed in the user's profile (or other areas).

- Fixed vulnerabilities in the code

- Version 1.0 removed.

Last edited by chris98 (2014-02-20 21:11:37)

Offline

#13 2014-02-21 02:29:25

Visman
Member
From: Siberia
Registered: 2010-07-10
Posts: 1,196
Website

Re: Another Reputation System

The reputation_enabled field contains number, instead of string!


	$db->query('ALTER TABLE '.$db->prefix.'users ADD COLUMN display_reputation SMALLINT(6) UNSIGNED DEFAULT 1 NOT NULL') or error('Unable to add column reputation_enabled into table '.$db->prefix.'users.',  __FILE__, __LINE__, $db->error());
		
	$db->query('ALTER TABLE '.$db->prefix.'users ADD COLUMN reputation_enabled TINYINT(1) UNSIGNED DEFAULT 1 NOT NULL') or error('Unable to add column reputation_enabled into table '.$db->prefix.'users.',  __FILE__, __LINE__, $db->error());

	$db->query('ALTER TABLE '.$db->prefix.'groups ADD COLUMN g_rep_enable SMALLINT(6) DEFAULT 1 NOT NULL') or error('Unable to add column g_rep_enable into table '.$db->prefix.'groups.',  __FILE__, __LINE__, $db->error());

	$db->query('ALTER TABLE '.$db->prefix.'groups ADD COLUMN g_rep_interval INT(10) DEFAULT 0 NOT NULL') or error('Unable to add column g_rep_interval into table '.$db->prefix.'groups.',  __FILE__, __LINE__, $db->error());

	$db->query('ALTER TABLE '.$db->prefix.'groups ADD COLUMN g_rep_plus_min INT(10) UNSIGNED DEFAULT 0 NOT NULL') or error('Unable to add column g_rep_plus_min into table '.$db->prefix.'groups.',  __FILE__, __LINE__, $db->error());

	$db->query('ALTER TABLE '.$db->prefix.'groups ADD COLUMN g_rep_minus_min INT(10) UNSIGNED DEFAULT 0 NOT NULL') or error('Unable to add column g_rep_minus_min into table '.$db->prefix.'groups.',  __FILE__, __LINE__, $db->error());

	$db->query('INSERT INTO '.$db->prefix.'config VALUES (\'o_reputation_enabled\', \'1\')') or error('Unable to add data o_reputation_enabled into table '.$db->prefix.'config.',  __FILE__, __LINE__, $db->error());

	$db->query('CREATE TABLE '.$db->prefix.'reputation (id INT(10) UNSIGNED NOT NULL AUTO_INCREMENT, given_to INT(10) UNSIGNED NOT NULL DEFAULT 0,	from_user INT(10) UNSIGNED NOT NULL DEFAULT 0, time INT(10) UNSIGNED NOT NULL DEFAULT 0,	pid INT(10) UNSIGNED NOT NULL DEFAULT 0, rep_plus TINYINT(1) UNSIGNED NOT NULL DEFAULT 0, rep_minus TINYINT(1) UNSIGNED NOT NULL  DEFAULT 0, PRIMARY KEY (id) )ENGINE=MyISAM;') or error('Unable to create table '.$db->prefix.'reputation.',  __FILE__, __LINE__, $db->error());

So who doesn't do!



$action = $_GET['action'];
$pid = $db->escape($_GET['pid']);
$tid = $_GET['tid'];
$id = $db->escape($_GET['id']);

Notices in logs are provided!
All variable numbers, except $action.
$tid to whom it isn't necessary.



Modification doesn't support change of languages.



Visman wrote:

+ index.php

<?php header('location: http://www.strongholdnation.co.uk/errors/401.php'); ?>

Good redirect wink

Offline

#14 2014-02-21 02:35:18

Visman
Member
From: Siberia
Registered: 2010-07-10
Posts: 1,196
Website

Re: Another Reputation System

Modification takes pictures from your site.
Still there are variables accepted from the user and as not checked!

P.S. Generally, rewrite a code wink

Offline

#15 2014-02-21 21:59:21

Different55
Member
Registered: 2011-11-18
Posts: 177

Re: Another Reputation System

Visman wrote:

The reputation_enabled field contains number, instead of string!

	$db->query('INSERT INTO '.$db->prefix.'config VALUES (\'o_reputation_enabled\', \'1\')') or error('Unable to add data o_reputation_enabled into table '.$db->prefix.'config.',  __FILE__, __LINE__, $db->error());

Looks fine to me. The number is wrapped inside single quotes. Strings can contain numbers.


Visman wrote:
$action = $_GET['action'];
$pid = $db->escape($_GET['pid']);
$tid = $_GET['tid'];
$id = $db->escape($_GET['id']);

Notices in logs are provided!
$tid to whom it isn't necessary.

^What he said, I think. Anything and everything that users could possibly influence or change needs to be escaped. That means any $_GET or $_POST value.


Visman wrote:

All variable numbers, except $action.

^Also this. While you shouldn't escape them, you can't let anything in $_GET or $_POST go untouched. For the above snippet, I would change it to something like this:

$action = $db->escape($_GET['action']);

if (is_int($_GET['pid']))
    $pid = $_GET['pid'];
else
    message("Invalid pid value");

if (is_int($_GET['tid']))
    $tid = $_GET['tid'];
else
    message("Invalid tid value");

if (is_int($_GET['id']))
    $id = $_GET['id'];
else
    message("Invalid id value");

Offline

#16 2014-02-22 03:21:02

Visman
Member
From: Siberia
Registered: 2010-07-10
Posts: 1,196
Website

Re: Another Reputation System

Different55 wrote:
	$db->query('INSERT INTO '.$db->prefix.'config VALUES (\'o_reputation_enabled\', \'1\')') or error('Unable to add data o_reputation_enabled into table '.$db->prefix.'config.',  __FILE__, __LINE__, $db->error());

Looks fine to me. The number is wrapped inside single quotes. Strings can contain numbers.

o_reputation_enabled and reputation_enabled is different things!

Different55 wrote:

What he said, I think. Anything and everything that users could possibly influence or change needs to be escaped. That means any $_GET or $_POST value.

Before appropriating to one variable value of the second variable, it is necessary to be convinced that the second variable exists!

Different55 wrote:
$action = $db->escape($_GET['action']);

if (is_int($_GET['pid']))
    $pid = $_GET['pid'];
else
    message("Invalid pid value");

if (is_int($_GET['tid']))
    $tid = $_GET['tid'];
else
    message("Invalid tid value");

if (is_int($_GET['id']))
    $id = $_GET['id'];
else
    message("Invalid id value");

Before appropriating to one variable value of the second variable, it is necessary to be convinced that the second variable exists!

Offline

#17 2014-02-25 16:07:01

chris98
Member
From: England, United Kingdom
Registered: 2013-05-31
Posts: 1,292
Website

Re: Another Reputation System

Different55 wrote:

For the above snippet, I would change it to something like this:

$action = $db->escape($_GET['action']);

if (is_int($_GET['pid']))
    $pid = $_GET['pid'];
else
    message("Invalid pid value");

if (is_int($_GET['tid']))
    $tid = $_GET['tid'];
else
    message("Invalid tid value");

if (is_int($_GET['id']))
    $id = $_GET['id'];
else
    message("Invalid id value");

I have this, would it not do the same (or a similar) thing?

if (!is_numeric($pid))
	{
		exit('ERROR: The post ID you are giving reputation for is not a number.');
	}

	if (!is_numeric($tid))
	{
		exit('ERROR: The Topic ID you are giving reputation for is not a number.');
	}

	if (!is_numeric($tid))
	{
		exit('ERROR: The User ID you are giving reputation to is not a number.');
	}

o_reputation_enabled and reputation_enabled is different things!

They're supposed to be - o_reputation_enabled is the admin option, reputation_enabled is for individual users.

I'll try and release the next version soon.

Offline

#18 2014-02-25 16:37:06

Different55
Member
Registered: 2011-11-18
Posts: 177

Re: Another Reputation System

That works the same, but I would change exit() to message(). message() presents a more attractive page than exit() does.

message() example
exit() example

Offline

#19 2014-05-14 17:38:58

chris98
Member
From: England, United Kingdom
Registered: 2013-05-31
Posts: 1,292
Website

Re: Another Reputation System

Version 1.2 released.

Updates:

Much cleaner code:

- Fixed style issue in profile.php. In the theme 'air' the reputation was not displaying correctly

- Fixed style issues in viewtopic.php. (Padding issue)

- Much cleaner PHP code all round

- updated image code in files to not point to my own site

- minor modification to install_mod.php

- fixed other style related issues

- fixed code in profile.php to check if reputation is enabled by board admin

- removed language not used

- fixed check for language which will throw error if language pack is not installed

- removed the icons for your own posts (you can't vote for yourself anyway, so there is no point in having them)

Some screenshots:

rep1.jpg

rep2.png

rep3.jpg

rep4.jpg

rep5.jpg

Look out for version 1.3, I'm going to attempt AJAX for that wink

Offline

#20 2014-06-04 10:53:47

arnaud
Member
From: Lyon, France
Registered: 2014-06-03
Posts: 32
Website

Re: Another Reputation System

I did a French translation :

[== PHP ==]
<?php
// Language definitions used by Another système de réputation mod
$lang_reputation = array(
    'Manage reputation'             =>        'Afficher le système de réputation?',
    'allow group reputation'        =>        'Autoriser les membres à utiliser le système de réputation',
    'Description Manage reputation' =>        'En désactivant le système d\'affichage de la réputation, alors vous ne pourrez plus changer la réputation des autres utilisateurs, toutefois la votre peut être changée.',
    'allow reputation'              =>        'Autoriser l\'usage du système de réputation à ce membre?', 
    'disallow reputation'           =>        'Désactiver l\'usage du système de réputation à ce membre?',
    'yes'                           =>        'Oui',
    'no'                            =>        'Non',
    'information'                   =>        'Information',
    'reputation legend'             =>        'Vous pouvez désactiver le système de réputation à un utilisateur ou groupe. Décocher les cases pour arrêter l\usage à cet utilisateur..',
    'reputation checkbox'           =>        'Autoriser l\'usage du système de réputation', 
    'No disable staff message'      =>        'Administrateurs et/ou modérateurs ne peuvent pas êter radiés du système de réputation. Pour supprimer le système à cet utilisateur, vous devez d\'abord le changer de groupe (ex : membre).',
    'allow reputation privileges'   =>        'You can choose whether this group are allowed to use the système de réputation. Individual users in this group can be disallowed access by going to the administration section of their profile and disabling it from there.',
    'group max positive'            =>        'Nombre maximum de votes positifs',
    'group max positive legend'     =>        'Le nombre maximum de votes positifs qu\'un utilisateur de ce groupe peut attribuer en 24 heures. 0 pour désactiver.',
    'group max negative legend'     =>        'Le nombre maximum de votes négatifs qu\'un utilisateur de ce groupe peut attribuer en 24 heures. 0 pour désactiver.',
    'group max negative'            =>        'Nombre maximum de votes négatifs',
    'group interval'                =>        'Intervalle entre chaque vote',
    'group interval legend'         =>        'Secondes d\'attente minimal entre chaque vote ou prise de réputation par un autre utilisateur. 0 pour désactiver.',
    'Redirect Message'              =>        'Options mises à jour avec succès, redirection en cours...',
    'Reputation'                    =>        'Réputation',
    'reputation disabled'           =>        'Le système de réputation est désactivé. Merci de l\'activer dans la page d\'administration.',
    'Group Disabled'                =>        'L\'administrateur du forum a désactivé l\'usage du système de réputation pour le membre de ce groupe.',
    'Individual Disabled'           =>        'L\'administrateur du forum ne vous permet pas d\'utiliser le système de réputation',
    'no display'                    =>        'Vous avez désactivé l\'usage du système de réputation, vous ne pouvez donc pas l\'utiliser. Pour l\'utiliser, vous devez tout d\'abord l\'activer dans votre profil.',
    'added redirect'                =>        'Action de réputation enregistrée, redirection en cours...',
    'no own votes'                  =>        'Vous ne pouvez pas vous attribuer des points de réputation vous-même !',
    'added reputation interval'     =>        'Vous avez déjà effectué une action de réputation à un utilsateur de votre groupe, merci de patienter %s secondes pour effectuer une nouvelle action de réputation.',
    'taken reputation interval'     =>        'Vous avez déjà reçu une réputation d\'un utilsateur de votre groupe, merci de patienter %s secondes pour effectuer une nouvelle action de réputation..',
    'post helpful'                  =>        'Cela vous a t-il aidé ?',
    'removed redirect'              =>        'Action de réputation enregistrée, redirection en cours...',
    'duplicate entry minus'         =>        'Vous avez déjà supprimé votre réputation de ce post.',
    'duplicate entry positive'      =>        'Vous avez déjà attribué une réputation à ce post.',
    'no display short'              =>        'Vous avez désactiver votre possibilité d\usage du système de réputation',
    'my reputation'                 =>        'Ma réputation reçue',
    'reputation given'              =>        'Ma réputation donnée',
    'no reputation'                 =>        'Pas de réputation pour cet utilisateur.',
    'positive'                      =>        'Réputation positive donnée',
    'negative'                      =>        'Réputation négative donnée',
    'exceed positive reputation'    =>        'Vous ne pouvez plus attribuer de votes positifs aujourd\'hui.',
    'exceed negative reputation'    =>        'Vous ne pouvez plus attribuer de votes négatifs aujourd\'hui.',
    'Profile'                       =>        'Profil',
    'received'                      =>        'Réputation(s) reçue(s)',
    'given'                         =>        'Réputation(s) donnée(s)',
    'view reputation'               =>        'Voir les réputations reçues',
    'remove reputation'             =>        'Supprimer la réputation',
    'no given reputation'           =>        'Cet utilsateur n\'a pas encore attribué de réputation',
    'reputation given'              =>        'Mes Votes de réputation donnés',
    'given reputation'              =>        'Voir les réputations données',
    'positive received'             =>        'Réputations positives reçues',
    'negative received'             =>        'Réputations négatives reçues',
    'reputation subhead'            =>        'Another Reputation System 1.2',
    'reputation label'              =>        'système de réputation',
    'reputation help'               =>        'Vous pouvez choisir d\'activer ou désactiver le système de réputation ici.',
);

Ok, my french is down... But PHP is universal, so let's talk PHP together !

Offline

#21 2014-06-04 10:56:45

chris98
Member
From: England, United Kingdom
Registered: 2013-05-31
Posts: 1,292
Website

Re: Another Reputation System

Merci smile

I'll release this with the next version thanks.

Offline

#22 2014-06-04 11:06:53

arnaud
Member
From: Lyon, France
Registered: 2014-06-03
Posts: 32
Website

Re: Another Reputation System

And please, change English by $pun_user['language'] !!
Thx in advance...


Ok, my french is down... But PHP is universal, so let's talk PHP together !

Offline

#23 2014-06-04 11:09:45

chris98
Member
From: England, United Kingdom
Registered: 2013-05-31
Posts: 1,292
Website

Re: Another Reputation System

That will be a minor change in the next version, I'm reorganising loads, and currently thinking about the possibility of allowing the board admin to enable it for only certain forums as well.

Offline

#24 2014-06-05 13:41:18

arnaud
Member
From: Lyon, France
Registered: 2014-06-03
Posts: 32
Website

Re: Another Reputation System

Thx ;-)


Ok, my french is down... But PHP is universal, so let's talk PHP together !

Offline

#25 2014-08-03 04:01:15

Squiggles
Member
Registered: 2012-12-14
Posts: 278

Re: Another Reputation System

I've just tried installing this mod on FluxBB v1.5.3 (as per instructions) but receive the following when giving reputation.

Warning: Cannot modify header information - headers already sent by (output started at /home/xx/public_html/test_forum_01/reputation.php:1) in /home/xx/public_html/test_forum_01/include/functions.php on line 343

Warning: Cannot modify header information - headers already sent by (output started at /home/xx/public_html/test_forum_01/reputation.php:1) in /home/xx/public_html/test_forum_01/include/functions.php on line 346

Warning: Cannot modify header information - headers already sent by (output started at /home/xx/public_html/test_forum_01/reputation.php:1) in /home/xx/public_html/test_forum_01/include/functions.php on line 343

Warning: Cannot modify header information - headers already sent by (output started at /home/xx/public_html/test_forum_01/reputation.php:1) in /home/xx/public_html/test_forum_01/include/functions.php on line 346

Warning: Cannot modify header information - headers already sent by (output started at /home/xx/public_html/test_forum_01/reputation.php:1) in /home/xx/public_html/test_forum_01/header.php on line 14

Warning: Cannot modify header information - headers already sent by (output started at /home/xx/public_html/test_forum_01/reputation.php:1) in /home/xx/public_html/test_forum_01/header.php on line 15

Warning: Cannot modify header information - headers already sent by (output started at /home/xx/public_html/test_forum_01/reputation.php:1) in /home/xx/public_html/test_forum_01/header.php on line 16

Warning: Cannot modify header information - headers already sent by (output started at /home/xx/public_html/test_forum_01/reputation.php:1) in /home/xx/public_html/test_forum_01/header.php on line 17

Warning: Cannot modify header information - headers already sent by (output started at /home/xx/public_html/test_forum_01/reputation.php:1) in /home/xx/public_html/test_forum_01/header.php on line 20

Any ideas?

Offline

Board footer

Powered by FluxBB