• Автор:

    Flesha
  • Добавлено:

    мар 20, 2016
  • Комментариев:

    0
  • Просмотров:

    621

Хак Делаем ссылку на пользователя в виде id

Хак Делаем ссылку на пользователя в виде id

С помощью этого хака вы сможете организовать доступ к своему профилю и профилю юзера по id.

Установка :

1. Открыть .htaccess, найти:
# вывод для отдельного юзера
RewriteRule ^user/([^/]*)/rss.xml$ engine/rss.php?subaction=allnews&user=$1 [L]
RewriteRule ^user/([^/]*)(/?)+$ index.php?subaction=userinfo&user=$1 [L]
RewriteRule ^user/([^/]*)/page/([0-9]+)(/?)+$ index.php?subaction=userinfo&user=$1&cstart=$2 [L]
RewriteRule ^user/([^/]*)/news(/?)+$ index.php?subaction=allnews&user=$1 [L]
RewriteRule ^user/([^/]*)/news/page/([0-9]+)(/?)+$ index.php?subaction=allnews&user=$1&cstart=$2 [L]
RewriteRule ^user/([^/]*)/news/rss.xml(/?)+$ engine/rss.php?subaction=allnews&user=$1 [L]


Заменить на :
# вывод для отдельного юзера
RewriteRule ^user/([0-9]+)/rss.xml$ engine/rss.php?subaction=allnews&user=$1 [L]
RewriteRule ^user/([0-9]+)(/?)+$ index.php?subaction=userinfo&user=$1 [L]
RewriteRule ^user/([0-9]+)/page/([0-9]+)(/?)+$ index.php?subaction=userinfo&user=$1&cstart=$2 [L]
RewriteRule ^user/([0-9]+)/news(/?)+$ index.php?subaction=allnews&user=$1 [L]
RewriteRule ^user/([0-9]+)/news/page/([0-9]+)(/?)+$ index.php?subaction=allnews&user=$1&cstart=$2 [L]
RewriteRule ^user/([0-9]+)/news/rss.xml(/?)+$ engine/rss.php?subaction=allnews&user=$1 [L]


2. Открыть /engine/engine.php найти :
$sql_select = "SELECT p.id, p.autor, p.date, p.short_story, CHAR_LENGTH(p.full_story) as full_story, p.xfields, p.title, p.category, p.alt_name, p.comm_num, p.allow_comm, p.fixed, p.tags, e.news_read, e.allow_rate, e.rating, e.vote_num, e.votes, e.view_edit, e.editdate, e.editor, e.reason FROM " . PREFIX . "_post p LEFT JOIN " . PREFIX . "_post_extras e ON (p.id=e.news_id) WHERE autor = '{$user}' AND approve=0 ORDER BY " . $news_sort_by . " " . $news_direction_by . " LIMIT " . $cstart . "," . $config['news_number'];


Заменить на :
$sql_select = "SELECT u.user_id, u.name, p.id, p.autor, p.date, p.short_story, CHAR_LENGTH(p.full_story) as full_story, p.xfields, p.title, p.category, p.alt_name, p.comm_num, p.allow_comm, p.fixed, p.tags, e.news_read, e.allow_rate, e.rating, e.vote_num, e.votes, e.view_edit, e.editdate, e.editor, e.reason FROM " . PREFIX . "_post p LEFT JOIN " . PREFIX . "_post_extras e ON (p.id=e.news_id) LEFT JOIN " . PREFIX . "_users u ON (p.autor=u.name) WHERE u.user_id = '{$user}' AND approve=0 ORDER BY " . $news_sort_by . " " . $news_direction_by . " LIMIT " . $cstart . "," . $config['news_number'];


Далее найти :
$sql_count = "SELECT COUNT(*) as count FROM " . PREFIX . "_post WHERE autor = '$user' AND approve=0";


Заменить на :
$sql_count = "SELECT COUNT(*) as count, u.user_id, u.name FROM " . PREFIX . "_post p LEFT JOIN " . PREFIX . "_users u ON (p.autor=u.name) WHERE u.user_id = '$user' AND approve=0";


Далее найти :
$sql_select = "SELECT id, autor, date, short_story, full_story, xfields, title, category, alt_name FROM " . PREFIX . "_post where {$stop_list}autor = '$user' AND approve=1" . $where_date . " ORDER BY date DESC LIMIT 0," . $config['rss_number'];


Заменить на :
$sql_select = "SELECT u.user_id, u.name, p.id, p.autor, p.date, p.short_story, p.full_story, p.xfields, p.title, p.category, p.alt_name FROM " . PREFIX . "_post p LEFT JOIN " . PREFIX . "_users u ON (p.autor=u.name) where {$stop_list}u.user_id = '$user' AND approve=1" . $where_date . " ORDER BY date DESC LIMIT 0," . $config['rss_number'];


Далее найти :
$sql_select = "SELECT p.id, p.autor, p.date, p.short_story, CHAR_LENGTH(p.full_story) as full_story, p.xfields, p.title, p.category, p.alt_name, p.comm_num, p.allow_comm, p.fixed, p.tags, e.news_read, e.allow_rate, e.rating, e.vote_num, e.votes, e.view_edit, e.editdate, e.editor, e.reason FROM " . PREFIX . "_post p LEFT JOIN " . PREFIX . "_post_extras e ON (p.id=e.news_id) WHERE {$stop_list}autor = '$user' AND approve=1" . $where_date . " ORDER BY " . $news_sort_by . " " . $news_direction_by . " LIMIT " . $cstart . "," . $config['news_number'];


Заменить на :
$sql_select = "SELECT u.user_id, u.name, p.id, p.autor, p.date, p.short_story, CHAR_LENGTH(p.full_story) as full_story, p.xfields, p.title, p.category, p.alt_name, p.comm_num, p.allow_comm, p.fixed, p.tags, e.news_read, e.allow_rate, e.rating, e.vote_num, e.votes, e.view_edit, e.editdate, e.editor, e.reason FROM " . PREFIX . "_post p LEFT JOIN " . PREFIX . "_post_extras e ON (p.id=e.news_id) LEFT JOIN " . PREFIX . "_users u ON (p.autor=u.name) WHERE {$stop_list}u.user_id = '$user' AND approve=1" . $where_date . " ORDER BY " . $news_sort_by . " " . $news_direction_by . " LIMIT " . $cstart . "," . $config['news_number'];


Далее найти :
$sql_count = "SELECT COUNT(*) as count FROM " . PREFIX . "_post WHERE {$stop_list}autor = '$user' AND approve=1" . $where_date;


Заменить на :
$sql_count = "SELECT COUNT(*) as count, u.user_id, u.name FROM " . PREFIX . "_post p LEFT JOIN " . PREFIX . "_users u ON (p.autor=u.name) WHERE {$stop_list}u.user_id = '$user' AND approve=1" . $where_date;


Далее найти (13 или больше раз):
e.reason


Заменить на :
e.reason, e.user_id


3. Открыть /engine/init.php найти :
$tpl->set( '{profile-link}', $config['http_home_url'] . "user/" . urlencode ( $member_id['name'] ) . "/" );


Заменить на :
$tpl->set( '{profile-link}', $config['http_home_url'] . "user/" . urlencode ( $member_id['user_id'] ) . "/" );


4. Открыть /engine/modules/profile.php найти :
if( preg_match( "/[\||\'|\<|\>|\"|\!|\?|\$|\@|\/|\\\|\&\~\*\+]/", $user ) ) $user="";


Заменить на :
$user = is_numeric($user) ? intval($user) : "";


Далее найти :
$sql_result = $db->query( "SELECT * FROM " . USERPREFIX . "_users WHERE name = '$user'" );


Заменить на :
$sql_result = $db->query( "SELECT * FROM " . USERPREFIX . "_users WHERE user_id = '$user'" );


Далее найти ( много раз ) :
urlencode( $row['name'] )


Заменить на :
urlencode( $row['user_id'] )


5. Открыть /engine/modules/show.full.php, show.short.php, show.custom.php и /engine/classes/comments.class.php найти :
"user/" . urlencode( $row['autor'] )


Заменить на :
"user/" . urlencode( $row['user_id'] )


6. Открыть /engine/ajax/profile.php найти (2 раза) :
"user/" . urlencode( $row['name'] )


Заменить на:
"user/" . urlencode( $row['user_id'] )


Далее найти :
if( preg_match( "/[\||\'|\<|\>|\"|\!|\?|\$|\@|\/|\\\|\&\~\*\+]/", $name ) ) die("Not allowed user name!");


Заменить на :
if(!is_numeric($name))die("Not allowed user name!");


Автор: Gameer.name
Версия DLE: 10.x-11.x
Вернуться
Информация
Посетители, находящиеся в группе Гости, не могут оставлять комментарии к данной публикации.