Mysidia Adoptables Support Forum - View Single Post

***Kyttias*** · #13 02-19-2016, 05:14 PM

...okay, so before I can build the report feature I need to actually make a pet bio setup for myself. Ah... still, look it over so our database fields are the same and so you can get the filters in place that will fix the slashes and allow some html to render!!

.
.
.
.

Pet Profile Mod: Biography Field
If you don't know what a pet profile is, see THIS THREAD to understand how such a thing can be done and find some loose instructions on how to begin with that sort of thing. Already have one? Great!

Step One: Database
Access your database with phpMyAdmin and open the table adopts_owned_adoptables. You can either manually add a VARCHAR 1500 field by the name of 'bio' yourself or open the Structure tab and enter in this SQL:

Code:

ALTER TABLE `adopts_owned_adoptables` ADD `bio` VARCHAR(1500) NULL DEFAULT NULL AFTER `owner`;

Step Two: Management Link
Inside view/myadoptsview.php's public function manage() add:

PHP Code:


			
$document->add(new Image("templates/icons/title.gif")); // This could be whatever.
$document->add(new Link("myadopts/editbio/{$aid}", " Edit {$name}'s Bio", TRUE));

Step Three: Bio Edit Page
Add into view/myadoptsview.php:

PHP Code:


			
public function editbio(){
    $mysidia = Registry::get("mysidia");
    $adopt = $this->getField("adopt");        
    $image = $this->getField("image");        
    $document = $this->document;
    
    if($mysidia->input->post("submit")){
        $document->setTitle("Biography Field Updated");
        $document->add($image);
        $document->add(new Comment("<br/>You've successfully modified {$adopt->getName()}'s biography. <br/> Would you like to <a href='../../myadopts/manage/{$adopt->getAdoptID()}'>continue to manage</a> {$adopt->getName()} or <a href='../../levelup/click/{$adopt->getAdoptID()}'>view their profile</a>?"));
        return;
    }
    
    $document->setTitle("Biography of ".$adopt->getName());
    $document->add($image);
    $document->addLangvar("<br/>Write a little something about {$adopt->getName()}! Try to keep it under 1500 characters.<br/>");
    
    $editBioForm = new FormBuilder("editbioform", "", "post");
    $editBioForm->buildTextArea("adoptsbio", $value="{$adopt->getPetBio()}")->buildButton("Edit Bio", "submit", "submit");
    $document->add($editBioForm);           
}

Add into myadopts.php:

PHP Code:


			
public function editbio(){
    $mysidia = Registry::get("mysidia");        
    if($mysidia->input->post("submit")){            
        $this->adopt->setPetBio($mysidia->input->post("adoptsbio"), "update");
    }
    $this->setField("adopt", $this->adopt);        
    $this->setField("image", $this->image);            
}

Step Four: Send and Receive Bio
** The filters in these functions will fix slashes after apostrophes AND allow basic HTML elements to render.

Add into classes/class_ownedadoptable.php:

PHP Code:


			
public function setPetBio($bio, $assignMode = ""){
    $bio = trim($bio); 
    $bio = stripslashes($bio); 
    $bio = htmlspecialchars($bio);

    /* Remove CSS styles that may allow for malicious edits. */
    $list = array('position','float','z-index','font-size'); 
    $patterns = array(); 
    foreach ($list as $v){ 
        $patterns[]= '/'.$v.'\s*:\s*[^;"]*;?/'; 
    } 
    $bio = preg_replace($patterns,'', $bio);

    $bio = html_entity_decode($bio); 

    /* Because of the way DOMDocument() works below, unclosed HTML angle brackets will be considered errors and removed. */
    /* Many emoticon faces and even the common <3 symbol utilize angle brackets! We're going to give a few safe harbor below... */
    $bio = str_ireplace('<3','&#x2665;',$bio); 
    $bio = str_ireplace('_<','_&lt;',$bio);  
    $bio = str_replace('D<','D&lt;',$bio); 
    $bio = str_replace('D:<','D:&lt;',$bio);     
    $bio = str_replace('u<','u&lt;',$bio); 
    $bio = str_replace('w<','w&lt;',$bio); 
    $bio = str_replace('o<','o&lt;',$bio); 
    $bio = str_replace('U<','U&lt;',$bio); 
    $bio = str_replace('W<','W&lt;',$bio); 
    $bio = str_replace('O<','O&lt;',$bio); 

    /* This will help prevent malicious Javascript inclusion so users don't click links that activate code. */
    $bio = str_ireplace('<a href="j','<a href="## ',$bio); 
    $bio = str_ireplace('onclick=',' ',$bio); 

    /* This will make sure all links open a new tab. */
    $bio = str_ireplace('<a ','<a target="_BLANK" ',$bio); 
    $bio = str_ireplace('<strike>','<s>',$bio); $bio = str_ireplace('</strike>','</s>',$bio); 
    $bio = preg_replace('/(<br>){1,}$/', '', $bio);    

    $doc = new DOMDocument(); 
    $doc->loadHTML('<?xml encoding="UTF-8" >' . $bio); 
    $bio = $doc->saveHTML(); 

    /* This contains HTML tags that are exceptions: therefore ALLOWED and AREN'T going to be stripped out. */ 
    $bio = strip_tags($bio,'<a><pre><code><b><i><img><center><u><s><em><sub><sup><strong><br><span><small>');  

    $bio = trim($bio);   

    /*Okay NOW we can put it in the database!! ^_^;; */
    if($assignMode == Model::UPDATE) $this->save("bio", $bio);
    $this->bio = $bio;
}

public function getPetBio(){
    return htmlspecialchars_decode($this->bio);
}

Step Five: Render to Pet Profile
Again, if you don't know what a pet profile is, see THIS THREAD to understand how such a thing can be done and find some loose instructions on how to begin with that sort of thing. Already have one? Great!

Inside view/levelupview.php you can access the pet bio with {$adopt->getPetBio()}. Inside levelup.php, the same variable must be accessed with {$this->adopt->getPetBio()}. If it is empty, nothing should render.

However, say you want to render it inside a div with a header above it that says "Biography". You don't need these elements to render if the bio field is empty, therefore, you need to create an if statement. (This version for view/levelupview.php:)

PHP Code:


			
if ($adopt->getPetBio() != ""){
    $bio = "<h4>Biography</h4><div class='well'>{$adopt->getPetBio()}</div>";
}

You should then render {$bio} inside the $message variable as you would other stats.

To test the system thus far, give a pet a bio that says:

Code:

Hello! <3 We're going to do some "interesting" things like <b>bold</b> and make text <small>smaller</small>.

Step Seven: Dealing With Malicious Users
We're going to now create a page users can go to if they want to report a pet with an inappropriate profile!

Inside levelup.php's public function __construct() we need to ADD the following as a condition to the first if statement (on a fresh install it should be around line 18 or so??):

PHP Code:


			
or $mysidia->input->action() == "report"

Also here in levelup.php, we're going to create:

PHP Code:


			
public function report(){
    $mysidia = Registry::get("mysidia");
    $admin = new Admin($mysidia->settings->systemuser);
    $reason = $mysidia->input->post("reason");

    if($mysidia->input->post("reason")){
        $pm = new PrivateMessage(); 
        $pm->setsender($mysidia->user->username); // Will appear to be sent by the reporter.
        $pm->setrecipient($admin->username);
        $pm->setmessage("<b>⚠ </b> "."Pet Profile Reported", "<b>Offending Pet:</b> (#{$this->adopt->getAdoptID()}) <a target=\"_BLANK\" href=\"../../levelup/click/{$this->adopt->getAdoptID()}\">{$this->adopt->getName()}</a> <br/><b>Pet Owner:</b> <a href=\"../../profile/view/{$this->adopt->getOwner()}\" target=\"_BLANK\">{$this->adopt->getOwner()}</a><br/><b>Reason For Report:</b> ".$reason."<br><b>Message Being Reported:</b><br><blockquote>".$this->adopt->getPetBio()."</blockquote><br><b>Report Delivered By:</b> {$mysidia->user->username}");
        $pm->post();  
    }

    return TRUE;  
}

Now, open up view/levelupview.php and create:

PHP Code:


			
public function report(){
    $mysidia = Registry::get("mysidia");
    $document = $this->document;        
    if($mysidia->input->post("submit")){        
        $document->setTitle("Pet Profile Reported");
        $document->addLangvar("Thank you for your report! An admin will look over it soon. Please do not contact the offending party about this incident. Instead, let us handle it!");
        return;
    }                
    
    $reportForm = new Form("reportform", "", "post");
    $reportForm->add(new Comment("<b>Reason:</b>"));
    $reportForm->add(new TextArea("reason", "(Enter a reason here!)"));
    $reportForm->add(new Button("Report", "submit", "submit"));    
    
    $document->setTitle("Reporting a Pet Profile");
    $document->addLangvar("Valid reasons for a report include but are not limited to excessive use of swear words, defamation/harassment, and the mention or depiction of activities inappropriate for children.<br/>");
    $document->add($reportForm);         
}

The report page for any given pet, say a pet with adoptable id # of 8, would be located at yoursite.com/levelup/report/8. You'll want to add a link to the adoptable's report page on their profiles. Inside public function click() of view/levelupview.php you can use:

PHP Code:


			
if(($mysidia->user->username != NULL) && ($mysidia->user->username != $adopt->getOwner())){
    $reportlink = "<a href='../../levelup/report/{$adopt->getAdoptID()}'>Report!</a>";
}

And you can then include {$reportlink} inside $message wherever you feel would be best. Be sure to go do that now!

Inside levelup.php's public function click() you'll want to do the same (it's similar, but we need to specify $this):

PHP Code:


			
if(($mysidia->user->username != NULL) && ($mysidia->user->username != $this->adopt->getOwner())){
    $reportlink = "<a href='../../levelup/report/{$this->adopt->getAdoptID()}'>Report!</a>";
}

Both of these are checking if the user has a username first to prevent guests from filing reports -- not just for the sake of spam, but also because you wouldn't be able to open a PM sent from a nonexistent user, anyway. These report links also will not show up if the pet is the user's own.