Dynamic Signatures

[TimRogers]

How would I make a signature that allows users to put a piece of text into my signature? I know you can use PHP, but I don't have the slightest clue about PHP

(Apart from Cutenews stuff)

Could someone make me a saple signature, very plain, and show me how to allow users to imput text into it thru my website?

Edited April 14, 2005 by TimRogers

[AaronC]

i have released a little script, if anyone wants to check it!

http://www.aar0nc.com/index.php?showforum=4

hope its what your after.

[pre]

OMGz0r! Ch3ck out my l33t dynam1c sigz0r! :p

585859987[/snapback]

lol neat! :laugh:

[blackice912 Veteran]

Removed my sig thanks to some kid who kept writing f**k over and over again. I guess totally dynamic sigs are a bad idea. I'm thinking the "select a quote" option to be a better idea now.

585804636[/snapback]

From a Neowin rules point of view, these "type anything into my sig" signatures are a liability to users who use them, as those users are responsible for their signatures and can/will get in trouble if there is offensive content in the signature that breaks Neowin Community Rules.

I'd highly suggest people only use the "select a line/quote" type of signatures if they want to be safe.

[TimRogers]

it's been banned, see announcement!

No more Dynamic Sigs!

[markwolfe Veteran]

it's been banned, see announcement!

No more Dynamic Sigs!

585881560[/snapback]

More properly stated: no more sigs that allow users to type in anything they want to be displayed. Too easy to violate Neowin's rules with a wide-open text entry system like that.

[TimRogers]

I really want someone to release a code that lets you choose!

[anonymousjon]

or you could add a word filter to your script :)

[markwolfe Veteran]

or you could add a word filter to your script :)

585881665[/snapback]

Word filters are rarely complete enough, and too easily bypassed (spaces or other tricks). I had to remove one today that some immature user posted using a circumvention.

Dynamic sigs that allow others to freely enter text for your sigs are no longer allowed. Period.

[Sphinx Myth]

That is exactly what it prevents users from doing. 

Put this in the page that has the form on it (which in this case would be a drop down list)

<?php
session_start();
$_SESSION['Key'] = "Some Big Unknown Key....blablablalba";
?>

and put this on the page that updates your data file

<?php
session_start();
if ($_SESSION['Key'] == "Same as they key you defined in the first file") {
//Your Code Here
$_SESSION['Key'] = "NONE";
}
else
Echo ("Thanks for trying to hack my sig.  Go get a life.");
?>

The user will see the Thanks for trying to hack my sig message if they try to POST the data form another page.

Hope that helps ;)

585810171[/snapback]

That's not a good idea because it's just as unsafe as before.

If you go first on the form, the session key is registered. Then, you can hack from another page without any problem...

Your protection works only if the hack is done immediately.

[Sir Topham Hatt]

Mine currently has a flaw.

Someone enjoys changing it immaturely to sexual things although I dont know how :(

I shall post it all in a Zip file later, although I am away from my computer for the next 48 hours or so.

I hate immature people!

Okay, so the person has put the following:

"I really ought to validate user input on my sig changer"

Any idea's?

I guess its someone from here. For now though, nobody is changing it anymore, it'll stay with what i put it as. :angry:

Edited May 13, 2005 by TheTrainMan

[quiet_lurker]

<?php
$my_sigs = array(  "Someone ought to write me a new sig generator!",
    "This space for rent.",
    "Got l33t?",
    "How's my driving? Call 1-800-223-1221, Ref. 223212");

if(!isset($_POST['submit'])){
?>

print some junk here for your form

<select name="new_sig">
<?php
	for($i = 0; $i < count($my_sigs); $i++){
  print '<option value="$i">$my_sig[$i]</option>';
	}
?>
</select>

do the rest of your form junk here

<?php
//The form was submitted, brings us here
}else{
	if(is_numeric($_POST['new_sig']) && $_POST['new_sig'] < count($my_sigs)){
  //print out the new text to the image here
  print_to_image($my_sigs[$_POST['new_sig']);
	}else{
  header('Location: http://' . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME']); //Monkey business, send them back to page
	}
}
?>

[quiet_lurker]

....

Okay, so the person has put the following:

"I really ought to validate user input on my sig changer"

Any idea's?

I guess its someone from here. For now though, nobody is changing it anymore, it'll stay with what i put it as.  :angry:

Your script currently has no user input validation, that means someone could save the result of your PHP script locally (HTML file), edit the form to submit to the full URL of your script, edit the option values to be whatever they want, and submit the new edited responses. See above post for an idea on how to remedy that.

[headkaze]

You can POST/GET variables to a php script simply by adding ?variable=whatever to the end of the script. Perhaps this person is exploiting that fact.

[j.r.l.]

You can POST/GET variables to a php script simply by adding ?variable=whatever to the end of the script. Perhaps this person is exploiting that fact.

585913629[/snapback]

GET only... or query string...

Anyways, you could make a form which stores select options in an array then when user X submits the form with "W00t! This is so 1337!!", then "W00t! This is so 1337!!" get's written to message.txt using file_put_contents or fopen/fwrite... Then the GD script would file_get_contents the message.txt file ;)

My sig uses a text file to generate it's content.. and a small filter of mine

[Sphinx Myth]

Mine currently has a flaw.

585912697[/snapback]

As quiet_lurker suggested, the easier and best way is to check if the submitted text is in your database.

[Andrew Lyle Global Moderator]

please read this.. im sure its already posted, but this thread is really long.. i dont feel like searching.

it is banned on neowin

[Sir Topham Hatt]

please read this.. im sure its already posted, but this thread is really long.. i dont feel like searching.

it is banned on neowin

585915275[/snapback]

Read again. Sigs that allow users to put in any old test are banned. Ones that have a choice of pre-defined ones are fine.

WOW - code but no explanation? Yes, I see the explanation in the file, but that loosk like a brand new script, NOT building into the script I have? I don't really understand it either - I am NOT php fluent :cry:.

I only just got that sig version online and able to work and now that above seems to be a single file that can do it all instead of the four or five i have?

I don't want to start again because it'll put me right back to the beginning again. Is there not a simple few lines of code that I can include to make sure that it's been submitted from my server rather than locally?

Then again, is it really worth it?

[russnex]

ignore this sorry :blush:

[Sir Topham Hatt]

So nobody can fix it then :/

The Dude suggested a fix HERE but I dont know where to put that :/ Which file?

Thanks

[quiet_lurker]

I dont know exactly what you're using now for your sig generator so I can't give you more details. If you want to zip it up and upload it somewhere, I can give you more info.

[Sir Topham Hatt]

Thanks for that :)

Question though - can it display the newly changed image?

[quiet_lurker]

Right now your forum sig is still pointed to the old image, otherwise it would show the changes in the thread...

On your sig change page, it looks like sometimes the image gets cached. You might be able to fix this by changing line 36 of index.php to:

  <td><img src="sig.png?<? echo time(); ?>" border="0"></td>

This may force the browser to update the image everytime...

[Sir Topham Hatt]

yea, I wanted to get it right before changing it :p

Thanks again :)

[j.r.l.]

Right now your forum sig is still pointed to the old image, otherwise it would show the changes in the thread...

On your sig change page, it looks like sometimes the image gets cached. You might be able to fix this by changing line 36 of index.php to:

 ?<td><img src="sig.png?<? echo time(); ?>" border="0"></td>

This may force the browser to update the image everytime...

585932757[/snapback]

or header("Cache-control: no-cache"); should work as well

[Sir Topham Hatt]

It's working now.

I just don't like those people who don't read the stickie about Dynamic Sigs. Ones like mine ARE allowed, its those who have "free-speech" that arnt :roll: