• 0

Dynamic Signatures

Asked by TimRogers,

 Share

Question

Grand Master

TimRogers

Posted
Posted (edited)

How would I make a signature that allows users to put a piece of text into my signature? I know you can use PHP, but I don't have the slightest clue about PHP

(Apart from Cutenews stuff)

Could someone make me a saple signature, very plain, and show me how to allow users to imput text into it thru my website?

Edited by TimRogers
Link to comment
https://www.neowin.net/forum/topic/301987-dynamic-signatures/
Share on other sites

184 answers to this question

Recommended Posts

  • 0
Grand Master

blackice912 Veteran

Posted
  • Veteran
Posted
Removed my sig thanks to some kid who kept writing f**k over and over again. I guess totally dynamic sigs are a bad idea. I'm thinking the "select a quote" option to be a better idea now.

585804636[/snapback]

From a Neowin rules point of view, these "type anything into my sig" signatures are a liability to users who use them, as those users are responsible for their signatures and can/will get in trouble if there is offensive content in the signature that breaks Neowin Community Rules.

I'd highly suggest people only use the "select a line/quote" type of signatures if they want to be safe.

  • 0
Grand Master

markwolfe Veteran

Posted
  • Veteran
Posted
it's been banned, see announcement!

No more Dynamic Sigs!

585881560[/snapback]

More properly stated: no more sigs that allow users to type in anything they want to be displayed. Too easy to violate Neowin's rules with a wide-open text entry system like that.

  • 0
Grand Master

markwolfe Veteran

Posted
  • Veteran
Posted
or you could add a word filter to your script :)

585881665[/snapback]

Word filters are rarely complete enough, and too easily bypassed (spaces or other tricks). I had to remove one today that some immature user posted using a circumvention.

Dynamic sigs that allow others to freely enter text for your sigs are no longer allowed. Period.

  • 0
Collaborator

Sphinx Myth

Posted
Posted
That is exactly what it prevents users from doing. 

Put this in the page that has the form on it (which in this case would be a drop down list)

<?php
session_start();
$_SESSION['Key'] = "Some Big Unknown Key....blablablalba";
?>

and put this on the page that updates your data file

<?php
session_start();
if ($_SESSION['Key'] == "Same as they key you defined in the first file") {
//Your Code Here
$_SESSION['Key'] = "NONE";
}
else
Echo ("Thanks for trying to hack my sig.  Go get a life.");
?>

The user will see the Thanks for trying to hack my sig message if they try to POST the data form another page.

Hope that helps ;)

585810171[/snapback]

That's not a good idea because it's just as unsafe as before.

If you go first on the form, the session key is registered. Then, you can hack from another page without any problem...

Your protection works only if the hack is done immediately.

  • 0
Grand Master

Sir Topham Hatt

Posted
Posted (edited)

Mine currently has a flaw.

Someone enjoys changing it immaturely to sexual things although I dont know how :(

I shall post it all in a Zip file later, although I am away from my computer for the next 48 hours or so.

I hate immature people!

Okay, so the person has put the following:

"I really ought to validate user input on my sig changer"

Any idea's?

I guess its someone from here. For now though, nobody is changing it anymore, it'll stay with what i put it as. :angry:

Edited by TheTrainMan
  • 0
Contributor

quiet_lurker

Posted
Posted 
<?php
$my_sigs = array(  "Someone ought to write me a new sig generator!",
    "This space for rent.",
    "Got l33t?",
    "How's my driving? Call 1-800-223-1221, Ref. 223212");

if(!isset($_POST['submit'])){
?>

print some junk here for your form

<select name="new_sig">
<?php
	for($i = 0; $i < count($my_sigs); $i++){
  print '<option value="$i">$my_sig[$i]</option>';
	}
?>
</select>

do the rest of your form junk here

<?php
//The form was submitted, brings us here
}else{
	if(is_numeric($_POST['new_sig']) && $_POST['new_sig'] < count($my_sigs)){
  //print out the new text to the image here
  print_to_image($my_sigs[$_POST['new_sig']);
	}else{
  header('Location: http://' . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME']); //Monkey business, send them back to page
	}
}
?>

  • 0
Contributor

quiet_lurker

Posted
Posted
....

Okay, so the person has put the following:

"I really ought to validate user input on my sig changer"

Any idea's?

I guess its someone from here. For now though, nobody is changing it anymore, it'll stay with what i put it as.  :angry:

Your script currently has no user input validation, that means someone could save the result of your PHP script locally (HTML file), edit the form to submit to the full URL of your script, edit the option values to be whatever they want, and submit the new edited responses. See above post for an idea on how to remedy that.

  • 0
Grand Master

j.r.l.

Posted
Posted
You can POST/GET variables to a php script simply by adding ?variable=whatever to the end of the script. Perhaps this person is exploiting that fact.

585913629[/snapback]

GET only... or query string...

Anyways, you could make a form which stores select options in an array then when user X submits the form with "W00t! This is so 1337!!", then "W00t! This is so 1337!!" get's written to message.txt using file_put_contents or fopen/fwrite... Then the GD script would file_get_contents the message.txt file ;)

My sig uses a text file to generate it's content.. and a small filter of mine

  • 0
Grand Master

Sir Topham Hatt

Posted
Posted
please read this.. im sure its already posted, but this thread is really long.. i dont feel like searching.

it is banned on neowin

585915275[/snapback]

Read again. Sigs that allow users to put in any old test are banned. Ones that have a choice of pre-defined ones are fine.

WOW - code but no explanation? Yes, I see the explanation in the file, but that loosk like a brand new script, NOT building into the script I have? I don't really understand it either - I am NOT php fluent :cry:.

I only just got that sig version online and able to work and now that above seems to be a single file that can do it all instead of the four or five i have?

I don't want to start again because it'll put me right back to the beginning again. Is there not a simple few lines of code that I can include to make sure that it's been submitted from my server rather than locally?

Then again, is it really worth it?

  • 0
Contributor

quiet_lurker

Posted
Posted

Right now your forum sig is still pointed to the old image, otherwise it would show the changes in the thread...

On your sig change page, it looks like sometimes the image gets cached. You might be able to fix this by changing line 36 of index.php to:

  <td><img src="sig.png?<? echo time(); ?>" border="0"></td>

This may force the browser to update the image everytime...

  • 0
Grand Master

j.r.l.

Posted
Posted
Right now your forum sig is still pointed to the old image, otherwise it would show the changes in the thread...

On your sig change page, it looks like sometimes the image gets cached. You might be able to fix this by changing line 36 of index.php to:

 ?<td><img src="sig.png?<? echo time(); ?>" border="0"></td>

This may force the browser to update the image everytime...

585932757[/snapback]

or header("Cache-control: no-cache"); should work as well

This topic is now closed to further replies.
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • OpenAI and Broadcom unveil Jalapeño, a new AI chip built for LLM inference

      By margrave · Posted

      Because of what they have done to VMware I will never buy anything Broadcom again.
    • AMD releases hotfix for driver install issues on Windows 10 PCs

      By TarasBuria · Posted

      AMD releases hotfix for driver install issues on Windows 10 PCs by Taras Buria Earlier this week, AMD released an important graphics driver update. Version 26.6.2 brought AMD FSR 4.1 support to the previous-gen Radeon lineup, the RX 7000 series, giving users better upscaling tech that was previously locked to the newest GPUs. However, the driver turned out to be a little buggy, with users reporting installation issues on systems still running Windows 10. AMD quickly acknowledged the bug and today released a hotfix to resolve the problem. The AMD 26.6.3 Hotfix update is now available for download from the official website. Given that it is a hotfix release, it has only one change in its release notes: AMD announced the update on its official X account and added that a WHQL driver update with the necessary fixes would be released next week. Meanwhile, users can apply the hotfix or roll back to the previous driver using the official AMD Cleanup Utility. You can download AMD Software: Adrenalin Edition 26.6.3 Hotfix Preview Driver from the official website here. It is compatible with all currently supported graphics cards and 64-bit Windows 10 and 11. Full release notes are available on the same page.
    • Windows 11 is now five years old

      By Nick H. · Posted

      With Microsoft now listening to its core audience and acting upon received feedback, fans can finally expect a much better version of Windows 11 than what was available five years ago. Here is to five more years, Windows 11! I guess we all need a good laugh now and again...
    • Amazon Prime Day 2026 deal sees Samsung Odyssey 49" 240Hz QD-OLED monitor at lowest price

      By hellowalkman · Posted

      Amazon Prime Day 2026 deal sees Samsung Odyssey 49" 240Hz QD-OLED monitor at lowest price by Sayan Sen Earlier today we covered a very good deal on JBL's BAR 800 Dolby Atmos soundbar system as the unit is available for just $600 as part of Amazon Prime Day 2026 deals. That's not all though as there are many more discounts to choose from. If you are looking for a high-end monitor, Samsung's 49 inch G9 QD-OLED gaming monitor is a solid deal too as it's currently just $855 (purchase link under the specs table down below). It is a super-ultrawide (32:9) 1440p curved gaming monitor and as such should offer a very immersive experience. The G93SC is a 49-inch QD-OLED (Quantum Dot OLED) screen and that means it should have excellent contrast as well as color reproduction. Brightness is a bit lacking though so if you are looking to set it up in a relatively bright room, you may be better off with something else. Speaking of external light and brightness, the major difference on the G93SC vs the newer G93SD is that the latter comes with Samsung's "Glare Free" technology to reduce glare while the C model packs a glossy finish. The technical specifications of the Samsung G93SC are given in the table below: Specification Value Panel Type OLED Screen Shape Curved Screen Curvature 1800R Resolution DQHD (5120 × 1440) Aspect Ratio 32:9 Brightness (Typical) 250 cd/m² Brightness (Minimum) 200 cd/m² Contrast Ratio 1,000,000:1 HDR Support VESA DisplayHDR True Black 400 HDR10+ HDR10+ Gaming Response Time 0.03 ms (GTG) Refresh Rate Up to 240 Hz Viewing Angle 178° Horizontal / 178° Vertical Color Support 1 Billion Colors Color Gamut 99% DCI-P3 (CIE1976) Adaptive Sync FreeSync Premium Pro / G-SYNC Compatible DisplayPort 1 × DisplayPort 1.4 HDMI 1 × HDMI 2.1 Micro HDMI 1 × Micro HDMI 2.1 USB Hub 3 × USB 3.0 Speakers Built-in Speaker Output 5W × 2 Channels Operating Temperature 10°C – 40°C Operating Humidity 10–80% (Non-condensing) Stand Type Height Adjustable Stand (HAS) Height Adjustment 120.0 ± 5.0 mm Tilt -2° (±2°) to 15° (±2°) Wall Mount 100 × 100 mm (VESA) Included HDMI Cable HDMI-to-Micro HDMI Cable Included DisplayPort Cable Yes Get it at the link below: Samsung 49" Odyssey G93SC Series Curved Gaming Monitor, QD-OLED: $854.99 (Sold and Shipped by Amazon US with Prime) Prime subscription can be cancelled within three business days at no cost. Good to know This Amazon deal is U.S. specific, and not available in other regions unless specified. We only use first-party seller links (at the time of article publishing); ensure that you purchase from a first-party seller link only. Check out Today's Deals on Amazon | or our recent tech deals. Become a Prime member (for Students or SNAP) via Neowin Get Prime Access - Prime for half price (for qualifying Medicaid, EBT, SNAP) Subscribe to Prime Video, Audible Plus, Music Unlimited or Kindle Unlimited via Neowin As an Amazon Associate, we earn from qualifying purchases.
    • Windows 11 is now five years old

      By Snake Doc · Posted

      Actually Windows 11 is the GUI from Windows 10 X slapped onto Windows 10. Hence the many performance issues and initial limitations of the UI, like all the restrictions on the task bar placement and features. You could not even right click on the Taskbar and bring up task manager when it first shipped. Windows 10X was truly a new OS from the ground up. Basically a lightweight OS that ran containers for various app types. Win32 got its own container. Performance was not good and OEM’s pushed back on it, but wanted a new OS to push Pc sales. Hence Windows 11. https://en.wikipedia.org/wiki/Windows_10X

  • Recent Achievements

    • Dedicated
      Scoobystu earned a badge
      Dedicated
    • First Post
      Tom Schmidt earned a badge
      First Post
    • One Month Later
      D0nn13 earned a badge
      One Month Later
    • Rookie
      +ChiefOfNeo went up a rank
      Rookie
    • One Year In
      Tom Schmidt earned a badge
      One Year In

  • Popular Contributors

    1. 1
      +primortal
      457
    2. 2
      +Edouard
      177
    3. 3
      PsYcHoKiLLa
      123
    4. 4
      Michael Scrip
      81
    5. 5
      Xenon
      76
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!