I want to know the url (if there is one) to view profiles by name, and not user id.
http://path to forum.com/member.php?action=profile&uid={user id}
is the one to user id
whats the one by username (if there is one)
There isn't any, you would need to change some code in member.php
-----------
Probably other ways too, this was the first one that came up to me ...
Open member.php
Find
else
{
if($mybb->input['uid'])
{
$uid = intval($mybb->input['uid']);
}
else
{
$uid = $mybb->user['uid'];
}
}
$query = $db->query("SELECT u.* FROM ".TABLE_PREFIX."users u WHERE u.uid='$uid'");
$memprofile = $db->fetch_array($query);
Replace by
else
{
if($mybb->input['uid'])
{
$uid = intval($mybb->input['uid']);
}
elseif($mybb->input['username'])
{
$username = addslashes($mybb->input['username']);
$query = $db->query("SELECT u.* FROM ".TABLE_PREFIX."users u WHERE u.username='$username'");
$memprofile = $db->fetch_array($query);
}
}
if($mybb->input['uid'] != "" || $mybb->input['uid'] == "lastposter")
{
$query = $db->query("SELECT u.* FROM ".TABLE_PREFIX."users u WHERE u.uid='$uid'");
$memprofile = $db->fetch_array($query);
}
http://path to forum.com/member.php?action=profile&username={username} should work then =P
EDIT ::
Code changed with the fix
The code you posted allows sql injection. Please replace this line
$username = $mybb->input['username'];
with
$username = addslashes($mybb->input['username']);
Michael83 Wrote:The code you posted allows sql injection. Please replace this line
$username = $mybb->input['username'];
with
$username = addslashes($mybb->input['username']);
and what dose this code do?
It prevents attackers from hacking into your forums.
LeX- ty and also is there a way to use both????
you can still use both ...