MyBB Community Forums

MyBB Community Forums > Extensions > Plugins > Plugin Releases > [AJAX] ChangUonDyU - Advanced Statistics 1.0.1
Full Version: [AJAX] ChangUonDyU - Advanced Statistics 1.0.1
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7 8 9 10

ChangUonDyU

2009-04-15, 07:15 PM
DEMO: http://mybbvn.com

FEATURES
- Display latest posts in all forum and in specific forums. Auto Refresh using AJAX
- Display Topx: Top posters, newest members, top thanked, most views thread, hotest thread (most reply thread), most popular forum. Choose by Select Menu
- Choose result (by select menu)

Installation
- Upload file
  • inc/plugins/changstats.php
  • inc/languages/english/changstats.lang.php
- Goto admincp > Plugins > active ChangUonDyU - Advanced Statistics
- Edit index template
Find
{$header}
Add below
{$changstats}
<br />

DONE!!!

Instruction
To change options
Goto AdminCP > Configuration > Settings > ChangUonDyU - Advanced Statistics

- If you want to adjust display STATS box, you need edit some templates.
any question post in this thread.
GL!!!!
http://mybbvn.com/forum/showthread.php?tid=48

x_Stricken_x

2009-04-15, 07:18 PM
Very good job Big Grin

Aaron

2009-04-15, 08:55 PM
Your website is slow? may just be me. Nice mod.

Rob1991

2009-04-15, 09:12 PM
This is a BEAST of a sexy plugin!

Is there a way to disable the Top Thanked though?

Nevermind iv worked it out Big Grin

Another thing, when you select a tab at the top to show the selected forum id's for that tab, iv made it so when selected or unselected its always tcat. But is there a way to make whatever tab is selected, have bold font?

User 2877

2009-04-15, 09:48 PM
This is top notch. I just saw it on Rob's site and was like wtf is this? Came here found it on search and wow...great plugin. This will be used a lot.

One comment...you are hooking into global_end but since this is only on index you should either hook into index_end or use a return statement if script isn't the index.

Second Comment: You have some issues with your sql statements not cleaning all the variables which can lead to sql injection.

Example:
					$foruminid = $_REQUEST['listforumid'];
					$latestpostq = $db->query("SELECT $queryfield FROM ". TABLE_PREFIX ."threads WHERE fid IN ($foruminid) AND fid NOT IN ($hiddenforum) AND visible = 1 ORDER BY lastpost DESC LIMIT $cresult");

What you want to do is this:
					$foruminid = $db->escape_string($_REQUEST['listforumid']);

You can also use intval() for anything that's a number only.

So in more than one place you have that type of query. Hopefully you can take a look, correct them, and reissue before anyone gets exploited.

x_Stricken_x

2009-04-15, 10:11 PM
Anytime your getting data from the server, it is serious to prevent SQL injections. All I'd need to do right now is a certain method, and I could easily hack your forums and delete all the tables. Now don't worry I have no intentions to, just saying that it is possible if you don't take the right steps to protect your plugin.

Rob1991

2009-04-15, 10:17 PM
Quote:code changed
$cresult = intval($_REQUEST['result']);
$foruminid = $db->escape_string($_REQUEST['listforumid']);

Has the download been updated Big Grin?

ChangUonDyU

2009-04-15, 10:25 PM
code changed
$cresult = intval($_REQUEST['result']);
$foruminid = $db->escape_string($_REQUEST['listforumid']);

And Update one settings
Forums excluded from stats

User 2877

2009-04-16, 01:00 AM
Can I ask what license you are releasing this under? I am interested in modifying it and might release it with your permission. It would of course be a free download. My issue is the abundance of settings you are using. Also the $db->query selects should be using $db->simple_select instead for wider compatibility.

Example of a query change.

	$db->query("DELETE FROM ".TABLE_PREFIX."settings WHERE gid='$qinfo[gid]'");
Should be:
 	$db->delete_query("settings", "gid='".$qinfo[gid]."'");
That would be compatible with all the currently compatible mybb databases (sqlite, postgre, and mysql)

		$cresult = $_REQUEST['result'];

That needs to be cleaned. And these $_REQUESTS might be better off as $mybb->input instead.

		$cresult = $db->escape_string($mybb->input['result']);

I am still very impressed by this. Maybe that's why I would like to see if perfected. Just a few touches and it could be really the best stats plugin around.

The changstats_dateformat setting...I don't get it since mybb has user settings for date formats you can use.

The changstats_topcol_width is really a variable that could easily be altered in the template so I don't see the need for a setting here either. Instructions for width change would be very simple. Edit the template "changuondyu_stats_main" and find XXX and change to suit your needs.

To me every additional setting is an extra burden on my server. At least that's my philosophy.

Please let me know your license for this. Even if I alter it and release it you will get full credit as author and I would add myself as modified by.

Thanks.


Gotta say again how much I do like this plugin.

x-Treme

2009-04-16, 01:18 AM
This is awesome...I love the fact that you can add more than one forum under each tab.
Pages: 1 2 3 4 5 6 7 8 9 10
MyBB Community Forums > Extensions > Plugins > Plugin Releases > [AJAX] ChangUonDyU - Advanced Statistics 1.0.1