Hi,

I have an idea for an improvement of userspice. First of all: I really like userspice!!!

But I think it might be even better if you could change the names of the tables in the database. Is it maybe possible to give all of them a prefix like "us_". That would make it easier if you need to search for your own tables in phpmyadmin and sort them by table-names. I know this might be a lot of work as you probably use these table-names a lot in your php codes but I think it would make work a bit easier when you are using own tables.

Thanks in advance and again: thanks for userspice!!
Chris

Hi everyone,

I’m trying to include a page called head.php, where there's all the part before <!DOCTYPE html>. It works well on my index page, but when I put it (for example) on the users/join.php it doesn’t work.
What I want to do is to make all my pages starting like this: http://pasted.co/4dd2ff6c.
Page head.php: http://pasted.co/4e404c3d
Page header.php: http://pasted.co/fec196e7
All I have is a blank page when I paste it on pages in the users file, but it works well in my root file. Does anyone have a solution?
Thanks

When adding new pages they are public by default. Is it possible to make them private by default?

Hi all,

The script I'm working on, uses an Array of strings to be both in Spanish and English. (or at least the original script I'm converting to US does).

A couple of questions, I saw that US has its own multi-language section, can this be added on to?
If not, is it possible for me to turn an array such as $lang so that I could refer to element 15 and echo just $lang->15 without having to load the array in every file?

Hope these questions make sense,
Chris

Hi all,

I was looking for enabling the email verification for users, but I can't find it... Does anyone knows how to enable it? Thanks

Dont know if this is severe at all but i copied this from phpmailer's Github:

PHPMailer versions prior to 5.2.24 (released July 26th 2017) have an XSS vulnerability in one of the code examples, CVE-2017-11503. The code_generator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There was also an undisclosed potential XSS vulnerability in the default exception handler (unused by default). Patches for both issues kindly provided by Patrick Monnerat of the Fedora Project.

PHPMailer versions prior to 5.2.22 (released January 9th 2017) have a local file disclosure vulnerability, CVE-2017-5223. If content passed into msgHTML() is sourced from unfiltered user input, relative paths can map to absolute local file paths and added as attachments. Also note that addAttachment (just like file_get_contents, passthru, unlink, etc) should not be passed user-sourced params either! Reported by Yongxiang Li of Asiasecurity.

PHPMailer versions prior to 5.2.20 (released December 28th 2016) are vulnerable to CVE-2016-10045 a remote code execution vulnerability, responsibly reported by Dawid Golunski, and patched by Paul Buonopane (@Zenexer).

PHPMailer versions prior to 5.2.18 (released December 2016) are vulnerable to CVE-2016-10033 a remote code execution vulnerability, responsibly reported by Dawid Golunski.

Every time I open the page admin_pages.php all pages in the userspice database are getting removed. What might be the reason for this?

Is there a way to check whether the logged in user is a admin?

Just wanted to say hi. Hope everyone is doing well.

Hello!

Does anyone here do version control with their projects? Release notes? Full-scale dev solutions? Would be interesting to know how you all push your updates.

With me: I am using bitbucket. I use Atom to do my coding (Was using Notepad++) and Sourcetree for my Commits. I test locally, on the live server, then push my updates to prod through a ZIP I make and upload. I have a script called "mydashupdater.php" that runs the queries I need to in it, and have my own version file in usersc/ which if the value in my database for SQL (setting called mydash_sql_ver) is less than the version file, an updater button pops up to bring you to the mydashupdater.php file which updates the SQL and the DB sql_ver.

I'll post a more elaborate piece to this - and reupload my screenshots since I have changed my system a lot since!

Looking forward to hearing everyone elses aspects around this!