MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Is it possible to write php codes ?
Full Version: Is it possible to write php codes ?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

dexon95

2012-01-08, 10:22 PM
Hi ! I am editing the templates codes of my new one.

Somewhere, i really need to write a php/mysql code for set a variable and echo this one. But i tryed and the php code don't appear on the site.

Is it protected from php in templates codes ?
like for the : 'header_welcomeblock_member' templates code.

If its protect, is there a way to put my php code ?

Nathan Malcolm

2012-01-08, 10:35 PM
That's what plugins are for.

dexon95

2012-01-08, 10:44 PM
What is the name of this plugin ?

Nathan Malcolm

2012-01-08, 10:52 PM
You said you need to write some PHP and query the database, so you need to create a plugin to do that.

dexon95

2012-01-08, 10:57 PM
oh... I don't know making plugin...
Ok i found a plugin that let me write php Big Grin
But MyBB tel me that my script have potential security issue... i don't see where...

lok my script : 
$balance = mysql_query("SELECT balance FROM iconomy WERE 'username' = '{$mybb->user[\'fid4\']}'");
$s_balance = mysql_escape_string($balance);

echo $s_balance;

how can i make this with no security issue ?

fizz

2012-01-09, 12:52 AM
(2012-01-08, 10:57 PM)dexon95 Wrote: [ -> ]
$balance = mysql_query("SELECT balance FROM iconomy WERE 'username' = '{$mybb->user[\'fid4\']}'");
$s_balance = mysql_escape_string($balance);

echo $s_balance;

how can i make this with no security issue ?

Your script has tons of spelling and syntax errors in it, you need to pay more attention to those...

$balance = mysql_query("SELECT `balance` FROM iconomy WHERE `username` = '{$mybb->user[\'fid4\']}'");
echo mysql_real_escape_string($balance);

Nathan Malcolm

2012-01-09, 01:01 AM
You cannot use PHP in templates like that. It just won't work. You need to create a plugin that does the server side stuff.

Once again: You need to create a plugin that does the server side stuff.

dexon95

2012-01-09, 01:07 AM
when i only write : <?php echo 'lol'; ?>

The 'lol' appear on the page
so the plugin i just installed works i think.

But with your code, fizz, it still tell me that there is a security issue :/
(PHP and Template Conditionals (1.9)) for 1.6.x
http://mybbhacks.zingaburga.com/showthread.php?tid=260

fizz

2012-01-09, 01:14 AM
(2012-01-09, 01:07 AM)dexon95 Wrote: [ -> ]when i only write : <?php echo 'lol'; ?>

The 'lol' appear on the page
so the plugin i just installed works i think.

But with your code, fizz, it still tell me that there is a security issue :/
(PHP and Template Conditionals (1.9)) for 1.6.x
http://mybbhacks.zingaburga.com/showthread.php?tid=260

You need to either make a core edit or a plugin, like Nathan's said multiple times. There's plenty of documentation on how to do it in the Wiki.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Is it possible to write php codes ?