I am working on a posts moderation plugin and could you help me here?
Basically it will have check boxes from 1 to 24 and the value will then be transferred to the query which will return posts. Will this be OK with MYBB?
Also how can I check if the value is
3600 before:
foreach($_POST['test'] as $modtime);
if (!empty($_POST['test']))
{
foreach($_POST['test'] as $modtime);
}
$cutoff = TIME_NOW - $modtime;
<input type="checkbox" name="test[]" value="3600">1 Hour<br>
Can I do maybe something like this:
if (in_array($_POST['postModeration'], array(3600,7200)))
First use $mybb->input['fieldname']. This keeps code consistent. If you want to verify that it was a post, you can use if($mybb->request_method == "post"). Second, a foreach loop line does not end with a semicolon.
Since I don't know entirely how your code works, I'd suggest either $db->escape_string($modtime) or if $modtime should be numeric, use intval($modtime). This would be in your foreach loop. This way it will be safe for the database.
Thanks buddy very much for you advice.
I don't really have a plugin it's a page that I have created.
define("IN_MYBB",1);
include("global.php");
<form action="test.php" method="post">
<input type="checkbox" name="test[]" value="3600">1 Hour<br>
</form>
Will this work:
if (!empty($mybb->input['test']))
{
foreach($mybb->input['test'] as $modtime);
}
(2014-07-11, 02:47 PM)marcus123 Wrote: [ -> ]Will this work:
if (!empty($mybb->input['test']))
{
foreach($mybb->input['test'] as $modtime);
}
This will result in last element of
$mybb->input['test'] being assigned to
$modtime, but that does not really make sense.
If the form you are working on should always send an array you should verify that as well (
is_array($mybb->input['test'])).
What exactly are you trying to do with the code you have problems with?
I am creating a tool for moderators to check recent posts. The tool contains check boxes like:
1 hour, 2 hours ...... 12 hours ...... 24 hours, so that moderator can choose time range.
These check boxes contain value of hours in seconds.
The value is then passed to the search query that will retreat post based on time range.
It works but I don't know if using $_POST is making my forum vulnerable.
Then the form should look like this:
<form action="test.php" method="post">
<input type="radio" name="time" value="3600" checked="checked">1 Hour<br>
<input type="radio" name="time" value="7200">2 Hours<br>
...
</form>
Checkboxes would be inadequate since they all can be selected - I've put two radio buttons (1 hour by default) and since they have the same
name attribute only one of them can be selected. You might as well use the drop-down
<select> form - that's your choice.
$allowed = [3600, 7200];
if (!isset($mybb->input['time']) && in_array($mybb->input['time'], $allowed))
{
// db queries, etc. containing $mybb->input['time']
}
The code above checks if the form has been sent and whether the POST-ed value is allowed - that way you can use plain
$mybb->input['time'] as it is in your SQL query.
Wow great thanks very much.
$mybb->input['time']
Doesn't seem to work.
$_POST['time']
Works
It's a php page maybe I have to declare $mybb somewhere like in the plugin function?
global $mybb;
If you were using $mybb->input in a function, it won't work unless you declare $mybb as a global in the function.
How do you declare $mybb in a php custom page?
Place this before your actual script (you will probably need the db handler too):
global $mybb, $db;