This will sound noob, but I don't know how to run a query without hard coding MyBB database info inside a script, while MyBB allows to securely connect without leaving db info inside templates.
What I need to do inside the script is take user UID, check inside users table if a given cell is empty or not for given user, then print a message depending on cell status.
May I ask for help?
Add the following at the top of your page and you'll be fine:
define('IN_MYBB', 1); require "./global.php";
(2018-07-18, 07:26 PM)Wires Wrote: [ -> ]Add the following at the top of your page and you'll be fine:
define('IN_MYBB', 1); require "./global.php";
I'm missing the statement to open a connection with the database
There is no statement to open a connection with the database. What I’ve provided will allow you to access the MyBB functions where necessary. See
here.
(2018-07-19, 10:40 AM)Wires Wrote: [ -> ]There is no statement to open a connection with the database. What I’ve provided will allow you to access the MyBB functions where necessary. See here.
Yeah I know that statement, and I was convinced there was a function to connect to the db immediately.
I will look for the proper one if exists
What are you exactly trying to do here? MyBB’s connection to the database is based off of the code provided. That is the “proper way”. You may want to try looking in global.php to see if that helps.
(2018-07-19, 10:50 AM)Wires Wrote: [ -> ]What are you exactly trying to do here? MyBB’s connection to the database is based off of the code provided. That is the “proper way”. You may want to try looking in global.php to see if that helps.
What I'm trying to do is what I stated in the first post,
I've nstalled the "2 Factor Authentication" plugin by Nasyr and I want to deny access to custom MyBB pages to all users that didn't active it ("secret" colum in mybb_users empty for given user).
The point is, I don't know how to do it.
In addition to this, time ago I hard coded db info inside a template to perform some operations, but I was told by another MyBB user that it may lead to a huge security issue and that MyBB allows to run db queries using default MyBB variables, but I don't know what he was referring to.
You can use something like this (typing via iPhone):
// Grabs user info based off UID from users table
$user = get_user($mybb->user[‘uid’]);
// Check if User’s Secret column is empty
if (empty($user[‘secret’])) {
// Call error page
error_no_permission();
};
You are connected to the database already.
If you want to exclude access based on a field in your DB, put this in the php file:
---- damn wires was faster
(2018-07-19, 11:22 AM)Wires Wrote: [ -> ]You can use something like this (typing via iPhone):
// Grabs user info based off UID from users table
$user = get_user($mybb->user[‘uid’]);
// Check if User’s Secret column is empty
if (empty($user[‘secret’])) {
// Call error page
error_no_permission();
};
Thanks a lot, I have to learn how to use this kind of variable: "$user = get_user($mybb->user[‘uid’]);"
But meanwhile this fixed my issue!