MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Suggestions and Feedback > Change Theme with URL (GET instead of POST)
Full Version: Change Theme with URL (GET instead of POST)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Zash

2009-12-13, 11:22 PM
There should really be a way to change the theme using the GET method (instead of POST) - this would make it a million times easier to make theme changers, mobile skins, demo sites, etc.

Vote on it here - http://ideas.mybboard.net/idea/change-th...ad-of-post Wink

Yumi

2009-12-14, 03:18 AM
It would also make it easier for people to force random users to use other themes etc.

If you're just doing this on a test/localhost site, edit usercp.php, find:
if($mybb->input['action'] == "do_options" && $mybb->request_method == "post")
{
	// Verify incoming POST request
	verify_post_check($mybb->input['my_post_key']);
replace with
if($mybb->input['action'] == "do_options")
{
Note, don't use this on a live website.

Should be able to use something like:
usercp.php?action=do_options&uid=1&style=1

Zash

2009-12-14, 03:56 AM
Well if you were to implement this then it should be separate from other option and restricted to just you.

The simplest way I can think of is for logged in users to check the uid to make sure it's only for their own uid.

Yumi

2009-12-14, 08:12 AM
(2009-12-14, 03:56 AM)Zash Wrote: [ -> ]Well if you were to implement this then it should be separate from other option and restricted to just you.

The simplest way I can think of is for logged in users to check the uid to make sure it's only for their own uid.
That's not the issue. You're removing CSRF checks here. It doesn't matter if the uid matches or not.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Suggestions and Feedback > Change Theme with URL (GET instead of POST)