MyBB Community Forums

MyBB Community Forums > Extensions > Plugins > Plugin Development > learning plugin creation - beyond the documentation
Full Version: learning plugin creation - beyond the documentation
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Gordon

2010-12-14, 01:40 AM
Hey folks,
I have created a modification of myBB that I want to make a plugin-out of, and I have gone through the documentation, which is basically straightforward and well done but a little slim. So I am looking for some pointers and guidance on how to go forward moving my mod into a plugin.

I have 2 major questions:

1. first is about using the plugin hooks for my specific mod:

What I have currently is a set of custom templates ( or template set?) coupled with, as my system is now, modifications of 3 php files. I want to move my mods out of the php files and into a plugin.

Basically what my current mod does is to the 3 myBB php files involved in creating new posts:

newthread.php; newreply.php; and post.php.

The current mod is very simple: I have an extra field whose data needs to be written to the new post record in the mybb_posts table when it is created. So, for example, in newthread.php and newreply.php have appended my field to:

$this->post_insert_data = array(
	"subject" => $db->escape_string($thread['subject']),
	...
	...
	"postType" => $thread['postType'] //<< this is my fiield
);


In newthread.php and newreply.php, this is then passed to post.php for the db insertion, where likewise post.php is modified by me to insert the data for my 'postType' field.

So, the question is now to write my field in a plugin, so that it won't be part of the normal newthread.php, newreply.php, and post.php distributions?

From the documentation I can see that I should create a function in my plugin file that fires on the: 
		$plugins->run_hooks("newreply_do_newreply_end");

hook. But that hook comes long after the new post record has been written, so my field won't be filled with my data as a part of the new post creation - the record will have already been written at the time the hook runs.

So, I am left to write to the table after the fact. But how will I know which record number needs to be updated? I need the pid of the newly created post, so I can update...

Knowing that would, I think, take care of my problem trying to create a plugin out of my php mods.

2. The second question has to do with the whole plugin / template system. Because my plugin will depend on these templates, how can I have the plugin install them? I don't see any documentation that really explains that. If I want to distribute my mod, once I get it all plugin-iffied. I want it to be some kind of package. How does that work?

Any links or pointers to other tutorials?

Thank you for any ideas about these questions,
Gordon

pavemen

2010-12-14, 05:16 AM
look at \inc\datahandlers\post.php and you can find the hooks you need for inserting and updating posts, and thus access to the post data before the DB update.
as for the template stuff, there is a function called findreplace_templates() or something like that which will, using regex, alter templates.

you should grab a couple plugins from the mods site to see how it works. you should apply that function in the activate and deactivate plugin functions.

Gordon

2010-12-14, 06:23 AM
(2010-12-14, 05:16 AM)pavemen Wrote: [ -> ]look at \inc\datahandlers\post.php and you can find the hooks you need for inserting and updating posts.

Thanks pavemen! That confirms what I was just starting to figure out!

also

I need to grab the current input for example, I am passing the postType variable, in the href get parameters, of the new reply/thread page so I use global mybb to access the input. It's starting to make sense, I think:

$plugins->add_hook("datahandler_post_insert_post", "structForums_save_PostType");
$plugins->add_hook("datahandler_post_insert_thread_post", "structForums_save_PostType");

// can I have two handlers point to the same function? 

// prepare for the new reply record for inertion
function structForums_save_PostType($prePostObject) {
	global $mybb;

	//add postType field, from URL input params, to the new post object array:
	$prePostObject->post_insert_data["postType"] = $mybb->input['postType'];
	return $prePostObject //<----  is this necessary?
}

Does that look about right?

Is it necessary to return the passed object?

Can I have two handlers point to the same function?

Thank you, again, pavemen! This system is working out to be neater than I imagined.

pavemen

2010-12-14, 05:02 PM
1) you are welcome
2) yes, you can have unlimited hooks pointing to the same function, just watch for subtle changes in what gets passed to the functions via the hooks
3) no return needed as its passed by reference

the basics of the plugin are missing (_info, _install, _activate, etc functions), but the functionality you are asking about should work

however, you should validate/escape the postType input variable for security reasons.

Gordon

2010-12-14, 05:54 PM
(2010-12-14, 05:02 PM)pavemen Wrote: [ -> ]however, you should validate/escape the postType input variable for security reasons.

well, postType is coming from my system, so I will figure out a way to validate it. I think that is pretty easy to do. It will not need to be escaped, I don't think, because if it is valid there cannot be anything in it other than a simple string with no spaces.

Thanks again - I got this thing to work as a plguin. And that is slick. I wish I had understood how to do that when I started on this, but it really took doing my mod in the actual php to figure out how myBB is set up first.

pavemen

2010-12-14, 05:58 PM
because another plugin can also run on the same hook as yours, it is possible that your input variable is altered by a plugin that runs before yours.

Gordon

2010-12-15, 02:57 AM
you mean someone could create a plugin that would alter my input variable. I mean that is not likely since mine is unique to my system.

But what are you saying? What do I need to do that would avoid that issue?

Escaping a string of letters and numbers that has already been stripped of any special characters would produce the same string. So how will escaping help?

pavemen

2010-12-15, 03:43 AM
if my plugin uses the same hooks, but runs before yours I can set $mybb->input['postType'] to something to generate a buffer/stack overflow or some form of SQL injection. then your plugin will run, not knowing the variable has been modified and attempt tp insert it into the DB

i am not saying that you have to escape it further if you are validating/sanitizing the input already, but as long as you do some work to sanitize the variable, then you should be okay.

Gordon

2010-12-15, 04:07 AM
OK, I understand what you are saying.

but how would a plugin get in there to do that? On my board, I would, as admin, have to install that plugin right? There is no way of injecting a plugin without having access to admin or the underlying server.

If so, anyone I would distribute my plugin to should be aware of other plugins they installed being malicious - right? Otherwise, they are only putting their board in jeopardy...

Am I correct in any of that?

Just trying understand the facts here!



pavemen

2010-12-15, 04:17 AM
you are correct, but you would be surprised as to how many people just install a plugin without inspecting it first. however, the stuff that gets posted to the mods site here (mods.mybb.com) is supposed to be looked at, so things from this site are safer than stuff you pull from other sources.
MyBB Community Forums > Extensions > Plugins > Plugin Development > learning plugin creation - beyond the documentation