MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Custom Profile Field
Full Version: Custom Profile Field
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

WoodLark

2011-05-09, 02:10 PM
I am operating a mybb forum for the members of a private club. I have set up a custom profile field "Real Name" so that the Moderators can match a registration against the membership list for the club before activating the account.

How can I display text during registration advising the registrant that their real name will be visible only to the moderators?

I tried putting this in the field description, but it does not show up on the Registration page.

Yaldaram

2011-05-09, 03:09 PM
Here's a simple guide which brings the Custom Profile Field description on registration pages;

Open ./member.php and find;
eval("\$requiredfields .= \"".$templates->get("member_register_customfield")."\";");
and Add the following code just "Above" that;
$description = htmlspecialchars_uni($profilefield['description']);

Now Go to: ACP > Templates > Your theme's templates > Member Templates > member_register_customfield > and find;
<td>{$code}</td>
and Change it into;
<td>{$code}<br/><span class="smalltext">Description: {$description}</span></td>

This'll result into this;
[attachment=22637]

How's That ? Smile

Aries-Belgium

2011-05-09, 03:44 PM
(2011-05-09, 03:09 PM)Yaldaram Wrote: [ -> ]Open ./member.php and find;
eval("\$requiredfields .= \"".$templates->get("member_register_customfield")."\";");
and Add the following code just "Above" that;
$description = $profilefield['description'];

There is no need to do a core modification. You can use the $profilefield variable in the template. So just use this as the replacement instead of the above:
<td>{$code}<br/><span class="smalltext">Description: {$profilefield['description']}</span></td>

Yaldaram

2011-05-09, 04:07 PM
(2011-05-09, 03:44 PM)Aries-Belgium Wrote: [ -> ]
(2011-05-09, 03:09 PM)Yaldaram Wrote: [ -> ]Open ./member.php and find;
eval("\$requiredfields .= \"".$templates->get("member_register_customfield")."\";");
and Add the following code just "Above" that;
$description = $profilefield['description'];

There is no need to do a core modification. You can use the $profilefield variable in the template. So just use this as the replacement instead of the above:
<td>{$code}<br/><span class="smalltext">Description: {$profilefield['description']}</span></td>

Its correct, but I've added htmlspecialchars_uni() function so as to stop any chance of injecting sql venerability. Its not needed but its better to add their Wink

Sajuuk

2011-05-09, 04:10 PM
Aries-Belgium is right here, a core modification is really just unnecessary. Everything like profile fields are already protected against any SQL Vulnerabilities. Plus, htmlspecialchars_uni() does not prevent SQL injection anyway. (And no Aries, I didn't just edit this when you posted Toungue)

Aries-Belgium

2011-05-09, 04:14 PM
And also, the admin gives in the value of that description field. You would be a stupid admin to try to do a XSS attack on your own website.

The htmlspecialchars_uni() function doesn't help with SQL injection. It's to prevent XSS injection.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Custom Profile Field