I am operating a mybb forum for the members of a private club. I have set up a custom profile field "Real Name" so that the Moderators can match a registration against the membership list for the club before activating the account.
How can I display text during registration advising the registrant that their real name will be visible only to the moderators?
I tried putting this in the field description, but it does not show up on the Registration page.
Here's a simple guide which brings the Custom Profile Field description on registration pages;
Open ./member.php and find;
eval("\$requiredfields .= \"".$templates->get("member_register_customfield")."\";");
and Add the following code just "Above" that;
$description = htmlspecialchars_uni($profilefield['description']);
Now Go to: ACP > Templates > Your theme's templates > Member Templates > member_register_customfield > and find;
<td>{$code}</td>
and Change it into;
<td>{$code}<br/><span class="smalltext">Description: {$description}</span></td>
This'll result into this;
[
attachment=22637]
How's That ?
(2011-05-09, 03:09 PM)Yaldaram Wrote: [ -> ]Open ./member.php and find;
eval("\$requiredfields .= \"".$templates->get("member_register_customfield")."\";");
and Add the following code just "Above" that;
$description = $profilefield['description'];
There is no need to do a core modification. You can use the $profilefield variable in the template. So just use this as the replacement instead of the above:
<td>{$code}<br/><span class="smalltext">Description: {$profilefield['description']}</span></td>
(2011-05-09, 03:44 PM)Aries-Belgium Wrote: [ -> ] (2011-05-09, 03:09 PM)Yaldaram Wrote: [ -> ]Open ./member.php and find;
eval("\$requiredfields .= \"".$templates->get("member_register_customfield")."\";");
and Add the following code just "Above" that;
$description = $profilefield['description'];
There is no need to do a core modification. You can use the $profilefield variable in the template. So just use this as the replacement instead of the above:
<td>{$code}<br/><span class="smalltext">Description: {$profilefield['description']}</span></td>
Its correct, but I've added htmlspecialchars_uni() function so as to stop any chance of injecting sql venerability. Its not needed but its better to add their
Aries-Belgium is right here, a core modification is really just unnecessary. Everything like profile fields are
already protected against any SQL Vulnerabilities. Plus, htmlspecialchars_uni() does not prevent SQL injection anyway. (And no Aries, I didn't just edit this when you posted
)
And also, the admin gives in the value of that description field. You would be a stupid admin to try to do a XSS attack on your own website.
The htmlspecialchars_uni() function doesn't help with SQL injection. It's to prevent XSS injection.