PHP in Templates and Template Conditionals

PHP in Templates and Template Conditionals - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Extensions (https://community.mybb.com/forum-201.html)
+--- Forum: Plugins (https://community.mybb.com/forum-73.html)
+---- Forum: Plugin Support (https://community.mybb.com/forum-72.html)
+---- Thread: PHP in Templates and Template Conditionals (/thread-31860.html)

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

RE: PHP in Templates and Template Conditionals - faviouz - 2012-01-03

Replace this (lines 47 and 56):

die ("Ga terug, gebruik de 'vorige pagina' knop hiervoor");

With this:

echo "Ga terug, gebruik de 'vorige pagina' knop hiervoor";

RE: PHP in Templates and Template Conditionals - Robbert - 2012-01-03

So I can't do this with 'die'?

The problem with 'echo' in this example is the fact that the check doesn't have any function anymore. Because if the script isn't stopped at that point it still sends out the email.

If this is the case I think I have no other choice than just take out the 'empty field & email check'.

Thanks for your help!

RE: PHP in Templates and Template Conditionals - faviouz - 2012-01-03

I understand what you mean. I didn't notice that when looking through the code. You're basically checking if the fields are empty - in which case an error message is sent - but the email is sent anyway.

A more logical approach would be to only send the email if the fields are not empty. Otherwise an error message would be displayed. Here's some pseudo-code to give you a basic idea:

if(!empty(fields))
	mail([email protected], subject, message)
else
	echo "Error"

And yes, die() stops everything and outputs only what you specified. So that's not what you want to use here. Just echo out the message you want and move on. Also, your form is vulnerable to XSS attacks. You may want to escape the user's input (i.e. the $_POST variables).

RE: PHP in Templates and Template Conditionals - Robbert - 2012-01-03

Thanks again Smile

But this time it's a bit above my level haha, so I have to look up exactly what you mean. The XSS attacks sounds bad Wink

RE: PHP in Templates and Template Conditionals - dexon95 - 2012-01-09

Hi, i need help with this code :

$balance = mysql_query("SELECT `balance` FROM iconomy WHERE `username` = '{$mybb->user[\'fid4\']}'");
echo mysql_real_escape_string($balance);

Cause MyBB is telling me it have a security issue :/
And i don't really see how i can fix it Sad

Can you help me please ?

RE: PHP in Templates and Template Conditionals - Paul H. - 2012-01-09

What you need to do is this:

$fid4 = mysql_real_escape_string($mybb->user['fid4']);
$result = $db->query("SELECT `balance` FROM iconomy WHERE `username` = '{$fid4}'");
$balance = $db->fetch_array($result);
echo $balance;

RE: PHP in Templates and Template Conditionals - dexon95 - 2012-01-09

Thank Smile

Now it saved Smile

But now i got a fatal error on the page :/

Fatal error: Call to a member function query() on a non-object in C:\...\global.php(353) : eval()'d code(13) : eval()'d code on line 7

The line 7 : $result = $db->query("SELECT balance FROM iconomy WHERE username = '{$fid4}'");

I'll try some things if i fix, ill tell you Smile

But if you know what is wrong, thank to tell me ^.^

Oh i just saw this :
$fid4 = mysql_real_escape_string($mybb->user['fid4']);

Need to change to : $fid4 = mysql_real_escape_string({$mybb->user['fid4']});

and it fix the fatal error, but i got one new, :
Parse error: syntax error, unexpected '{', expecting ')' in C:\...\global.php(353) : eval()'d code(13) : eval()'d code on line 6

Line 6 : $fid4 = mysql_real_escape_string({$mybb->user['fid4']});

I can still type : $fid4 = mysql_real_escape_string{$mybb->user['fid4']};

But i get this error now : Parse error: syntax error, unexpected '{' in C:\...\global.php(353) : eval()'d code(13) : eval()'d code on line 6

RE: PHP in Templates and Template Conditionals - Paul H. - 2012-01-09

It was correct the way I had it,

$fid4 = mysql_real_escape_string($mybb->user['fid4']);

The problem is that the MyBB DB object, $db, isn't globalized.

RE: PHP in Templates and Template Conditionals - TheNova - 2012-01-14

I have added this to my sidebar:

<a href="##"><img src="{$mybb->user['avatar']}" /></a>

But I want to make it so that if you are not logged in, it shows a default avatar. I'm not good with PHP but I figured it would be something along the lines of:

If logged in show avatar else no avatar.

Although, I'd also like an extra bit of code so that if a user is logged in and they haven't chosen an avatar to show a no avatar image too.

===

Also, is this safe to use? I mean, only admins can insert PHP? I don't want my forum getting hacked or anything. I'm the only admin, so it should be safe, right?

RE: PHP in Templates and Template Conditionals - FooFighter - 2012-03-17

Is this valid with 1.6.5/1.6.6+ ?