$vbulletin->options['bburl'] questions [Archive]

View Full Version : $vbulletin->options['bburl'] questions

Karri

07-09-2008, 04:46 PM

I am kind of a novice at writing plugins so bare with me.

I wrote a plugin to change the value of $vbulletin->options['bburl'] to match the url the user was using to visit my site. Basically I made a plugin on the hook global_setup_complete with the code
$vbulletin->options['bburl'] = $_SERVER['HTTP_HOST'];

This works great some places except for it not including the http:// but other places it makes a mess. For example in the lost password screen where it says
You have entered an invalid username or password. Please press the back button, enter the correct details and try again. Don't forget that the password is case sensitive. Forgotten your password? Click here! The url of the here is http://mysiteurl/mysiteurl/login.php?do=lostpw It seems to duplicate the url in some places and not others. Any one have any idea why it does this and how I can fix it?

Thanks!!!

sockwater

07-09-2008, 05:16 PM

Add the full URL:
$vbulletin->options['bburl'] = 'http://' . $_SERVER['HTTP_HOST'] . '/path/to/forums'; // no trailing slash

calorie

07-09-2008, 05:37 PM

And try the init_startup or global_start hook instead.

Karri

07-09-2008, 05:43 PM

You guys rock!!!!

My forum is in the root dir so I changed it to

$vbulletin->options['bburl'] = 'http://' . $_SERVER['HTTP_HOST'] ; // no trailing slash

and changed the hook location and that seemed to fix it. :D

Thanks for the assistance!!!!

Dismounted

07-10-2008, 05:15 AM

There may be a possibility of XSS there. HTTP_HOST can be spoofed by the browser using the "Host" header. Since 'bburl' is used in the display of the pages, it will print right out into the source code.

Karri

07-10-2008, 02:08 PM

hmm. Do you have any suggestions on how to get the url the user is visiting from to show up where the bburl value instead of the one that is hard coded into the admincp?

Maybe a series of if then statements in the plugin? If the http_host =url1 then bburl=preset url 1?

Dismounted

07-10-2008, 02:17 PM

switch ($_SERVER['HTTP_HOST'])
{
case 'somedomain.com':
$vbulletin->options['bburl'] = 'http://somedomain.com';
break;
case 'mywebsite.com':
$vbulletin->options['bburl'] = 'http://mywebsite.com';
break;
default:
$vbulletin->options['bburl'] = 'http://website.com';
break;
}

Karri

07-10-2008, 02:30 PM

No luck. When I try to save the plugin with that code it says "In order to accept POST request originating from this domain, the admin must add this domain to the whitelist."

Dismounted

07-10-2008, 02:34 PM

That's not an error with the plugin, that's an error from vBulletin itself. The error speaks for itself.

Karri

07-10-2008, 02:40 PM

You are right, right after I posted that I restarted my browsers and everything is working again. I must have had some bad code in there or something from other attempts at re-writing the plugin my self.

Thanks for the help!!! I think that will accomplish exactly what I was looking for and much cleaner than any code I was attempting to create. :)