PDA

View Full Version : Can't get plugin code to work


pianoman993
12-26-2008, 09:23 PM
Hey everyone, I need some help on a short bit of code I want to put in a plugin. The code looks like this:


putenv("PHP_ENC_USERNAME=$bbuserinfo[username]"); # where $username is your PHP user variable.
putenv("PHP_ENC_ISADMIN=1"); # where $X is a 0 or a 1.
And I am trying to put it togather with some code I already have in the plugin like this:

putenv("PHP_ENC_USERNAME=$bbuserinfo[username]"); # where $username is your PHP user variable.
putenv("PHP_ENC_ISADMIN=1"); # where $X is a 0 or a 1.

ob_start();

include("http://mysite.com?" . $_SERVER['QUERY_STRING']);
$file = ob_get_contents();
ob_end_clean();Am I doing it right? I'm not sure because I never get the result I'm supposed to. Perhaps it is not rendering the putenv()?

Any help would be greatly appreciated! Thanks!

- Pianoman993

Deceptor
12-27-2008, 02:57 AM
You should use $vbulletin->userinfo instead of $bbuserinfo now :)

Try:
putenv("PHP_ENC_USERNAME=" . $vbulletin->userinfo['username']);

Dismounted
12-27-2008, 03:18 AM
What are you trying to do there? Why do you need to use putenv()?

pianoman993
12-27-2008, 03:41 AM
I'm trying to get variables into a CGI script via putenv().

However, I may try to just use $_ENV

Thanks for all the help!

--------------- Added 1230357708 at 1230357708 ---------------

Alright. Hold the phone.

Alright, so I've got this CGI script and I've got 2 variables in there.

One wants a session ID
The other wants the Username

So I'm trying to communicate with this CGI Script through vbullitan's plugin system and it's killing me to no end. I can't take it! I can't for the life of me figure it out!!

HOW DO YOU PASS PHP VARIABLES INTO CGI SCRIPTS!!!! AHHH!!!
*heavy breathing, high blood pressure*

I know it is most likely a newby question. But if ANYONE! out there can help me out I would SOOOOOOOOOOOOO greatly appreciate their GODLY help.

"Help me Obi-Wan-Kenobi, your my only hope"
- Pianoman993

Dismounted
12-27-2008, 08:09 AM
Can't you add another item on your query string?

pianoman993
12-27-2008, 02:17 PM
That could easily be hacked. I was originally trying to deala with session variable since they were the most secure.

Marco van Herwaarden
12-27-2008, 02:39 PM
Please note that putenv() might not function as expected in Safe Mode for example.

Is the included script on the same server?

If yes, then why do you include it with an URL instead of a local path. If oncluded locally it can inherit environment, and even variables defined in the local scope of the calling script.

If on another server, then you can never pass environment variables, as each server will have it's own environment. The only way to pass parameters is in the request string.

pianoman993
12-27-2008, 03:13 PM
Thanks so far for all your useful information.

Marco, would it be possible for you to show me a code example of how to pass information such as the username ($vbulletin->userinfo['username']) into a secure string that I could pass into a CGI script? And also, where would I do that, in the global.php file, a plugin?

Much thanks!

- Pianoman993

Also, just to give you some frame of reference so you know where I'm coming from, this is part of the CGI script.



# PREFs Section 03: Security.
################################################## ##########################
# Password Protection, Option 3 of 5 (use your site's existing login system):
#
# If your site already has a login system, either cookie-based or based on
# PHP sessions, you can make FileChucker integrate with it.
#
# If using the PHP session method, you must set the following environment
# variables from PHP just before calling filechucker.cgi from PHP:
#f
# putenv("PHP_ENC_USERNAME=$username"); # where $username is your PHP user variable.
# putenv("PHP_ENC_ISADMIN=$X"); # where $X is a 0 or a 1.
#
# This option is mutually exclusive with the integrate_with_userbase option.
#
$PREF{integrate_with_existing_login_system} = 'yes';
$PREF{login_error_message} = qq`Error: not logged in.&nbsp; Perhaps you need to <a href="/">go home</a> and log in first?`;
#$PREF{logout_url} = '/logout/';
#$PREF{login_url} = '/login/';
#$PREF{forced_logout_link} = qq`<p>Logging out; <a href="%%logout_url%%">click here</a> to continue.</p>\n`;
#
$PREF{enable_username_from_cookie} = 'no';
$PREF{member_username_cookie_name} = 'username';
$PREF{admin_username_cookie_name} = 'admin';
#
$PREF{enable_username_from_php_session} = 'yes';





# PREFs Section 04: User-directories.
################################################## ##########################
# If you are already storing a username/userdir variable in PHP sessions on
# your server, you can make FileChucker use that.
#
# For Method 1, you'll need to be calling FileChucker from an /upload/index.php
# file like this:
#
# <?php
# # set an environment variable from your PHP username variable:
# session_start(); putenv("PHP_ENC_USERDIR=$username");
# require("call_filechucker.php");
# ?>
#
# To get the call_filechucker.php file, see step #5 in the instructions:
#
# http://encodable.com/filechucker/#instructions
#
# For Method 2, you don't necessarily need to call FileChucker exactly that
# way; instead, you'll need to have the PHP::Session Perl module installed on
# your server, and PHP's save_path will need to be readable from Perl.
#
$PREF{enable_userdir_from_php_session__method1} = 'no';
$PREF{php_session_cookie_name} = 'PHPSESSID';
$PREF{php_session_cache_ttl} = 60*60*24; # in seconds.
#
$PREF{enable_userdir_from_php_session__method2} = 'no';
$PREF{php_session_cookie_name} = 'PHPSESSID';
$PREF{php_session_save_path} = '/var/lib/php/session'; # or perhaps '/tmp';
$PREF{php_session_username_variable} = 'username';

Marco van Herwaarden
12-27-2008, 03:16 PM
Why not start by answering the question i posted in my previous post.

No answer = no good answer from me.

pianoman993
12-27-2008, 03:18 PM
:( Sorry. My fault. The included script IS on the server. There you are. I have to use the full filename to include it or else it does not work.

In essence, I am trying to integrate with vbulletin's login.

Marco van Herwaarden
12-27-2008, 03:31 PM
If the script is local, then you should also include it clocally:

Do not:
include('http://www.mysite.com/myscript.php');
But:
include('./myscript.php');
With the 2nd option you will run the script inside the scope of the calling script, meaning that all variables (within scope) are already available in the included script. No need to pass parameters or set an environment.

pianoman993
12-27-2008, 03:37 PM
Thanks for your post.

So your saying that this: (below) is unnecessary? Would I create a simple variable in the page that calls the CGI script, or would I do it in the vbulletin plugin? Also, what would the CGI variable look like? Would it look like $ENV{username}; ?


# putenv("PHP_ENC_USERNAME=$username"); # where $username is your PHP user variable.
# putenv("PHP_ENC_ISADMIN=$X"); # where $X is a 0 or a 1.


Your help is much appreciated, thanks!
- Pianoman993

Marco van Herwaarden
12-27-2008, 03:50 PM
You would call it from a plugin, you can not execute PHP code in a template (HTML).

There is no "CGI variable". They are just simple PHP variables as used anywhere in a PHP-script.

Consider the following 2 scripts:
Main script "test.php"
<?php
// Main test script test.php
$mainvar = "local set in test.php";
include('./sub.php');
echo "<br />test.php: Var set in sub: " . $subvar;

?>
And the 2nd script "sub.php" (store in the same directory as test.php):
<?php
// sub.php
echo "<br />sub.php: Value for \$mainvar: " . $mainvar;
global $subvar;
$subvar = "This value was set in sub";
?>

Now point your browser to test.php.

You will see that the variable $mainvar that was set in "test.php" is also available in "sub.php" without any variable passing or such. The same goes for $subvar, set in sub.php and still available when returning in test.php.

pianoman993
12-27-2008, 04:31 PM
Alright so here is my new plugin code:


ob_start();

print $vbulletin->userinfo['username'];
global $username;
$username = ob_get_contents();

ob_end_clean();


And here is my CGI File


# PREFs Section 03: Security.
################################################## ##########################
# Password Protection, Option 3 of 5 (use your site's existing login system):
#
# If your site already has a login system, either cookie-based or based on
# PHP sessions, you can make FileChucker integrate with it.
#
# If using the PHP session method, you must set the following environment
# variables from PHP just before calling filechucker.cgi from PHP:
#f
# putenv("PHP_ENC_USERNAME=$username"); # where $username is your PHP user variable.
# putenv("PHP_ENC_ISADMIN=$X"); # where $X is a 0 or a 1.
#
# This option is mutually exclusive with the integrate_with_userbase option.
#
$PREF{integrate_with_existing_login_system} = 'no';
$PREF{login_error_message} = qq`Error: not logged in.&nbsp; Perhaps you need to <a href="/">go home</a> and log in first?`;
#$PREF{logout_url} = '/logout/';
#$PREF{login_url} = '/login/';
#$PREF{forced_logout_link} = qq`<p>Logging out; <a href="%%logout_url%%">click here</a> to continue.</p>\n`;
#
$PREF{enable_username_from_cookie} = 'no';
$PREF{member_username_cookie_name} = $username;
$PREF{admin_username_cookie_name} = 'anderma';
#
$PREF{enable_username_from_php_session} = 'yes';


Do I set $PREF{member_username_cookie_name} to $username?

Dismounted
12-28-2008, 03:18 AM
That could easily be hacked. I was originally trying to deala with session variable since they were the most secure.
You can pass the string and add another item with the string hashed with a salt that only the scripts know. The other script can always verify this hash to make sure.

pianoman993
12-28-2008, 04:56 AM
Gotcha, that'll work. Thanks!