Hi,
Im still learning the ropes, so I thought I would take quite an easy hack and re-code differently.

This is what the code was orginally

$title = "This just in: " . $username . " has just joined the forum!";

Im trying to get it so that you can enter the title via the acp rather then having to edit the product.

This is what ive got -

$title = $vbulletin->options['ntur_title'];

$threaddm->do_set('title', $title);

<setting varname="ntur_title" displayorder="20">
<datatype>free</datatype>
<optioncode>textarea</optioncode>
<defaultvalue>Welcome $username</defaultvalue>
</setting>

However when the thread gets posted, the title shows up as "Welcome $username" - rather then the username of the person that has just registered.

Im getting there on the other parts, however seem to have hit a stumbling block on this!

Any help greatly appreciated!

Instead of
$title = $vbulletin->options['ntur_title'];

Try...
eval('$title = "' . $vbulletin->options['ntur_title'] . '";');

Thanks bananalive, i'll give that a try now!

One more thing im strugging with is getting the users post count to increase after the thread has been created. The thread total increases by 1, however the users post count dosent seem to increase.

This is the current code ive got -

require_once('./global.php');
require_once('./includes/class_dm.php');
require_once('./includes/class_dm_threadpost.php');


$threaddm =& datamanager_init('Thread_FirstPost', $vbulletin, ERRTYPE_ARRAY, 'threadpost');
$threadinfo = array();

$threaddm->set_info('forum', $foruminfo);
$threaddm->set_info('thread', $threadinfo);
$threaddm->setr('forumid', $forumid);
$threaddm->setr('userid', $userid);
$threaddm->setr('pagetext', $pagetext);
$threaddm->setr('title', $title);
$threaddm->set('allowsmilie', $allowsmilie);
$threaddm->set('open', $open);
$threaddm->set('visible', $visible);

$threaddm->pre_save();
if(count($threaddm->errors) < 1)
{
$threadid = $threaddm->save();
unset($threaddm);
build_thread_counters($threaddm);
} else {
eval(standard_error(fetch_error($threaddm->errors, $vbphrase['forum'], $vbulletin->options['contactuslink'])));
}

build_forum_counters($foruminfo['forumid']);
// Update last post stuff on forumdisplay
require_once('./includes/functions_databuild.php');
build_forum_counters($forumid);]]>

--------------- Added 1243432884 at 1243432884 ---------------

Instead of
$title = $vbulletin->options['ntur_title'];

Try...
eval('$title = "' . $vbulletin->options['ntur_title'] . '";');

That worked a treat! Thank you so much!
A couple of quick questions, if someone was to use ' or " - it throws an error. Is there anyway of getting the code to ignore those characters?

Also, and I know this is cheeky, but im still learning, could you just go through what the line of code means? Ive done a little bit of digging.

The eval() function evaluates a string as PHP code.

The string must be valid PHP code and must end with semicolon.

This function returns NULL unless a return statement is called in the code string. Then the value passed to return is returned. If there is a parse error in the code string, eval() returns FALSE.

Im guessing that when I put the " and ' characters into the title line "Hello '$username', Welcome to the forum" it produced the parse error that stopped it from showing $username.

I just dont quite understand what all the various " ' are in that line of code.

Once again, thanks for your help, its really appreciated.

--------------- Added 1243438523 at 1243438523 ---------------

Managed to solve the postcount issue - had to use an SQL query. Would have prefered to have done it via the datamanager but was having no luck.

If anyone knows of how to do this via the datamanager I would be really interested for furture use.

Ive still got one issue regarding " ' in the above post if someone could help.

Thanks

--------------- Added 1243442021 at 1243442021 ---------------

Ive come across one more problem that I could really do with some help with please!

When I used the "register_addmember_complete" hook - Once a member registers it creates a thread with the title being "Welcome to the forum John"

However when I used the hook "register_activate_process" it creates the thread after the member has activated via email, however it only shows the title as "Welcome to the forum" - for some reason it dosent seem to recognise the $username in the title.

Im sorry to be such a pest!

Try

eval('$title = "' . addslashes($vbulletin->options['ntur_title']) . '";');

The ' are needed to use php functions inside the eval

The rest is like a normal php line, eg.

$x = "blah";

Look at the vbulletin source code and you might see there is different variable being used for $username

You could add this line at top of plugin

$username = $vbulletin->userinfo['username'];

Look at the vbulletin source code and you might see there is different variable being used for $username

You could add this line at top of plugin

$username = $vbulletin->userinfo['username'];

Superb! Thank you, that worked a treat! I had

$username = htmlspecialchars_uni($username); inside the code, but replaced it for the code you posted and it works a charm.

Regarding the ' and " - I can see where your coming from, still need to get my head around them. Ive got a nice big php/sql book sitting here waiting for me to read it!

You should still sanitise it before displaying. (Not 100% sure if it is already sanitised when fetched.)
$username = htmlspecialchars_uni($vbulletin->userinfo['username']);

You should still sanitise it before displaying. (Not 100% sure if it is already sanitised when fetched.)
$username = htmlspecialchars_uni($vbulletin->userinfo['username']);

Hi Dismounted,

When you say "sanitise" it, what does that actually mean?

Hi Dismounted,

When you say "sanitise" it, what does that actually mean?

When accepting data, any data at all, it should be sanitised before making its way to your database.

What does this mean? Well, for one, you’re going to inspect the data and make sure that it doesn’t contain any malicious code such as ill-intentioned javascript. Another is to prepare the data so that when it gets added to your insert/update SQL it doesn’t break the SQL (or do other nasty actions). Otherwise know as a SQL injection attack.

:D

When accepting data, any data at all, it should be sanitised before making its way to your database.

What does this mean? Well, for one, you?re going to inspect the data and make sure that it doesn?t contain any malicious code such as ill-intentioned javascript. Another is to prepare the data so that when it gets added to your insert/update SQL it doesn?t break the SQL (or do other nasty actions). Otherwise know as a SQL injection attack.

:D

Ah thank you UKBL, makes perfect sense now. :)

Ah thank you UKBL, makes perfect sense now. :)

Thats OK Buddy, oh i forgot this for you

http://www.diamondvues.com/disinfectant.bmp

:D

By the way, in this specific case, you're sanitising XSS (Cross Site Scripting), and not SQL injection.