Hi

i modified the profile.php and added a new part

if ($_POST['do'] == 'ptbank')
{
header('Location: profile.php?do=whyisitnotjumingtothis'); //<-- testing header() to see if it goes in here, but it never do!
//code
}

if ($_REQUEST['do'] == 'bank')
{
//code
$templatename = 'tp_bank';
}

Template tp_bank, is displayed correct
<form action="profile.php?do=ptbank" method="post">
<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
<input type="hidden" name="do" value="ptbank" />


<table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center">
<tr>
<td class="tcat">Bank</td>
</tr>
<tr>
<td class="thead">$vbphrase[tp_info]</td>
</tr>
<tr>
<td class="panelsurround" align="center">
<div class="panel">
<div style="width:$stylevar[formwidth_usercp]" align="$stylevar[left]">

<fieldset class="fieldset">
<legend>$vbphrase[tp_info2]</legend>
<table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0" width="100%">
<tr>
<td>$vbphrase[key_text]<br /><br /><span class="whiteb">Key:</span> <input name="key" class="bginput" type="text" size="45" maxlength="32" value="" />
<br/>
<br />
$vbphrase[spamfilter_notice]
<br /><br />
<div>
<center>
<input type="submit" class="button" value="Submit" />
<input type="reset" class="button" value="Reset" />
</center>
</div>
</td>

</tr>
</table>
</fieldset>

</div>
</div>

</td>
</tr>
</table>
</form>
<br />
if i call now profile.php?do=bank, then the template will be shown correct, if i enter a value and click submit, then it will always instant go to profile.php?do=bank again.

I dont understand why, where is my mistake?
What am i missing?

I hope someone can help me

You actually edited the profile.php page instead of using a plugin? And where did you add this in the code.

What happens if you change this:
if ($_POST['do'] == 'ptbank')

to this:
if ($_POST['do'] == 'ptbank' OR $_REQUEST['do'] == 'ptbank')

Or, if you rearrange the order of your conditions?

yes i edited the profile.php
i just put it above

// ############################### start dst autodetect switch ###############################
if ($_POST['do'] == 'dst')
{


stil not working with your tip
also tried to switch the conditions

//edit (using vbulletin v3.8.3)
if i remove
<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
but i dont want to disable that security

if there is no other options expect of disabling CSRF_PROTECTION, can anyone tell me the command


it must be something with the security token, if i remove it, then it will display "profile.php?do=ptbank" (in url list or what it is called ;)) but brings that error
if the input with security token is there, then he wont do anything expect of reloading the same site "profile.php?do=bank"

If your passing your parameters/variables in the URL (not posting them via a form, for example), then you should be using $_GET, not $_POST.

$_POST is correct, because i send a form with method=post
there is a hidden input with name="do" <input type="hidden" name="do" value="ptbank" />

i used the same template style like "modifyprofile"
in profile.php there also is if ($_POST['do'] == 'updateprofile')

Add
print_r($_POST);
to your file and see if your $_POST parameter is there.

if i add print_r($_POST); to profile.php, then he will bring a site error: "wrong coding of content"

--------------- Added 1244843185 at 1244843185 ---------------

lololol if i change the action to another file like
<form action="lol.php?do=ptbank" method="post">
then he will also NOT go to this file by clicking on submit, if i check the source, then there is the correct code, so i dont get it, it seems that it is blocked somehow oO

--------------- Added 1244843444 at 1244843444 ---------------

ok found the source file of the problem
it is global.php

if i remove "require_once('./global.php');" in my TARGET file, "lol.php", then submit works, hm

--------------- Added 1244843796 at 1244843796 ---------------

the only part with exec_header... is this part in global.php

// ################################################## ###########################
// Redirect if this forum has a link
// check if this forum is a link to an outside site
if (trim($foruminfo['link']) != '' AND (THIS_SCRIPT != 'subscription' OR $_REQUEST['do'] != 'removesubscription'))
{
// get permission to view forum
$_permsgetter_ = 'forumdisplay';
$forumperms = fetch_permissions($forumid);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']))
{
print_no_permission();
}

// add session hash to local links if necessary
if (preg_match('#^([a-z0-9_]+\.php)(\?.*$)?#i', $foruminfo['link'], $match))
{
if ($match[2])
{
// we have a ?xyz part, put session url at beginning if necessary
$query_string = preg_replace('/([^a-z0-9])(s|sessionhash)=[a-z0-9]{32}(&amp;|&)?/', '\\1', $match[2]);
$foruminfo['link'] = $match[1] . '?' . $vbulletin->session->vars['sessionurl_js'] . substr($query_string, 1);
}
else
{
$foruminfo['link'] .= $vbulletin->session->vars['sessionurl_q'];
}
}

exec_header_redirect($foruminfo['link'], true);
}

it seems that if (trim($foruminfo['link']) != '' AND (THIS_SCRIPT != 'subscription' OR $_REQUEST['do'] != 'removesubscription')) IS TRUE, that means $foruminfo['link'] is not set, but i dont know what it is or how to set, any idea? or am i totally wrong

--------------- Added 1244901867 at 1244901867 ---------------

ok it is not that function

i dont know :/
i will make my own code then