If you notice private.php has it so adding &u=90 will make member ID 90's username show up in the recipient field.

My question, how would I go about doing this in my own custom PHP file and template? What snippet controls this- if any.

I think your looking for something like this:



if ($_REQUEST['do'] == 'blah')
{
some code here
}



In this case 'some code here' gets run if you visit the PHP file in question with somefile.php?&do=blah in the URL.

In the case of your example above it might look something more like



<form>
Username:
<input type="text" name="Username"

if ($_REQUEST['u'] != '' )
{
value="$_REQUEST['u']"
}
/>

</form>


This would put the user id into the username box, not the username, but it should give you an idea of the general method.

(untested)

However, using superglobals like this is a really bad idea, because it would allow someone to inject code into the php file by the address bar. At the very least you should attempt to sanitize the input before using it. (with regex maybe?)

There may be a safer or better way of doing this, but I'll leave that reply to someone more experienced than myself at PHP.

If you notice private.php has it so adding &u=90 will make member ID 90's username show up in the recipient field.

My question, how would I go about doing this in my own custom PHP file and template? What snippet controls this- if any.

Anseur's post above is basically right, you could just use something like:

$userid = intval($_REQUEST['u']);

And then check to make sure $userid > 0 before using it (otherwise, $_REQUEST['u'] didn't exist, was not an integer, or was <= 0).

If you're wondering how private.php does it: around line 1350 or so in private.php is this code

$vbulletin->input->clean_array_gpc('r', array(
'stripquote' => TYPE_BOOL,
'forward' => TYPE_BOOL,
'userid' => TYPE_NOCLEAN,
));

The function clean_array_gpc is found in includes/class_core.php. It uses a list of short versions of some parameters, one of which allows "u" for "userid". So it's this line that gets the value from the "&u=NN" on the URL and puts the value of NN into $vbulletin->GPC['userid']. (Also the 'r' that's passed means to look for it in $_REQUEST).

So a little farther down in private.php is

//set up for standard new PM
// insert username(s) of specified recipients
if ($vbulletin->GPC['userid'])
{

GPC['userid'] will have been set by the previous call to clean_array_gpc. In this case it's using TYPE_NOCLEAN for 'userid', I think because there can be more than one userid for a new PM. You'd probably want to use TYPE_UINT if you know you are just passing one number.

That solved the first problem^.

I know have the u=9 displaying 9 in the field. But how could I make it so it will show userid 9's username in the field?

I looked a little farther down in private.php and used that code with my own variables but it didn't do anything. I've also cleaned u and made sure it was greater than 0.

You'd have to read the user name from the database. If you have $userid and the user name is all you want, then something like:

$result = $db->query_first("SELECT username
FROM " . TABLE_PREFIX . "user
WHERE userid=" . $userid
);
and the name will be in $result['username'];

private.php does a more complex query (around line 1481) to get more info about (possibly multiple) users in one query. (BTW, I don't know what the "query_slave" versions of the calls do so I don't know why query_first_slave is used in private.php).

Thank you so much for your help^.

I have it working perfectly now.

Why dont you use fetch_userinfo function?

Would that be better?

And the reason being I'm not aware of it.

I didn't know about that either. Cool. I think it would be better because it's always better to keep the details out of your code as much as possible (such as how the database is structured), and also it looks that function caches user info so that if some other code has already looked up that user, you won't have to do another db query.

Well hopefully someone can enlighten me on this. I'm always looking to make the codes as best as possible.