This is an old issue that I have left for some time. I hoped updates would solve things :-) It has not, so far...

I have a php-direct eval code here:
http://www.41hz.com/forums/content.php?253-TSdb

It works sometimes....

1)))
It works fine as is but only if I turn OFF vb caching for the whole site ( I havethe cache timeout set to 0 for the php-direct eval content, but it does not seem to do it...)
How can I turn off caching off for this code or for all php direct eval, but not for the rest of the site? I have tried adding to the code:
$config['cache_ttl'] = 0;
in vain

2)))
It works as long as you are not logged on to the site. If you log on to the forum / site, go to the php page, select a drop-down and hit the button you get the error message:

vBulletin Message
Your submission could not be processed because a security token was missing.

If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.

I have tried adding, within the form, each of these (one at a time):

$a.='<input type="hidden" name="securitytoken" value="vb::$vbulletin->userinfo[securitytoken]"/>';
$a.='<input type="hidden" name="securitytoken" value="$vbulletin->userinfo[securitytoken]" />';

... but still get the "...security token was missing..." message when logged in (only).

Any hints or help would be appreciated!

And what is in the page source? I don't think what you wrote will work. You need to do something like this:

$a.='<input type="hidden" name="securitytoken" value="'.vb::$vbulletin->userinfo[securitytoken].'"/>';

Thanks Lynne!

That took care of the security token issue.

I will get back with the code for the dropdown / caching-issue. My code is now quite long, split on several files but I can reproduce the same problem with a simple dropdown form.

Jan

--------------- Added 1302609805 at 1302609805 ---------------

Here is a sample code:

$myname = vB::$vbulletin->input->clean_gpc('r', 'me', TYPE_STR);
$a='<form action="" method="POST">';
$a.='<select name="me">';
$a.='<option value="noname" >[Name]</option>';
$a.='<option value="Jan" ';
if ($myname=="Jan"){
$a.=' selected="selected" ';
}
$a.='>Jan</option>';
$a.='<option value="Lynne"';
if ($myname=="Lynne"){
$a.=' selected="selected" ';
}
$a.='>Lynne</option>';
$a.='</select>';
$a.='<input type="hidden" name="securitytoken" value="'.vb::$vbulletin->userinfo[securitytoken].'"/>';
$a.='<br><input type="submit" value=" Submit " />';
$a.='</form>';
$output=$a;

If caching is disabled in ACP: / Settings / Options .../ Disable Content Caching = Yes then this code works as I would expect, ie the selected name is marked Selected and shown by the dropdow.

But if the caching option set to No in ACP then $myname does not contain a return value after submittig the form, so the code will not work.

I have set Cache Refresh Time = 0 (and tried -1 and 1 as well) for this php direct evaluation page content itself, but it does not seem to make any difference.

Where is me, or $myname, being defined?

The posted code is all there is. First line to last.

$myname declared on the first row (only)
me is the name of the dropdown, third row (select name="me"), posted back to the same page (action="")

Yes, I am pretty new at php....

There is no variable called "me" in default vbulletin. If that is the only code you have, then yes, it isn't going to work because "me" is not defined. You need to pass it to the code somehow.

I have been reading up all I can and as far as I understand from these:

http://www.vbulletin.com/docs/html/main/codestandards_gpc
http://www.vbulletin.com/forum/showthread.php/344984-How-to-Add-additional-fields
https://vborg.vbsupport.ru/showthread.php?t=98047

then this one-line (only), php direct eval code should work, readig POST variables or REQUEST data by calling from the browser: .../content.php?434-mytest&me=Jan
$output = vB::$vbulletin->input->clean_gpc('r', 'me', TYPE_STR);

It DOES work; reads REQUEST data and outputs the name (Jan) to the browser. But it only works here if vB caching is disabled.

So if I misunderstood, can someone suggest a method for reading POST variables that does work?

Ah, I see now. You hit the Submit and it gets passed (I don't know why I didn't see that). Perhaps write plugin to disable caching for that page? I'm not sure what hook location to use - go into debug mode and you'll get a list of all the hooks used on that page and you can go through some of them that way.

How would you disable caching, though?

He's talking about the option in AdminCP > Settings > Options > server settings > Disable Content Caching . So, I was thinking you would set that option to 1 for that page. I honestly don't know if that would work or not though.

hook location - init_startup:

if ($_POST['me'])
{
$vbulletin->options['nocache'] = 1;
}

I think that would work.

I have tried adding on the top of my code:
$vbulletin->options['nocache'] = 1;

But it behaves as before: code works if global caching is disabled only.

There is also a caching timeout setting (which I set to 0) for each php-direct-eval (se attachment) but it does not seem to have any effect.

This is also abut as far as I got also half a year ago when I took a shot at this. Then Lynne and others helped too, but I never got to get things fully working. Actually there was a hack that seemd to work but of course I forgot to update with new vB versions:
https://vborg.vbsupport.ru/showthread.php?t=251402
..and it seem that hack is obsolete, vB code and variable names have changed since then.

So should this be reported as a bug / update request?

I'd realy like this solved once for all. Would you suggest I rewrite this as a product (never done that before) or widget (never done that before) or is there a fix in site?

I would put this in as a bug. The cache refresh time being set to 0 does not seem to be working at all. If I set it to 1, it works the first time. If I set it to something like .1, then it doesn't work and if I go to edit the article again, then that value is changed to 0. I have a feeling 0 means just cache the darned thing, forget about the setting, instead of actually meaning 0 caching.

I does work for me if I also use the plugin I wrote above.

Thanks for the feedback Lynne. I have made a bug report.

Hi, I have verified the bug and the cache plugin that Lynne wrote and that is
all working. My current problem is I am trying to move some php programs into
PHP-direct eval. They all have session_start(); and then manipulate $_SESSION.
This appears not to be working. Could someone explain what I need to do the
keep session variables for a php direct eval program? Thank you!

You should start your own thread and post exactly what you are entering into the php direct eval text form so we can see what is going on.

For other newbs out there this is what I finally did:

Added to my php-direct-eval POST form:
<input type="hidden" name="nocache" value="yes" />

then added to the file /forum/includes/init.php under the init_stratup (near line 330 in unmodded vb 4.1.3)

if ($_POST['nocache']=='yes')
{
$vbulletin->options['nocache'] = 1;
}

Now the code works with caching enabled and one just needs to remember this fix on future vb updates :)

That is the idea of putting it into a plugin. Then repatching software
is not necessary. Just create the plugin and insert your code. Then
make sure the plugin is active. Hope this helps.

That is the idea of putting it into a plugin. Then repatching software
is not necessary. Just create the plugin and insert your code. Then
make sure the plugin is active. Hope this helps.

Thanks Rickf

Never done that. Is there a newbie primer on plugins :)

Ah found it!

Really simple to use IF you know which hooks to use.

Fortunately, Lynne mentioned it above. For this one,
use hook location - init_startup

This could possibly related to that I had Apache KeepAlive disabled:

http://tracker.vbulletin.com/browse/VBIV-7712

I have enabled KeepAlive now, and things like POST seem to work better with php-direct-eval but I have not dug into details yet.

--------------- Added 1303815211 at 1303815211 ---------------

I have done some more tests and it seems that both the POST problem and the security token issues where solved simply by enabling Apache KeepAlive (which is the default setting for Apache).

Glad you got that fixed and thanks for posting the solution.