I created a custom form in an if statement. The form will take you to the right page, but will not run the next $GET. If you refresh the page (by clicking enter in the URL box, not actually refreshing) it will run the next $GET. Any ideas as to why?

if ($banTime == 0)
{
$userid = $vbulletin->GPC['userid'];
print_form_header('user', 'banned&u=' . $userid);
print_table_header("Ban a User");
print_label_row("Ban: " . $username);
print_select_row("Ban Length", 'banLength', array(24 => "1 Day", 48 => "2 Days", 72 => "3 Days", 168 => "1 Week", 336 => "2 Weeks", 720 => "1 Month", -1 => "Permanently"), $vbulletin->GPC['userid']);
print_input_row("Ban Reason:", 'banreason');
print_submit_row("Ban");
}

I don't notice anything wrong with that form, but user.php has no "do == banned" section so I'm assuming you've added that? In any case I don't know what "will not run the next $GET" means.

I don't notice anything wrong with that form, but user.php has no "do == banned" section so I'm assuming you've added that? In any case I don't know what "will not run the next $GET" means.

This is custom. By not run, I mean it will not do the user.php?do=banned&u=userID portion. It will put it in the URL and go to the search area, but it will not 'ban' the user. But if you hit enter in the URL it will go and 'ban' the user.

The default method for the form generated by print_form_header() is POST, so I guess what's happening is that you're getting 'do' and 'userid' in $_GET because you added them in the second parameter, but the other fields are in $_POST. You could either add the do and userid fields as hidden field in the form, or else set the method to get (it's like the ninth parameter or something). Or, you could use $_REQUEST[] which is a combination of $_GET, $_POST, and $_COOKIE.

The default method for the form generated by print_form_header() is POST, so I guess what's happening is that you're getting 'do' and 'userid' in $_GET because you added them in the second parameter, but the other fields are in $_POST. You could either add the do and userid fields as hidden field in the form, or else set the method to get (it's like the ninth parameter or something). Or, you could use $_REQUEST[] which is a combination of $_GET, $_POST, and $_COOKIE.

Sorry, I am using $_REQUEST.

if ($_REQUEST['do'] == 'banned')
{
$result = $db->query_read("SELECT username FROM " . TABLE_PREFIX . "user WHERE userid = " . $vbulletin->GPC['userid']);
$row = mysql_fetch_array($result);
$username = $row['username'];
print_table_header(construct_phrase($username));
print_label_row("You just banned $username");
}

OK, sorry, I assumed you were using $_GET because you mentioned $GET.

But, I think I know what the problem is - the way you have it, you are ending up with do set to 'banned&u=' (plus whatever the userid is). So maybe you need to make u a hidden field in the form. (Edit: using 'do&u=' doesn't work)

OK, sorry, I assumed you were using $_GET because you mentioned $GET.

But, I think I know what the problem is - the way you have it, you are ending up with do set to 'banned&u=' (plus whatever the userid is). So maybe you need '&u=' as the second parameter, or else make u a hidden field in the form.

I changed it to "&u=" and it's still not working.

Yeah, sorry. I decided to try that and found that it didn't work (and edited the above, but too late I guess). So I guess you have no choice but to make u a hidden field, or else just echo() your own form tag (plus the other stuff output by print_form_header())

Yeah, sorry. I decided to try that and found that it didn't work (and edited the above, but too late I guess). So I guess you have no choice but to make u a hidden field, or else just echo() your own form tag.

Why would a hidden field make this work?

Edit:
I added "echo $vbulletin->GPC['userid'];" right after I made the form and it gave me "Array['userid'] ".
^Not sure if that matters. It works if I put I call "$username" ($username = $vbulletin->GPC['userid'];)

Why would a hidden field make this work?

That's a good question, and I just now figured it out: the print_form_header() function is adding do on the url *and* as a hidden field, and the hidden field value is run through htmlspecialchars(), so the '&' gets encoded and it looks like one field. I guess this hidden POSTed field is overriding the GET value for do on the url. So maybe your existing code would work if you used $_GET for do and u and $_REQUEST for the rest of the values.

I added "echo $vbulletin->GPC['userid'];" right after I made the form and it gave me "Array['userid'] ".
^Not sure if that matters. It works if I put I call "$username" ($username = $vbulletin->GPC['userid'];)

I think you need {$vbulletin->GPC['userid']} to make it so you don't get "Array['userid'] ".

That's a good question, and I just now figured it out: the print_form_header() function is adding do on the url *and* as a hidden field, and the hidden field value is run through htmlspecialchars(), so the '&' gets encoded and it looks like one field. I guess this hidden POSTed field is overriding the GET value for do on the url. So maybe your existing code would work if you used $_GET for do and u and $_REQUEST for the rest of the values.



I think you need {$vbulletin->GPC['userid']} to make it so you don't get "Array['userid'] ".

I changed it from if ($_REQUEST['do'] == 'banned') to $_GET and it didn't work. Maybe I should try displaying the URL.

Yeah, I wish I understood this: I put a print_r($_GET) in the code and got this:

Array ( [do] => banned&u=1 [u] => 1 [userid] => 1 )

So somehow it's actually finding the u parameter, but insists on lumping it in with the do value as well. I changed the print_form_head() code to 'do=banned&u=1' and it makes no difference to what's in the $_GET array.

How did you check it?

I created a plugin using hook location misc_start and this code:

if ($_REQUEST['do'] == 'form')
{
require_once("includes/adminfunctions.php");
$userid = 1;
print_form_header('misc', 'banned&u=' . $userid);
print_table_header("Ban a User");
print_label_row("Ban: " . $username);
print_select_row("Ban Length", 'banLength', array(24 => "1 Day", 48 => "2 Days", 72 => "3 Days", 168 => "1 Week", 336 => "2 Weeks", 720 => "1 Month", -1 => "Permanently"), $vbulletin->GPC['userid']);
print_input_row("Ban Reason:", 'banreason');
print_submit_row("Ban");
exit;
}
if (strpos($_GET['do'], 'banned') === 0)
{
echo "banned userid=" . $_REQUEST['userid'] . "<BR />\n";
print_r($_GET);
exit;
}


Then I go to url misc.php&do=form, then submit the form.

I think I'm going to try a non-vb test file and see if maybe some vb code is messing with $_GET[do].

I created a plugin using hook location misc_start and this code:

if ($_REQUEST['do'] == 'form')
{
require_once("includes/adminfunctions.php");
$userid = 1;
print_form_header('misc', 'banned&u=' . $userid);
print_table_header("Ban a User");
print_label_row("Ban: " . $username);
print_select_row("Ban Length", 'banLength', array(24 => "1 Day", 48 => "2 Days", 72 => "3 Days", 168 => "1 Week", 336 => "2 Weeks", 720 => "1 Month", -1 => "Permanently"), $vbulletin->GPC['userid']);
print_input_row("Ban Reason:", 'banreason');
print_submit_row("Ban");
exit;
}
if (strpos($_GET['do'], 'banned') === 0)
{
echo "banned userid=" . $_REQUEST['userid'] . "<BR />\n";
print_r($_GET);
exit;
}


Then I go to url misc.php&do=form, then submit the form.

I think I'm going to try a non-vb test file and see if maybe some vb code is messing with $_GET[do].


I got it to work! Your error here was "'banned&u='" it should have been "'banned&amp;u="

Yep...and I was sure I tried that, but I must have messed it up.

Anyway, I also made a file called testform.php containing only this:

<?php
print_r($_GET);
?>


and changed the form script to 'testform', and I got this:

Array ( [do] => banned [u] => 1 )


even with 'do=banned&u=1' (no &amp; ).

So I guess the 'problem' is that the vb startup code is doing something with the 'do' value. I put 'problem' in quotes because there may be a good reason for it that I don't understand.

Anyway, sounds like you've got it solved.

I got it to work! Your error here was "'banned&u='" it should have been "'banned&amp;u="
They should have both worked in that case as &amp; = &.

&amp; is the validated way to use &.