vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Can't get plugin code to work (https://vborg.vbsupport.ru/showthread.php?t=199854)

pianoman993 12-26-2008 09:23 PM
Can't get plugin code to work
 
Hey everyone, I need some help on a short bit of code I want to put in a plugin. The code looks like this:

PHP Code:
putenv("PHP_ENC_USERNAME=$bbuserinfo[username]");    # where $username is your PHP user variable.
putenv("PHP_ENC_ISADMIN=1");        # where $X is a 0 or a 1. 
And I am trying to put it togather with some code I already have in the plugin like this:

PHP Code:
putenv("PHP_ENC_USERNAME=$bbuserinfo[username]");    # where $username is your PHP user variable.
putenv("PHP_ENC_ISADMIN=1");        # where $X is a 0 or a 1.

ob_start();

include("http://mysite.com?" $_SERVER['QUERY_STRING']);
$file ob_get_contents();
ob_end_clean(); 
Am I doing it right? I'm not sure because I never get the result I'm supposed to. Perhaps it is not rendering the putenv()?

Any help would be greatly appreciated! Thanks!

- Pianoman993

Deceptor 12-27-2008 02:57 AM
You should use $vbulletin->userinfo instead of $bbuserinfo now :)

Try:
PHP Code:
putenv("PHP_ENC_USERNAME=" $vbulletin->userinfo['username']); 

Dismounted 12-27-2008 03:18 AM
What are you trying to do there? Why do you need to use putenv()?

pianoman993 12-27-2008 03:41 AM
I'm trying to get variables into a CGI script via putenv().

However, I may try to just use $_ENV

Thanks for all the help!

--------------- Added [DATE]1230357708[/DATE] at [TIME]1230357708[/TIME] ---------------

Alright. Hold the phone.

Alright, so I've got this CGI script and I've got 2 variables in there.

One wants a session ID
The other wants the Username

So I'm trying to communicate with this CGI Script through vbullitan's plugin system and it's killing me to no end. I can't take it! I can't for the life of me figure it out!!

HOW DO YOU PASS PHP VARIABLES INTO CGI SCRIPTS!!!! AHHH!!!
*heavy breathing, high blood pressure*

I know it is most likely a newby question. But if ANYONE! out there can help me out I would SOOOOOOOOOOOOO greatly appreciate their GODLY help.

"Help me Obi-Wan-Kenobi, your my only hope"
- Pianoman993

Dismounted 12-27-2008 08:09 AM
Can't you add another item on your query string?

pianoman993 12-27-2008 02:17 PM
That could easily be hacked. I was originally trying to deala with session variable since they were the most secure.

Marco van Herwaarden 12-27-2008 02:39 PM
Please note that putenv() might not function as expected in Safe Mode for example.

Is the included script on the same server?

If yes, then why do you include it with an URL instead of a local path. If oncluded locally it can inherit environment, and even variables defined in the local scope of the calling script.

If on another server, then you can never pass environment variables, as each server will have it's own environment. The only way to pass parameters is in the request string.

pianoman993 12-27-2008 03:13 PM
Thanks so far for all your useful information.

Marco, would it be possible for you to show me a code example of how to pass information such as the username ($vbulletin->userinfo['username']) into a secure string that I could pass into a CGI script? And also, where would I do that, in the global.php file, a plugin?

Much thanks!

- Pianoman993

Also, just to give you some frame of reference so you know where I'm coming from, this is part of the CGI script.

Code:

# PREFs Section 03: Security.
############################################################################
# Password Protection, Option 3 of 5 (use your site's existing login system):
#
# If your site already has a login system, either cookie-based or based on
# PHP sessions, you can make FileChucker integrate with it.
#
# If using the PHP session method, you must set the following environment
# variables from PHP just before calling filechucker.cgi from PHP:
#f
#        putenv("PHP_ENC_USERNAME=$username");        # where $username is your PHP user variable.
#        putenv("PHP_ENC_ISADMIN=$X");                # where $X is a 0 or a 1.
#
# This option is mutually exclusive with the integrate_with_userbase option.
#
$PREF{integrate_with_existing_login_system}                = 'yes';
$PREF{login_error_message}                                = qq`Error: not logged in.&nbsp; Perhaps you need to <a href="/">go home</a> and log in first?`;
#$PREF{logout_url}                                        = '/logout/';
#$PREF{login_url}                                        = '/login/';
#$PREF{forced_logout_link}                                = qq`<p>Logging out; <a href="%%logout_url%%">click here</a> to continue.</p>\n`;
#
$PREF{enable_username_from_cookie}                        = 'no';
$PREF{member_username_cookie_name}                        = 'username';
$PREF{admin_username_cookie_name}                        = 'admin';
#
$PREF{enable_username_from_php_session}                        = 'yes';
Code:

# PREFs Section 04: User-directories.
############################################################################
# If you are already storing a username/userdir variable in PHP sessions on
# your server, you can make FileChucker use that.
#
# For Method 1, you'll need to be calling FileChucker from an /upload/index.php
# file like this:
#
#        <?php
#                # set an environment variable from your PHP username variable:
#                session_start(); putenv("PHP_ENC_USERDIR=$username");
#                require("call_filechucker.php");
#        ?>
#
# To get the call_filechucker.php file, see step #5 in the instructions:
#
#        http://encodable.com/filechucker/#instructions
#
# For Method 2, you don't necessarily need to call FileChucker exactly that
# way; instead, you'll need to have the PHP::Session Perl module installed on
# your server, and PHP's save_path will need to be readable from Perl.
#
$PREF{enable_userdir_from_php_session__method1}                = 'no';
$PREF{php_session_cookie_name}                                = 'PHPSESSID';
$PREF{php_session_cache_ttl}                                = 60*60*24; # in seconds.
#
$PREF{enable_userdir_from_php_session__method2}                = 'no';
$PREF{php_session_cookie_name}                                = 'PHPSESSID';
$PREF{php_session_save_path}                                = '/var/lib/php/session'; # or perhaps '/tmp';
$PREF{php_session_username_variable}                        = 'username';

Marco van Herwaarden 12-27-2008 03:16 PM
Why not start by answering the question i posted in my previous post.

No answer = no good answer from me.

pianoman993 12-27-2008 03:18 PM
:( Sorry. My fault. The included script IS on the server. There you are. I have to use the full filename to include it or else it does not work.

In essence, I am trying to integrate with vbulletin's login.

Marco van Herwaarden 12-27-2008 03:31 PM
If the script is local, then you should also include it clocally:

Do not:
PHP Code:
include('http://www.mysite.com/myscript.php'); 
But:
PHP Code:
include('./myscript.php'); 
With the 2nd option you will run the script inside the scope of the calling script, meaning that all variables (within scope) are already available in the included script. No need to pass parameters or set an environment.

pianoman993 12-27-2008 03:37 PM
Thanks for your post.

So your saying that this: (below) is unnecessary? Would I create a simple variable in the page that calls the CGI script, or would I do it in the vbulletin plugin? Also, what would the CGI variable look like? Would it look like $ENV{username}; ?

Code:
#        putenv("PHP_ENC_USERNAME=$username");        # where $username is your PHP user variable.
#        putenv("PHP_ENC_ISADMIN=$X");                # where $X is a 0 or a 1.
Your help is much appreciated, thanks!
- Pianoman993

Marco van Herwaarden 12-27-2008 03:50 PM
You would call it from a plugin, you can not execute PHP code in a template (HTML).

There is no "CGI variable". They are just simple PHP variables as used anywhere in a PHP-script.

Consider the following 2 scripts:
Main script "test.php"
PHP Code:
<?php
// Main test script test.php
$mainvar "local set in test.php";
include('./sub.php');
echo "<br />test.php: Var set in sub: " $subvar;

?>
And the 2nd script "sub.php" (store in the same directory as test.php):
PHP Code:
<?php
// sub.php
echo "<br />sub.php: Value for \$mainvar: " $mainvar;
global $subvar;
$subvar "This value was set in sub";
?>
Now point your browser to test.php.

You will see that the variable $mainvar that was set in "test.php" is also available in "sub.php" without any variable passing or such. The same goes for $subvar, set in sub.php and still available when returning in test.php.

pianoman993 12-27-2008 04:31 PM
Alright so here is my new plugin code:

PHP Code:
ob_start();

print $vbulletin->userinfo['username'];
global $username;
$username ob_get_contents();

ob_end_clean(); 
And here is my CGI File

Code:
# PREFs Section 03: Security.
############################################################################
# Password Protection, Option 3 of 5 (use your site's existing login system):
#
# If your site already has a login system, either cookie-based or based on
# PHP sessions, you can make FileChucker integrate with it.
#
# If using the PHP session method, you must set the following environment
# variables from PHP just before calling filechucker.cgi from PHP:
#f
#        putenv("PHP_ENC_USERNAME=$username");        # where $username is your PHP user variable.
#        putenv("PHP_ENC_ISADMIN=$X");                # where $X is a 0 or a 1.
#
# This option is mutually exclusive with the integrate_with_userbase option.
#
$PREF{integrate_with_existing_login_system}                = 'no';
$PREF{login_error_message}                                = qq`Error: not logged in.&nbsp; Perhaps you need to <a href="/">go home</a> and log in first?`;
#$PREF{logout_url}                                        = '/logout/';
#$PREF{login_url}                                        = '/login/';
#$PREF{forced_logout_link}                                = qq`<p>Logging out; <a href="%%logout_url%%">click here</a> to continue.</p>\n`;
#
$PREF{enable_username_from_cookie}                        = 'no';
$PREF{member_username_cookie_name}                        = $username;
$PREF{admin_username_cookie_name}                        = 'anderma';
#
$PREF{enable_username_from_php_session}                        = 'yes';
Do I set $PREF{member_username_cookie_name} to $username?

Dismounted 12-28-2008 03:18 AM
Quote:
Originally Posted by pianoman993 (Post 1694778)
That could easily be hacked. I was originally trying to deala with session variable since they were the most secure.
You can pass the string and add another item with the string hashed with a salt that only the scripts know. The other script can always verify this hash to make sure.

pianoman993 12-28-2008 04:56 AM
Gotcha, that'll work. Thanks!


All times are GMT. The time now is 03:12 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01167 seconds
  • Memory Usage 1,803KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_code_printable
  • (8)bbcode_php_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (16)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete