vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=252)
-   -   PHP-direct eval problems [Solved] (https://vborg.vbsupport.ru/showthread.php?t=261817)

janaf 04-11-2011 11:24 AM
PHP-direct eval problems [Solved]
 
This is an old issue that I have left for some time. I hoped updates would solve things :-) It has not, so far...

I have a php-direct eval code here:
http://www.41hz.com/forums/content.php?253-TSdb

It works sometimes....

1)))
It works fine as is but only if I turn OFF vb caching for the whole site ( I havethe cache timeout set to 0 for the php-direct eval content, but it does not seem to do it...)
How can I turn off caching off for this code or for all php direct eval, but not for the rest of the site? I have tried adding to the code:
PHP Code:
$config['cache_ttl'] = 0
in vain

2)))
It works as long as you are not logged on to the site. If you log on to the forum / site, go to the php page, select a drop-down and hit the button you get the error message:

vBulletin Message
Your submission could not be processed because a security token was missing.

If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.

I have tried adding, within the form, each of these (one at a time):

PHP Code:
$a.='<input type="hidden" name="securitytoken" value="vb::$vbulletin->userinfo[securitytoken]"/>';
$a.='<input type="hidden" name="securitytoken" value="$vbulletin->userinfo[securitytoken]" />'
... but still get the "...security token was missing..." message when logged in (only).

Any hints or help would be appreciated!

Lynne 04-11-2011 05:25 PM
And what is in the page source? I don't think what you wrote will work. You need to do something like this:

PHP Code:
$a.='<input type="hidden" name="securitytoken" value="'.vb::$vbulletin->userinfo[securitytoken].'"/>'

janaf 04-12-2011 10:18 AM
Thanks Lynne!

That took care of the security token issue.

I will get back with the code for the dropdown / caching-issue. My code is now quite long, split on several files but I can reproduce the same problem with a simple dropdown form.

Jan

--------------- Added [DATE]1302609805[/DATE] at [TIME]1302609805[/TIME] ---------------

Here is a sample code:

PHP Code:
$myname vB::$vbulletin->input->clean_gpc('r''me'TYPE_STR);
$a='<form action="" method="POST">';
$a.='<select name="me">';
$a.='<option value="noname" >[Name]</option>';
$a.='<option value="Jan" ';
if ($myname=="Jan"){
    $a.=' selected="selected" ';
}
$a.='>Jan</option>';
$a.='<option value="Lynne"';
if ($myname=="Lynne"){
    $a.=' selected="selected" ';
}
$a.='>Lynne</option>';
$a.='</select>';
$a.='<input type="hidden" name="securitytoken" value="'.vb::$vbulletin->userinfo[securitytoken].'"/>';
$a.='<br><input type="submit" value="   Submit   " />';
$a.='</form>';
$output=$a
If caching is disabled in ACP: / Settings / Options .../ Disable Content Caching = Yes then this code works as I would expect, ie the selected name is marked Selected and shown by the dropdow.

But if the caching option set to No in ACP then $myname does not contain a return value after submittig the form, so the code will not work.

I have set Cache Refresh Time = 0 (and tried -1 and 1 as well) for this php direct evaluation page content itself, but it does not seem to make any difference.

Lynne 04-12-2011 04:08 PM
Where is me, or $myname, being defined?

janaf 04-12-2011 06:04 PM
The posted code is all there is. First line to last.

$myname declared on the first row (only)
me is the name of the dropdown, third row (select name="me"), posted back to the same page (action="")

Yes, I am pretty new at php....

Lynne 04-13-2011 03:11 AM
There is no variable called "me" in default vbulletin. If that is the only code you have, then yes, it isn't going to work because "me" is not defined. You need to pass it to the code somehow.

janaf 04-13-2011 04:54 PM
I have been reading up all I can and as far as I understand from these:

http://www.vbulletin.com/docs/html/m...estandards_gpc
http://www.vbulletin.com/forum/showt...itional-fields
https://vborg.vbsupport.ru/showthread.php?t=98047

then this one-line (only), php direct eval code should work, readig POST variables or REQUEST data by calling from the browser: .../content.php?434-mytest&me=Jan
PHP Code:
$output vB::$vbulletin->input->clean_gpc('r''me'TYPE_STR); 
It DOES work; reads REQUEST data and outputs the name (Jan) to the browser. But it only works here if vB caching is disabled.

So if I misunderstood, can someone suggest a method for reading POST variables that does work?

Lynne 04-13-2011 08:53 PM
Ah, I see now. You hit the Submit and it gets passed (I don't know why I didn't see that). Perhaps write plugin to disable caching for that page? I'm not sure what hook location to use - go into debug mode and you'll get a list of all the hooks used on that page and you can go through some of them that way.

Boofo 04-13-2011 09:26 PM
How would you disable caching, though?

Lynne 04-13-2011 11:20 PM
He's talking about the option in AdminCP > Settings > Options > server settings > Disable Content Caching . So, I was thinking you would set that option to 1 for that page. I honestly don't know if that would work or not though.

hook location - init_startup:

PHP Code:
if ($_POST['me'])
{
$vbulletin->options['nocache'] = 1;
I think that would work.

janaf 04-14-2011 08:04 AM
1 Attachment(s)
I have tried adding on the top of my code:
PHP Code:
$vbulletin->options['nocache'] = 1
But it behaves as before: code works if global caching is disabled only.

There is also a caching timeout setting (which I set to 0) for each php-direct-eval (se attachment) but it does not seem to have any effect.

This is also abut as far as I got also half a year ago when I took a shot at this. Then Lynne and others helped too, but I never got to get things fully working. Actually there was a hack that seemd to work but of course I forgot to update with new vB versions:
https://vborg.vbsupport.ru/showthread.php?t=251402
..and it seem that hack is obsolete, vB code and variable names have changed since then.

So should this be reported as a bug / update request?

I'd realy like this solved once for all. Would you suggest I rewrite this as a product (never done that before) or widget (never done that before) or is there a fix in site?

Lynne 04-14-2011 04:10 PM
I would put this in as a bug. The cache refresh time being set to 0 does not seem to be working at all. If I set it to 1, it works the first time. If I set it to something like .1, then it doesn't work and if I go to edit the article again, then that value is changed to 0. I have a feeling 0 means just cache the darned thing, forget about the setting, instead of actually meaning 0 caching.

I does work for me if I also use the plugin I wrote above.

janaf 04-14-2011 06:13 PM
Thanks for the feedback Lynne. I have made a bug report.

SkyStryder 04-14-2011 07:31 PM
Hi, I have verified the bug and the cache plugin that Lynne wrote and that is
all working. My current problem is I am trying to move some php programs into
PHP-direct eval. They all have session_start(); and then manipulate $_SESSION.
This appears not to be working. Could someone explain what I need to do the
keep session variables for a php direct eval program? Thank you!

Lynne 04-14-2011 09:05 PM
You should start your own thread and post exactly what you are entering into the php direct eval text form so we can see what is going on.

janaf 04-15-2011 08:26 AM
For other newbs out there this is what I finally did:

Added to my php-direct-eval POST form:
PHP Code:
<input type="hidden" name="nocache" value="yes" /> 
then added to the file /forum/includes/init.php under the init_stratup (near line 330 in unmodded vb 4.1.3)

PHP Code:
if ($_POST['nocache']=='yes')
{
$vbulletin->options['nocache'] = 1;

Now the code works with caching enabled and one just needs to remember this fix on future vb updates :)

SkyStryder 04-15-2011 07:50 PM
That is the idea of putting it into a plugin. Then repatching software
is not necessary. Just create the plugin and insert your code. Then
make sure the plugin is active. Hope this helps.

janaf 04-15-2011 08:14 PM
Quote:
Originally Posted by rickf (Post 2185064)
That is the idea of putting it into a plugin. Then repatching software
is not necessary. Just create the plugin and insert your code. Then
make sure the plugin is active. Hope this helps.
Thanks Rickf

Never done that. Is there a newbie primer on plugins :)

Ah found it!

Really simple to use IF you know which hooks to use.

SkyStryder 04-16-2011 04:21 PM
Fortunately, Lynne mentioned it above. For this one,
use hook location - init_startup

janaf 04-26-2011 08:13 AM
This could possibly related to that I had Apache KeepAlive disabled:

http://tracker.vbulletin.com/browse/VBIV-7712

I have enabled KeepAlive now, and things like POST seem to work better with php-direct-eval but I have not dug into details yet.

--------------- Added [DATE]1303815211[/DATE] at [TIME]1303815211[/TIME] ---------------

I have done some more tests and it seems that both the POST problem and the security token issues where solved simply by enabling Apache KeepAlive (which is the default setting for Apache).

Lynne 04-26-2011 04:12 PM
Glad you got that fixed and thanks for posting the solution.


All times are GMT. The time now is 08:53 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01239 seconds
  • Memory Usage 1,803KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (9)bbcode_php_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (21)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete