vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.5 Template Modifications (https://vborg.vbsupport.ru/forumdisplay.php?f=155)
-   -   Make 'Contact Us' Name & E-mail fields uneditable for log'd in members (https://vborg.vbsupport.ru/showthread.php?t=99538)

timetunnel 10-27-2005 10:00 PM
Make 'Contact Us' Name & E-mail fields uneditable for log'd in members
 
Hello.

For those of you who have public forums with members who may become future-banned members, because they have too much time on their hands, this is one area of the forum's E-mail system they won't be able to play with.

What I mean is, currently, the 'Contact Us' form's member's 'username' and 'E-mail' fields can be overwritten such that the admin can receive E-mail with the incorrect 'reply to' info if someone monkey's with the username and/or put's someone else's E-mail address in the field. This can cause some unknowing person to receive unwanted E-mail from the admin.

This 'playfulness' is expected from random 'guests'. Therefore, in order to restrict this behavior to 'guests' only, here is the code to make these fields 'uneditable' for logged-in members, since their profile values are automatically filled-in by the system. At least, they won't be able to 'play' here...


Locate the 'name' section of code. Modify with this:

PHP Code:
<!-- begin revision -->
<if condition="$show['member']">
                        <input type="text" class="bginput" name="name" value="$namesize="50" readonly="readonly" /> &nbsp;(uneditable)
<else />
                        <input type="text" class="bginput" name="name" value="$namesize="50" />
</if>
<!-- end revision --> 
Next, locate the 'email' section of code. Modify with this:

PHP Code:
<!-- begin revision -->
<if condition="$show['member']">
                        <input type="text" class="bginput" name="email" value="$emailsize="50" dir="ltr" readonly="readonly" /> &nbsp;(uneditable)
<else />
                        <input type="text" class="bginput" name="email" value="$emailsize="50" dir="ltr" />
</if>
<!-- end revision --> 
NOTE: the difference in the 2 '<input...> statements is the 'readonly' attribute and a field message that lets members know those 2 fields are 'uneditable'.


Hope this helps.

EDIT: Make change to 'contactus' template

EDIT (11/15/05): CHANGED from 'readonly' to readonly="readonly" to make compliant although the original version works. The text file download was also updated.

Moparx 10-28-2005 09:08 PM
good idea :)

Boofo 10-28-2005 09:54 PM
Text file, please? ;)

timetunnel 10-28-2005 11:47 PM
Boofo,

Not sure if this is the answer you're looking for, but I had edited my initial post to show the change is to the 'contactus' template.

Moparx 10-29-2005 01:50 AM
boofo wants you to add a text file attachment containing the template mods instructions.
its helpful for many of us so we can store it in our hack/modification folders for future use :)

Lea Verou 10-29-2005 02:37 AM
If it's a template mod shoudn't it be on template modifications?

Great idea though, I wonder why Jelsoft left it editable...

Boofo 10-29-2005 03:21 AM
Quote:
Originally Posted by Moparx
boofo wants you to add a text file attachment containing the template mods instructions.
its helpful for many of us so we can store it in our hack/modification folders for future use :)
Exactly! ;)

Yorixz 10-29-2005 11:22 AM
Very nice idea, should be standard in vB imho.

timetunnel 10-29-2005 05:01 PM
ooh...I see...

is there a particular format for the text file or should I just copy what's above in my initial post?

As far as where to put it, I wasn't sure since I've seen a template mod(s) in this category in the past. Earlier in the week I had mod with a change to 'modifyprofile' template (re: how to hide the member's URL) in code mods and it was moved to tutorial. I thought maybe if it was to be moved, it would have gone into 'template mods' forum. Still feeling my way around to know where to put things. For the future, I'll put template mods in that category.

Boofo 10-29-2005 11:32 PM
Quote:
Originally Posted by timetunnel
ooh...I see...

is there a particular format for the text file or should I just copy what's above in my initial post?

As far as where to put it, I wasn't sure since I've seen a template mod(s) in this category in the past. Earlier in the week I had mod with a change to 'modifyprofile' template (re: how to hide the member's URL) in code mods and it was moved to tutorial. I thought maybe if it was to be moved, it would have gone into 'template mods' forum. Still feeling my way around to know where to put things. For the future, I'll put template mods in that category.
Just a text file with the instructions and code in it is all.

moonclamp 10-29-2005 11:45 PM
"locate the 'name' section of the code modify with this" ????

Are there some simple find/replace instructions as the word name is repeated all over the template

(Surely this is just a template mod anyway?)

moonclamp 10-29-2005 11:55 PM
Quote:
Originally Posted by moonclamp
"locate the 'name' section of the code modify with this" ????

Are there some simple find/replace instructions as the word name is repeated all over the template

(Surely this is just a template mod anyway?)
No worries, I worked it out

Here is a text file for anyone else having trouble

timetunnel 10-30-2005 02:07 AM
Moonclamp,

Nice job with the instructions. If you don't mind, I revised it by putting credit to you in it and put it with the initial post now that I know how to do it. No other changes. Hope this is okay.

Thanks to all of you who have 'shown me the way...' :squareeyed:

Oblivion Knight 10-30-2005 06:19 AM
Nice template mod, although I'd rather use disabled="disabled" than readonly. Using this method, the visual feedback is already there without having to note that it's uneditable.. :)

Boofo 10-30-2005 09:36 AM
Quote:
Originally Posted by Oblivion Knight
Nice template mod, although I'd rather use disabled="disabled" than readonly. Using this method, the visual feedback is already there without having to note that it's uneditable.. :)
So, exactly how would you change it then? ;)

moonclamp 10-30-2005 09:47 AM
Quote:
Originally Posted by Boofo
So, exactly how would you change it then? ;)
swapping "readonly" with disabled="disabled" greys out the input while still keeping it read only

HOWEVER ... as I just discovered. When I just used "disabled" I got an error message "You entered an invalid email address."

Andreas 10-30-2005 10:59 AM
1. Moved to Templated Modifications, as it is not a Code Hack
2. This breaks XHTML validity
3. It does not stop users from using faked input

timetunnel 11-06-2005 10:01 PM
In response to Moonclamp's using the
Quote:
disabled="disabled"
attribute, the error message comes because of the difference between how it is handled over the 'readonly' attribute. The 'readonly' attribute still allows the parameters of the 'input' statement to be sent to the server when the form is submitted. Therefore, the input 'acts' like the type is 'hidden' vs. 'text'. When the disabled attribute is used, its parameters are NOT sent to the server thereby causing the error message, 'invalid email address'. The server never received the data.

In response to Andreas,
Quote:
2. This breaks XHTML validity
3. It does not stop users from using faked input
I'm not sure I understand. Can you explain, please?

For example, I'm not familiar with 'what' breaks XHTML validity since I haven't been working with it very long. Also, re: item 3, if the fields are 'readonly', how can the input be faked?

Thanks.

King Kovifor 11-14-2005 11:17 PM
Question: What do we replace with what.

timetunnel 11-14-2005 11:22 PM
Download the file attached to the initial post (on the right-hand column under 'Mod Options'). It has instructions in a different format.

Oblivion Knight 11-16-2005 06:45 AM
Quote:
Originally Posted by timetunnel
The 'readonly' attribute still allows the parameters of the 'input' statement to be sent to the server when the form is submitted. Therefore, the input 'acts' like the type is 'hidden' vs. 'text'. When the disabled attribute is used, its parameters are NOT sent to the server thereby causing the error message, 'invalid email address'. The server never received the data.
I guess I should have tested it a bit more, huh?

Ok, so another way around it is to mimic the text colour of a disabled field..
HTML Code:
style="color:#7C898A" readonly="readonly"

Oblivion Knight 02-20-2006 10:19 PM
Quote:
Originally Posted by timetunnel
Also, re: item 3, if the fields are 'readonly', how can the input be faked?
I know this is rather old now, but for anyone wondering..

HTML Code:
http://www.yoursite.com/forums/sendmessage.php?name=Someone&email=blah@blah.com
Et voila.. Faked input.

Nathan2006 03-10-2006 02:38 AM
Great idea

Thank you :)

Install

Doc.Blade 03-19-2006 12:19 AM
*Clicks Install* Nice work!

Tralala 04-11-2006 12:34 AM
Quote:
Originally Posted by Oblivion Knight
I know this is rather old now, but for anyone wondering..

HTML Code:
http://www.yoursite.com/forums/sendmessage.php?name=Someone&email=blah@blah.com
Et voila.. Faked input.
So it's not foolproof, if someone was so inclined they could fake input... but this provides one less way they can fake input.

Installed. Thanks!

Oblivion Knight 04-18-2006 09:59 AM
Quote:
Originally Posted by Tralala
So it's not foolproof, if someone was so inclined they could fake input... but this provides one less way they can fake input.

Installed. Thanks!
Most users wouldn't think to even try and bother faking the input.

Only those that know a little about site scripting may attempt it, but even then, unless they have reason to do so they probably wouldn't bother trying..

mrkhm 01-26-2007 11:02 AM
very simple hack, works in vb 3.6.4 *installed


All times are GMT. The time now is 04:34 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01342 seconds
  • Memory Usage 1,814KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_html_printable
  • (2)bbcode_php_printable
  • (11)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (27)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete