vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Adding new field to session (https://vborg.vbsupport.ru/showthread.php?t=155881)

cermi 08-21-2007 08:39 PM
Adding new field to session
 
Hi, I need to extend the vB sessions and add one field into it - is it possible? How to do it?

Dismounted 08-22-2007 06:41 AM
What are you trying to achieve with this?

cermi 08-24-2007 08:39 AM
To store temporary data between requests
e.g. step 1: show a form with some <select>s, whose content was generated using complex operations
step 2: verify that the values from <select>s are valid. (e.g. only for things that user has access on)

Opserty 08-24-2007 09:41 AM
Whats wrong with using a simple form? To "post" data from step 1 to step 2?

I'm pretty sure it does what you are asking unless I'm missing something...

cermi 08-24-2007 09:46 AM
Quote:
Originally Posted by Opserty (Post 1324655)
Whats wrong with using a simple form? To "post" data from step 1 to step 2?

I'm pretty sure it does what you are asking unless I'm missing something...
Erm ... security issue? I dont want users to change it.

Opserty 08-24-2007 09:54 AM
You said yourself you a using a form in step 1...I don't see a massive security issue with submitting it to step 2 as well.

I mean I'm no sercurity expert but it seems what your doing is a little overkill. Unless the data your sending from step one to step two is extremely sensitive.

cermi 08-24-2007 10:09 AM
Erm, I probably explained it wrong.
The data are not sensitive, the problem is that if I write the data into HIDDEN fields, user can change it and without SLOW (that's the point,I wanna use sessions to avoid getting the data twice, because it's slow and it cannot be optimized) verification it'd be a security problem because user can manually choose fields that they dont have access to.

Opserty 08-24-2007 10:24 AM
You can't change data in Hidden fields they are hidden... (the user has to check the HTML first to see they exist).

Unless you intercept the header requests and all that malarky. (Which is not something your average user can/would do)

Data is sent when the user submits a form...unless the form has thousands of elements passing the data twice won't have a noticeable impact on the performance if it has any at all that is.

cermi 08-24-2007 10:41 AM
There are a few extension (e.g. for Firefox) that allows user to change the hidden fields, referrer and other header in friendly GUI

Andreas 08-24-2007 11:50 AM
Quote:
You can't change data in Hidden fields they are hidden...
Of course you can (even if it mens having to save the HTML, editing the contents and then submitting the form). Every user input can be changed/faked - always keep that in mind!

Adding a filed to tabel session is simple:
1) ALTER the table
2) To set it:
PHP Code:
$vbulletin->session->db_fields['foo'] = TYPE_STR;
$vbulletin->session->set('foo''bar'); 
That's it. The value will be read automatically and is available as $vbulletin->session->vars['foo'] in the next script call.


All times are GMT. The time now is 02:25 AM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01987 seconds
  • Memory Usage 1,738KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php_printable
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete