vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   modified profile.php does not recognize custom $_POST['do'] == "xx" (https://vborg.vbsupport.ru/showthread.php?t=216014)

PiroX 06-12-2009 07:12 PM
modified profile.php does not recognize custom $_POST['do'] == "xx"
 
Hi

i modified the profile.php and added a new part

PHP Code:
if ($_POST['do'] == 'ptbank')
{
  header('Location: profile.php?do=whyisitnotjumingtothis'); //<-- testing header() to see if it goes in here, but it never do!
  //code
}

if ($_REQUEST['do'] == 'bank')
{
  //code
  $templatename 'tp_bank';
Template tp_bank, is displayed correct
PHP Code:
<form action="profile.php?do=ptbank" method="post">
<input type="hidden" name="s" value="$session[sessionhash]/>
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]/>
<input type="hidden" name="do" value="ptbank" />


<table class="tborder" cellpadding="$stylevar[cellpadding]cellspacing="$stylevar[cellspacing]border="0" width="100%" align="center">
<tr>
<td class="tcat">Bank</td>
</tr>
<tr>
<td class="thead">$vbphrase[tp_info]</td>
</tr>
<tr>
<td class="panelsurround" align="center">
<div class="panel">
<div style="width:$stylevar[formwidth_usercp]align="$stylevar[left]">

<fieldset class="fieldset">
<legend>$vbphrase[tp_info2]</legend>
<table cellpadding="0" cellspacing="$stylevar[formspacer]border="0" width="100%">
<tr>
<td>$vbphrase[key_text]<br /><br /><span class="whiteb">Key:</span> <input name="key" class="bginput" type="text" size="45" maxlength="32" value="" />
<br/>
<br />
$vbphrase[spamfilter_notice]
<br /><br />
<div>
<center>
<input type="submit" class="button" value="Submit" />
<input type="reset" class="button" value="Reset" />
</center>
</div>
</td>

</tr>
</table>
</fieldset>

</div>
</div>

</td>
</tr>
</table>
</form>
<br /> 
if i call now profile.php?do=bank, then the template will be shown correct, if i enter a value and click submit, then it will always instant go to profile.php?do=bank again.

I dont understand why, where is my mistake?
What am i missing?

I hope someone can help me

Lynne 06-12-2009 07:24 PM
You actually edited the profile.php page instead of using a plugin? And where did you add this in the code.

What happens if you change this:
PHP Code:
if ($_POST['do'] == 'ptbank'
to this:
PHP Code:
if ($_POST['do'] == 'ptbank' OR $_REQUEST['do'] == 'ptbank'
Or, if you rearrange the order of your conditions?

PiroX 06-12-2009 07:54 PM
yes i edited the profile.php
i just put it above

Code:
// ############################### start dst autodetect switch ###############################
if ($_POST['do'] == 'dst')
{
stil not working with your tip
also tried to switch the conditions

//edit (using vbulletin v3.8.3)
if i remove
Code:
<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
but i dont want to disable that security

if there is no other options expect of disabling CSRF_PROTECTION, can anyone tell me the command


it must be something with the security token, if i remove it, then it will display "profile.php?do=ptbank" (in url list or what it is called ;)) but brings that error
if the input with security token is there, then he wont do anything expect of reloading the same site "profile.php?do=bank"

MarkPW 06-12-2009 08:06 PM
If your passing your parameters/variables in the URL (not posting them via a form, for example), then you should be using $_GET, not $_POST.

PiroX 06-12-2009 08:12 PM
$_POST is correct, because i send a form with method=post
there is a hidden input with name="do"
PHP Code:
<input type="hidden" name="do" value="ptbank" /> 
i used the same template style like "modifyprofile"
in profile.php there also is if ($_POST['do'] == 'updateprofile')

EnIgMa1234 06-12-2009 08:17 PM
Add
PHP Code:
print_r($_POST); 
to your file and see if your $_POST parameter is there.

PiroX 06-12-2009 08:38 PM
if i add print_r($_POST); to profile.php, then he will bring a site error: "wrong coding of content"

--------------- Added [DATE]1244843185[/DATE] at [TIME]1244843185[/TIME] ---------------

lololol if i change the action to another file like
PHP Code:
<form action="lol.php?do=ptbank" method="post"
then he will also NOT go to this file by clicking on submit, if i check the source, then there is the correct code, so i dont get it, it seems that it is blocked somehow oO

--------------- Added [DATE]1244843444[/DATE] at [TIME]1244843444[/TIME] ---------------

ok found the source file of the problem
it is global.php

if i remove "require_once('./global.php');" in my TARGET file, "lol.php", then submit works, hm

--------------- Added [DATE]1244843796[/DATE] at [TIME]1244843796[/TIME] ---------------

the only part with exec_header... is this part in global.php
PHP Code:
// #############################################################################
// Redirect if this forum has a link
// check if this forum is a link to an outside site
if (trim($foruminfo['link']) != '' AND (THIS_SCRIPT != 'subscription' OR $_REQUEST['do'] != 'removesubscription'))
{
    // get permission to view forum
    $_permsgetter_ 'forumdisplay';
    $forumperms fetch_permissions($forumid);
    if (!($forumperms $vbulletin->bf_ugp_forumpermissions['canview']))
    {
        print_no_permission();
    }

    // add session hash to local links if necessary
    if (preg_match('#^([a-z0-9_]+\.php)(\?.*$)?#i'$foruminfo['link'], $match))
    {
        if ($match[2])
        {
            // we have a ?xyz part, put session url at beginning if necessary
            $query_string preg_replace('/([^a-z0-9])(s|sessionhash)=[a-z0-9]{32}(&amp;|&)?/''\\1'$match[2]);
            $foruminfo['link'] = $match[1] . '?' $vbulletin->session->vars['sessionurl_js'] . substr($query_string1);
        }
        else
        {
            $foruminfo['link'] .= $vbulletin->session->vars['sessionurl_q'];
        }
    }

    exec_header_redirect($foruminfo['link'], true);
it seems that if (trim($foruminfo['link']) != '' AND (THIS_SCRIPT != 'subscription' OR $_REQUEST['do'] != 'removesubscription')) IS TRUE, that means $foruminfo['link'] is not set, but i dont know what it is or how to set, any idea? or am i totally wrong

--------------- Added [DATE]1244901867[/DATE] at [TIME]1244901867[/TIME] ---------------

ok it is not that function

i dont know :/
i will make my own code then


All times are GMT. The time now is 01:50 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01387 seconds
  • Memory Usage 1,776KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (8)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (7)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete