vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Getting &u=* to work (https://vborg.vbsupport.ru/showthread.php?t=239116)

Pandemikk 03-26-2010 02:34 AM
Getting &u=* to work
 
If you notice private.php has it so adding &u=90 will make member ID 90's username show up in the recipient field.

My question, how would I go about doing this in my own custom PHP file and template? What snippet controls this- if any.

Anseur 03-26-2010 06:15 PM
I think your looking for something like this:

PHP Code:

if ($_REQUEST['do'] == 'blah')
{
some code here
In this case 'some code here' gets run if you visit the PHP file in question with somefile.php?&do=blah in the URL.

In the case of your example above it might look something more like

PHP Code:

<form>
Username:
<input type="text" name="Username" 

if ($_REQUEST['u'] != '' )

value="$_REQUEST['u']"
}
/>

</form
This would put the user id into the username box, not the username, but it should give you an idea of the general method.

(untested)

However, using superglobals like this is a really bad idea, because it would allow someone to inject code into the php file by the address bar. At the very least you should attempt to sanitize the input before using it. (with regex maybe?)

There may be a safer or better way of doing this, but I'll leave that reply to someone more experienced than myself at PHP.

kh99 03-26-2010 08:08 PM
Quote:
Originally Posted by Pandemikk (Post 2010358)
If you notice private.php has it so adding &u=90 will make member ID 90's username show up in the recipient field.

My question, how would I go about doing this in my own custom PHP file and template? What snippet controls this- if any.
Anseur's post above is basically right, you could just use something like:

PHP Code:
$userid intval($_REQUEST['u']); 
And then check to make sure $userid > 0 before using it (otherwise, $_REQUEST['u'] didn't exist, was not an integer, or was <= 0).

If you're wondering how private.php does it: around line 1350 or so in private.php is this code

PHP Code:
$vbulletin->input->clean_array_gpc('r', array(
    'stripquote' => TYPE_BOOL,
    'forward'    => TYPE_BOOL,
    'userid'     => TYPE_NOCLEAN,
)); 
The function clean_array_gpc is found in includes/class_core.php. It uses a list of short versions of some parameters, one of which allows "u" for "userid". So it's this line that gets the value from the "&u=NN" on the URL and puts the value of NN into $vbulletin->GPC['userid']. (Also the 'r' that's passed means to look for it in $_REQUEST).

So a little farther down in private.php is

PHP Code:
//set up for standard new PM
// insert username(s) of specified recipients
if ($vbulletin->GPC['userid'])

GPC['userid'] will have been set by the previous call to clean_array_gpc. In this case it's using TYPE_NOCLEAN for 'userid', I think because there can be more than one userid for a new PM. You'd probably want to use TYPE_UINT if you know you are just passing one number.

Pandemikk 03-26-2010 08:59 PM
That solved the first problem^.

I know have the u=9 displaying 9 in the field. But how could I make it so it will show userid 9's username in the field?

I looked a little farther down in private.php and used that code with my own variables but it didn't do anything. I've also cleaned u and made sure it was greater than 0.

kh99 03-26-2010 09:41 PM
You'd have to read the user name from the database. If you have $userid and the user name is all you want, then something like:

PHP Code:
$result $db->query_first("SELECT username 
         FROM " TABLE_PREFIX "user
        WHERE userid=" $userid
    ); 
and the name will be in $result['username'];

private.php does a more complex query (around line 1481) to get more info about (possibly multiple) users in one query. (BTW, I don't know what the "query_slave" versions of the calls do so I don't know why query_first_slave is used in private.php).

Pandemikk 03-26-2010 10:21 PM
Thank you so much for your help^.

I have it working perfectly now.

ForumsMods 03-26-2010 10:29 PM
Why dont you use fetch_userinfo function?

Pandemikk 03-26-2010 11:06 PM
Would that be better?

And the reason being I'm not aware of it.

kh99 03-26-2010 11:25 PM
I didn't know about that either. Cool. I think it would be better because it's always better to keep the details out of your code as much as possible (such as how the database is structured), and also it looks that function caches user info so that if some other code has already looked up that user, you won't have to do another db query.

Pandemikk 03-27-2010 01:52 AM
Well hopefully someone can enlighten me on this. I'm always looking to make the codes as best as possible.


All times are GMT. The time now is 05:36 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01049 seconds
  • Memory Usage 1,745KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (6)bbcode_php_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete