vb.org Archive - vB4 - Trouble using variables from custom form in dynamic PHP page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB4 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=252)

- - vB4 - Trouble using variables from custom form in dynamic PHP page (https://vborg.vbsupport.ru/showthread.php?t=255058)

vB4 - Trouble using variables from custom form in dynamic PHP page

I have set up a dynamic PHP page that includes a custom form like this from which I want to use the input field's value for a database query search:

Code:

$search_output .= '<form name="medal_search" action="' . $searchURL . '" method="post">';

  $search_output .= '<label for="medal_search_player">Spieler suchen (Name oder SteamID eingeben):</label>';

  $search_output .= '<input name="medal_search_player" type="text" value="' . $playerSearchString . '" />';

  $search_output .= '<input id="medal_search_token" name="securitytoken" value="' . vb::$vbulletin->userinfo[securitytoken] . '" type="hidden" />';

  $search_output .= '<input name="do" value="process" type="hidden" />';

$search_output .= '<input type="submit" value="Suchen..." />';  

  $search_output .= '</form>';

I pretty soon realised that $_POST and $_GET are not working so I tried using this which works but always gives me an empty variable inside the dynamic PHP:

Code:

vB::$vbulletin->input->clean_gpc('p', 'medal_search_player', TYPE_STR);

When I move this line of code into a new plugin it works though. So here's the code from the plugin I created:

Code:

$medalStatsSearchVars = array(

  'medal_search_player' => vB::$vbulletin->input->clean_gpc('p', 'medal_search_player', TYPE_STR),

  'name' => vB::$vbulletin->input->clean_gpc('g', 'name', TYPE_STR),

  'steamid' => vB::$vbulletin->input->clean_gpc('g', 'steamid', TYPE_STR)

);



vB_Template::preRegister('vbcms_content_phpeval_page', array('medalStatsSearchVars' => $medalStatsSearchVars));

echo $medalStatsSearchVars['medal_search_player'] . '|' . $medalStatsSearchVars['name'];

... the echo is just for testing and it correctly displays the value but it's still not working inside the dynamic PHP page no matter how I try to access it. Note that I preregistered the variable for the template that is used by dynamic PHP content. I've tried to use it with the following hooks: vbcms_phpeval_populate_start, global_start, init_startup (this last one crashes the whole system) but I just can't get it to display the variable inside the dynamic PHP content. I've tried this but the vars are always empty:

Code:

$medalStatsSearchVars['medal_search_player']

$vbulletin->GPC['medal_search_player']

This is really frustrating and I hope someone can point me into the right direction with this problem here.

First of all:
Never use strings from user input in output directly -> Cross Site Scripting.

What's in the twmplate (vbcms_content_phpeval_page) you are trying to output?

It needs to be smth. like

Code:

Player Name: {vb:raw medalStatsSearchVars.medal_search_player}

Quote:

Originally Posted by Andreas (Post 2132334)

Code:

Player Name: {vb:raw medalStatsSearchVars.medal_search_player}

Thanks for your answer. I'm not using the user input directly and that template is a default vB4 template used for dynamic PHP content. I had no intention to change said template but I guess I might have to create a new one based on it.

To make this situation more clear: I created a new article and selected dynamic PHP content which uses said template, then I pasted my PHP code into that article and that's where I want to use the variables. The code format that you posted is only usable in a HTML template if I'm not mistaken?

Quote:

Thanks for your answer. I'm not using the user input directly

You do:

PHP Code:


		
			
$medalStatsSearchVars = array(
  'medal_search_player' => vB::$vbulletin->input->clean_gpc('p', 'medal_search_player', TYPE_STR),
  'name' => vB::$vbulletin->input->clean_gpc('g', 'name', TYPE_STR),
  'steamid' => vB::$vbulletin->input->clean_gpc('g', 'steamid', TYPE_STR)
);

vB_Template::preRegister('vbcms_content_phpeval_page', array('medalStatsSearchVars' => $medalStatsSearchVars));
echo $medalStatsSearchVars['medal_search_player'] . '|' . $medalStatsS

With this code you end up with having direct user input available in template variable $medalStatsSearchVars['medal_search_player'], $medalStatsSearchVars['name'] and $medalStatsSearchVars['steamid'].

You can't put any custom variables into template vbcms_content_phpeval_page without customizign it (or creating a new one).

The only variable that is their for your ot use is $outut:

PHP Code:


		
			
/**The php code goes here. It can have as much php as you like,
but it should end with setting the variable $output.
e.g.
$something = $somefunction();
$something2 = $somefunction2();
...
**/
$output = "Hello World<br />";

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (6)bbcode_code_printable (2)bbcode_php_printable (2)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (4)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01682 seconds Memory Usage 1,737KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (6)bbcode_code_printable (2)bbcode_php_printable (2)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (4)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: