vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Need help on custom plugin. (https://vborg.vbsupport.ru/showthread.php?t=285738)

MrBeastlymfe 07-20-2012 12:59 AM
Need help on custom plugin.
 
On my site I am making a pastebin page so users can store text files on there if needed. And when trying to submit a paste, I get an error saying a security token is missing. I would like if someone could post the coding into mine, I wouldn't know where to put it in. I don't have a XML I'm just adding a custom page. Here is the code.

Code:
<?php

// ####################### SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~E_NOTICE);


// #################### DEFINE IMPORTANT CONSTANTS #######################


define('THIS_SCRIPT', 'Paste');
define('CSRF_PROTECTION', true); 
// change this depending on your filename


// ################### PRE-CACHE TEMPLATES AND DATA ######################
// get special phrase groups
$phrasegroups = array();


// get special data templates from the datastore
$specialtemplates = array();


// pre-cache templates used by all actions
$globaltemplates = array('Paste',
);


// pre-cache templates used by specific actions
$actiontemplates = array();


// ######################### REQUIRE BACK-END ############################
// if your page is outside of your normal vb forums directory, you should change directories by uncommenting the next line
// chdir ('/path/to/your/forums');
require_once('./global.php');


// #######################################################################
// ######################## START MAIN SCRIPT ############################
// #######################################################################


$navbits = construct_navbits(array('' => 'Paste Bin'));
$navbar = render_navbar_template($navbits);


// ###### YOUR CUSTOM CODE GOES HERE #####
$pagetitle = 'Pastebin Script';








$paste = htmlentities($_POST['paste']);
$vbulletin->input->clean_array_gpc('p', array(
    'sub' => TYPE_NOHTML)
    );

$name = md5($_POST['name']);
$title = $_POST['name'];
$dir = getcwd();
$rand = rand(1,200);
$save = "$name$rand.html";
$all = "<center>Name of paste:<h3>$title</h3><hr /><br /></center><pre> $paste </pre>";


if(isset($sub)){
    if(!empty($title) && !empty($paste)){
        file_put_contents("$dir/$save", $all , FILE_APPEND);
        echo "<footer>View your paste: <a href=" . $save . ">$title</a></footer>";
        }
    else{
        echo "<script>alert('Please fill in all the fields.');</script>";
        }
}






// ###### NOW YOUR TEMPLATE IS BEING RENDERED ######


$templater = vB_Template::create('Paste');
$templater->register_page_templates();
$templater->register('navbar', $navbar);
$templater->register('pagetitle', $pagetitle);
print_output($templater->render());


?>

Sarteck 07-20-2012 01:05 AM
What's your "Paste" template got in it? Chances are that you forgot to add the needed security token.

In whatever <form> you have, be sure to add the tag
<input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />

Some advice, though. Don't access $_POST, $_GET, or $_REQUEST directly. Instead of:

PHP Code:
$title $_POST['name']; 
use
PHP Code:
$title $vbulletin->input->clean_gpc('p''name'TYPE_STR); 
And stuff like that. vBulletin's cleaning functions make it so that you don't have to worry about data being "bad" or of a type you don't want.

MrBeastlymfe 07-20-2012 03:18 AM
Quote:
Originally Posted by Sarteck (Post 2349709)
What's your "Paste" template got in it? Chances are that you forgot to add the needed security token.

In whatever <form> you have, be sure to add the tag
<input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />

Some advice, though. Don't access $_POST, $_GET, or $_REQUEST directly. Instead of:

PHP Code:
$title $_POST['name']; 
use
PHP Code:
$title $vbulletin->input->clean_gpc('p''name'TYPE_STR); 
And stuff like that. vBulletin's cleaning functions make it so that you don't have to worry about data being "bad" or of a type you don't want.
Here's the template, so where would I put the security token? Sorry for the trouble.
Code:
$stylevar[htmldoctype]
<html dir="$stylevar[textdirection]" lang="$stylevar[languagecode]">
<head>
$headinclude
<title>$vboptions[bbtitle]</title>
</head>
<body>

$header
$navbar
<!-- Custom Code Start Here -->
<?php
$paste = htmlentities($_POST['paste']);
$sub = $_POST['sub'];
$name = md5($_POST['name']);
$title = $vbulletin->input->clean_gpc('p', 'name', TYPE_STR);
$dir = getcwd();
$rand = rand(1,200);
$save = "$name$rand.html";
$all = "<center>Name of paste:<h3>$title</h3><hr /><br /></center><pre> $paste </pre>";

if(isset($sub)){
        if(!empty($title) && !empty($paste)){
                file_put_contents("$dir/$save", $all , FILE_APPEND);
                echo "<footer>View your paste: <a href=" . $save . ">$title</a></footer>";
                }
        else{
                echo "<script>alert('Please fill in all the fields.');</script>";
                }
}
?>
<html>
<head>
<style type="text/css">
.inputForm
{
-moz-border-radius:5px;
-webkit-border-radius: 5px;
-khtml-border-radius: 5px;
border-radius: 5px;
}
textarea
{
-moz-border-radius:5px;
-webkit-border-radius: 5px;
-khtml-border-radius: 5px;
border-radius: 5px;
}
</style>
</head>
<body>
<body bgcolor="#F5F5F5">
<center>
<form action="" method="post" align="center">
Title of Paste:<input type="text" class="inputForm" name="name">
<br />
<textarea id=text name="paste" rows=30 cols=68 onload="fade()"></textarea>
<br />
<input type="submit" name="sub">
</center>
</form>
<!-- / Custom Code Ends here -->
$footer
</body>
</html>

Sarteck 07-20-2012 03:46 AM
Anywhere after <form action="" method="post" align="center"> and before </form> would do fine. Or at least would get rid of the error for the security token. :3


All times are GMT. The time now is 09:35 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01145 seconds
  • Memory Usage 1,740KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (4)bbcode_php_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (4)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete