The Arcive of Official vBulletin Modifications Site.

Xenon · #11 10-01-2002, 07:50 PM

you have a real wierd board have ya?
it shows also 0 at my boards...

NTLDR · #12 10-01-2002, 07:50 PM

This is the code I have, with the origional variables in the templates and it works fine on 2.2.7 and 2.2.8 and displays 0 for me:

PHP Code:


			
$allpm=$DB_site->query_first("SELECT COUNT(*) AS messages,

                                 SUM(IF(dateline>$bbuserinfo[lastvisit] AND folderid=0,1,0)) AS newpm,

                                 SUM(IF(messageread=0 AND folderid=0,1,0)) AS unreadpm

                                 FROM privatemessage WHERE userid=$bbuserinfo[userid] $ignoreusers");

 

$newpm=$allpm['newpm'];

$unreadpm=$allpm['unreadpm'];

N9ne · #13 10-01-2002, 08:05 PM

I have this:

$allpm=$DB_site->query_first("SELECT COUNT(*) AS messages,
SUM(IF(dateline>$bbuserinfo[lastvisit] AND folderid=0,1,0)) AS newpm,
SUM(IF(messageread=0 AND folderid=0,1,0)) AS unreadpm
FROM privatemessage WHERE userid=$bbuserinfo[userid] $ignoreusers");

$newpm['messages']=$allpm['newpm'];
$unreadpm['messages']=$allpm['unreadpm'];

Which looks the same! However it still doesn't show 0 for unread and new PMs! Why is it doing this? Is there anything in index.php that could cause this? [i have modified it a tiny bit, but not the PM bits :S]

Xenon · #14 10-01-2002, 08:10 PM

hmm, depends on what you've changed

try

PHP Code:


			
$newpm['messages']=intval($allpm['newpm']);

$unreadpm['messages']=intval($allpm['unreadpm']);

instead of

PHP Code:


			
$newpm['messages']=$allpm['newpm'];

$unreadpm['messages']=$allpm['unreadpm'];

N9ne · #15 10-01-2002, 08:12 PM

It works! Thankyou for putting up with me and my problems, keep up the good work

Xenon · #16 10-01-2002, 08:17 PM

you're welcome

i'm glad finally it works

btw. i think it's an php internal issue, can you tell me which php version you run?

NTLDR · #17 10-01-2002, 08:18 PM

Quote:

Originally posted by Xenon

PHP Code:


			
$newpm['messages']=intval($allpm['newpm']);

$unreadpm['messages']=intval($allpm['unreadpm']);

Xenon would changeing the code I have to what you have posted be a more secure way of doing it? I read a post somewhere from one of the dev's saying you should use intval for security reasons. Also there were lots of changes that use intval in 2.2.8.

Xenon · #18 10-01-2002, 08:26 PM

well this part isn't a security risk part, so you can leave your code or change it, no problem...

intval is more secure, because strings are always converted into an int value. that'll take effect on inputboxes whenever a user should enter an intval but enters a string this could produce security problems as i can think of.

hmm, is this understandable?

perhaps an example:

PHP Code:


			
$posts="5, password=MD5('hello')";

$DB-site->query("UPDATE user SET posts=$posts");

as you can see this would run this query:
UPDATE user SET posts=5,password=MD5('hello')

if you use intval this cannot happen:

PHP Code:


			
$posts="5, password=MD5('hello')";

$DB-site->query("UPDATE user SET posts=".intval($posts));

this would just run this query (as normally wanted):
UPDATE user SET posts=5

NTLDR · #19 10-01-2002, 08:30 PM

Thanks for the explaination Xenon

I understand why and where intval should be used now

Erwin · #20 10-01-2002, 09:03 PM

Yes, I think that's why they did it - to avoid users entering in non-integer values and running the risk of corrupting the db or causing db errors.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04189 seconds Memory Usage 2,272KB Queries Executed 13 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (6)bbcode_php (1)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (10)post_thanks_box (10)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (10)post_thanks_postbit_info (10)postbit (10)postbit_onlinestatus (10)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!