Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.5 > vBulletin 3.5 Template Modifications

Reply
 
Thread Tools
Make 'Contact Us' Name & E-mail fields uneditable for log'd in members Details »»
Make 'Contact Us' Name & E-mail fields uneditable for log'd in members
Version: 1.01, by timetunnel timetunnel is offline
Developer Last Online: Mar 2007 Show Printable Version Email this Page

Version: 3.5.0 Rating:
Released: 10-27-2005 Last Update: 11-15-2005 Installs: 20
Template Edits
 
No support by the author.

Hello.

For those of you who have public forums with members who may become future-banned members, because they have too much time on their hands, this is one area of the forum's E-mail system they won't be able to play with.

What I mean is, currently, the 'Contact Us' form's member's 'username' and 'E-mail' fields can be overwritten such that the admin can receive E-mail with the incorrect 'reply to' info if someone monkey's with the username and/or put's someone else's E-mail address in the field. This can cause some unknowing person to receive unwanted E-mail from the admin.

This 'playfulness' is expected from random 'guests'. Therefore, in order to restrict this behavior to 'guests' only, here is the code to make these fields 'uneditable' for logged-in members, since their profile values are automatically filled-in by the system. At least, they won't be able to 'play' here...


Locate the 'name' section of code. Modify with this:

PHP Code:
<!-- begin revision -->
<if 
condition="$show['member']">
                        <
input type="text" class="bginput" name="name" value="$namesize="50" readonly="readonly" /> &nbsp;(uneditable)
<else />
                        <
input type="text" class="bginput" name="name" value="$namesize="50" />
</if>
<!-- 
end revision --> 
Next, locate the 'email' section of code. Modify with this:

PHP Code:
<!-- begin revision -->
<if 
condition="$show['member']">
                        <
input type="text" class="bginput" name="email" value="$emailsize="50" dir="ltr" readonly="readonly" /> &nbsp;(uneditable)
<else />
                        <
input type="text" class="bginput" name="email" value="$emailsize="50" dir="ltr" />
</if>
<!-- 
end revision --> 
NOTE: the difference in the 2 '<input...> statements is the 'readonly' attribute and a field message that lets members know those 2 fields are 'uneditable'.


Hope this helps.

EDIT: Make change to 'contactus' template

EDIT (11/15/05): CHANGED from 'readonly' to readonly="readonly" to make compliant although the original version works. The text file download was also updated.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #22  
Old 11-16-2005, 06:45 AM
Oblivion Knight's Avatar
Oblivion Knight Oblivion Knight is offline
 
Join Date: May 2002
Location: Sheffield, UK
Posts: 1,757
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by timetunnel
The 'readonly' attribute still allows the parameters of the 'input' statement to be sent to the server when the form is submitted. Therefore, the input 'acts' like the type is 'hidden' vs. 'text'. When the disabled attribute is used, its parameters are NOT sent to the server thereby causing the error message, 'invalid email address'. The server never received the data.
I guess I should have tested it a bit more, huh?

Ok, so another way around it is to mimic the text colour of a disabled field..
HTML Code:
style="color:#7C898A" readonly="readonly"
Reply With Quote
  #23  
Old 02-20-2006, 10:19 PM
Oblivion Knight's Avatar
Oblivion Knight Oblivion Knight is offline
 
Join Date: May 2002
Location: Sheffield, UK
Posts: 1,757
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by timetunnel
Also, re: item 3, if the fields are 'readonly', how can the input be faked?
I know this is rather old now, but for anyone wondering..

HTML Code:
http://www.yoursite.com/forums/sendmessage.php?name=Someone&email=blah@blah.com
Et voila.. Faked input.
Reply With Quote
  #24  
Old 03-10-2006, 02:38 AM
Nathan2006's Avatar
Nathan2006 Nathan2006 is offline
 
Join Date: Feb 2006
Location: UK
Posts: 862
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Great idea

Thank you

Install
Reply With Quote
  #25  
Old 03-19-2006, 12:19 AM
Doc.Blade Doc.Blade is offline
 
Join Date: Mar 2006
Location: Gold Coast - Australia
Posts: 18
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

*Clicks Install* Nice work!
Reply With Quote
  #26  
Old 04-11-2006, 12:34 AM
Tralala's Avatar
Tralala Tralala is offline
 
Join Date: Jan 2006
Posts: 1,207
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Oblivion Knight
I know this is rather old now, but for anyone wondering..

HTML Code:
http://www.yoursite.com/forums/sendmessage.php?name=Someone&email=blah@blah.com
Et voila.. Faked input.
So it's not foolproof, if someone was so inclined they could fake input... but this provides one less way they can fake input.

Installed. Thanks!
Reply With Quote
  #27  
Old 04-18-2006, 09:59 AM
Oblivion Knight's Avatar
Oblivion Knight Oblivion Knight is offline
 
Join Date: May 2002
Location: Sheffield, UK
Posts: 1,757
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Tralala
So it's not foolproof, if someone was so inclined they could fake input... but this provides one less way they can fake input.

Installed. Thanks!
Most users wouldn't think to even try and bother faking the input.

Only those that know a little about site scripting may attempt it, but even then, unless they have reason to do so they probably wouldn't bother trying..
Reply With Quote
  #28  
Old 01-26-2007, 11:02 AM
mrkhm mrkhm is offline
 
Join Date: Oct 2006
Posts: 64
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

very simple hack, works in vb 3.6.4 *installed
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:40 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05179 seconds
  • Memory Usage 2,289KB
  • Queries Executed 24 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (3)bbcode_html
  • (2)bbcode_php
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (8)post_thanks_box
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (8)post_thanks_postbit_info
  • (7)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete