The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
[HOW TO - vB4] Paginating Results
Introduction Not very much has changed regarding how pagination works since vB 3.8, but quite enough to warrant an update of Revan's great tutorial, dating from 2006. Kudos to Revan. As Revan I assume you know your way around php and can understand at least roughfly what each bit of the code does. There'll be explanations, of course, but this is for coders and mod developers. The main work for pagination has to be done in the PHP-code, still no surprise there. Cleaning URL parameters We start off by cleaning the URL parameters that will tell our paginator how many entries to show per page and on which page of the resultset we're actually on PHP Code:
Counting results The next step is to count the number of resuts that our actual database query will return (this query we will meet later on - it's an example that will throw all users with no posts). PHP Code:
Settings & sanitizing Next we're off to do some settings: The first argument is our counting result. The last two arguments are the maximum number of results per page (100) and the default number of results per page (20). Note how the first argument is the result of the count query above. You can replace those with settings from the AdminCP by inserting the corresponding variables obviously. PHP Code:
Orientation - where are we? Now some stuff to determine on which page we're on and which results to show. Note how you have to provide the results of our initial count query: PHP Code:
The main query Now the query that throws all users with no posts - just an example, obviously. Note the LIMIT - this has to be added to the original query to delimit the resultset for the actual page PHP Code:
Constructing pagenav The last (but one) thing to do in the PHP code is to finally call the function to construct the actual page-nav and saving it's output to a variable for passing to the template.
PHP Code:
Registering pagenav for templates As with all variables in vB4, the newly created $pagenav has to be registered to be used inside the template: PHP Code:
Template code Now you just have to put the pagenav-code into your template, and we're done. Note that the id of the surrounding div should be changed to "pagination_bottom" or "pagination_top" accordingly. Code:
<vb:if condition="$pagenav"> <div id="pagination_top"> {vb:raw pagenav} </div> </vb:if> -c As of now (beta 3), there are still some issues that need to be resolved regarding pagination. They are minor and there should not be substantial changes, but be aware of that. For example, the setting of results shown per page does not work yet - 20 is hardcoded into the sanitizing function. |
#2
|
||||
|
||||
How to get this to work with $_POST.
Every time I click a link in the pagination it resets the post variables. When I use $_GET it shows either the security token or the session hash. Thanks for any help. |
#3
|
||||
|
||||
The pagination system, as far as I know, is designed to work with URL parameters only. If you want to preserve data entered via a form in post mode, you need to pass the data entered to the pagination class by adding parameters to the pagenav link, then you need to query it accordingly when the page gets reloaded upon page change. Anyway, wihtout seeing your code it's hard to say where you are going wrong.
|
#4
|
||||
|
||||
here ya go http://pastebin.com/m5dd777d5
If I use $_get how do I remove the sessionhash or the securitytoken out of the url? It loads the first page but each page after that has no variables. |
#5
|
||||
|
||||
First, whenever you use get or post variables, you should always use the vbulletin input cleaner to make them safe. If you don't know how, there's an article somewhere here.
Second, why would you want to get rid of the sessionhash? It's only showing if you have cookies disabled, and if you remove it, it will break login for people w/o cookies. Third, as I said, when you change pages, you basically reload them. Post variables won't survive that. You need to save the get parameters into variables, pass those variables as parameters to the pagination URL, and then read them from the URL parameters upon reload. Basically (forgoing input cleaner here, for simplicity: PHP Code:
|
#6
|
||||
|
||||
I don't want to get rid of the session hash or security token I just want to hide it from the URL with $_GET for the simple fact is I don't want my users passing their sessionhash or security token around to each other.
On this search page only would it be safe to turn off CSRF_PROTECTION as long as I clean what can be inputed? |
#7
|
||||
|
||||
Visibility of the security token is not a problem securitywise. It is visible in the source code anyway. The sessionhash is passed along via URL by vB if cookies are disabled, that's the way it is. And no, disabling CSRF protection is not a good idea, it's there for a reason.
|
#8
|
||||
|
||||
Thanks so much for all your help man.
Last question do I need to add the following to $_GET forms? Code:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" /> <input type="hidden" name="s" value="$session[sessionhash]" /> |
#9
|
||||
|
||||
If you're using GET, you don't need the security token, but you do need the session (as I said, leaving that out will break log in for everyone with cookies disabled).
On CSRF protection, you may want to read https://vborg.vbsupport.ru/showthread.php?t=177013 |
#10
|
||||
|
||||
Again Thanks for all the help Great Article.
Most of my problem boiled down to the sql statment. I had Code:
SELECT DISTINCT COUNT(blah Code:
SELECT COUNT(DISTINCT blah I used this same tutorial on several other pages of mine and it went flawlessly. Thanks again for the fast answers and the great help. P.S. I secure my code after its working just to narrow down problems. |
Thread Tools | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|