Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 08-21-2007, 08:39 PM
cermi's Avatar
cermi cermi is offline
 
Join Date: Jun 2007
Posts: 12
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Adding new field to session

Hi, I need to extend the vB sessions and add one field into it - is it possible? How to do it?
Reply With Quote
  #2  
Old 08-22-2007, 06:41 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What are you trying to achieve with this?
Reply With Quote
  #3  
Old 08-24-2007, 08:39 AM
cermi's Avatar
cermi cermi is offline
 
Join Date: Jun 2007
Posts: 12
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

To store temporary data between requests
e.g. step 1: show a form with some <select>s, whose content was generated using complex operations
step 2: verify that the values from <select>s are valid. (e.g. only for things that user has access on)
Reply With Quote
  #4  
Old 08-24-2007, 09:41 AM
Opserty Opserty is offline
 
Join Date: Apr 2007
Posts: 4,103
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Whats wrong with using a simple form? To "post" data from step 1 to step 2?

I'm pretty sure it does what you are asking unless I'm missing something...
Reply With Quote
  #5  
Old 08-24-2007, 09:46 AM
cermi's Avatar
cermi cermi is offline
 
Join Date: Jun 2007
Posts: 12
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Opserty View Post
Whats wrong with using a simple form? To "post" data from step 1 to step 2?

I'm pretty sure it does what you are asking unless I'm missing something...
Erm ... security issue? I dont want users to change it.
Reply With Quote
  #6  
Old 08-24-2007, 09:54 AM
Opserty Opserty is offline
 
Join Date: Apr 2007
Posts: 4,103
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You said yourself you a using a form in step 1...I don't see a massive security issue with submitting it to step 2 as well.

I mean I'm no sercurity expert but it seems what your doing is a little overkill. Unless the data your sending from step one to step two is extremely sensitive.
Reply With Quote
  #7  
Old 08-24-2007, 10:09 AM
cermi's Avatar
cermi cermi is offline
 
Join Date: Jun 2007
Posts: 12
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Erm, I probably explained it wrong.
The data are not sensitive, the problem is that if I write the data into HIDDEN fields, user can change it and without SLOW (that's the point,I wanna use sessions to avoid getting the data twice, because it's slow and it cannot be optimized) verification it'd be a security problem because user can manually choose fields that they dont have access to.
Reply With Quote
  #8  
Old 08-24-2007, 10:24 AM
Opserty Opserty is offline
 
Join Date: Apr 2007
Posts: 4,103
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You can't change data in Hidden fields they are hidden... (the user has to check the HTML first to see they exist).

Unless you intercept the header requests and all that malarky. (Which is not something your average user can/would do)

Data is sent when the user submits a form...unless the form has thousands of elements passing the data twice won't have a noticeable impact on the performance if it has any at all that is.
Reply With Quote
  #9  
Old 08-24-2007, 10:41 AM
cermi's Avatar
cermi cermi is offline
 
Join Date: Jun 2007
Posts: 12
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

There are a few extension (e.g. for Firefox) that allows user to change the hidden fields, referrer and other header in friendly GUI
Reply With Quote
  #10  
Old 08-24-2007, 11:50 AM
Andreas's Avatar
Andreas Andreas is offline
 
Join Date: Jan 2004
Location: Germany
Posts: 6,863
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
You can't change data in Hidden fields they are hidden...
Of course you can (even if it mens having to save the HTML, editing the contents and then submitting the form). Every user input can be changed/faked - always keep that in mind!

Adding a filed to tabel session is simple:
1) ALTER the table
2) To set it:
PHP Code:
$vbulletin->session->db_fields['foo'] = TYPE_STR;
$vbulletin->session->set('foo''bar'); 
That's it. The value will be read automatically and is available as $vbulletin->session->vars['foo'] in the next script call.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:55 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04526 seconds
  • Memory Usage 2,255KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete