Can't get plugin code to work

[Marco van Herwaarden]

If the script is local, then you should also include it clocally:

Do not:

PHP Code:

include('http://www.mysite.com/myscript.php'); 


But:

PHP Code:

include('./myscript.php'); 


With the 2nd option you will run the script inside the scope of the calling script, meaning that all variables (within scope) are already available in the included script. No need to pass parameters or set an environment.

[pianoman993]

Thanks for your post.

So your saying that this: (below) is unnecessary? Would I create a simple variable in the page that calls the CGI script, or would I do it in the vbulletin plugin? Also, what would the CGI variable look like? Would it look like $ENV{username}; ?

Code:

# 	putenv("PHP_ENC_USERNAME=$username");	# where $username is your PHP user variable.
# 	putenv("PHP_ENC_ISADMIN=$X");		# where $X is a 0 or a 1.

Your help is much appreciated, thanks!
- Pianoman993

[Marco van Herwaarden]

You would call it from a plugin, you can not execute PHP code in a template (HTML).

There is no "CGI variable". They are just simple PHP variables as used anywhere in a PHP-script.

Consider the following 2 scripts:
Main script "test.php"

PHP Code:

<?php
// Main test script test.php
$mainvar = "local set in test.php";
include('./sub.php');
echo "<br />test.php: Var set in sub: " . $subvar;

?>

And the 2nd script "sub.php" (store in the same directory as test.php):

PHP Code:

<?php
// sub.php
echo "<br />sub.php: Value for \$mainvar: " . $mainvar;
global $subvar;
$subvar = "This value was set in sub";
?>

Now point your browser to test.php.

You will see that the variable $mainvar that was set in "test.php" is also available in "sub.php" without any variable passing or such. The same goes for $subvar, set in sub.php and still available when returning in test.php.

[pianoman993]

Alright so here is my new plugin code:

PHP Code:

ob_start();

print $vbulletin->userinfo['username'];
global $username;
$username = ob_get_contents();

ob_end_clean(); 


And here is my CGI File

Code:

# PREFs Section 03: Security.
############################################################################
# Password Protection, Option 3 of 5 (use your site's existing login system):
#
# If your site already has a login system, either cookie-based or based on
# PHP sessions, you can make FileChucker integrate with it.
#
# If using the PHP session method, you must set the following environment
# variables from PHP just before calling filechucker.cgi from PHP:
#f
# 	putenv("PHP_ENC_USERNAME=$username");	# where $username is your PHP user variable.
# 	putenv("PHP_ENC_ISADMIN=$X");		# where $X is a 0 or a 1.
#
# This option is mutually exclusive with the integrate_with_userbase option.
#
$PREF{integrate_with_existing_login_system}		= 'no';
$PREF{login_error_message}				= qq`Error: not logged in.&nbsp; Perhaps you need to <a href="/">go home</a> and log in first?`;
#$PREF{logout_url}					= '/logout/';
#$PREF{login_url}					= '/login/';
#$PREF{forced_logout_link}				= qq`<p>Logging out; <a href="%%logout_url%%">click here</a> to continue.</p>\n`;
#
$PREF{enable_username_from_cookie}			= 'no';
$PREF{member_username_cookie_name}			= $username;
$PREF{admin_username_cookie_name}			= 'anderma';
#
$PREF{enable_username_from_php_session}			= 'yes';

Do I set $PREF{member_username_cookie_name} to $username?

[Dismounted]

Quote:

Originally Posted by pianoman993

That could easily be hacked. I was originally trying to deala with session variable since they were the most secure.

You can pass the string and add another item with the string hashed with a salt that only the scripts know. The other script can always verify this hash to make sure.

[pianoman993]

Gotcha, that'll work. Thanks!