modified profile.php does not recognize custom $_POST['do'] == "xx"

[PiroX]

Hi

i modified the profile.php and added a new part

PHP Code:

if ($_POST['do'] == 'ptbank')
{
  header('Location: profile.php?do=whyisitnotjumingtothis'); //<-- testing header() to see if it goes in here, but it never do!
  //code
}

if ($_REQUEST['do'] == 'bank')
{
  //code
  $templatename = 'tp_bank';
} 


Template tp_bank, is displayed correct

PHP Code:

<form action="profile.php?do=ptbank" method="post">
<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
<input type="hidden" name="do" value="ptbank" />


<table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center">
<tr>
<td class="tcat">Bank</td>
</tr>
<tr>
<td class="thead">$vbphrase[tp_info]</td>
</tr>
<tr>
<td class="panelsurround" align="center">
<div class="panel">
<div style="width:$stylevar[formwidth_usercp]" align="$stylevar[left]">

<fieldset class="fieldset">
<legend>$vbphrase[tp_info2]</legend>
<table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0" width="100%">
<tr>
<td>$vbphrase[key_text]<br /><br /><span class="whiteb">Key:</span> <input name="key" class="bginput" type="text" size="45" maxlength="32" value="" />
<br/>
<br />
$vbphrase[spamfilter_notice]
<br /><br />
<div>
<center>
<input type="submit" class="button" value="Submit" />
<input type="reset" class="button" value="Reset" />
</center>
</div>
</td>

</tr>
</table>
</fieldset>

</div>
</div>

</td>
</tr>
</table>
</form>
<br /> 


if i call now profile.php?do=bank, then the template will be shown correct, if i enter a value and click submit, then it will always instant go to profile.php?do=bank again.

I dont understand why, where is my mistake?
What am i missing?

I hope someone can help me

[Lynne]

You actually edited the profile.php page instead of using a plugin? And where did you add this in the code.

What happens if you change this:

PHP Code:

if ($_POST['do'] == 'ptbank') 


to this:

PHP Code:

if ($_POST['do'] == 'ptbank' OR $_REQUEST['do'] == 'ptbank') 


Or, if you rearrange the order of your conditions?

[PiroX]

yes i edited the profile.php
i just put it above

Code:

// ############################### start dst autodetect switch ###############################
if ($_POST['do'] == 'dst')
{

stil not working with your tip
also tried to switch the conditions

//edit (using vbulletin v3.8.3)
if i remove

Code:

<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />

but i dont want to disable that security

if there is no other options expect of disabling CSRF_PROTECTION, can anyone tell me the command


it must be something with the security token, if i remove it, then it will display "profile.php?do=ptbank" (in url list or what it is called ) but brings that error
if the input with security token is there, then he wont do anything expect of reloading the same site "profile.php?do=bank"

[MarkPW]

If your passing your parameters/variables in the URL (not posting them via a form, for example), then you should be using $_GET, not $_POST.

[PiroX]

$_POST is correct, because i send a form with method=post
there is a hidden input with name="do"

PHP Code:

<input type="hidden" name="do" value="ptbank" /> 


i used the same template style like "modifyprofile"
in profile.php there also is if ($_POST['do'] == 'updateprofile')

[EnIgMa1234]

Add

PHP Code:

print_r($_POST); 


to your file and see if your $_POST parameter is there.

[PiroX]

if i add print_r($_POST); to profile.php, then he will bring a site error: "wrong coding of content"

--------------- Added [DATE]1244843185[/DATE] at [TIME]1244843185[/TIME] ---------------

lololol if i change the action to another file like

PHP Code:

<form action="lol.php?do=ptbank" method="post"> 


then he will also NOT go to this file by clicking on submit, if i check the source, then there is the correct code, so i dont get it, it seems that it is blocked somehow oO

--------------- Added [DATE]1244843444[/DATE] at [TIME]1244843444[/TIME] ---------------

ok found the source file of the problem
it is global.php

if i remove "require_once('./global.php');" in my TARGET file, "lol.php", then submit works, hm

--------------- Added [DATE]1244843796[/DATE] at [TIME]1244843796[/TIME] ---------------

the only part with exec_header... is this part in global.php

PHP Code:

// #############################################################################
// Redirect if this forum has a link
// check if this forum is a link to an outside site
if (trim($foruminfo['link']) != '' AND (THIS_SCRIPT != 'subscription' OR $_REQUEST['do'] != 'removesubscription'))
{
    // get permission to view forum
    $_permsgetter_ = 'forumdisplay';
    $forumperms = fetch_permissions($forumid);
    if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']))
    {
        print_no_permission();
    }

    // add session hash to local links if necessary
    if (preg_match('#^([a-z0-9_]+\.php)(\?.*$)?#i', $foruminfo['link'], $match))
    {
        if ($match[2])
        {
            // we have a ?xyz part, put session url at beginning if necessary
            $query_string = preg_replace('/([^a-z0-9])(s|sessionhash)=[a-z0-9]{32}(&|&)?/', '\\1', $match[2]);
            $foruminfo['link'] = $match[1] . '?' . $vbulletin->session->vars['sessionurl_js'] . substr($query_string, 1);
        }
        else
        {
            $foruminfo['link'] .= $vbulletin->session->vars['sessionurl_q'];
        }
    }

    exec_header_redirect($foruminfo['link'], true);
} 


it seems that if (trim($foruminfo['link']) != '' AND (THIS_SCRIPT != 'subscription' OR $_REQUEST['do'] != 'removesubscription')) IS TRUE, that means $foruminfo['link'] is not set, but i dont know what it is or how to set, any idea? or am i totally wrong

--------------- Added [DATE]1244901867[/DATE] at [TIME]1244901867[/TIME] ---------------

ok it is not that function

i dont know :/
i will make my own code then