Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 04-29-2004, 07:34 AM
sabret00the's Avatar
sabret00the sabret00the is offline
 
Join Date: Jan 2003
Location: London
Posts: 5,268
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default form handling

i thought i'd make my form a little more secure with
PHP Code:
        if (isset($source)) {
             if (
$source == '$PHP_SELF?projectid=$projectid') { 
at the top of the handler, however the else of both query's shows you an error message

and since i'm considentantly getting this error message everytime i try and do something through the form, i'm wondering what i'm doing wrong?
Reply With Quote
  #2  
Old 04-29-2004, 12:23 PM
Xenon's Avatar
Xenon Xenon is offline
 
Join Date: Oct 2001
Location: Bavaria
Posts: 12,878
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

if you use single quotes, then variables are not parsed, so you should use
PHP Code:
$source == $PHP_SELF '?projectid=' $projectid 
Reply With Quote
  #3  
Old 04-29-2004, 12:39 PM
sabret00the's Avatar
sabret00the sabret00the is offline
 
Join Date: Jan 2003
Location: London
Posts: 5,268
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

thanks xenon, however still can't get it to work, could you please take a look at this and tell me i'm just coding this badly or not
PHP Code:
         $projectid intval($_POST['projectid']);
         if (isset(
$rate_source)) {
             if (
$rate_source == $PHP_SELF '?projectid=' $projectid) {
                 if (
'project_rate' && $rate && $projectid != '' && $bbuserinfo[userid] > 0) {
                     
$projectid intval($_POST['projectid']);
                     
$verify $DB_site->query_first("
                         SELECT userid 
                         FROM project_rate 
                         WHERE projectid = 
$projectid AND userid = $bbuserinfo[userid]
                     "
);
                     if (
$verify) {
                         eval(
print_standard_error('error_project_novotetwice')); 
                     } else {
                        
$DB_site->query("INSERT INTO project_rate SET
                         projectid = '
$projectid',
                         userid = '
$bbuserinfo[userid]',
                         rate = '
$rate',
                         timestamp = '"
.time ()."'");
             
                         
header("Location: $PHP_SELF?s="); //takes you back to main project page
                     
}
                 } else {
                     eval(
print_standard_error('error_project_voteerror')); 
                 }
             } else {
                eval(
print_standard_error('error_project_shouldnotbehere')); 
             }
         } else {
            eval(
print_standard_error('error_project_shouldnotbehere'));
         } 
Reply With Quote
  #4  
Old 04-29-2004, 12:53 PM
Xenon's Avatar
Xenon Xenon is offline
 
Join Date: Oct 2001
Location: Bavaria
Posts: 12,878
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

well, you should start to use the vb3 coding rules, as it would make the code better readable.

but apart from that, i don't see, whats wrong right now..

btw, the second ($projectid = intval($_POST['projectid']) is useless
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:54 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03626 seconds
  • Memory Usage 2,205KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (4)post_thanks_box
  • (4)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit_info
  • (4)postbit
  • (4)postbit_onlinestatus
  • (4)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete