Previous Thread
Next Thread
Print Thread
Rate Thread
#238598 03/02/2003 12:36 AM
Joined: Nov 1999
Posts: 34
Journeyman
Journeyman
Offline
Joined: Nov 1999
Posts: 34
I am playing with TLD on my home computer. I just loaded PHPdev as my server environment. I am using PHP 4.2.3 and MYSQL 3.23.39 and Apache 1.3.27.

I am looking through the script, and it appears to me that the script is not drawing in the ?op=Links call. On my actual hosted site the script showed all the included pages that were brought in by the calls. Do I have something set up incorrectly?
Thanks,
Dale

Sponsored Links
Joined: Nov 1999
Posts: 34
Journeyman
Journeyman
Offline
Joined: Nov 1999
Posts: 34
I turned on register_globals in the php.ini filke and all is well.

thanks,
Dale

Joined: Apr 2002
Posts: 1,768
Addict
Addict
Offline
Joined: Apr 2002
Posts: 1,768
What is TLD? (just curious)

Joined: Dec 2000
Posts: 1,471
Addict
Addict
Offline
Joined: Dec 2000
Posts: 1,471
Threads Link Directory, i suggest.

Joined: Nov 1999
Posts: 34
Journeyman
Journeyman
Offline
Joined: Nov 1999
Posts: 34
Sorry about that, but it is in fact Threads Links Directory. It is a script written by user fishtails. It can be found in the Forum Design Integration board.

Dale

Sponsored Links
Joined: Apr 2002
Posts: 1,768
Addict
Addict
Offline
Joined: Apr 2002
Posts: 1,768
Thanks.

Joined: Nov 2001
Posts: 10,369
I type Like navaho
I type Like navaho
Joined: Nov 2001
Posts: 10,369
He must be missing the get_input functions so it works with register globals off.

Joined: Apr 2002
Posts: 1,768
Addict
Addict
Offline
Joined: Apr 2002
Posts: 1,768
That makes sense, if TLD is a threads mod.

Joined: Nov 1999
Posts: 34
Journeyman
Journeyman
Offline
Joined: Nov 1999
Posts: 34
Josh,

I am a not even up to beginner status yet. I am on chapter 2 of my PHP book.

What is the get_input function? I am assuming that is a function to input in the code so as to be a workaround for the variables being passed in the address bar.

Thanks,
Dale

Joined: Apr 2002
Posts: 1,768
Addict
Addict
Offline
Joined: Apr 2002
Posts: 1,768
The function get_input() is defined in ubbt.inc.php. Many of the threads scripts call it.

Example 1: (URL parameter)

Code
http://.../script.php?x=1&y=2 <br /> <br />in script.php: $x = get_input('x', 'get'); // $x = 1


Example 2: (form field)

Code
<form action='http://.../script.php' method='post'> <br />... <br /><input type='hidden' name='x' value='1' /> <br /><input type='hidden' name='y' value='2' /> <br />... <br /></form> <br /> <br />in script.php: $x = get_input('x', 'post'); // $x = 1

Sponsored Links
Joined: Nov 2001
Posts: 10,369
I type Like navaho
I type Like navaho
Joined: Nov 2001
Posts: 10,369
Yeah, without it with the globals turned off, you wont' get the variables.

It's a security thing... to prevent someone from being able to put the variables in the URL and do something they aren't supposed to be doing.

I didn't really understand it at first.... until some people had trouble with some of my mods... the earlier ones didn't have the get_input function in it.

But any script that is expecting variables to be passed to it should call it, as dave illustrated above.

I learned that fixed things.

Joined: Nov 1999
Posts: 34
Journeyman
Journeyman
Offline
Joined: Nov 1999
Posts: 34
Thanks,

So would the statement for $y be:

in script.php: $y = get_input('y', 'get'); // $y = 2

This part ---// $y = 2--- is just a comment correct?



How would all this be utilized in TLD?

In TLD the script has a section that checks the value of $op and then directs the loading of another script. Should the script that linked to links.php?op=Links have posted a hidden value of $op? Would you then get that value using the get_input() function?

Thanks for the help,
Dale

Joined: Nov 2001
Posts: 10,369
I type Like navaho
I type Like navaho
Joined: Nov 2001
Posts: 10,369
Yeah, the script that gets $op sent to it would need this near the top:

$op = get_input("op","get");


We use "get" because we're passing it in the URL. You could use "post" if it's done through a form, or "both" if the script can accept is either way.

You can see how this comes into play.... say for example the script that is designed to delete a thread. If someone knew what variables to put in the URL... they could do things they weren't supposed to, now the script knows how it's supposed to receive the info, and can't be tricked.

Joined: Apr 2002
Posts: 1,768
Addict
Addict
Offline
Joined: Apr 2002
Posts: 1,768
The "// $y = 2" is just a comment I added above to explain what that expression was doing.

The call to get_input() doesn't have to be near the top, but it needs to occur before the variable that it's setting is referenced.

If you want to understand more about this, you may want to look at the definition of the function get_input in ubbt.inc.php, and see Variables from outside PHP and Predefined Variables.

Joined: Nov 1999
Posts: 34
Journeyman
Journeyman
Offline
Joined: Nov 1999
Posts: 34
I just added that simple line of code and it works great. I went and looked up the get_input function. Boy do I have a lot to learn. I understood what it did from this post. I have 0 clue how it does it from the script though.

At line 1747 there is a globals statement. I think I understand that form variables are stored in $HTTP_POST_VARS & $HTTP_GET_VARS as an array.

What does this meant though?

global $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_COOKIE_VARS, $HTTP_SESSION_VARS;
global $_POST, $_GET, $_COOKIE, $_SESSION;

Why did it have to be stated?

And what are magic quotes?


Thanks for the help.
Dale

Last edited by Tiny Giants; 03/06/2003 11:27 PM.
Joined: May 1999
Posts: 1,715
Addict
Addict
Joined: May 1999
Posts: 1,715
To use variables set outside a function you will either have to pass them as arguments to the function or use the global statement to get them into the function.

If global isn't used on these variables, the script wouldn't find any info at all:
global $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_COOKIE_VARS, $HTTP_SESSION_VARS;

These variables on the other hand, were introduced in PHP 4.1.0 and are called Superglobals, and to use them you don't actually need to use global:
global $_POST, $_GET, $_COOKIE, $_SESSION;
They store the same information as the variables above but only work in PHP 4.1.0 and above (and you can use them anywhere in the script, unlike the other ones).

Magic Quotes is a setting in PHP which adds slashes to quotes in strings read from the GET and POST variables. If magic quotes is turned off you will have to use the function addslashes() to any content read from the browser before inserting it into a database. Since this is a server setting, threads removes the slashes if they are turned on, and takes care of adding them on its own when necessary.

Joined: Apr 2002
Posts: 1,768
Addict
Addict
Offline
Joined: Apr 2002
Posts: 1,768
[]global $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_COOKIE_VARS, $HTTP_SESSION_VARS;
global $_POST, $_GET, $_COOKIE, $_SESSION;[/]

global provides access within a function to variables created outside that function.

The first global above is required. The second isn't, because PHP treats those as a special case and automatically makes them accessible within a function. The $_ variables above are only supported in PHP version 4.1 or higher.

I don't remember exactly what magic quotes are. The manual at php.net should have an explanation.

Joined: Nov 1999
Posts: 34
Journeyman
Journeyman
Offline
Joined: Nov 1999
Posts: 34
Dave & Gardner,

Thanks for the explanation. It makes reading the code easier. Surprisingly, I can follow along quite a bit of the code and understand the general idea. I guess it is like a foreign language---you can understand more than you speak.

Dale


Link Copied to Clipboard
Donate Today!
Donate via PayPal

Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.

Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
Recommended Hosts
We have personally worked with and recommend the following Web Hosts:
Stable Host
bluehost
InterServer
Visit us on Facebook
Member Spotlight
Posts: 70
Joined: January 2007
Forum Statistics
Forums63
Topics37,573
Posts293,925
Members13,849
Most Online5,166
Sep 15th, 2019
Today's Statistics
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
Top Posters
AllenAyres 21,079
JoshPet 10,369
LK 7,394
Lord Dexter 6,708
Gizmo 5,833
Greg Hard 4,625
Top Posters(30 Days)
Top Likes Received
isaac 82
Gizmo 20
Brett 7
Morgan 2
Top Likes Received (30 Days)
None yet
The UBB.Developers Network (UBB.Dev/Threads.Dev) is ©2000-2024 VNC Web Services

 
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20221218)