tips for phpbb3 modders

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
User avatar
EXreaction
Registered User
Posts: 1555
Joined: Sat Sep 10, 2005 2:15 am

Re: tips for phpbb3 modders

Post by EXreaction »

It probably is just easier to do this in the php files to call the image:

Code: Select all

<img src="' . $phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/imageset/' . $user->data['user_lang'] . '/button_blog_new.gif">
replace button_blog_new.gif with the name of your image.
quick5pnt0
Registered User
Posts: 17
Joined: Wed Mar 22, 2006 1:18 am
Contact:

Re: tips for phpbb3 modders

Post by quick5pnt0 »

EXreaction wrote: I would like to know as well. I would guess it is something like the permissions where you can simply upload a file and it will automatically be included and display what it needs. :)

I believe there is no need for code modification with a plugin/hooks system.


Yea with a plugin that uses hooks you don't need to modify any of the phpbb files. Instead all you would do is upload the mod in a plugins folder, and enable it in the ACP. Or at least that's the way it works with Coppermine.
User avatar
Handyman
Registered User
Posts: 522
Joined: Thu Feb 03, 2005 5:09 am
Location: Where no man has gone before!
Contact:

Re: tips for phpbb3 modders

Post by Handyman »

quick5pnt0 wrote:
EXreaction wrote: I would like to know as well. I would guess it is something like the permissions where you can simply upload a file and it will automatically be included and display what it needs. :)

I believe there is no need for code modification with a plugin/hooks system.


Yea with a plugin that uses hooks you don't need to modify any of the phpbb files. Instead all you would do is upload the mod in a plugins folder, and enable it in the ACP. Or at least that's the way it works with Coppermine.


does it override the current core system if there is a conflict or how does that work?
I may need to download Drupal and find out :P
My phpBB3 Mods || My Mod Queue
Search Engine Friendly (SEO) URLs || Profile link on Avatar and/or Username || AJAX Chat
Display Posts Anywhere || CashMod || AJAX Quick Edit || AJAX Quick Reply

Image
jimmygoon
Registered User
Posts: 75
Joined: Thu Jun 23, 2005 3:59 am

Re: tips for phpbb3 modders

Post by jimmygoon »

No such thing as conflict. For example if you had a silly mod that added a new BBCODE button *yes I know this is already a feature* --- PHPBB3 Core would ask the modules if there were render-bbcode-hooks, your mod would... It would say MYMOD_hook_bbcode_render() { }. Inside the brackets it has access to the same things as phpbb3 core- meaning that it could unset buttons if necessary - so it could remove the URL button and then it could add a new button to the array containing the BBCODE's.... No need for "overridal" persay... Its all part of the API.

It would make phpbb3 more like a framework for really building the exact style of forum you need rather than piecing one together with mods... (I mean, they are still modules, but it feels right, ya know?)

Like I said, if time were no object...
User avatar
Acyd Burn
Posts: 1838
Joined: Tue Oct 08, 2002 5:18 pm
Location: Behind You
Contact:

Re: tips for phpbb3 modders

Post by Acyd Burn »

Please refrain from bringing up drupal (again) or this will get locked.

Image
asinshesq
Registered User
Posts: 156
Joined: Fri May 14, 2004 10:32 pm
Location: NYC

Re: tips for phpbb3 modders

Post by asinshesq »

EXreaction wrote: It probably is just easier to do this in the php files to call the image:

Code: Select all

<img src="' . $phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/imageset/' . $user->data['user_lang'] . '/button_blog_new.gif">
replace button_blog_new.gif with the name of your image.

That's way easier. I'l give that a try but it looks to me like it should work fine.
Alan
User avatar
poyntesm
Registered User
Posts: 176
Joined: Fri May 13, 2005 4:08 pm
Location: Dublin, Ireland
Contact:

Re: tips for phpbb3 modders

Post by poyntesm »

I just perfer to seperate php & html...but I will have a think about this one, as maybe in the long run the users will make more errors and it will be hassle for the MOD author.
asinshesq
Registered User
Posts: 156
Joined: Fri May 14, 2004 10:32 pm
Location: NYC

Re: tips for phpbb3 modders

Post by asinshesq »

Here's a potentially confusing thing: escaping single quotes to avoid sql injection risks.

The coding guidelines say:
Always use $db->sql_escape() if you need to check for a string within an SQL statement (even if you are sure the variable can not contain single quotes - never trust your input), for example:

That function replaces the old str_replace("\'", "''") we used for phpbb2 mods. Fine. But the guidelines go on to say
If you need to UPDATE or INSERT data, make use of the $db->sql_build_array() function. This function already escapes strings and checks other types, so there is no need to do this here.

If you use both $db->sql_escape() and $db->sql_build_array() (as you would do if you take in input from several different parts of a form, clean each of them as they come in to be safe and then use sql_build_array to build a sql array, the two methods of escape double up on each other and you end up with data that has too many back slashes in the database (so when you try to pull it out and display it you get words like here\'s rather than here's). The solution is to avoid doubling up, but I suspect this will lead to confusion since some but not all sqls will go through sql_build_array and as a result people will be more likely to miss escaping in some cases than they would if you only had one way to escape. Any thoughts?
Alan
User avatar
Handyman
Registered User
Posts: 522
Joined: Thu Feb 03, 2005 5:09 am
Location: Where no man has gone before!
Contact:

Re: tips for phpbb3 modders

Post by Handyman »

[quote="Handyman]Though it's better to put it in a sql_build_array insert like this

Code: Select all

<?php 
$sql_ary = array(
    'message'    => utf8_normalize_nfc(request_var('message', '', true)),
);
$sql = 'INSERT INTO ' . YOUR_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
$db->sql_query($sql);
using the sql_build_array cleans it up so you don't have to use the sql_escape… and you don't have the unsightly \' stuff going on.[/quote]

Just use the sql_build_array like that and you won't have a problem.
It also makes the code cleaner and easier to deal with.

You can also use it for update

Code: Select all

<?php 
$sql_ary = array(
    'message'    => utf8_normalize_nfc(request_var('message', '', true)),
    'field2'         => $number,
);
$sql = 'UPDATE ' . YOUR_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE user_id = $user_id";
$db->sql_query($sql);
@Meik :oops: sorry, I should have known better.
My phpBB3 Mods || My Mod Queue
Search Engine Friendly (SEO) URLs || Profile link on Avatar and/or Username || AJAX Chat
Display Posts Anywhere || CashMod || AJAX Quick Edit || AJAX Quick Reply

Image
User avatar
jojobarjo32
Registered User
Posts: 164
Joined: Wed Jun 22, 2005 7:38 pm
Location: France

Re: tips for phpbb3 modders

Post by jojobarjo32 »

IMO, the sql_escape method should be call only IN sql queries. There is no special reason to do :

Code: Select all

$foo = $db->sql_escape($bar);

$sql = "SELECT some_stuff
		FROM table_name
		WHERE foo = '" . $foo . "'";
$db->sql_query($sql);
Rather do :

Code: Select all

$sql = "SELECT some_stuff
		FROM table_name
		WHERE foo = '" . $db->sql_escape($foo) . "'";
$db->sql_query($sql);

$db->sql_query('INSERT INTO table_name ' . $db->sql_build_array('INSERT', array('foo' => $foo)));
And you will never have problems with double escaped chars ;)
Post Reply