You are not logged in. Please login or register.
PunBB Forums → PunBB 1.2 modifications, plugins and integrations → Steps to take in writing a Mod for PunBB
I'm taking on the task of writing a trader rating / feedback module for punbb.
How should I authenticate the user?
Would this sequence still be current?
- Fetch the serialized array from the cookie.
- SELECT * FROM users WHERE username=username_from_cookie AND password=hash_from_cookie
- If I get a row back, I know the user is logged in. Otherwise the username and/or password in the cookie is incorrect.
Moved to modifications.
There's no need to do that - that topic is quite old, from before 1.2 came out. As long as you include the proper files (http://punbb.org/docs/dev.html#integration and there's a useful Punres wiki page too, but the wiki seems to be having problems now), you can do stuff like if($pun_user['is_guest']) or if(!$pun_user['is_guest']).
Thanks - that link is a big help.
I now see that I have access to many of the user variables once common.php is loaded.
When I try to load header.php with a require, it doesn't seem to load the CSS and HTML header. Do I have to define a new file somewhere? Or perhaps I need to define something else?
The wiki is not that helpful.
The wiki is not that helpful.
Really? Did you happen to find this: http://wiki.punres.org/Miniportal#New_page_template ?
You need to load both the header and the footer 
idn wrote:The wiki is not that helpful.
Really? Did you happen to find this: http://wiki.punres.org/Miniportal#New_page_template ?
Yikes!
I stand corrected.
Thanks very much. This is EXACTLY what I was looking for.
Does common.php load all the database functions?
I ask because $username is empty after the db is queried, and I was wondering if $db->prefix was set in common.php.
I have:
<?php
define('PUN_ROOT', './');
define('PUN_QUIET_VISIT', 1);
require PUN_ROOT.'include/common.php';
$do_action=$_GET['action'];
$user_id=$_GET['id'];
//Set the page title here
$page_title = pun_htmlspecialchars($pun_config['o_board_title']) . ' / New page 1';
define('PUN_ALLOW_INDEX', 1);
require PUN_ROOT.'header.php';
require PUN_ROOT.'include/parser.php';
// troubleshooting - check variables
echo $do_action;
echo $user_id;
if ($do_action == 'view')
{
$result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE id='.$user_id) or error('Unable to fetch username', __FILE__, __LINE__, $db->error());
echo $result;
list($username) = $db->fetch_row($result);
// $page_title = 'Trader Feedback Rating for '.$username;
//require PUN_ROOT.'header.php';
echo "Trader feedback for ".$username;
}
?>
<div class="block">
<h2><span>Trader Feedback</span></h2>
<div class="box">
<div class="inbox">
<p>
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Praesent augue. Nulla facilisi. Fusce bibendum accumsan erat. Quisque sollicitudin mattis neque. Sed dapibus. Integer a lectus eu sem consequat pellentesque. Morbi rhoncus nulla. Duis adipiscing interdum velit. Fusce ante. Ut vitae enim sit amet magna sodales hendrerit. In sed tortor at sapien convallis eleifend. Proin mauris. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Ut metus. Cras ac arcu et arcu porttitor blandit. Nam vitae lectus eget mauris sollicitudin placerat. Suspendisse vestibulum. Donec varius libero. Duis velit tellus, euismod vitae, consequat sed, consectetuer ut, purus.
</p>
<p>
Trader feedback for <? echo $username; ?>
</p>
</div>
</div>
</div>
<?php
require PUN_ROOT.'footer.php';Yes, common.php loads the database functions
Are you sure you're putting in the right user ID (keep in mind that your script does nothing to prevent against SQL injects)
Thanks -- what's the established way to santize the id variable before doing the select?
I looked through mysql.php and didn't see a loop to retrieve more than one row. How do pun modules usually do this? Using a loop outside mysql.php functions?
while ($variable = $db->fetch_assoc($result))Yup, looping
And it's not an established way to sanitize a particular field, you just have to know what kind of data you're expecting and where you're trying to put it. If you're outputting something you know to be a string, use pun_htmlspecialchars. If you're putting a string into an SQL query, use $db->escape. For numbers, use intval. Just make sure things are what you expect them to be (because you can never trust users to send what you want)
Phew -- trader mod completed.
I'm now trying to figure out how to display the rating next to each username in viewtopic.php
Right after around line 200:
if ($cur_post['poster_id'] > 1) {
I added my code which retrieves the rating for the individual user and adds up all the rows using a $db->num_rows statement. I can't figure out why only one post is ever displayed when the db is queried within the squiggly bracket.
It seems like a database query resets the counter for the loop around all posts.
My modified code within viewtopic.php
// If the poster is a registered user.
if ($cur_post['poster_id'] > 1)
{
//
// show trader feedback
//
$number_of_ratings=0;
// get total feedback for user and display it
$result = $db->query('SELECT trade_ref FROM '.$db->prefix.'traderfeedback WHERE id='.$cur_post['poster_id']) or error('Unable to fetch feedback', __FILE__, __LINE__, $db->error());
$number_of_ratings=$db->num_rows($result);
$feedback="Trader Rating (<a href='trader.php?action=view&id=".$cur_post['poster_id']."'>".$number_of_ratings."</a>)";
//
// end trader feedback
//
$username = '<a href="profile.php?id='.$cur_post['poster_id'].'">'.pun_htmlspecialchars($cur_post['username']).'</a>';
$user_title = get_title($cur_post);PunBB Forums → PunBB 1.2 modifications, plugins and integrations → Steps to take in writing a Mod for PunBB
Powered by PunBB, supported by Informer Technologies, Inc.