Working with session and post form variables

Discussion forum for Extension Writers regarding Extension Development.
MKULTRA
Registered User
Posts: 188
Joined: Tue Oct 16, 2007 12:07 pm
Contact:

Re: Working with session and post form variables

Post by MKULTRA »

Why is it hard to explain? What argument is used to keep data alive while bouncing from one page to another? Certainly, this is a core feature included in phpBB 3.1.

I simply need to set, retain, and retrieve data for future reference and to use that data to reference specific form data, all while maintaining everything serverside.

If phpBB 3.1 has for whatever reason made it illegal to use superglobals, fine, but what is their replacement equivalents and the context of their arguments?

I mean 15-posts into this thread and all replies have been focused on how to write extensions--OK, that is nice and all but has no bearing on my original question, which has gone unanswered.
User avatar
Wolfsblvt
Registered User
Posts: 634
Joined: Sun Oct 26, 2014 9:12 pm
Location: Solingen, Germany
Contact:

Re: Working with session and post form variables

Post by Wolfsblvt »

I have answered that already. If you have to stick with session things, you have to extend phpBBs session table and store your data there.
If the data is not different for every user, best method is just using the caching mechanism of phpBB. $cache->get() und $cache->set() should be the methods.

If it is just for form data, you should generate hidden fields on server side, add that to the form and you will get them back on the next page call.
If you have a specific extension request and you are willing to pay for, you can write me a PM.
My extensions (Trending: @Mention SystemAdvanced PollsUser Online Time)

»Du kamst zu uns. Deine Stimme kam. Du zeigtest uns die Sterne. Sie funkelten. Wir konnten sehen.«
MKULTRA
Registered User
Posts: 188
Joined: Tue Oct 16, 2007 12:07 pm
Contact:

Re: Working with session and post form variables

Post by MKULTRA »

Anything sent to the client can be manipulated so hidden fields would not work.

The variables would need to be set on a per user basis and in certain cases would change with each page load, while others would be static within the session, so globalized caching would not work.

And finally, what does that mean, extend the session table? How is this accomplished, where is it located, etc? Is this an array that you can just add to and then access?
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 26940
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Working with session and post form variables

Post by Paul »

You should use $request->variabele(), this will return session variables as well as post and get
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development
MKULTRA
Registered User
Posts: 188
Joined: Tue Oct 16, 2007 12:07 pm
Contact:

Re: Working with session and post form variables

Post by MKULTRA »

Thanks. And to update or create a in use or a new variable would $data['...']="...", be used? Which could then be retrieved with $request->variable($data['....'])?
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 26940
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Working with session and post form variables

Post by Paul »

Use $request->overwrite with as second parameter _SESSION.


EDIT, after looking at the code, you should be able to use $_SESSION directly, only for get and post you need to use $request->variable
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development
User avatar
RMcGirr83
Former Team Member
Posts: 21698
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Working with session and post form variables

Post by RMcGirr83 »

No $request->variable is set via an HTML request passed via an HTML file. EG,

html

<input name='whatever' value='blah' />

php code

$request->variable('whatever', '')

$request->variable takes two types, strings and integers

for a string it would be

$whatever = $request->variable('whatever', '');
for an integer
$whatever = $request->variable('whatever', 0);

If using within a query you would need/want to ensure you sanitize your input eg, for integers

Code: Select all

$sql = 'SELECT * FROM ' . USER_TABLE . ' WHERE user_whatever = ' . (int) $whatever;
or if a string

Code: Select all

$sql = 'SELECT * FROM ' . USERS_TABLE . "  WHERE user_whatever = '" . $db->sql_escape($whatever) . "'";
these are just examples.

EDIT: Paul beat me to it.
Former Modifications/Extensions Team Member | My extensions | github | All requests for support via PM will be ignored
Appreciate the extensions/mods/support then buy me a beerImage
MKULTRA
Registered User
Posts: 188
Joined: Tue Oct 16, 2007 12:07 pm
Contact:

Re: Working with session and post form variables

Post by MKULTRA »

In the tests I did $_SESSION will not pass the data onto the next reload.

Will $request->overwrite also work for adding new variables to the array or is that only for variables already included in the array--if so where to you go about adding new variables to it to prepare for their later use?

I am not sure if I understand that correctly is it "$request->overwrite(_SESSION,'')=$new_dynamic_data"?
User avatar
hanelyp
Registered User
Posts: 124
Joined: Wed Apr 02, 2014 10:20 pm

Re: Working with session and post form variables

Post by hanelyp »

There must be a bug somewhere in this board, I lost my first attempt to post a reply.

If I'm reading correctly, you want to track which pages a visitor has seen recently when they attempt certain operations.

What I'm getting from discussion is that the preferred way to do that is to extend the sessions table (https://wiki.phpbb.com/Migrations) and use the $db object to read and update the session record.
MKULTRA
Registered User
Posts: 188
Joined: Tue Oct 16, 2007 12:07 pm
Contact:

Re: Working with session and post form variables

Post by MKULTRA »

Oh no, simply set a value to use for naming form elements, in this case during registration, then upon submission, use those values to obtain the data submitted. Similar to these, but using PHP:

http://stackoverflow.com/questions/1885 ... -generated

http://stackoverflow.com/questions/2065 ... word-input


There is a popular Website that uses or used this process, Oracle or Microsoft Mail..., I can't recall?
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 26940
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Working with session and post form variables

Post by Paul »

I don't think the request class supports $_SESSION yeah, so you will need to directly use $_SESSION, and this should work the same as outside phpBB. You need to make sure yourself the session is started ofcourse.

You can use $request->overwrite to set a $_POST or $GET key. However, you don't assign it, it is a method where you provide the new value, so something like $request->overwrite('new value', \phpbb\request\request_interface::POST);
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development
MKULTRA
Registered User
Posts: 188
Joined: Tue Oct 16, 2007 12:07 pm
Contact:

Re: Working with session and post form variables

Post by MKULTRA »

Unfortunately, it does not appear that sessions are functioning in 3.1. I have no clue as to why, but this example does not work (noting that session_register() does not help any either):

Code: Select all

	session_start();

		echo "SESSION VAR: ".$_SESSION["T"]."<br />";

		$_SESSION["T"]="TEST SESSION SET";
Response:
[phpBB Debug] PHP Notice: in file [ROOT]/includes/ucp/ucp_register.php on line 195: Undefined index: T
SESSION VAR:
So, if I am understanding this correctly, phpBB 3.1 handles all session data now through a Db table, meaning everytime a page is reloaded the server has to query all user data over and over again, in addition to all the forum and post data and other user data? (Possibly, using memcaching in the process?) Would that not add lots of drain to a server with 1,000's of logged in members?

And even if so, what was the purpose of killing session variables, there is nothing wrong with using them, so why force the use of a sessions Db onto everybody? If this is the case, I now have a big headache to overcome, just for what should be a simple temporary measure. There are many instances where a developer could make good use of superglobals. And furthermore, if this is the case, the least phpBB could have done is implement a CRUD (which would also eliminate all need for sanitizing and increase speed via mysqli/PDO) if they are going to force Db use on every aspect of phpBB 3.1.
Last edited by MKULTRA on Thu Apr 23, 2015 8:55 am, edited 1 time in total.
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 26940
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Working with session and post form variables

Post by Paul »

phpBB doesn't do anything with $_SESSION, so it should work fine how it works without phpBB. phpBB doesn't force the use of the database sessions, it is just how phpBB does it itself. You can still use php sessions, or other globals, but in some cases you need to use the request class instead of the super globals for security reasons.

However, if something isn't set, it will ofcourse (And it does that in php as well, however the standard php configuration just doesn't show that), will give a notice when something doesn't exists. You need to make sure to check if something is set before using it, this should be standard practise.
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development
MKULTRA
Registered User
Posts: 188
Joined: Tue Oct 16, 2007 12:07 pm
Contact:

Re: Working with session and post form variables

Post by MKULTRA »

There is something preventing session from working in my forum, the above code is fine in my forum directory when in a file all by itself, but just not in the forum code itself, the session is being killed somewhere. I tried using it in index.php and ucp_register.php, both never return the supposedly saved data.
MKULTRA
Registered User
Posts: 188
Joined: Tue Oct 16, 2007 12:07 pm
Contact:

Re: Working with session and post form variables

Post by MKULTRA »

I traced it back to this line within includes/compatibility_globals.php, sessions work above this line, but not below it:

Code: Select all

$request	= $phpbb_container->get('request');
ETA:

Though so far I have no idea where that leads to or comes from, but it has something to do with phpbb/sessions.php.
Last edited by MKULTRA on Thu Apr 23, 2015 10:51 am, edited 1 time in total.
Post Reply

Return to “Extension Writers Discussion”