Need help working out last bug in my mod

Discussion forum for MOD Writers regarding MOD Development.
Locked
cdodds
Registered User
Posts: 228
Joined: Sat Jul 10, 2010 2:19 am
Name: Don Cdoddsy
Contact:

Need help working out last bug in my mod

Post by cdodds »

I am making a easy paypal billing mod that will allow easy sending of bills to members. I just have one last bug left to fix that has me stumped. The custom bbcode for this mod is not parsing. All of my other custom bbcodes are parsing just fine, but not this one.

Here is a picture of what is happening: http://www.imvumafias.org/images/billbug.png

bill.php:

Code: Select all

<?php
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);

$price = $_GET["price"];
$seller = $_GET["seller"];

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();

//Logged In Users Only
if ($user->data['user_id'] == ANONYMOUS)
{
    login_box('', $user->lang['LOGIN']);
} 

page_header('Bill');

$template->assign_vars(array(
      'CUSTOMER' => $user->data['username_clean'],
      'PRICE' => $price,
	  'SELLER' => $seller
));

$template->set_filenames(array('body' => 'bill.html'));

make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"));
page_footer();
?>
bill.html:

Code: Select all

<!-- INCLUDE overall_header.html -->

<h3 class="heading">Payment</h3>		
	<form id='paypalform' action="https://www.paypal.com/cgi-bin/webscr" method="post">
		<input type="hidden" name="cmd" value="_donations">
		<input type="hidden" name="business" value="{SELLER}">
		<input type="hidden" name="lc" value="US">
		<input type="hidden" name="item_name" value="iMafias - {CUSTOMER}">
		<input type="hidden" name="amount" value="{PRICE}">
		<input type="hidden" name="currency_code" value="USD">
		<input type="hidden" name="no_note" value="0">
		<input type="hidden" name="cn" value="{CUSTOMER}">
		<input type="hidden" name="no_shipping" value="1">
		<input type="hidden" name="currency_code" value="USD">
		<input type="hidden" name="custom" value="1">
		<input type="hidden" name="bn" value="PP-DonationsBF:logo3w.png:NonHosted">
		<input type="image" src="http://www.t3de.com/res/images/pp.png" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
		<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
	</form>
	<br/>
	<br/>
<a href='#'  onClick='javascript: document.forms["paypalform"].submit();' class='button large blue'>Process your order for <b>{PRICE}</b></a>

<!-- INCLUDE jumpbox.html -->
<!-- INCLUDE overall_footer.html -->
<!-- INCLUDE overall_footer.html -->
bbcode usage:

Code: Select all

[bill={EMAIL}]{NUMBER}[/bill]
HTML Replacement:

Code: Select all

Here is your bill: <a href="http://www.imvumafias.org/community/bill.php?seller={EMAIL}&price=${NUMBER}">View Bill</a>
Helpline:

Code: Select all

[bill=email@domain.com]1[/bill]
Display on posting page: True

Does anyone know where I am going wrong?
User avatar
RMcGirr83
Former Team Member
Posts: 21674
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Need help working out last bug in my mod

Post by RMcGirr83 »

It's probably the EMAIL token, try changing it to a different one ({TEXT} or whatever)
Former Modifications/Extensions Team Member | My extensions | github | All requests for support via PM will be ignored
Appreciate the extensions/mods/support then buy me a beerImage
User avatar
AmigoJack
Registered User
Posts: 5795
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: Need help working out last bug in my mod

Post by AmigoJack »

You found a bug in phpBB3.0.11 - I submitted ticket PHPBB3-11153. As a workaround use [bill={NUMBER}]{EMAIL}[/bill].

As a sidenote: your MOD won't get validated since you don't sanitize your input:
  • The worst thing about censorship is ███████████
  • "The problem is probably not my English but you do not want to understand correctly. ... We will not come anybody anyway, nevertheless, it's best to shit this." Affin, 2018-11-20
  • "But this shit is not here for you. You can follow with your. Maybe the question, instead, was for you, who know, so you shoved us how you are." axe70, 2020-10-10
cdodds
Registered User
Posts: 228
Joined: Sat Jul 10, 2010 2:19 am
Name: Don Cdoddsy
Contact:

Re: Need help working out last bug in my mod

Post by cdodds »

RMcGirr83 wrote:It's probably the EMAIL token, try changing it to a different one ({TEXT} or whatever)
Some of the users/members on my site are really really ... creative; I do not trust them to input a valid email address. Everything from funny flash videos to database attacks would be injected into my code ....
AmigoJack wrote:You found a bug in phpBB3.0.11 - I submitted ticket PHPBB3-11153. As a workaround use [bill={NUMBER}]{EMAIL}[/bill].

As a sidenote: your MOD won't get validated since you don't sanitize your input:
Thank you AmigoJack, your work around worked.

Input is now sanitized:

Code: Select all

<?php
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);

$price = filter_INPUT(INPUT_GET,"price", FILTER_SANITIZE_SPECIAL_CHARS);
$seller = filter_INPUT(INPUT_GET,"seller", FILTER_SANITIZE_SPECIAL_CHARS);

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();

//Logged In Users Only
if ($user->data['user_id'] == ANONYMOUS)
{
    login_box('', $user->lang['LOGIN']);
} 

page_header('Bill');

$template->assign_vars(array(
      'CUSTOMER' => $user->data['username_clean'],
      'PRICE' => $price,
	  'SELLER' => $seller
));

$template->set_filenames(array('body' => 'bill.html'));

make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"));
page_footer();
?>
User avatar
RMcGirr83
Former Team Member
Posts: 21674
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Need help working out last bug in my mod

Post by RMcGirr83 »

Seeing as the input is passed to paypal anyway, it would probably get denied by them if it was "funky".

Code: Select all

$price = filter_INPUT(INPUT_GET,"price", FILTER_SANITIZE_SPECIAL_CHARS);
$seller = filter_INPUT(INPUT_GET,"seller", FILTER_SANITIZE_SPECIAL_CHARS); 
not quite

Code: Select all

$price = request_var('price', 0);
$seller = request_var('seller', ''); 
;)
Former Modifications/Extensions Team Member | My extensions | github | All requests for support via PM will be ignored
Appreciate the extensions/mods/support then buy me a beerImage
cdodds
Registered User
Posts: 228
Joined: Sat Jul 10, 2010 2:19 am
Name: Don Cdoddsy
Contact:

Re: Need help working out last bug in my mod

Post by cdodds »

Oh, that is awesome, phpbb has its own function for filtering input. I did not know that.

:?: Why does the bbc number token not allow decimal points?
Last edited by cdodds on Sun Oct 21, 2012 1:45 pm, edited 3 times in total.
User avatar
A_Jelly_Doughnut
Former Team Member
Posts: 34457
Joined: Sat Jan 18, 2003 1:26 am
Location: Where the Rivers Run
Contact:

Re: Need help working out last bug in my mod

Post by A_Jelly_Doughnut »

request_var('foo', 0); creates an integer. You want a float, e.g. request_var('foo', 0.0)
A Donut's Blog
"Bach's Prelude (Cello Suite No. 1) is driving Indiana country roads in Autumn" - Ann Kish
cdodds
Registered User
Posts: 228
Joined: Sat Jul 10, 2010 2:19 am
Name: Don Cdoddsy
Contact:

Re: Need help working out last bug in my mod

Post by cdodds »

A_Jelly_Doughnut wrote:request_var('foo', 0); creates an integer. You want a float, e.g. request_var('foo', 0.0)
Thank you Jelly_Doughnut.

Updated bill.php:

Code: Select all

<?php
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);

//Get & Sanitize Input
$price = request_var('price', 0.00);
$seller = request_var('seller', '');

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();

//Allow Logged In Users Only
if ($user->data['user_id'] == ANONYMOUS)
{
    login_box('', $user->lang['LOGIN']);
} 

//Set Page title
page_header('Bill');

//Set custom template variables
$template->assign_vars(array(
      'CUSTOMER' => $user->data['username_clean'],
      'PRICE' => number_format($price,2),
	  'SELLER' => $seller
));

//Call template
$template->set_filenames(array('body' => 'bill.html'));

//Fill jumpbox with links
make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"));

//End page
page_footer();
?>
Updated bill.htlm

Code: Select all

<!-- INCLUDE overall_header.html -->

<h3 class="heading">Payment</h3>		
	<form id='paypalform' action="https://www.paypal.com/cgi-bin/webscr" method="post">
		<input type="hidden" name="cmd" value="_donations">
		<input type="hidden" name="business" value="{SELLER}">
		<input type="hidden" name="lc" value="US">
		<input type="hidden" name="item_name" value="{SITENAME} - {CUSTOMER}">
		<input type="hidden" name="amount" value="{PRICE}">
		<input type="hidden" name="currency_code" value="USD">
		<input type="hidden" name="no_note" value="0">
		<input type="hidden" name="cn" value="{CUSTOMER}">
		<input type="hidden" name="no_shipping" value="1">
		<input type="hidden" name="currency_code" value="USD">
		<input type="hidden" name="custom" value="1">
		<input type="hidden" name="bn" value="PP-DonationsBF:logo3w.png:NonHosted">
		<input type="image" src="/community/images/easybill/pp.png" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
		<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
	</form>
	<br/>
	<br/>
<a href='#'  onClick='javascript: document.forms["paypalform"].submit();' class='button large blue'>Process your order for <b>&#36;{PRICE}</b></a>

<!-- INCLUDE jumpbox.html -->
<!-- INCLUDE overall_footer.html -->
<!-- INCLUDE overall_footer.html -->
Updated bbcode usage:

Code: Select all

[bill={NUMBER}]{EMAIL}[/bill]
Updated HTML replacement:

Code: Select all

Here is your bill: <a href="http://www.imvumafias.org/community/bill.php?seller={EMAIL}&price={NUMBER}">View Bill</a> <br/> May I get you anything else with that?
Updated helpline text:

Code: Select all

[bill=1]email@domain.com[/bill]
That fixes the php, but the number token in the bbcode still does not allow decimal points; decimal points cause the bbcode not to parse.
User avatar
AmigoJack
Registered User
Posts: 5795
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: Need help working out last bug in my mod

Post by AmigoJack »

cdodds wrote:the number token in the bbcode still does not allow decimal points
Of course not. Obviously you haven't even read the token explanations in the ACP:
{NUMBER} Any series of digits
While your approach is prone to frustation (. as decimal separator and USD as currency won't be obvious to everyone in the whole world) you have three choices:
  1. Create your own token implementation. Jugding from your current experience I discourage you from trying that.
  2. Use another token which will accept various inputs and act accordingly (in your PHP file), like:
    1. 64.12
    2. 13,70
    3. 130,000.00 USD
    4. 70.000,00 EUR
    5. AUD 345.43
  3. Accept cent-wise values, like 2300 for 23 USD (suggested).
  • The worst thing about censorship is ███████████
  • "The problem is probably not my English but you do not want to understand correctly. ... We will not come anybody anyway, nevertheless, it's best to shit this." Affin, 2018-11-20
  • "But this shit is not here for you. You can follow with your. Maybe the question, instead, was for you, who know, so you shoved us how you are." axe70, 2020-10-10
cdodds
Registered User
Posts: 228
Joined: Sat Jul 10, 2010 2:19 am
Name: Don Cdoddsy
Contact:

Re: Need help working out last bug in my mod

Post by cdodds »

AmigoJack wrote:Of course not. Obviously you haven't even read the token explanations in the ACP
Actually, I did read the explanations, but I was hoping that digits included decimals and not just positive integers.
AmigoJack wrote:Accept cent-wise values, like 2300 for 23 USD (suggested).[/list]
Ooo, that is how the cash registers at work work. I will do that.

Thank you again AmigoJack.
Locked

Return to “[3.0.x] MOD Writers Discussion”