News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

How to display email from $_POST

Started by MESWEB, January 24, 2015, 03:57:25 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

MESWEB

January 24, 2015, 03:57:25 PM Last Edit: January 24, 2015, 06:50:11 PM by MESWEB
I have error when I want display email from $_POST['email'].
This is my code from Modification.language.php:
Code Select
<?php $txt['somtext'] = 'Lorem ipsum E-mail <font color="#FF0206">'$_POST['email'] .'</font> Lorem Ipsum.'?>
This code from my mod show error after when registration not pass correctly but when I go to other site I have error all the time:
Code Select
action=admin&amp;area=logs;a040beb0=d569423cb8d36dde6cb6fcca0255789b
8: Undefined index: email
File: Themes/default/languages/Modifications.language.php
Line: 395
How to display $_POST only when error registration show?

TehCraw

#1
January 24, 2015, 05:45:57 PM
Well, you can start by checking that $_POST['email'] is defined before using it. But there are considerably bigger problems here. For one thing, calling request variables from a language file is a no no. They need to be validated on the source side, then have their values passed into context where they can be properly accessed from the template and then used appropriately. You should also use htmlspecialchars() on values being passed in from the "user", because they may have malicious junk in them.

As an extremely vague example (given the somewhat vague question):

Code Select

<?php

// Sources/SomeEmailMod.php
function someEmailMod()
{
    global $context;
    $context['email_is_set'] = empty($_POST['email']);
    $context['email_value'] = $context['email_is_set'] ? htmlspecialchars($_POST['email'], ENT_QUOTES) : null;
}

// Themes/{theme}/whatever.template.php

function template_main()
{
    global $context$txt;
    if($context['email_is_set']) {
        echo $txt['email_string'];
    }
}

// Themes/default/languages/whatever.english.php

$txt['email_string'] = sprintf('<span style="color: red;">%s</span>'$context['email_value']);


As a side note, the font HTML tag has been outdated forever, so span is preferred. And also inline style is frowned upon, so you may want to extract it into a CSS file.
Any fool can write code that a computer can understand. Good programmers write code that humans can understand. - Martin Fowler

Arantor

#2
January 24, 2015, 05:57:45 PM
Putting variables directly into $txt is frowned upon and doubly so in Modifications as a language file because the odds of it being declared before loading are limited.

Better to use sprintf and do it properly (since SMF itself is moving away from variables in language files)

TehCraw

#3
January 24, 2015, 06:23:43 PM
Holy smoke, what was I even thinking. I totally put sprintf in the wrong place, and markup shouldn't be in a text string.

* Carvin performs epic facepalm at his own lapse in judgement.

Do over.
Code Select

<?php

// Sources/SomeEmailMod.php
function someEmailMod()
{
    global $context;
    $context['email_is_set'] = empty($_POST['email']);
    $context['email_value'] = $context['email_is_set'] ? htmlspecialchars($_POST['email'], ENT_QUOTES) : null;
}

// Themes/{theme}/whatever.template.php

function template_main()
{
    global $context;
    $email_value $context['email_is_set'] ? $context['email_value'] : $txt['no_email'];
    printf('<span class="formatted_stuff">%s</span>'$email_value);
}

// Themes/default/languages/whatever.english.php

$txt['no_email'] = 'No email found.';


I feel better about this now.
Any fool can write code that a computer can understand. Good programmers write code that humans can understand. - Martin Fowler
Print
Go Up Pages1
User actions
Advertisement: