Template Conditionals
Author Message
This is essentially a more restrictive version of my PHP in Templates plugin.  The restrictions aim to make this a "safe" plugin to use, that is, doesn't allow arbitrary PHP execution, but still gives the benefits of template conditionals.

You may notice that this still uses the "phptpl" name, and thus, is incompatible with the PHP in Templates plugin.  Both plugins are very similar though.  The differences between this and the other plugin are:
  • Admins cannot enter PHP code using <?php ?> tags
  • Conditionals in <if> and <elseif> tags are checked to ensure that they are "safe" (see below)
  • file_get_contents function has been removed from the allowable <func ...>...</func> shortcuts
  • There's a new <?=...?> tag to print out the result of a "safe" PHP expression; although this is a tag, only PHP expressions may exist inside (do not terminate expressions with a semicolon), so you cannot nest other tags inside this
    Example (prints 123654321):

    HTML Code
    123<?=substr("987654321", 3)?>

  • There's also a new <setvar name>...</setvar> tag which can set variables; for safety reasons, these are actually stored in a $tplvars array.  Examples:
    (just prints some text)

    HTML Code
    <setvar uselesstext>"some text"</setvar>
    {$tplvars['uselesstext']}

    (prints out the username of the user with UID of 2)

    HTML Code
    <setvar user2>get_user(2)</setvar>
    <func htmlspecialchars_uni>{$tplvars['user2']['username']}</func>


v1.0-1.3 of this plugin is based off v1.7 of PHP in Templates.
As of v1.8, PHP 5.3 or later is required.
This plugin can be used with the Admin Security plugin.

"Safe expressions"
This plugin implements "safe expression" checking; essentially, this does impose a bit of a performance hit, but, on the other hand, tries to ensure no "bad PHP" gets executed.
For more information on what I consider to be a "safe expression", see my blog post here.
For the purposes of this plugin, all valid PHP expressions are allowed, as long as they don't infringe on any of the following conditions:
  • no assignment/modification operators (=, +=, |=, ++ etc) allowed
  • no statements such as include, exit, eval etc are allowed
  • no special constants such as PHP_OS, PHP_LIBDIR etc are allowed
  • backtick (`) operator not allowed
  • heredoc type strings not allowed (takes too much effort to handle) - use double quoted strings instead
  • double quoted strings may not contain the "{" character (takes too much effort to handle) - use string concatenation instead
  • array and object typecasting not allowed
  • no variable functions or method calls allowed
  • single line comments (//, #) not allowed
  • only some functions are allowed - see inc/plugins/phptpl_allowed_funcs.txt for a list of allowed functions
(This post was last modified: 06-26-2023 10:42 PM by ZiNgA BuRgA.)
Find all posts by this user
Quote this message in a reply
Download: tplcond-1.9.7z (6.35 KB)
Plugin Version: 1.9
Last Updated: 06-26-2023, 10:42 PM

Downloads: 5,379
MyBB Compatibility: 1.2.x, 1.4.x, 1.6.x, 1.8.x
Plugin License: GPLv3
Uploader: ZiNgA BuRgA
eldenroot Offline
Junior Member
**
Posts: 21
Joined: Dec 2015
Post: #101
RE: Template Conditionals
Hi,

I use XThreads and I have this situation:
1) I use image custom fields together with a text field... how to make template condition working if no image and no text is added -> so show this text "NO INFO AVAILABLE". Thank you?

My fields are mpcode and mpimage
09-17-2018 05:19 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #102
RE: Template Conditionals
(04-06-2018 12:46 PM)Sama34 Wrote:  I just realized you didn't include the my_setcookie() and my_unsetcookie() functions into the white list file. Is there any reasoning behind it or you just didn't feel like adding them ?
Modifying cookies in templates is kinda weird.  It feels a bit too dangerous for this plugin (can probably modify HTTP headers?), so probably best to avoid it I think.

(07-07-2018 12:40 PM)leibovich Wrote:  I'm trying to show ADVs on specific foruns , but i'm get one error whe i'm using the IF statment.. see:

<if $GLOBALS['style']['fid'] != '9'  then>{myadvertisements[zone_1]}</if>
<if $GLOBALS['style']['fid'] ==  '9'  then>{myadvertisements[zone_4}</if>

If i use "!=" it works ok... but if i use "==" it don't work ... it prints on the page "{myadvertisements[zone_4}"
Bit confused by your example.  If that code is put in templates as shown, {myadvertisements...} won't evaluate to anything as there's a missing $.

(09-17-2018 05:19 AM)eldenroot Wrote:  I use XThreads and I have this situation:
1) I use image custom fields together with a text field... how to make template condition working if no image and no text is added -> so show this text "NO INFO AVAILABLE". Thank you?

My fields are mpcode and mpimage
Key variables are {$GLOBALS['threadfields']['mpcode']} and {$GLOBALS['threadfields']['mpimage']}.

My Blog
02-28-2021 09:27 PM
Find all posts by this user Quote this message in a reply
Turmoil Offline
Junior Member
**
Posts: 2
Joined: Feb 2023
Post: #103
RE: Template Conditionals
Hi and thanks for this plugin, its great.
I am testing with PHP 7.0 on Windows and IIS and it all works fine
e.g. expressions such as <if $mybb->user['uid'] then>...</if>.
My hosting site is Linux with PHP 8.0 and this is failing with the following:

/index.php line 18 require_once
/global.php line 961 phptpl_templates->get
/inc/plugins/phptpl.php(66): eval()'d code line 19 phptpl_parsetpl
/inc/plugins/phptpl.php line 77 tplcond::parsetpl
/inc/plugins/phptpl.php line 112 preg_replace_callback_array
[PHP] tplcond::{closure}

My guess, is this is a PHP 8.0 incompatibility (any news on a PHP 8 version of this plugin?). If it's not that, can you give any help on how I diagnose this problem further?
Thanks again for your work.
02-18-2023 01:18 AM
Find all posts by this user Quote this message in a reply
Turmoil Offline
Junior Member
**
Posts: 2
Joined: Feb 2023
Post: #104
RE: Template Conditionals
Sorry, missed a key line of output:
Warning [2] Undefined array key 2 - Line: 95 - File: inc/plugins/phptpl.php PHP 8.0.27 (Linux)
02-18-2023 02:56 AM
Find all posts by this user Quote this message in a reply
Darojax Offline
Junior Member
**
Posts: 1
Joined: Aug 2023
Post: #105
RE: Template Conditionals
Hello, thanks for your plugin. However, I have an issue with the following statement in the header template:

<if $mybb->user['usergroup'] == 4>
    <div>TEST</div>
</if>

I'm trying to make the text TEST appear for admins (which are gid 4), but whenever I enter this in the template I get a (HTTP) 500 Internal Server Error.

Checking the cPanel error log this seems to be happening:

PHP Parse error: syntax error, unexpected ')' in /home/forum/htdocs/forum.16aa.net/global.php(961) : eval()'d code on line 19

This only occurs when I try to run the if statement, otherwise everything works fine.

Any advise or suggestions would be welcome. Thanks!
(This post was last modified: 08-18-2023 06:04 AM by Darojax.)
08-17-2023 11:23 PM
Find all posts by this user Quote this message in a reply
Gerti Offline
Junior Member
**
Posts: 7
Joined: Jun 2020
Post: #106
RE: Template Conditionals
(08-17-2023 11:23 PM)Darojax Wrote:  <if $mybb->user['usergroup'] == 4>
    <div>TEST</div>
</if>

Yes Just write the statement (1st line) correctly:

Code:
<if $mybb->user['usergroup'] == 4 then>
   <div>TEST</div>
</if>

(This post was last modified: 08-25-2023 04:33 PM by Gerti.)
08-25-2023 04:31 PM
Find all posts by this user Quote this message in a reply
MisterHelp Offline
Junior Member
**
Posts: 1
Joined: Nov 2023
Post: #107
RE: Template Conditionals
EDIT

I worked out the problem. The global_start hook within phptpl was the same as MyAlerts. MyAlerts refers to global_start lots of times, whereas phptpl only refers to it once. So I changed the below in phptpl:

$plugins->add_hook('global_start', 'phptpl_run');

To:

$plugins->add_hook('phptpl_global_start', 'phptpl_run');

And the edit conflict is now fixed.

Original post

I installed "Template Conditionals" but when I click "Quick Edit", it simply says "Loading..." and won't do any more. "Full edit" works without problems. I also uninstalled and entirely deleted "Template Conditionals" and tried "PHP in Templates" and the same happens.

I turned on error reports and it gave me the below error:

Code:
1
2
3
4
5
6
<br />

<b>Fatal error</b>:  Cannot declare class phptpl_templates, 
because the name is already in use in 
<b>/var/www/mybb/inc/plugins/phptpl.php(67) : eval()'d 
code</b> on line <b>2</b><br />


I've gone through and deactivated plugins and MyAlerts is causing the error mentioned. With MyAlerts deactivated, Quick Edit works fine.

Does anyone know how to fix? My board is on PHP 7.4.

Thank you!

(This post was last modified: 12-14-2023 05:09 AM by MisterHelp.)
11-22-2023 12:16 AM
Find all posts by this user Quote this message in a reply
Anonymous Offline
Junior Member
**
Posts: 1
Joined: Mar 2024
Post: #108
RE: Template Conditionals
Hi, I recently came across a thread on MyBB Support from someone that asked about randomizing polls, and another user replied that they could use this plugin to do so, how could this be done, as a user with no coding experience? The idea sounds interesting, and I would like to do the same.

If it helps, here is the post in question.

https://community.mybb.com/thread-227890...https://community.mybb.com/thread-227890-post-1350023.html#
(This post was last modified: 03-21-2024 03:58 AM by Anonymous.)
03-21-2024 03:49 AM
Find all posts by this user Quote this message in a reply


Forum Jump: