Template Conditionals
Author Message
This is essentially a more restrictive version of my PHP in Templates plugin.  The restrictions aim to make this a "safe" plugin to use, that is, doesn't allow arbitrary PHP execution, but still gives the benefits of template conditionals.

You may notice that this still uses the "phptpl" name, and thus, is incompatible with the PHP in Templates plugin.  Both plugins are very similar though.  The differences between this and the other plugin are:
  • Admins cannot enter PHP code using <?php ?> tags
  • Conditionals in <if> and <elseif> tags are checked to ensure that they are "safe" (see below)
  • file_get_contents function has been removed from the allowable <func ...>...</func> shortcuts
  • There's a new <?=...?> tag to print out the result of a "safe" PHP expression; although this is a tag, only PHP expressions may exist inside (do not terminate expressions with a semicolon), so you cannot nest other tags inside this
    Example (prints 123654321):

    HTML Code
    123<?=substr("987654321", 3)?>

  • There's also a new <setvar name>...</setvar> tag which can set variables; for safety reasons, these are actually stored in a $tplvars array.  Examples:
    (just prints some text)

    HTML Code
    <setvar uselesstext>"some text"</setvar>
    {$tplvars['uselesstext']}

    (prints out the username of the user with UID of 2)

    HTML Code
    <setvar user2>get_user(2)</setvar>
    <func htmlspecialchars_uni>{$tplvars['user2']['username']}</func>


v1.0-1.3 of this plugin is based off v1.7 of PHP in Templates.
As of v1.8, PHP 5.3 or later is required.
This plugin can be used with the Admin Security plugin.

"Safe expressions"
This plugin implements "safe expression" checking; essentially, this does impose a bit of a performance hit, but, on the other hand, tries to ensure no "bad PHP" gets executed.
For more information on what I consider to be a "safe expression", see my blog post here.
For the purposes of this plugin, all valid PHP expressions are allowed, as long as they don't infringe on any of the following conditions:
  • no assignment/modification operators (=, +=, |=, ++ etc) allowed
  • no statements such as include, exit, eval etc are allowed
  • no special constants such as PHP_OS, PHP_LIBDIR etc are allowed
  • backtick (`) operator not allowed
  • heredoc type strings not allowed (takes too much effort to handle) - use double quoted strings instead
  • double quoted strings may not contain the "{" character (takes too much effort to handle) - use string concatenation instead
  • array and object typecasting not allowed
  • no variable functions or method calls allowed
  • single line comments (//, #) not allowed
  • only some functions are allowed - see inc/plugins/phptpl_allowed_funcs.txt for a list of allowed functions
(This post was last modified: 12-22-2015 09:35 PM by ZiNgA BuRgA.)
Find all posts by this user
Quote this message in a reply
Download: tplcond-1.8.7z (5.73 KB)
Plugin Version: 1.8
Last Updated: 12-22-2015, 09:35 PM

Downloads: 4,008
MyBB Compatibility: 1.2.x, 1.4.x, 1.6.x, 1.8.x
Plugin License: GPLv3
Uploader: ZiNgA BuRgA
iamkristrammell Offline
Junior Member
**
Posts: 6
Joined: Nov 2015
Post: #71
RE: Template Conditionals
So the code would be written as:

Code:
<if $mybb->user['usergroup'] == X then>Blah</if>

11-07-2015 05:13 AM
Find all posts by this user Quote this message in a reply
RateU Offline
Administrator
*******
Posts: 2,327
Joined: Mar 2010
Post: #72
RE: Template Conditionals
For the viewer (ignoring additional usergroups), yep.

11-07-2015 05:16 AM
Find all posts by this user Quote this message in a reply
iamkristrammell Offline
Junior Member
**
Posts: 6
Joined: Nov 2015
Post: #73
RE: Template Conditionals
What if I wanted to include additional usergroups? Sorry for all the questions. If you would like we can take this to a private message.

Say I wanted to show multiple usergroups on a profile? Main usergroup and additional usergroups?
11-07-2015 05:19 AM
Find all posts by this user Quote this message in a reply
RateU Offline
Administrator
*******
Posts: 2,327
Joined: Mar 2010
Post: #74
RE: Template Conditionals
This question:
(11-07-2015 05:19 AM)iamkristrammell Wrote:  What if I wanted to include additional usergroups?

is different with this one:
(11-07-2015 05:19 AM)iamkristrammell Wrote:  Say I wanted to show multiple usergroups on a profile? Main usergroup and additional usergroups?

For the first one, maybe this thread can help you, or you can add is_member as white list functions into phptpl_allowed_funcs.txt
http://mybbhacks.zingaburga.com/showthre...851&page=4

For the 2nd one, you can use this plugin:
http://mybbhacks.zingaburga.com/showthread.php?tid=270

(This post was last modified: 11-07-2015 05:34 AM by RateU.)
11-07-2015 05:34 AM
Find all posts by this user Quote this message in a reply
iamkristrammell Offline
Junior Member
**
Posts: 6
Joined: Nov 2015
Post: #75
RE: Template Conditionals
Never mind, I found what you were talking about.

What I mean is when I post in this:

Code:
<if $memprofile['usergroup'] == 8 then><img src="http://i.imgur.com/9RW7Hll.png" width="35" height="35" /></if> - <if $memprofile['usergroup'] == 9 then><img src="http://i.imgur.com/e3dbv8G.png" width="35" height="35" /></if>


it only shows the first one and not my second group even though I am in both. "8" is the group that is my default at the moment, "9" is an additional group.

(This post was last modified: 11-07-2015 03:09 PM by iamkristrammell.)
11-07-2015 10:55 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,338
Joined: Jan 2008
Post: #76
RE: Template Conditionals
You were already given the answer: http://mybbhacks.zingaburga.com/showthre...7#pid10547 (and please do read more than one post there)

My Blog
11-07-2015 03:39 PM
Find all posts by this user Quote this message in a reply
Waleed Offline
Junior Member
**
Posts: 34
Joined: Feb 2013
Post: #77
RE: Template Conditionals
Is there a conditional that I can wrap around {threads} to only make threads by a specific usergroup appear? Or is there an alternative method to this you'd suggest?
11-07-2015 04:33 PM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,338
Joined: Jan 2008
Post: #78
RE: Template Conditionals
In forumdisplay?
You're better off having separate forums for each group.

My Blog
11-07-2015 08:16 PM
Find all posts by this user Quote this message in a reply
eldenroot Offline
Junior Member
**
Posts: 19
Joined: Dec 2015
Post: #79
RE: Template Conditionals
@Zinga Burga - please, could you release a new version compatible with php7? I really miss this plugin, this is a must have plugin for MyBB but after my wehosting forced update to everybody to php7 it is not working anymore Frown Thank you!
12-21-2015 12:08 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,338
Joined: Jan 2008
Post: #80
RE: Template Conditionals
(12-21-2015 12:08 AM)eldenroot Wrote:  my wehosting forced update to everybody to php7
That's rather mean...

My Blog
12-21-2015 11:08 AM
Find all posts by this user Quote this message in a reply


Forum Jump: