User login


if you can attain a sufficient level of understanding of the system, maybe you could sell your vBulletin-theming services. especially since you enjoy doing it so much! haha.

I am seriously contemplating whether I should just smash all of this OO work. Other people will have to figure out what I’ve done further on down the road and they are not programmers.

To perpetuate the current state of the theme would be a form of job security. raspberry

I only wish I understood more of it than I do. raspberry

You should become a programmer. Of kids. =D

Did I understand you correctly in that you didn’t gain access to the vBulletin forums? Its hard for me to believe they wanted to make it this hard to change the “theme”...but I’m sure it’s possible.

She could start with Scratch…it’s a “privilege” my kids get when they turn 7.

There is and then the support community is based at I have my customer’s login credentials for and his serial number. I could probably set up an account for him on the .org domain but something in me dislikes creating accounts for other people. The people who approve accounts on the .org check serial numbers and such before they approve the account.

The last time I tried to do something in a customer’s name, the tech on the phone asked me for the one piece of information that I did not have on the customer. With my luck at social engineering, I would get the account flagged.

I will admit that it is irrational but I don’t like pretending to be something I’m not.

Incidentally, the worst part of this whole process is that they use a plugin to modify variables for the theme. If they didn’t do that then this would be a decent setup. The way that the links are all separated and combined through eval()‘d code in the database is just silly.

The fact that they’re using eval() at all seems silly.

There are a handful of instances where eval() is useful. I ran into one situation ~4 years ago but I forget why that was the best idea at the time.

eval() is a bad idea for two reasons. The first is that it almost always is based around input from an end user, which would be a security risk. At first glance, I do not see that vBulletin is doing this. The other reason is that you are executing code that has not been written with the care and thought that the rest of the code base has seen.

In this situation, I suspect that the code (and the theme) were placed into the database for upgradability. vBulletin does provide copious comments above each function but I have not dug through all of those (as evidenced by the OP). Nevertheless, the way that this is incorporated is almost evil. raspberry

This is how the vBulletin fanboys use eval():

eval(’$navbar = ”’ . fetch_template(‘navbar’) . ‘“;’);
eval(‘print_output(”’ . fetch_template(‘testing’) . ‘“);’);

Please pardon me for a few moments as I laugh uncontrollably…

That eval() doesn’t seem necessary at all. Wouldn’t this code achieve the same thing?

$navbar = fetch_template(‘navbar’); print_output(fetch_template(‘testing’));

No, your code would be safer… unless fetch_template() escapes quote marks.

Suppose that fetch_template(‘navbar’) returned ‘hello “world”!’. That would turn the first eval() into this:

eval(’$navbar = “hello “world”!”;’);

Imagine the havoc…

Add new comment