PHP Global variables in default value « HTML Form Builder Online , PHP Form Creator

This forum is no longer open and is for reading/searching only.

Please use our new MachForm Community Forum instead.

MachForm Community Forums » MachForm 3

PHP Global variables in default value

Started 12 years ago by shannonrobertson | 2 posts |

shannonrobertson
Member
I saw this requested a lot, while I do like get variables they are to easily hacked to be trusted with user id's or shopping carts. In reality while they do make life easier they are not feasible. Here is a way to enable PHP you can use this to do a lot of things so have fun.

So add this to the top of view-functions.php (line 10 or so). This little gem searches repeatedly through a string for any given string.
```
function strpos_recursive($haystack, $needle, $offset = 0, &$results = array()) {
    $offset = strpos($haystack, $needle, $offset);
    if($offset === false) {
        return $results;
    } else {
        $results[] = $offset;
        return strpos_recursive($haystack, $needle, ($offset + 1), $results);
    }
}
```
Now place this after " function mf_display_text($element){ "
around line 22.
```
$string =  htmlspecialchars_decode($element->guidelines);
$search = '<?php';
$found = strpos_recursive($string, $search);

if($found) {
    foreach($found as $startpos) {

		$EvalString = substr($string, $startpos+ 5);
        $CommandEnd =  stripos($EvalString, '?>');
		$EvalString = substr($EvalString, 0, $CommandEnd);
		eval($EvalString);
    }
}
```
What this does it goes through the guidelines text of any given field looks for PHP and executes it.
I chose the guidlines txt as it was slightly bigger, but it can easily be modified to be another field.

So the below text entered into the guidelines field would be parsed.
```
<?php
global $userid, $somevar;
$element->default_value = $userid;
$element->title='NEW TITLE'.$somevar;
?> 

random text here wont cause syntax error.

<?php
echo 'Something';
$element->guidelines ='reset guidelines txt';
?>
```
The important bits are ...

$element->default_value = $userid; //this changes the element value.
$element->title='NEW TITLE'.$somevar; //this changes the element title.
$element->guidelines ='reset guidelines txt'; //this changes the guidelines text to something other than exposed php.

Hope this helps someone with their project.
Posted 12 years ago #
yuniar

Oh wow.. that's a very detailed explanation. Thank you for sharing this!
MachForm Founder

Posted 12 years ago #

RSS feed for this topic

Reply

You must log in to post.