vBulletin Manual - Using PHP Functions in Template Conditionals

Using PHP Functions in Template Conditionals

As a security precaution, to prevent malicious damage to either your database or your server itself, most PHP functions are disallowed in template conditionals.

This, for example, would be disallowed by the vBulletin template system, as it contains a call to a 'forbidden' function: mysql_query.

<vb:if condition="$my_variable = mysql_query('SELECT * FROM mytable')">
    <!-- naughty naughty... -->
</vb:if>

At the time of writing, the list of allowed 'safe' functions is as follows:

Note:

Functions marked * are custom functions defined by vBulletin itself. Each function name is a link that will take you to the documentation for that function. Use of these functions requires knowledge of PHP

This is an example of 'safe' functions being used in a template conditional:

<vb:if condition="isset($my_variable) AND is_browser('ie')">
    <!-- $my_variable is set and the browser is Internet Explorer -->
</vb:if>

Manual Navigation

Next: System Requirements

Up: Template Conditionals

Page Top

Home

x	20th Apr 2005, 11:11am
Was looking for the suntax (arguments) for is_member_of(). Would have hoped to find them, or a link to them, on this page (the one returned by searching for "is_member_of")....
Colin	20th Apr 2005, 11:11am
is_member_of should be used as follows: [code]<if condition="is_member_of($bbuserinfo, 6)">foo</if>[/code] The first variable is the users userinfo (if the user surfing is meant, use $bbuserinfo), the second variable is the usergroup that member has to belong to, for the condition to return true. Both primary and additional usergroups are searched.
James Harvard	21st Mar 2006, 06:26am
I want to add a conditional that checks whether a user is an administrator or not, but don't seem to be able to find any useful information anywhere. Edit: Some useful variables to use in a conditional to check against a user's permissions are: $show['admincplink'] $show['modcplink'] $show['member'] $show['guest']
sun0x0001	05th Jun 2009, 03:54pm
You can add plugin to use other safe functions in the templates: Hook name: template_safe_functions Hook code: $safe_functions[] = 'htmlspecialchars'; $safe_functions[] = 'rawurlencode'; // etc... Usage: <if condition="$html_username=htmlspecialchars($username)"></if> <if condition="$url_username=rawurlencode($username)"></if> <a href="/users/?id=$url_username">$html_username</a>
Sarita Sharma	23rd Feb 2011, 12:51am
Hi .. i was searching how to check whether the loggedin user is admin or not.I used the code given by Colin.. Thanks a lot and lot it worked very well..... Sarita Sharma
Barry Chertov	08th Feb 2013, 03:17pm
I just want to offer my enthusiastic gratitude to sun0x0001 for his/her tip about adding additional safe functions. That's HUGE! My first use is to register the PHP Rand() function so I can have various bits of the interface appear only occasionally to both create interest and reduce load times. Thanks!