vBulletin LTS

Back to Programming Articles

[tip] Never underestimate the power of the phpinclude template
by filburt1 13 Nov 2002
A substantial number of hacks at vBulletin.org could be completely ported to a pure phpinclude-based structure. The phpinclude template lets you enter PHP code that is parsed before virtually everything else; it does get parsed before every single template gets loaded.

phpinclude is critical if you want to add features with your template modifications. Most of my October/November template releases have required phpinclude. Also using phpinclude does not edit the actual PHP files and makes upgrading to the latest version of vBulletin extremely easy: just upgrade normally!

However remember though that phpinclude is PHP code and can also compromise the security of your forums, just like any hack. For example, never do this:
Code:
if ($condition)
{
    $value = 'something';
}
.
.
.
Notice that I didn't assign something to $value if $condition is false. So then if I were to use $value in a template and $condition was false, a clever user could inject HTML into the current page. This is really bad because they can go so far as to steal your admin password MD5 hash and given time derive your admin password!

So use the phpinclude template but beware of the dark side.

vblts.ru supports vBulletin®, 2022-2024