[SOLVED] problems with Email and SQL plugins

10 years 1 month ago #104478 by amazeika

Putting the query in SQL action 1 on ACTIVATION (WARNING: use only integer substitutions), etc.. instead of calling a procedure.


krileon, the procedure call is an SQL query. As I just said, you could execute this line using the SQL tab in phpMyAdmin.

I'm using a procedure because the integration is imposible otherwise. There are multiple queries plus some logic inside those procedures.

I'll try to execute a simple query and change something in the joomla database in order to discard the possibility of the SQL plugin not working at all.

Do you filter/discard the input before executing the queries of this plugin ?, because this would explain everything if you didn't expect procedure calls.

Post edited by: amazeika, at: 2009/07/10 22:32

Arunas Mazeika
WeXtend.com - Professional development for Joomla!.
10 years 1 month ago #104484 by krileon
All queries in the query plugin are ran through:
$_CB_database->setQuery( QUERY );

Which means any filtering done by CB (which there is) will execute and clean your query.

You can check:
administrator/components/com_comprofiler/library/cb/cb.database.php

and change it to meet your needs, but at this point it's undecided to allow unsecured queries as that's a major security risk. A new integration plugin would be more appropriate.

Post edited by: krileon, at: 2009/07/10 23:00


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Templates - CBSubs - Hosting - Forge - Incubator - GroupJive
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM EST to 4:00 PM EST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
10 years 1 month ago #104488 by amazeika
krileon, Thank you for this info,

I'll take a look at cb.database.php tomorrow and let you know about the result of some tests I'm planning to perform tomorrow.

but at this point it's undecided to allow unsecured queries as that's a major security risk


This is just not possible, you allow the execution of queries or you don't, there is no way to know if a query is insecure, I mean, you can filter the input variables, then escape the output, but thats it.

Best regards

Arunas Mazeika
WeXtend.com - Professional development for Joomla!.
10 years 1 month ago #104529 by amazeika
Well I have good news B) ,

I started making simple tests (some simple rows insertion within the same DB ) to actually see if the plugin was working. After this I tried will a very simple stored procedure, which was also successful.

The next step was to try the same procedures over the PhpBB DB. ALSO A SUCCESS !!!, at this point I told to myself, DAMM how is this possible, since the integration procedures actually work when I execute them from the console.

It occurred to me to take out two selects that I wrote for debug purposes. They served as print statements in order to see the value of some variables while the procedures where being executed. After I removed them BAM, it worked, I was amazed and confused, but HAPPY :). It would say that when Joomla sees some output given from MySQL, the execution is actually interrupted, so I performed a last test:

This works when calling it with CALL testProc('A test')

[code:1]CREATE PROCEDURE `testProc`(val VARCHAR(32))
BEGIN
INSERT INTO cbsubs_plg_test VALUES (null,val);
END[/code:1]

and this one doesn't when performing the same call

[code:1]CREATE PROCEDURE `testProc`(val VARCHAR(32))
BEGIN
SELECT val;
INSERT INTO cbsubs_plg_test VALUES (null,val);
END[/code:1]

The difference is the SELECT val statement that actually prints the value.

Crazy isn't it ?.

The important thing, is that the problem is worked out and that you guys already know that stored procedures actually work with CBSubs.

I will prepare a post showing how to integrate PhpBB with CBSubs in order to grant/deny access to PhpBB groups upon subscription/expiration. This is actually a great feature that will add a lot of value to CBSubs :cheer: .

Arunas

Arunas Mazeika
WeXtend.com - Professional development for Joomla!.
10 years 1 month ago #104777 by beat
Cool, keep the good work, and keep us posted :)

I'm also looking forward to be able to use some nice MySQL 5 features once it becomes the minimum prerequisite for CB ;)

Beat - Community Builder Team Member

Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks :)
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info
Moderators: beatnantkrileon
Time to create page: 0.396 seconds
Facebook Twitter Google LinkedIn