Unserializing User_data Question

I saw this in one of the hack posts. How can I unserialize $user_data to bring forward a custom field that was made (ex. $custom1)?

Quote

$user_data = unserialize($users[$rec["user_id"]]["user_data"]);
if(is_array($user_data)) {
foreach($user_data as $key => $val) {
$users[$rec["user_id"]][$key]=$val;
}
}
unset($users[$rec["user_id"]]["user_data"]);
unset($user_data);

-------------------------------------------

"Everything we see or seem, is but a dream within a dream." -Edgar Allan Poe

I don't know what you mean.
You've posted the unserialize part already.

But if you use phorum_user_get the user-functions will handle this already.

---

Thomas Seifert
Phorum Development Team / Phorum-Support.de
Custom Phorum DevelopmentPersonal Blog

I don't know how to use the phorum_user_get. And I wasn't sure if what's above would help me (I don't know what unset and the rest of it means). I'm doing a PHP code that compares something in user_data to a table in another database, and I think I have most of the code. All I need now is to unserialize user_data, get $custom1 out of it, and compare that to the other thing in the other database's table. What did they pull out of user_data in the script above?

-------------------------------------------

"Everything we see or seem, is but a dream within a dream." -Edgar Allan Poe

Quote

@$con=mysql_connect("localhost","username","password") or die ("cannot connect to MySQL");
$select_db = mysql_select_db("database",$con);
$result = mysql_query("select * from phorum_users") or die("Failed Query of " . $result. mysql_error());
while($row = mysql_fetch_array($result)) {
$user_data = unserialize($users[$rec["user_id"]]["user_data"]);
if(is_array($user_data)) {
foreach($user_data as $key => $val) {
$users[$rec["user_id"]][$key]=$val;
}
}
unset($users[$rec["user_id"]]["user_data"]);
unset($user_data);
}

I put this in a file outside Phorum, and got an Internal Server Error. What I want to do is unserialize the data and have it display a custom field or more of all active users.

-------------------------------------------

"Everything we see or seem, is but a dream within a dream." -Edgar Allan Poe

For displaying, you do something like this:

<?php
@$con=mysql_connect("localhost","forum_dev","forum_dev") or die ("cannot connect to MySQL");
$select_db = mysql_select_db("forum_dev",$con);
$result = mysql_query("select * from phorum_users") or die("Failed Query of " . $result. mysql_error());
while($row = mysql_fetch_array($result)) {
    $user_data = unserialize($row["user_data"]);
    print "Your custom field is: " . $user_data["your_custom_field"] . "<br/>";
} 
?>

The piece of code that you have posted unserializes a non existant variable $users[$rec["user_id"]]["user_data"]. This piece of code unserializes the right variable into $user_data. After there, you can use the $user_data array for printing out whatever information there is in there (in the example the "your_custom_field" field).

P.S. I did not test out this code, so there might be typo's in there.

How would I be able to put custom fields in the select * part? Was wanting to do something like "order by customfield1 asc, customfield2 asc where customfield1 != ''"? I know how to do it with regular fields, but not fields that have been unserialized.

-------------------------------------------

"Everything we see or seem, is but a dream within a dream." -Edgar Allan Poe

you can't do this with custom-fields (at least in 5.0.x ;)).

---

Thomas Seifert
Phorum Development Team / Phorum-Support.de
Custom Phorum DevelopmentPersonal Blog

What about renaming $user_data[customfield] as some other array, maybe being introduced earlier than the query statement, to use in the query statement..? Bah, that sounds stupid. I don't know much about php, but I think the only thing that can be used in a query relate to field names in the table. Then again, I saw the other day someone use an array, but that array contained a regular part of the query with the table's regular field names.


Le sigh.

-------------------------------------------

"Everything we see or seem, is but a dream within a dream." -Edgar Allan Poe

You seem to be mixing up ideas about functionality.

Serialization is something that is done by PHP and which is used to convert a complex datastructure in to a simple sftring. That string is stored in a field in the database.

The database server can select data from stored fields in tables. If data is stored serialized into a field, it can only return the serialized data to PHP, which can unserialize it to reconstruct the original complex datastructure.

There is no way you can cook up a database query which selectsrecords based on info which is stored as serialized data in a table, because the database server does not know how to unserialize the PHP serialized data.

Sorry for the bad news ;-)