Took me awhile to figure out how to use it, so I might as well share it with you.

<form> attributes:


name: string: Self-explanatory.
host: string: URL host.
target: string: URL path.
ssl: bool: Use SSL protocol.
method: enum(get|post): Whether to GET or POST the host.
statustrigger: string: trigger to be called on status updates.
resulttrigger: string: trigger to be called upon successful METHOD.
resultparam0: string: Array target. (more later)

Limitations:
You cannot have a <form> inside a <template> nor can you use variables for host or target.
You cannot have nested arrays in your target source data.

Statustrigger:
The status trigger will be called with 1 parameter, an integer.
0: Connecting?
1: Fetching
2: Success
3: ?
Resulttrigger:
The result trigger will be called when the target has been successfully read. (verify that it isn't also called upon failure)
The resultparams will be passed parameters like so: resultparam0 as param0, resultparam1 as param1 and so fourth.

Resultparam:
You can have more result parameters just increase the number as you're used to. However you cannot skip numbers, resultparam0 then resultparam2 will break the form. Also you cannot have more than (not sure, 30 perhaps) resultparams or it'll break the form.
Array target explained:
You can read strings into result parameters if your source follow this syntax. (Serialized array)

a:array_size/2:{type:target;type:value;...}There are different types and some require you to specify the length:
String: s:length:value
Integer: i:value
Float: f:value (verify)
You're probably wondering why I wrote type:target before. Target is the array target you wrote in the resultparam and value is what you'll get.
Array target is case-sensitive.


<form resultparam0="test"/>

on this array:
a:1:{s:4:"test";s:7:"success";}

will give you:
param0=success
Submit:
You send your <form> via:

SubmitForm('form_name', 'name', 'value', ...);You must specify at least 1 parameter set ('name', 'value') or it'll not submit. However it can be a dummy parameter.

SubmitForm('form_name', 'dummy', '');You can specify as many (verify) parameters as you like.

IMPORTANT: Even if you specify method as GET in your <form> SubmitForm will still submit your parameters as POST.

That's pretty much it. Now go have fun!

0: ?
connecting?

also

Array target explained:
that is a standard PHP serialized array

This is a nice feature, good job for finding this out.
So we can expect to get some in-game community tools like: global banlist, replay sharing, password stealer and more?

I wanted to do something like that for my map, like a scoreboard or new version notification.

Thanks a lot.

Really cool feature, but as mentioned the POST method can be used a malicious mod. This can be abused by autoupdated mod where you don't look at the code carefully : a simple line that send your password to a distant server when you login and you're done :(

Thanks for the work, but could someone show an example of how to return values from your server?

I'm always getting a "CPHPDATA - bad data: ghjdfhdfh" error in my HoN console. I think the return part has to use a specific syntax, but my php knowledge is pretty limited.

I've tried some things like echo "test=dfgdgf"; but I guess it's not that easy.

Edit: k, I was just too stupid to read. It's working now.

echo 'a:1:{s:4:"self";s:0:"";}';

In case anyone else is wondering.

echo 'a:1:{s:4:"self";s:0:"";}';
Incorrect array size.

Edit:
Perhaps not, I just looked at a test array I made a while back and it also had array_size/2.

Took me some time to figure that out as well. Had to to sniff the packets from the friends mod.

Really useful feature once you know how to use it.

This is really nice, I did a ORPG prototype with this before the 3.0 update and I was able to do the following:

Enter a username and password
It load from the server BD your hero and its level.
Spawn your hero based on the hero it received from the server.

With the new patch we could now make it a full single player with save functions. I only did this to test it out and give people some ideas, I don't intend to make an actual ORGP.

Resultparam:
You can have more result parameters just increase the number as you're used to. However you cannot skip numbers, resultparam0 then resultparam2 will break the form. Also you cannot have more than (not sure, 30 perhaps) resultparams or it'll break the form.

The limit is atleast higher then 86. :)

echo 'a:1:{s:4:"self";s:0:"";}';
In case anyone else is wondering.
actually the correct way to do this would be:

<?php
$a = array();
$a[self] = "";
echo serialize($a);
?>



Incorrect array size.

Edit:
Perhaps not, I just looked at a test array I made a while back and it also had array_size/2.
its not array_size/2
the actuall array size is 1 (one entry key-value)

Is it possible to detect when the "CPHPDATA - bad data" error is thrown? My actual problem is that the PHP script's result is correct, but the error is thrown because it contains unusual characters (like ?*). Is there a way around this like maybe having the PHP script output the characters in a different way (that can then be encoded back in the game)?

Otherwise, knowing when the PHP result is invalid would be the second best option. The closest I have gotten to this, is that I know that right when statustrigger's param0 is equal to 2, statustrigger stops triggering continuously and, if there isn't a CPHPDATA error, the resulttrigger is called. But I can't think how to use this knowledge.

Edit: *I see unusual characters aren't even supported by this forum (odd cause the preview worked). That character was an 'o' with an umlaut above it.

Edit: Screenshot (from my Translate Chat (http://forums.heroesofnewerth.com/showthread.php?p=1669504#translate_chat) mod)
http://img641.imageshack.us/img641/8134/cphpdataerror.png
This is the error which also shows the string containing an invalid character (the German 'ss'). All my tests work, unless the return string contains a non-standard character, then this error is thrown. I don't really understand why, because the characters themselves display just fine in the error message. Should the string contain encoding information maybe?

Edit: Figured it out, view post below, next to receiving error

Okay, double post, just because.

Basically, I'm trying to make translation mod, which ends up using a <form> to send text that is to be translated. The problem is that the game has odd errors when sending non-standard characters for a POST request and has a different error when receiving non-standard characters from a POST request (although this behaviour might be technically correct).

Receiving Error (Edit: I think I figured this out, PHP's serialize() counts string lengths in bytes, while HoN does it in characters):

When receiving the results of a POST request, the game throws an error if the result contains any non-standard character even if it is proper UTF-8. This might not actually be the wrong behaviour as I think I might've read that POST requests are specified to only use the ISO-8859-1 encoding scheme.
(this can be seen in my screenshot in the post above)
Sending Error:

This one is definitely an error. When the game sends non-standard characters in the POST request, it doesn't encode them properly. It replaces the characters with strings like "%x3%x5" which isn't an encoding scheme I could find (it looks like they're attempting to generate an URL encoding, but those x's shouldn't be there). I know that this encoding is wrong, because I found different characters that become encoded to the same string, making it impossible to decode.


I could have a work-around for these errors although it seems problematic, but hopefully this problem is one that might actually be solvable (by modders, as opposed to game developers).

Work-around idea:

I need to be able to write something with which the game can generate a character if I have it's byte-code value. For instance (example using standard characters), 'A' has the ascii value 65, 'B' the value 66 and so forth, and the function should be able to generate the character if it is given the number, but (there's always a catch...) it should also work for UTF-8 characters which can be more than one byte, like the 'o' with an umlaut which is equivalent to a 195 character, followed by a 182 character (in UTF-8, while it is just a 246 character in ascii). If I could write a script that could generate the letter if I only have the number, I think I could complete my mod. Any ideas?

I can write this function by having a string replace call for each individual character I want to convert, and currently this is the direction my mod is heading, but that is never gonna be complete and will just become crazy large.


BTW, does anyone know where I should report the first two second problem if I ever want a developer to hear about it? The technical support section says it is only for if you're not using mods, the suggestions section is not for bugs, and this section seems to be rarely visited by anyone from S2.

i am very new to honmods and i am very confused about to code a honmod. anyway i got the form to submit something. now i want to read it directly and give out a message to chat.
how do i do this?

param0 has print
param1 has bang_libslash_param_TestSlashOne
the rest is empty.


<?xml version="1.0" encoding="UTF-8"?>
<modification application="Heroes of Newerth" appversion="-1.*" mmversion="1.2"
name="Global Banlinst" version="1.07" date="12.05.2010"
description="Global Banlinst"
author="error86"
weblink="http://forums.heroesofnewerth.com/"
updatecheckurl="http://google.com"
updatedownloadurl="http://google.com"
>

<!-- libSlash -->
<requirement name="Bang! libSlash" />
<applyafter name="Bang! libSlash" />
<editfile name="ui/bang_libslash.package">

<find><![CDATA[<!-- libSlash: INSERT YOUR INSTANCES AFTER THIS COMMENT -->]]></find>

<insert position="after">
<![CDATA[

<form
name="form_ban"
host="..."
method="post"
target="..."
statustrigger="BanStatus"
resulttrigger="BanResult"
resultparam0="accountname"
/>

<instance
name="bang_libslash_template"
index="TestSlashOne"
slash="print"
action=
"
SubmitForm
(
'form_ban',
'accountname', 'error86',
'reason', 'tard'
);
LocalChat('Printing: ' # bang_libslash_param_TestSlashOne);
LocalChat('param0: ' # param0);
LocalChat('param1: ' # param1);
LocalChat('param2: ' # param2);
LocalChat('BanStatus: ' # BanStatus);
LocalChat('BanResult: ' # BanResult);
LocalChat('resultparam0: ' # resultparam0);
"
/>

]]>
</insert>

</editfile>

</modification>

statustrigger: string: trigger to be called on status updates.
resulttrigger: string: trigger to be called upon successful METHOD.

Resulttrigger:
The result trigger will be called when the target has been successfully read. (verify that it isn't also called upon failure)
The resultparams will be passed parameters like so: resultparam0 as param0, resultparam1 as param1 and so fourth.


The param0 and param1 you're using are the parameters from the slash command and were generated by Bang! libSlash. With:


<form
name="form_ban"
host="..."
method="post"
target="..."
statustrigger="BanStatus"
resulttrigger="BanResult"
resultparam0="accountname"
/>

you need something that says:


watch="BanResult"
ontrigger="Echo('Result:'#param0);"

if i watch on Result trigger, its called 10 times. how can i manage its called only 1 time?

if i watch on Result trigger, its called 10 times. how can i manage its called only 1 time?

edit: got that. it was because it was called 10 time ;) omfg

<form> attributes:


host: string: URL host.


With HoN v2.0.8 it seems the host attribute works differently. Instead of literally being an URL address, it now contains values like !hon or !masterserver. It's likely that mods are now unable to make contact with external servers.

Is it now completely impossible to contact external servers?

Any news on this? Can we contact external hosts?
If it's impossible why did they change it?

is it still impossible? any dev said why they changed this?

I'm pretty sure it still doesn't work and probably won't ever work. The reason for the change surely as to do with the huge security flaw it would create.
Having this option would let any mod upload what they want to an external server. This include username, password, credit-card number, personal informations, etc.
This is only a guess, not the official reason since I have no idea.

Since S2Games lack standards, there is a way around this.
It's a bit tricky but here's a hint for you:

(now i'm just guessing since you'er reading this post, you're some what a geek.. and you'll probably be familar with stuff like DNS servers, routing/tunnling traffic)

install: DNS server
point: masterserver.hon.s2games.com & heroesofnewerth.com -> 127.0.0.1
point: relay all other querys to a real master DNS server (not your own).

install: python (or w/e language floats your boat)
google: Python pinhole -> http://code.activestate.com/recipes/114642-pinhole/

Now esentially what you got is a small-time hack that lets you forward w/e traffic you want or not want to the real HoN server.
Secondly, it lets you respond with w/e you want instead of the actual HoN master server.
This way you can interrupt your newly created .honmod <form> post and reply with the proper response or you can use it to communicate with a 3:d party software of your choice.

Now i'm trying to figure out a way around this to make as easy as it was a few patches ago since it's obviously still insecure.