...

View Full Version : Php forum script. Debug, advice



ivan79
08-02-2010, 06:08 AM
Hello,

I want to introduce you about my new project. It's forum script and please note that this is my first .php project.

If you can give me some expert opinion what is good or not.

Here is project page:
http://code.google.com/p/brevisbb/

and demo:
http://brevisbb.iz.rs/
un: test
pw: test

I hope this post is not in wrong forum section.

Fou-Lu
08-02-2010, 07:13 PM
It needs some work, but its a good start. This doesn't belong in PHP though, I'll move it to the site reviews forum.

First and foremost, you need JS enabled to use that login button. That has to go, there is absolutely no reason to force javascript use. You can attempt to perform another task that requires a login to bring up the login prompt otherwise.
Cookies are also required. Not that it was designed for cookies only, but because your links don't pass sessionid between pages. So login will provide an approved login without links for the sessionid. Fortunately, everything but header calls can use the use_trans_sid property of sessions to automatically append the PHPSESSID to every url.
It is SQL injectable. I took a copy of this code and promoted a standard user to an administrator in about 30 seconds. Fortunately for your site you have get_magic_quotes_gpc enabled, but keep in mind that this configuration is officially deprecated as of 5.3.0 and expected to be removed by PHP6.0.0. Keep in mind that ANYTHING provided by a user should be assumed tainted.

ivan79
08-03-2010, 08:07 PM
Thank you very much, that was VERY usefull.

I first wrote this for my own purposes, but obviously I do not have enough experience and this work requires a huge sacrifice. Anyway, that was my exercise and I really learned a lot.
----
Popup login is now disabled. This has had cosmetic role.


It is SQL injectable. I took a copy of this code and promoted a standard user to an administrator in about 30 seconds.
I am not sure how to fix this. :) Can you send me on PM code that you use for that when you have time?

I admit that it is poorly coded, but in developing. Not bad for my first php script.

Fou-Lu
08-04-2010, 10:12 PM
Yep, which is why I said its a good start. Good job on that, Forums, CMS systems, lets see, a few other major systems are great ways to learn a language like PHP. It gives you insite into many different features and gives you a great learning experience. My personal recommendation for someone who starts PHP, doesn't want immediate help, whats to make something functional, and learn as much as they can in a single project is to tell them to make a forum system.

I'll PM you with what I did, and also what I tried (some worked, some didn't, some have some altered features in PHP over what previously was available).

ivan79
08-08-2010, 11:26 PM
Thanks. Your PM are very helpfull and usefull.

Btw, I removed WYSIWYG editor cause it have few bugs. Basicaly this editor needs regex for HTML->BBCode and than when post is submited there is again regex process witch leads to some bugs. Now, without WYSIWYG forum posts works fine.

I also implemented syntax highlighter and added few more options.

ivan79
09-14-2010, 11:27 AM
New version is out.

Added lots of features:
Private Message System
Social Network (friends, activities)
Portal/CMS system.

Download brevisBB 0.9.4 (https://sourceforge.net/projects/brevisbb/files/)

Website: http://brevisbb.iz.rs

http://img715.imageshack.us/img715/7705/friends001.jpg

http://img823.imageshack.us/img823/7056/pmcompose.gif



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum