View Full Version : Php forum script. Debug, advice
08-02-2010, 05:08 AM
I want to introduce you about my new project. It's forum script and please note that this is my first .php project.
If you can give me some expert opinion what is good or not.
Here is project page:
I hope this post is not in wrong forum section.
08-02-2010, 06:13 PM
It needs some work, but its a good start. This doesn't belong in PHP though, I'll move it to the site reviews forum.
Cookies are also required. Not that it was designed for cookies only, but because your links don't pass sessionid between pages. So login will provide an approved login without links for the sessionid. Fortunately, everything but header calls can use the use_trans_sid property of sessions to automatically append the PHPSESSID to every url.
It is SQL injectable. I took a copy of this code and promoted a standard user to an administrator in about 30 seconds. Fortunately for your site you have get_magic_quotes_gpc enabled, but keep in mind that this configuration is officially deprecated as of 5.3.0 and expected to be removed by PHP6.0.0. Keep in mind that ANYTHING provided by a user should be assumed tainted.
08-03-2010, 07:07 PM
Thank you very much, that was VERY usefull.
I first wrote this for my own purposes, but obviously I do not have enough experience and this work requires a huge sacrifice. Anyway, that was my exercise and I really learned a lot.
Popup login is now disabled. This has had cosmetic role.
It is SQL injectable. I took a copy of this code and promoted a standard user to an administrator in about 30 seconds.
I am not sure how to fix this. :) Can you send me on PM code that you use for that when you have time?
I admit that it is poorly coded, but in developing. Not bad for my first php script.
08-04-2010, 09:12 PM
Yep, which is why I said its a good start. Good job on that, Forums, CMS systems, lets see, a few other major systems are great ways to learn a language like PHP. It gives you insite into many different features and gives you a great learning experience. My personal recommendation for someone who starts PHP, doesn't want immediate help, whats to make something functional, and learn as much as they can in a single project is to tell them to make a forum system.
I'll PM you with what I did, and also what I tried (some worked, some didn't, some have some altered features in PHP over what previously was available).
08-08-2010, 10:26 PM
Thanks. Your PM are very helpfull and usefull.
Btw, I removed WYSIWYG editor cause it have few bugs. Basicaly this editor needs regex for HTML->BBCode and than when post is submited there is again regex process witch leads to some bugs. Now, without WYSIWYG forum posts works fine.
I also implemented syntax highlighter and added few more options.
09-14-2010, 10:27 AM
New version is out.
Added lots of features:
Private Message System
Social Network (friends, activities)
Download brevisBB 0.9.4 (https://sourceforge.net/projects/brevisbb/files/)
Powered by vBulletin® Version 4.2.2 Copyright © 2016 vBulletin Solutions, Inc. All rights reserved.