Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New to the CF scene
    Join Date
    Jun 2010
    Posts
    8
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Php forum script. Debug, advice

    Hello,

    I want to introduce you about my new project. It's forum script and please note that this is my first .php project.

    If you can give me some expert opinion what is good or not.

    Here is project page:
    http://code.google.com/p/brevisbb/

    and demo:
    http://brevisbb.iz.rs/
    un: test
    pw: test

    I hope this post is not in wrong forum section.

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    It needs some work, but its a good start. This doesn't belong in PHP though, I'll move it to the site reviews forum.
    • First and foremost, you need JS enabled to use that login button. That has to go, there is absolutely no reason to force javascript use. You can attempt to perform another task that requires a login to bring up the login prompt otherwise.
    • Cookies are also required. Not that it was designed for cookies only, but because your links don't pass sessionid between pages. So login will provide an approved login without links for the sessionid. Fortunately, everything but header calls can use the use_trans_sid property of sessions to automatically append the PHPSESSID to every url.
    • It is SQL injectable. I took a copy of this code and promoted a standard user to an administrator in about 30 seconds. Fortunately for your site you have get_magic_quotes_gpc enabled, but keep in mind that this configuration is officially deprecated as of 5.3.0 and expected to be removed by PHP6.0.0. Keep in mind that ANYTHING provided by a user should be assumed tainted.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • Users who have thanked Fou-Lu for this post:

    ivan79 (08-03-2010)

  • #3
    New to the CF scene
    Join Date
    Jun 2010
    Posts
    8
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Thank you very much, that was VERY usefull.

    I first wrote this for my own purposes, but obviously I do not have enough experience and this work requires a huge sacrifice. Anyway, that was my exercise and I really learned a lot.
    ----
    Popup login is now disabled. This has had cosmetic role.

    It is SQL injectable. I took a copy of this code and promoted a standard user to an administrator in about 30 seconds.
    I am not sure how to fix this. Can you send me on PM code that you use for that when you have time?

    I admit that it is poorly coded, but in developing. Not bad for my first php script.

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Yep, which is why I said its a good start. Good job on that, Forums, CMS systems, lets see, a few other major systems are great ways to learn a language like PHP. It gives you insite into many different features and gives you a great learning experience. My personal recommendation for someone who starts PHP, doesn't want immediate help, whats to make something functional, and learn as much as they can in a single project is to tell them to make a forum system.

    I'll PM you with what I did, and also what I tried (some worked, some didn't, some have some altered features in PHP over what previously was available).
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #5
    New to the CF scene
    Join Date
    Jun 2010
    Posts
    8
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Thanks. Your PM are very helpfull and usefull.

    Btw, I removed WYSIWYG editor cause it have few bugs. Basicaly this editor needs regex for HTML->BBCode and than when post is submited there is again regex process witch leads to some bugs. Now, without WYSIWYG forum posts works fine.

    I also implemented syntax highlighter and added few more options.

  • #6
    New to the CF scene
    Join Date
    Jun 2010
    Posts
    8
    Thanks
    3
    Thanked 0 Times in 0 Posts
    New version is out.

    Added lots of features:
    Private Message System
    Social Network (friends, activities)
    Portal/CMS system.

    Download brevisBB 0.9.4

    Website: http://brevisbb.iz.rs



    http://img823.imageshack.us/img823/7056/pmcompose.gif


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •