SomeSongs is broken

Jefff · Post by **Jefff** » Tue Nov 13, 2007 1:27 pm

Hey guys. Sorry for my lameness. I'll try to remember to fix this stuff when I get home tonight.

Post by **Lunkhead** » Tue Nov 13, 2007 5:19 pm

I don't think there's any lameness to apologize for. Thanks for providing a cool free Web site for years. If you want to open source it, maybe some of the l33t PHP h4x0rs here could help out. I don't know PHP but maybe I could learn. Just out of curiosity, was it some kind of PHP or MySQL upgrade that caused the problems, like JB was saying?

fluffy · Post by **fluffy** » Tue Nov 13, 2007 5:43 pm

Jeff, were you relying on register_globals or something? That is a really bad idea from a security standpoint. I'm surprised nobody ever hacked the site, if so, because it opens up a huge pile of easy security exploits.

Dreamhost doesn't allow register_globals either (that's why the gallery and the art submission stuff on Song Fight were broken when the site first moved there... OR SO I AM TOLD).

Jefff · Post by **Jefff** » Tue Nov 13, 2007 7:01 pm

I've often thought about open-sourcing it, but honestly I'm not proud enough of the code to show it to other people. Also, I still harbor dreams of rewriting the whole thing as a much simpler affair. We'll see if that ever happens. (I would keep the current version around in some form.)

Yes fluffy, register_globals is exactly the problem. And I do understand the security risks. (Now, that is. I didn't when I built it.)

fluffy · Post by **fluffy** » Tue Nov 13, 2007 7:33 pm

Well in the meantime there's some silly workarounds you can do to basically emulate register_globals... something like this, as the first thing which happens on each page:

Code: Select all

foreach ($_POST as $key => $val) {
    $$key = $val;
}

A possibly better solution is to just do something like:

Code: Select all

error_reporting(E_ALL);

which will tell you when the app tries to use a variable which doesn't exist (which is, again, just plain good practice, though more for bug-reduction than security).

Post by **Lunkhead** » Sun Jan 20, 2008 5:13 pm

I can't seem to add an artist to my favorites:

Notice: Undefined variable: select in /home/somesong/public_html/artist_info.php on line 170

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/somesong/public_html/artist_info.php on line 172

no such artist.

OKAY

Warning: fopen(logs/2008-01-20.log) [function.fopen]: failed to open stream: No such file or directory in /home/somesong/public_html/library.php on line 170

Warning: fwrite(): supplied argument is not a valid stream resource in /home/somesong/public_html/library.php on line 171

Warning: fclose(): supplied argument is not a valid stream resource in /home/somesong/public_html/library.php on line 172

Hoblit · Post by **Hoblit** » Mon Jan 21, 2008 8:41 am

What was it I couldn't do... I can't remember right now. Although I got database errors when I replied to a comment on one of my songs. It posted the comment just fine... just returned errors.

dayum, haven't seen Jeff since he was face down on JB's lawn gripping the grass so he wouldn't fall off of the planet.

obscurity · Post by **obscurity** » Mon Jan 21, 2008 10:59 am

Hoblit wrote:dayum, haven't seen Jeff since he was face down on JB's lawn gripping the grass so he wouldn't fall off of the planet.

Perhaps he lost his grip!