Page 3 of 3
Posted: Tue Nov 13, 2007 1:27 pm
by Jefff
Hey guys. Sorry for my lameness. I'll try to remember to fix this stuff when I get home tonight.
Posted: Tue Nov 13, 2007 5:19 pm
by Lunkhead
I don't think there's any lameness to apologize for. Thanks for providing a cool free Web site for years. If you want to open source it, maybe some of the l33t PHP h4x0rs here could help out. I don't know PHP but maybe I could learn. Just out of curiosity, was it some kind of PHP or MySQL upgrade that caused the problems, like JB was saying?
Posted: Tue Nov 13, 2007 5:43 pm
by fluffy
Jeff, were you relying on register_globals or something? That is a really bad idea from a security standpoint. I'm surprised nobody ever hacked the site, if so, because it opens up a huge pile of easy security exploits.
Dreamhost doesn't allow register_globals either (that's why the gallery and the art submission stuff on Song Fight were broken when the site first moved there... OR SO I AM TOLD).
Posted: Tue Nov 13, 2007 7:01 pm
by Jefff
I've often thought about open-sourcing it, but honestly I'm not proud enough of the code to show it to other people. Also, I still harbor dreams of rewriting the whole thing as a much simpler affair. We'll see if that ever happens. (I would keep the current version around in some form.)
Yes fluffy, register_globals is exactly the problem. And I do understand the security risks. (Now, that is. I didn't when I built it.)
Posted: Tue Nov 13, 2007 7:33 pm
by fluffy
Well in the meantime there's some silly workarounds you can do to basically emulate register_globals... something like this, as the first thing which happens on each page:
Code: Select all
foreach ($_POST as $key => $val) {
$$key = $val;
}
A possibly better solution is to just do something like:
which will tell you when the app tries to use a variable which doesn't exist (which is, again, just plain good practice, though more for bug-reduction than security).
Posted: Sun Jan 20, 2008 5:13 pm
by Lunkhead
I can't seem to add an artist to my favorites:
Notice: Undefined variable: select in /home/somesong/public_html/artist_info.php on line 170
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/somesong/public_html/artist_info.php on line 172
no such artist.
OKAY
Warning: fopen(logs/2008-01-20.log) [function.fopen]: failed to open stream: No such file or directory in /home/somesong/public_html/library.php on line 170
Warning: fwrite(): supplied argument is not a valid stream resource in /home/somesong/public_html/library.php on line 171
Warning: fclose(): supplied argument is not a valid stream resource in /home/somesong/public_html/library.php on line 172
Posted: Mon Jan 21, 2008 8:41 am
by Hoblit
What was it I couldn't do... I can't remember right now. Although I got database errors when I replied to a comment on one of my songs. It posted the comment just fine... just returned errors.
dayum, haven't seen Jeff since he was face down on JB's lawn gripping the grass so he wouldn't fall off of the planet.
Posted: Mon Jan 21, 2008 10:59 am
by obscurity
Hoblit wrote:dayum, haven't seen Jeff since he was face down on JB's lawn gripping the grass so he wouldn't fall off of the planet.
Perhaps he lost his grip!