in my overhacked board (localhost), all the tests i done are great. congrats for your fine work. i have the register_globals set to OFF now. ;)

That's nice to hear!:)

May I just ask, what exactly is register_globals?

Does it have something to do with global variables or something?:confused:

I just downloaded it :) I will test it on my localboard, and in a few days I will be updating my forums :D

from my little knowledge, register_globals is involved alot with script security. if you have the register_globals ON, using form variables as globals can easily lead to possible security problems, if the code is not very well thought of. so by having the register_globals OFF, your board is alot more secure now. :)

eiSecure, i just looked at your forums. they are great. :D
we will have competition? my site will be based in tutorials and news related to windoze and nix.

Thanks!:)

Actually, after I find some time to work on the site, it will be a lot more integrated into vB.

Maybe we can be affiliates or something?;)
(Your forums look great, as well)

Thanks,
Alex

sure alex. associates sounds great. :)
i expect an average of 200-300,000 hits/day (due to my previous web experience).

my website will cover alot of tutorials i learned from work (i'm a windows tech) and also cool tips to enhance your pc. the forums will gravitate arround the same subjects.

here it is an idea of what it will look like the main page (the site is all built on VB code):

Wow, I really like that layout! Very good graphics.:)

My site tends to average about 150 people a day (unique visitors), so it's just starting up.

It is going to focus mostly on the security industry, with articles and stuff.:D

so we will make a good team. :D
there is a problem with your news, alex. the bbcode is not showing. if you have probs customizing your board, contact me on msn.
nakkid@msn.com

cheers.

mabey can we all do a link exchange?

By the way, vB Team: Nice job on the new download-page. Something for everyone there, at last. :)

Originally posted by Fusion
By the way, vB Team: Nice job on the new download-page. Something for everyone there, at last. :) Yep! Was very nice to see and a nice solution to last ongoing discussions about this.

Originally posted by nakkid
sure alex. associates sounds great. :)
i expect an average of 200-300,000 hits/day (due to my previous web experience).

my website will cover alot of tutorials i learned from work (i'm a windows tech) and also cool tips to enhance your pc. the forums will gravitate arround the same subjects.

here it is an idea of what it will look like the main page (the site is all built on VB code):
Why do you have that page generated stuff, right through the content? What use is it to us, if you are just showing a quick screeny?

And will your site also be reachable through tw.com ?

Originally posted by xiphoid
1. Why do you have that page generated stuff, right through the content? What use is it to us, if you are just showing a quick screeny?

2. And will your site also be reachable through tw.com ? 1. i have no idea what you are asking xiphoid.
2. no.

Originally posted by nakkid
1. i have no idea what you are asking xiphoid.
2. no.

2 - erm, but when are you using it then? If i'd register on your site, i'd jump next time to tw.com since it is shorter and easier to remember and probably less changes on typo's.

1- notice the arrow, its your own screenshot

1. ahh yes, i did it this way because i wanted to show the microstats code and the VB copyright notice, at the bottom of the page.

2. tw.com is taken. as the title of the site say it, the name is:
teckwizards.com

Just to be clear, register_globals does *not* in and of itself make scripts more secure. According to an interview (http://www.webmasterbase.com/article/767) with Rasmus Lerdorf, PHP's creator, he was against turning register_globals off by default for this very reason. If you don't think through your code, you are still susceptible to malicious user-injected data. And the creator himself thinks it has made creating scripts more complicated without much benefit.

Anyway I'll get down off my soapbox now but just keep this in mind.

Originally posted by nakkid
so we will make a good team. :D
there is a problem with your news, alex. the bbcode is not showing. if you have probs customizing your board, contact me on msn.
nakkid@msn.com

cheers. Heh, that's just a temporary solution.:D

I'm either going to be writing my own new-fetching script or using some of those generic vbHome or vbIndex hacks.:);)

dont use vbHome. it's adding a query in the loop, i have no idea why. i tried everything. you could endup with 50queries, or even more.

Originally posted by tubedogg
Just to be clear, register_globals does *not* in and of itself make scripts more secure.thank you kevin for your explanation, in the post above.

Originally posted by tubedogg
Just to be clear, register_globals does *not* in and of itself make scripts more secure.

well.. i'm going to have to argue a bit with you on this one ;)

turning off register_globals protects you from mistakes like uninitialized variables/arrays.

eg. the following statement

<?php
... code
... code ...
code ...

if($error) { // $error is generated by code earlier, let's at least pretend it's initialised here ;)
echo "There was an error";
if($debug) {
print_r($some_big_array_with_config_info);
}
}
?>


now, imagine $debug isn't set for some reason (perhaps it's only set if the logged in user is an administrator?)
anyone can (if register_globals is on) visit url.php?debug=1 and get $some_big_array_with_config_info dumped.

if register_globals was off, on the other hand, nothing would happen (other than the fact that the generic error message would display)

you might begin wondering who the hell would write code like that though, but to tell the truth, it happens even to the best of us

there were a few old vB vulnerabilities because of uninitialized variables (arrays really), and i've suffered through it in big projects as well

the best security advice i can give to anyone though, is to tell the developers to develop with E_ALL as the flag used for error messages, and thinking through the code properly ;)

hope that clarifies the register_globals stuff ;)

Originally posted by nakkid
my website will cover alot of tutorials i learned from work (i'm a windows tech) and also cool tips to enhance your pc. the forums will gravitate arround the same subjects.

here it is an idea of what it will look like the main page (the site is all built on VB code):
Nakkid, YOU ROCKS !
This look like very great !

Congrats man !

> Can you announce us in chit chat when TW will be opened ?

TIA.

I just installed PHP 4.2.1 and vB 2.2.6 (on the same day, no less), and all is well. Just like nakkid, my new site driven by vB, and everything has gone off without a hitch. Great work, devs!

all is right with the world.

Originally posted by nakkid
dont use vbHome. it's adding a query in the loop, i have no idea why. i tried everything. you could endup with 50queries, or even more. Okay, I'll take your advice.:)

Do you have anything that you could recommend? Right now, if I could figure out how to parse BB codes and attachment images to show up as topic icons, I've got myself a great forum CMS.:D

Originally posted by eiSecure
Okay, I'll take your advice.:)

Do you have anything that you could recommend? Right now, if I could figure out how to parse BB codes and attachment images to show up as topic icons, I've got myself a great forum CMS.:D


bbcodeparse(); , parameteres can be found in admin/functions.php

Originally posted by okidoki
well.. i'm going to have to argue a bit with you on this one ;)

turning off register_globals protects you from mistakes like uninitialized variables/arrays.

you might begin wondering who the hell would write code like that though, but to tell the truth, it happens even to the best of us

there were a few old vB vulnerabilities because of uninitialized variables (arrays really), and i've suffered through it in big projects as well

the best security advice i can give to anyone though, is to tell the developers to develop with E_ALL as the flag used for error messages, and thinking through the code properly ;)

hope that clarifies the register_globals stuff ;)
register_globals protects coders from these mistakes, but good programmers don't need it to write secure scripts. Initializing variables is something you should always do, especially when dealing with important information. If your code is not well written, nothing will protect you -- not even register_globals.

And while it does help making your code more secure, you can write secured scripts without it.

And I agree with your last suggestion, reporting all PHP errors is always a good habit, but it also makes it harder to write the code. But it will only give you a notice if a variable is not initalized (and won't stop the script), so you still must test your code extensively.

Originally posted by merk



bbcodeparse(); , parameteres can be found in admin/functions.php Yes, but it seems that whenever I put the linerequire("./forums/global.php");the thing doesn't work.

However, if I put the file in the same directory, it works.

Any ideas?:confused:

Originally posted by eiSecure
Yes, but it seems that whenever I put the linerequire("./forums/global.php");the thing doesn't work.

However, if I put the file in the same directory, it works.

Any ideas?:confused:



chdir("./forums");
require("./global.php");
chdir("./../");

//continue code here


:)

Eliteness...:D

Now, one more thing...whenever I do that, it works fine, but it says the headers have already been sent when I try to do more PHP work.

Any ideas?

headers (eg cookies & status messages) have to be sent *before* any actual output

you need to have that require first
before any other code...

Well, what I'm basically doing is having an HTML document with <? and ?> tags for where the PHP code should be. (So much for seperation of code and design, huh?:p).

Anyways, on the first few ines, I have lines that say<? chdir("./forums");
require("./global.php");
chdir("./../"); ?>

Then, I have some HTML code, and then I have a little bit of code that retrieves the names of recent threads from the database and displays it after going through the bbcode function to decode bbcodes.

There's more HTML code, and finally, I have some PHP that retrieves the last 5 threads from a news forum and displays its contents on the page.

And then I have some footer HTML.

Any ideas?:confused:

make sure there's no spaces or anything before the <?

No spaces, nothing...yet, it still doesn't work...:(

Is it possible that global.php is also sending header info?

Let's please have this conversation at vBulletin.org, where it was supposed to be held in the first place.