1
tripmon
FriendFinder -Requires Globals or what?
  • 2005/2/10 19:45

  • tripmon

  • Module Developer

  • Posts: 462

  • Since: 2004/2/28


Does anyone know if friendfinder 3.10 will work under 2.0.9.2 with PHP(4.3.2 btw) globals disabled? I don't think it want's to play...

I can't get it to work, but I see sites that are running it (I don't know if they have globals enabled or what XOOPS ver though...).

Can anyone advise another module that performs the same function and will work under the parameters above?

Thanks

2
Peekay
Re: FriendFinder -Requires Globals or what?
  • 2005/2/10 20:56

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


I don't think this module is supported anymore. The module I installed on my dev site came from:

http://www.touptidou.com/modules/friendfinder.zip

I think this is a slightly hacked version of the original. Works o.k. despite one minor bug where a text field entry is truncated on updating a profile. Register_globals is on.

3
tripmon
Re: FriendFinder -Requires Globals or what?
  • 2005/2/10 21:06

  • tripmon

  • Module Developer

  • Posts: 462

  • Since: 2004/2/28


Heya Peekay!

Thanks man, I thought it was the dirty globals ...

Guess that rules it out for me.

De-globalizing this thing would probably be a beyatch... going to take a look, but it would probably be easier to get a newer script that doesn't require Globals (since the core and all 1st party modules no longer do) and modularize it for xoops.

I'll let everybody know what I find.

Thanks

4
Peekay
Re: FriendFinder -Requires Globals or what?
  • 2005/2/10 22:28

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


Sadly tripmon, I don't think there is any other module like this available for XOOPS at present. Which is unusual, as I would have thought a good match-making script would have been a portal favourite. Time for a PHP wizzard to bring this script up to 'date' .

5
tripmon
Re: FriendFinder -Requires Globals or what?
  • 2005/2/10 22:36

  • tripmon

  • Module Developer

  • Posts: 462

  • Since: 2004/2/28


Time to dust off my wizzard hat...

I'll post back whatever the outcome.

6
tripmon
Re: FriendFinder -Requires Globals or what?
  • 2005/2/15 22:13

  • tripmon

  • Module Developer

  • Posts: 462

  • Since: 2004/2/28


OMG!

Old modules need not be dead due to GLOBALS....

Try this script if you are in an environment with REGISTER_GLOBALS off and want to use a module that requires globals.

I have used this successfully, though I hear it depends on your PHP config.

Quote:

// Emulate register_globals on
if (!ini_get('register_globals')) {
$superglobals = array($_SERVER, $_ENV,
$_FILES, $_COOKIE, $_POST, $_GET);
if (isset($_SESSION)) {
array_unshift($superglobals, $_SESSION);
}
foreach ($superglobals as $superglobal) {
extract($superglobal, EXTR_SKIP);
}
ini_set('register_globals', true);
}
?>

7
Peekay
Re: FriendFinder -Requires Globals or what?
  • 2005/2/15 23:39

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


Thx Merlin! It's in my notepad.

Are you running your own server with globals off, or is it your host's decision to do this.?. I only ever wrote one small PHP app and 'the book' said write for globals off, because that way it will work with globals off, or on. I see however the dilema faced by web hosts, because there must be millions of legacy scripts that will fail with globals off (like I guess some of the older XOOPS modules). I believe there is a security issue having globals on, (I don't know enough about PHP to know why) but do you know how often that is actually used as the gateway for an exploit?. Only time my sites were affected by hackers was when they gained root access to the shared server. Had nothing to do with globals, or 'safe-mode' which was 'on' at the time!.

8
Dave_L
Re: FriendFinder -Requires Globals or what?
  • 2005/2/16 1:15

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


Having register_globals on, or using the above code to simulate it, is a security risk if there are uninitialized or unsanitized variables, since user-provided (untrusted) data can find its way into the script.

But if you need register_globals on, you may be able to accomplish that with an .htaccess file in the appropriate directory containing:

php_flagĀ register_globalsĀ on


In this case, you could try putting the .htaccess file in the friendfinder module's directory.

9
tripmon
Re: FriendFinder -Requires Globals or what?
  • 2005/2/16 18:09

  • tripmon

  • Module Developer

  • Posts: 462

  • Since: 2004/2/28


My host decides the box settings for me.

Peekay:
While injection is possible theoretically, with properly sanitized input filters (Thanks GIJOE) I think it should be pretty safe.

DaveL:
Thanks for the info.
Re: htaccess...
IIS doesn't play nice with .htaccess and I'm in a WIMP playground.

I am sanitizing ALL input and uninitialized vars should do nothing more than throw a php notice.
***If I'm wrong there please enlighten me.***

After ALOT of code changes, I now have FriendFinder working in a register_globals off environment that can not use .htaccess files. I have yet to convert the module to register_globals off, but it will be easy do do that once I figure out the remainder of the arrays and vars. (Will simply POST and GET encapsulate all the globals).

The only issue I have is that I can't get the pic.php or add.php page to actually upload the users pic. Help WELCOMED!

When I create a profile, it is creating the 'timestamp' directory, copying the index.htm file, and entering ALL of the information in the dB, it just is not actually copying (or uploading) the pic in the newly created 'timestamp' folder. About to start dumping all the vars to get to the bottom of it.

More l8r...

10
tripmon
Re: FriendFinder -Requires Globals or what?
  • 2005/2/16 21:09

  • tripmon

  • Module Developer

  • Posts: 462

  • Since: 2004/2/28


UPDATE:

I now have all functions (including image upload and resize) working using the Globals script I mentioned above.

While I'm happy with this alone (Unless I find it is a real security risk) if anyone would like to work with me to de-globalize this beast, let me know.

Login

Who's Online

354 user(s) are online (282 user(s) are browsing Support Forums)


Members: 0


Guests: 354


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits