PHPhorum backend code. Comments appreciated.

TimTimTimma

<?php
/**
 * @file      : backend.php
 * @begin     : Wednesday, September 07, 2005
 * @email     : [email]support@phphorum.com[/email]
 * @copyright : Copyright (c) 2005 Timothy Hensley
 * @version   : $Id: backend.php, v0.1 Wednesday, September 07, 2005 10:14pm $
 *
 * This program is free software; you can redistribute it and/or modify it under 
 * the terms of the GNU General Public License as published by the Free Software 
 * Foundation; either version 2 of the License, or (at your option) any later 
 * version.
 */
/**
 * Make sure the file is not being accessed directly.
 */ 
if ($_SERVER['PHP_SELF'] == '/backend.php')
{
	die('HACKING ATTEMPT!');
}
/**
 * If a session id has yet to be assigned, create one.
 */
if (!session_id())
{
	session_start();
} 
/**
 * Make the php generated ampersand XHTML valid, and create a 
 * constant that will help identify if other files are being
 * directly accessed.
 */
ini_set("arg_separator.output", "&amp;");
define("INCLUDED", true);
/**#@+
 * A series of variables that help figure up the execution time of the script.
 *
 * @var : mtime
 * @var : start
 */
$mtime = microtime(); 
$mtime = explode(" ", $mtime); 
$mtime = $mtime[1] + $mtime[0]; 
$start = $mtime; 
/**#@-*/
/**
 * Returns the current time on the server.
 *
 * @var : date
 */
$date = date("F j, Y, g:i:s a"); 
/**#@+
 * Find the required files that makes everything work properly.
 */
require dirname(__FILE__) . '/languages/' . $user->lang() . '.php';
require dirname(__FILE__) . '/config.php';
require_once dirname(__FILE__) . '/db/' . $database_type . '.php';
/**#@-*/
/**
 * New instance of the sql object.
 */
$sql = new sql($database_username, $database_password, $database_name); 
/**
 * Current version of the system.
 *
 * @var : version
 */
$version = '0.1';
/**
 * Gathers information about the system and returns it in a
 * associtive array format.
 *
 * @package : phphorum
 */
class phphorum
{
	function phphorum($config, $lang, $sql)
	{
		var $url = $config['base_url'];
		var $sql = $sql;
		var $query = "SELECT * 
					  FROM ".$config['pre']."settings
					  WHERE setting_id = ".$config['setting_id'];
		$this->sql->sql_query($query);
		$_SESSION['settings'] = $this->sql->sql_fetcharray();
		var $site = $_SESSION['settings'];
		$this->sql->sql_freeresult();
	}

function info($column = '')
{
	if ($column != '')
	{
		if ($_SESSION['settings'][$column])
		{
			return $_SESSION['settings'][$column];
		}else
		{
			$_SESSION['settings'][$column] = $this->site[$column];
			return $_SESSION['settings'][$column];
		}
	}else
		errorHandler($lang['_METHOD_ERROR'], $lang['_INFO_METHOD_ERROR']);
	}
}	
} // End of @package : phphorum
/**
 * New instance of the phphorum object.
 */
$phphorum = new phphorum($config, $lang, $sql);
/**
 * If Gzip is set to 'on' enable GZIP.
 */
if ($config['Gzip'] == 'on')
{
	@ob_start('ob_gzhandler'); 
}
/**
 * If $_SESSION['banned']['ip'] is false/unset search the database for 
 * the current browsing ip address. 
 */
if (!$_SESSION['banned']['ip'])
{
	$ip_sql = "SELECT ip_id, ip, reason 
			   FROM ".$config['pre']."banned_ip 
			   WHERE ip = '".$user->userip()."'";
	$sql->sql_query($ip_sql);
	$_SESSION['banned']['ip'] = $sql->sql_numrows();
}
/**
 * If the ip address is found in the database, do not allow access
 */
if ($_SESSION['banned']['ip'] >= 1)
{ 
	if (!$_SESSION['banned']['ip_fetch'])
	{
		$_SESSION['banned']['ip_fetch'] = $sql->sql_fetcharray(); 
	}
	errorHandler($lang['_BANNED_IP'], $_SESSION['banned']['ip_fetch']['reason']);
}
/**
 * If $_SESSION['banned']['user'] is false/unset search the database for 
 * the username. 
 */
if (!$_SESSION['banned']['user'])
{
	$user_sql = "SELECT user_id, username, reason 
				 FROM ".$config['pre']."banned_users 
				 WHERE username = '".$user->name()."'";
	$sql->sql_query($user_sql);
	$_SESSION['banned']['user'] = $sql->sql_numrows();
}
/**
 * If the username is found in the database, do not allow access
 */
if ($_SESSION['banned']['user'] >= 1)
{ 
	if (!$_SESSION['banned']['user_fetch'])
	{
		$_SESSION['banned']['user_fetch'] = $sql->sql_fetcharray();  

	}
	errorHandler($lang['_BANNED_USER'], $_SESSION['banned']['user_fetch']['reason']);
}

?>

ednark

I suggest going a little further on your organization.

You have phphorum class defined in the file you use it. since you are already making use of includes, might I suggest moving class definitions to seperate files.

And depending on your site this may or may not be an issue. but if Backend is included on every page it does open a sql connection EVERY page load, there may be pages where you do not need to check authentication or load config from the database, so maybe moving that to another include file may be an option.

phphorum construction: If you have settings that are truely global to the system it would be a waste to stick them in sql just to call the same info over every single page. It seems from your table that the settings which are being pulled from sql are defined only in $config, which i would assume to be static. A better place to put those would be directly in the $config, or even in an .ini file somewhere. But i may be mistaken about what is in your sql table.

if (!$SESSION['banned']['ip'])
if ($SESSION['banned']['ip'] >= 1)
it seems that inside the IF >=1, you are ASSUMING the previous if statements execution of a valid non-error request. You should decouple the logic or include the second IF inside the first. You may be relying on some other result of $sql im not seeing however.

I don't see any database error handling, but since I see other error functions you wrote i will assume it's all being taken care of inside the class. I'm used to PEAR:😃B where you have to check for a returned error object after each call.

I think that's about it. Hope your site gets up and running.

halojoy

I have tried 2 version install of phpublisher:

phpublisher 1.0RC2
http://213.100.118.115/phpub1002/

and latest
phpublisher 1.1.0 2005-09-13
http://213.100.118.115/phpub110/

phpub102 I have modified layout and it looks better than THE Original, I think :p

phpub110
I installed today
it is a clean install of original
and nothing done at all - not even registered as member ( only as admin )

Issue and bug.
seems to be some problem with the way new session works
Every time I go to visit index.php
it shows only a blank page
after refreshing exactly 3 times, I can see the index.php
before this 3 times blank page!

When this issue, which I have never seen in any php application I have installed ( quite many ),
is fixed I will probably start using this good CMS
but for now .......

sorry Tim, but this is the truth. you have to fix the way your session start in your CMS

/halojoy
very proud of this modded LAYOUT of phpublisher:
http://213.100.118.115/phpub1002/index.php

🆒

TimTimTimma

halojoy wrote:
I have tried 2 version install of phpublisher:

phpublisher 1.0RC2
http://213.100.118.115/phpub1002/

and latest
phpublisher 1.1.0 2005-09-13
http://213.100.118.115/phpub110/

phpub102 I have modified layout and it looks better than THE Original, I think :p

phpub110
I installed today
it is a clean install of original
and nothing done at all - not even registered as member ( only as admin )

Issue and bug.
seems to be some problem with the way new session works
Every time I go to visit index.php
it shows only a blank page
after refreshing exactly 3 times, I can see the index.php
before this 3 times blank page!

When this issue, which I have never seen in any php application I have installed ( quite many ),
is fixed I will probably start using this good CMS
but for now .......

sorry Tim, but this is the truth. you have to fix the way your session start in your CMS

/halojoy
very proud of this modded LAYOUT of phpublisher:
http://213.100.118.115/phpub1002/index.php

🆒

I apologize for the time it has taken me to respond, to this message. I tried to contact you via your contact form you sent me via email, but it wouldnt load.

I am working on the issue right now and should be a fix available soon. Again, I am sorry for the inconvience this has cuased.