But the Web hosting service has upgraded PHP and turned off a function used by the forum.
They say: "The problem was that your php script was written to require 'register_globals' to be on... which is a security risk."
They sent me the following log messages:
[error] PHP Notice: Undefined variable: action in
/array01/shc_servers/fyia.org/root/TalkingIA/index.php on line 43
[error] PHP Notice: Undefined variable: page in /array01/shc_servers/fyia.org/root/TalkingIA/index.php on line 93
[error] PHP Notice: Undefined variable: html in /array01/shc_servers/fyia.org/root/TalkingIA/index.php on line 102
Then they say: "You need to talk w/ the author of the script and have them set the variables explicitly in the code for it to work correctly on our server."
The problem is that I have written to the author and have gotten no response, so I have to hack it and I'm only a novice at PHP.
The code for those three lines is:
(43) } elseif($action == "view") {
(93) if(!$page) { $page = 1; }
(102) $html .= "<ul>\n";
TIA,
Allen
The entire code for the forum is:
<?php
$mbname = "TXXXXX";
$dbname = "tXXXXX";
$dbhost = "localhost";
$dbuser = "XXXXXXX";
$dbpass = "XXXXXXXX";
$limit = "40";
##################################################################
# #
# tribbyBoard v1.31 is released under the Gnu GPL license. #
# It is available for free from http://www.tribby.com/board/ #
# This script is Copyright 2001 Jeremy Tribby. #
# #
##################################################################
$link = mysql_connect($dbhost, $dbuser, $dbpass) or die("Error!");
mysql_select_db($dbname, $link) or die("Error!");
if($action == "add") {
if ($thread == "new") {
$result = mysql_query("SELECT thread from board order by thread desc", $link);
list($thread) = mysql_fetch_row($result);
$thread++;
}
if(!$name) { print "<html><head><title>$mbname</title></head><body bgcolor=\"white\">You forgot to enter a name. Please go back and try posting again.</body></html>"; exit; }
if(!$subject) { print "<html><head><title>$mbname</title></head><body bgcolor=\"white\">You forgot to enter a subject. Please go back and try posting again.</body></html>"; exit; }
$result = mysql_query("INSERT INTO board (id, parent, thread, name, email, subject, message, date, ip) VALUES (NULL, '$parent', '$thread', '$name', '$email', '$subject', '$message', NULL, '$REMOTE_ADDR')", $link) or die ("Error!");
$result = mysql_query("SELECT id FROM board ORDER BY id DESC LIMIT 1 ", $link);
list($id) = mysql_fetch_row($result);
mysql_close($link);
swapPost($id);
exit;
} elseif($action == "view") {
global $html;
$mes_id = $id;
$q = mysql_query("SELECT *,UNIX_TIMESTAMP(date) FROM board WHERE id=$id", $link);
list($id,$parent,$thread,$name,$email,$subject,$message,$baddate,$ip,$date)=mysql_fetch_row($q);
$date = date("Y-m-d g:i:sa",$date);
$mes_thread = $thread;
$q = mysql_query("SELECT thread FROM board WHERE id=$id", $link);
list($thread)=mysql_fetch_row($q);
$q = mysql_query("SELECT id FROM board WHERE thread=$thread AND parent=0", $link);
$html .= "<ul>\n";
while(list($id)=mysql_fetch_row($q)) {
thread($id);
}
$html .= "</ul>\n";
mysql_close($link);
$messages = split("\n", $message);
foreach($messages as $msg) {
if(eregi("</textarea>",$msg)) {
$msg = eregi_replace("</textarea>","",$msg);
}
$quote .= ":$msg";
}
$quote .= "\n";
$name = htmlspecialchars($name);
$email = htmlspecialchars($email);
$subject = htmlspecialchars($subject);
$message = htmlspecialchars($message);
swapMsg($html,$message,$subject,$name,$email,$date,$quote,$mes_thread,$mes_id);
exit;
} else {
$q = mysql_query("SELECT id FROM board WHERE parent=0 ORDER BY date DESC",$link);
$list = array();
while(list($id)=mysql_fetch_row($q)) {
array_push($list,$id);
}
if(!$page) { $page = 1; }
$num_threads = count($list);
$threads = array_splice($list,0,($limit * $page));
if($page>1) { array_splice($threads,0,(($limit * $page) - $limit)); }
if($page>1) { $html .= "page $page<br>"; }
$html .= "<ul>\n";
foreach($threads as $id) {
thread($id);
}
$html .= "</ul>";
mysql_close($link);
$num_pages = $num_threads/$limit;
if(is_float($num_pages)) {
$num_pages = (intval($num_pages) + 1);
}
if($num_pages > 1) {
if(($num_pages > 10) & ($page < 10)) {
$num_pages = 10;
}
if($num_pages <= 10) {
$start = 1;
$stop = $num_pages;
} else {
$start = ($page - 5);
if(($num_pages - ($page + 5)) > 0) {
$stop = ($page + 5);
} else {
$stop = $num_pages;
}
}
$html .= "page: ";
if($page > 1) {
if(($page - 1) > 1) {
$html .= "<a href=\"index.php?page=" . ($page - 1) . "\"><b>previous</b></a> ";
} else {
$html .= "<a href=\"index.php\"><b>previous</b></a> ";
}
}
for($p=$start;$p<=$stop;$p++) {
if($page == $p) {
$html .= "[$p]";
} else {
if($p == 1) {
$html .= "<a href=\"index.php\">[1]</a>";
} else {
$html .= "<a href=\"index.php?page=$p\">[$p]</a>";
}
}
}
if(($page + 1) <= $num_pages) {
$html .= " <a href=\"index.php?page=" . ($page + 1) . "\"><b>next</b></a><br>";
} else {
$html .= "<br>";
}
}
swapHtml($html);
exit;
}
function thread ($id) {
global $mes_id;
global $link;
global $html;
global $page;
$q = mysql_query("SELECT *,UNIX_TIMESTAMP(date) FROM board WHERE id=$id",$link);
list($id,$parent,$thread,$name,$email,$subject,$message,$baddate,$ip,$date)=mysql_fetch_row($q);
$date = date("Y-m-d g:i:sa",$date);
$name = htmlspecialchars($name);
$email = htmlspecialchars($email);
$subject = htmlspecialchars($subject);
$message = htmlspecialchars($message);
if($parent > 0) {
$html .= "<ul>\n";
}
if($id == $mes_id) {
$html .= "<li><b>$subject</b> - <b>$name</b> - <i>$date</i>\n";
} else {
if($page>1) {
$html .= "<li><a href=\"index.php?action=view&id=$id&page=$page\"><b>$subject</b></a> - <b>$name</b> - <i>$date - $id</i>\n";
} else {
$html .= "<li><a href=\"index.php?action=view&id=$id\"><b>$subject</b></a> - <b>$name</b> - <i>$date - $id</i>\n";
}
}
$q = mysql_query("SELECT id FROM board WHERE parent=$id ORDER BY date DESC",$link);
$num=mysql_numrows($q);
if($num) {
while(list($id)=mysql_fetch_row($q)){
thread($id);
}
}
if($parent > 0) {
$html .= "</ul>\n";
}
}
function swapHtml($html) {
global $mbname;
$filename = "boardtemplate.html";
$fd = fopen ($filename, "r");
$contents = fread ($fd, filesize ($filename));
fclose ($fd);
$contents = str_replace("<!--THREADS-->",$html,$contents);
$contents = str_replace("<!--MBNAME-->",$mbname,$contents);
echo $contents;
}
function swapMsg($html,$message,$subject,$name,$email,$date,$quote,$mes_thread,$mes_id) {
global $mbname;
global $page;
$filename = "messagetemplate.html";
$fd = fopen ($filename, "r");
$contents = fread ($fd, filesize ($filename));
fclose ($fd);
$message = nl2br($message);
if($page>1) { $contents = str_replace("<!--BACK-->","index.php?page=$page",$contents); }
else { $contents = str_replace("<!--BACK-->","index.php",$contents); }
$contents = str_replace("<!--THREADS-->",$html,$contents);
$contents = str_replace("<!--MBNAME-->",$mbname,$contents);
$contents = str_replace("<!--MESSAGE-->",$message,$contents);
$contents = str_replace("<!--SUBJECT-->",$subject,$contents);
$contents = str_replace("<!--NAME-->",$name,$contents);
$contents = str_replace("<!--EMAIL-->",$email,$contents);
$contents = str_replace("<!--DATE-->",$date,$contents);
$contents = str_replace("<!--QUOTE-->",$quote,$contents);
$contents = str_replace("<!--MES_THREAD-->",$mes_thread,$contents);
$contents = str_replace("<!--MES_ID-->",$mes_id,$contents);
echo $contents;
}
function swapPost($id) {
global $mbname;
$filename = "posttemplate.html";
$fd = fopen ($filename, "r");
$contents = fread ($fd, filesize ($filename));
fclose ($fd);
$contents = str_replace("<!--MES_ID-->",$id,$contents);
$contents = str_replace("<!--MBNAME-->",$mbname,$contents);
echo $contents;
}
?>