I am looking for people who are currently willing to freely beta test this app upon completion (excluding regular and daily processes unless themselves vulnerable) to test the security and vulnerbilitiy's of the site to avoid any unwanted complications in the future. The site itself will run purely from session variables (I know, a lot of DB runtime) and custom functions, and thus far has not used a single class, although this is probsably relative in the future.
Basically, all i am looking for in this post is to find out wether forum posts/replies are more efficient stored in a MySQL db or created as individual .php files with unique indentifier $_GET protocols. Any suggestions or hints would be of great use to me.
Also, here is the current structure of my BBCode format, eg includes latest news posts.
Code: Select all
if ($_SESSION['TheMob']['news'] == 'Yes'){
opendb();
$result = mysql_query("UPDATE userlist SET news='No' WHERE id='".$_SESSION['TheMob']['id']."'");
closedb();
}
?>
</style>
<script src="../../Scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<table width="673" border="1" cellpadding="0" cellspacing="0" background="modules/admin/images/tablebg.png">
<tr>
<td width="669" height="30" align="left" valign="middle" background="images/standardhead.png" bgcolor="#000000"><span class="style2">|<span class="style3">News</span></span></td>
</tr>
<tr>
<td align="center" valign="top" bgcolor="#000000"> <br />
<?php
opendb();
$result = mysql_query("SELECT * FROM news ORDER BY newsid DESC LIMIT 0,10") or die(mysql_error());
if (mysql_num_rows($result) > 0) {
echo "<table cellpadding=10 border=1>";
while($row = mysql_fetch_assoc($result)) {
?>
<table width="600" border="1" cellpadding="0" cellspacing="1" bgcolor="#000000">
<tr>
<td colspan="2"><table width="600" border="0" cellspacing="0" cellpadding="0" bordercolordark="#0033FF" bordercolorlight="#0066FF">
<tr>
<td align="left" valign="middle" bgcolor="#000000"><?php echo $row['subject']; ?></td>
</tr>
</table></td>
</tr>
<tr>
<td width="200"><table width="200" border="0" cellspacing="0" cellpadding="0" bordercolordark="#0033FF" bordercolorlight="#0066FF">
<tr>
<td width="200" align="center" valign="top" bgcolor="#000000"><img src="users/images/<?php echo $row['user']; ?>.jpg" width="100" height="100" /><br />
<a href="users/<?php echo $row['user']; ?>.php"><?php echo $row['handle']; ?></a></td>
</tr>
</table></td>
<td width="399" align="left" valign="top"><table border="0" cellspacing="0" cellpadding="0" bordercolordark="#0033FF" bordercolorlight="#0066FF">
<tr>
<td width="399" bgcolor="#000000"><?php $row['message'] = bbcode($row['message']); echo $row['message']; ?></td>
</tr>
</table></td>
</tr>
<tr>
<td align="left" valign="middle"><?php echo $row['date']; ?></td>
<td align="right" valign="middle"><?php if (($_SESSION['TheMob']['premium'] == 'Admin') || ($_SESSION['TheMob']['premium'] == 'Mod')){ echo '<a href="modules/admin/delnew.php?id='.$row['newsid'].'">Delete</a>'; } ?></td>
</tr>
</table>
<?php
}
echo "</table>";
}
else {
echo "No news found!";
}
closedb();
?></td>
</tr>
</table>
Code: Select all
function bbcode($str) {
$str = htmlentities($str);
$simple_search = array(
'/\[b\](.*?)\[\/b\]/is', // Bold
'/\[i\](.*?)\[\/i\]/is', // Italic
'/\[u\](.*?)\[\/u\]/is', // Underline
'/\[url\=(.*?)\](.*?)\[\/url\]/is', // String Url
'/\[url\](.*?)\[\/url\]/is', // Plain Url
'/\[align\=(left|center|right)\](.*?)\[\/align\]/is', // Text alignment
'/\[img\](.*?)\[\/img\]/is', // Unsized image
'/\[img\=(.*?)x(.*?)\](.*?)\[\/img\]/is', // Sizeable image
'/\[font\=(.*?)\](.*?)\[\/font\]/is', // Change font
'/\[size\=(.*?)\](.*?)\[\/size\]/is', // Change size
'/\[color\=(.*?)\](.*?)\[\/color\]/is', // Change colour (US)
'/\[colour\=(.*?)\](.*?)\[\/colour\]/is', // Change colour (UK)
'/\n/is', // New line (automatic)
'/\[quote\](.*?)\[\/quote\]/is', // Quote without name
'/\[quote\=(.*?)\](.*?)\[\/quote\]/is', // Quote with name
'/\[youtube\](.*?)\[\/youtube\]/is', // Unsized Youtube video
'/\[youtube\=(.*?)x(.*?)\](.*?)\[\/youtube\]/is', // Sizeable Youtube video
);
$simple_replace = array(
'<strong>$1</strong>',
'<em>$1</em>',
'<u>$1</u>',
'<a href="$1" rel="nofollow" title="$2 - $1">$2</a>',
'<a href="$1" rel="nofollow" title="$1">$1</a>',
'<div style="text-align: $1;">$2</div>',
'<img src="$1" alt="" />',
'<img src="$3" alt="" width="$1" height="$2"/>',
'<span style="font-family: $1;">$2</span>',
'<span style="font-size: $1px;">$2</span>',
'<span style="color: $1;">$2</span>',
'<span style="color: $1;">$2</span>',
'<br />',
'',
'',
'<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/\\1"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/\\1" type="application/x-shockwave-flash" wmode="transparent" width="425" height="350"></embed></object>',
'<object width="\\1" height="\\2"><param name="movie" value="http://www.youtube.com/v/\\3"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/\\3" type="application/x-shockwave-flash" wmode="transparent" width="\\1" height="\\2"></embed></object>',
);