Well, I've begun to fix up SAX for a MOD release (what's that? A flying pig, you say?) Anyway, I have a clean 2.0.21 install right here that I'm testing it on. Who wants to take bets on how long until a spambot hits it? Razz
http://www.cemetech.net/phpBB2/index.php
I have a quarter that says it won't last a week. Very Happy
ZOMG! The newest registered user is...

Quote:
Our users have posted a total of 19 articles
We have 3 registered users
The newest registered user is kerm's mother
In total there are 3 users online :: 0 Registered, 0 Hidden and 3 Guests [ Administrator ] [ Moderator ]
Most users ever online was 3 on Tue Nov 14, 2006 5:42 pm
Registered Users: None


ZOMG ZOMG LOL PWNAGE LOL Kerm IS TALKING TO HIMSELF LOL HE HAS ALTERNATE PERSONALITIES ROFLMAO!

Rolling Eyes
lol, I registered that to test something out for him Wink
That he did. I'm still stuck on the retarded CSS issue that's causing the button and text input form elements to be unreadable...
I'm going to see about installing SAX on a phpBB3 install, and see what I can get... If it doesnt work, I'll play with it, and perhaps give Kerm info on how to get it to work.
Sweet deal. I believe elfprince is also working on this issue?
actually Im not, Im just enjoying messing around with phpBB3.
Oh, my mistake then, elfprince.
/me sees a continued lack of SAX on Alex's forum Sad
1.0.2 submitted December 4, 2006.

MOD Database Manager wrote:
-------------------------------------------------------------------------------------
This PM is automatically generated. Please do not reply.

If you wish to discuss anything in this PM please contact: paul999
-------------------------------------------------------------------------------------

Hello,

As you may know, all MODs submitted to the phpBB MOD Database must be validated and approved by members of the phpBB Team.

Upon validating your MOD, the phpBB MOD Team regrets to inform you that we have had to deny your MOD.

To correct the problem(s) with your MOD, please following the below instructions:
  1. Make the necessary changes to correct any problems (listed below) that resulted in your MOD being denied.
  2. Increase your version number. (See Knowledge Base Article 43 for help.)
  3. Change the filename. (For example, my_mod_1.0.0.zip would become my_mod_1.0.1.zip.)
  4. Re-upload your MOD into our MOD Database.

Please ensure you tested your MOD on the latest version of phpBB (see the Downloads page) before you reupload your MOD.

Before you resubmit your MOD, please check your MOD Syntax via our MOD Syntax Validator to ensure your MOD is using the correct MOD Template Syntax.

Here is a report on why your MOD was denied:
-------------------------------------------------------------------------------------


Code:
$sql2 = "SELECT * FROM ".SESSIONS_TABLE." WHERE session_user_id = '$userdata[user_id]'";
Should be
Code:
$sql2 = "SELECT * FROM ".SESSIONS_TABLE." WHERE session_user_id = ' . $userdata['user_id'];
Also, obtaining all fields, without using any field, is unneeded.

Code:
#
#-----[ FIND ]------------------------------------------
#
//
// That's all, Folks!
// -------------------------------------------------
You can better not search for comment, because translators can change them. Use ?> for searching.

Code:
         if ($mode == 'newtopic') {
            $topicname = $subject;
         } else {
            $sql = 'SELECT * FROM '. TOPICS_TABLE ." WHERE topic_id = '$topic_id' LIMIT 1";
            $result = $db->sql_query($sql);
            $topicnamerow = $db->sql_fetchrow($result);                        
            $topicname = $topicnamerow['topic_title'];
         }
Error handling for this query is missing.

Code:
   ^.*)(posting\.php.*$)/',"$1viewtopic.php",htmlspecialchars($HTTP_SERVER_VARS['PHP_SELF']));
         ajaxSaxAddItem(0,$userdata['username'],$topicname,$ajaxurl .'?p='.$post_id.'#'.$post_id);


Code:
p=
must be replaced with
Code:
POST_POST_URL . '='
, also I don't think this is a good way to generate a url at this way.

From sax.php:

Code:
function SaxTemplates() {
   global $phpbb_root_path,$userdata,$template,$saxlog,$lang,$phpEx;
   $saxlog = './saxlog.dat';
   $template->assign_var('L_SAXYOUSAID' , $lang['YouSaid']);
   $template->assign_var('L_SAY' , $lang['Say']);
   $template->assign_var('U_SAXLOGPATH' , $phpbb_root_path.'includes');
   $template->assign_var('U_SAXSAYPATH' , $phpbb_root_path.'includes/saxsay.'.$phpEx);
   $template->assign_var('U_SID' , $userdata['session_id']);
}
It is better to use one call to $template->assign_vars(array());, then more calls to $template->assign_var();
You are in this file also not using the code guidelines for phpbb2.

Code:
$out.=SAXformatstring('<span class="saxmaroon">SAX:</span> <span class="saxblack">'.$who.': '.$what2.'='.matheval($what2).'</span>');
SAX must be placed in the language file. This is in more places in this file

Code:
         $findwho = preg_replace('/[^\w\d]/','',strtolower($whats[1]));
         $length = strlen($findwho);
         $sql = "SELECT * FROM ".USERS_TABLE." WHERE LCASE(SUBSTR(username,1,$length)) = '$findwho'";
         if( !($result = $db->sql_query($sql)) )
         {
            message_die(CRITICAL_ERROR, "Could not query config information for $sql");
         }
         $totalfound = $db->sql_numrows($result);
You must replace ' with '' for security in $findwho. This is in more places in this file.

Code:
            $outstring .= $row['username'] . ' was last online at ' . date('H:i:s',$row['user_lastvisit']);
            if (date('m d Y',$row['user_lastvisit']) == date('m d Y'))
            { $outstring .= ' today.'; } else { $outstring .= ' on ' . date('m/d/y',$row['user_lastvisit']) . '.'; }
            $out .= SAXformatstring('<span class="saxmaroon">SAX:</span> <span class="saxblack">'.$outstring.'</span>');
         } else {
            if ($totalfound == 0)
            {
            //no users found
               $out .= SAXformatstring('<span class="saxmaroon">SAX:</span> <span class="saxblack">I don\'t know who you mean, '.$who.'.</span>');
            } else {
            //too many users found
               $out .= SAXformatstring('<span class="saxmaroon">SAX:</span> <span class="saxblack">I found more than one user.  Could you be more specific, '.$who.'?</span>');
            }
         }
Hardcored language, must in lang files. Again, this isn't the only one in this file.

From saxajax.js:

Code:
  } else if (xmlhttp.status==302) {
      document.getElementById(elementid).innerHTML=='<br />incorrect redirect.'+oldsaxhtml
  } else if (xmlhttp.status==403) {
      document.getElementById(elementid).innerHTML=='<br />You entered invalid characters!!'+oldsaxhtml
Language must be in lang files.
From saxsay.php:

Code:
$tempsay = stripslashes(strip_tags(urldecode($HTTP_GET_VARS['what'])));
This must be replaced with htmlspecial chars and a str_replace that ' replaced with ''.
Also, checking for SID isn't needed I think. The language used must be in the lang files.

Also, I think it is better to save the message into the database, instead using a text file. Also, a comment about chmodding the dat file is needed, because without chmodding he cannot be writed with php.

Not sure about the next function, don't know where it is called

Code:
function matheval($equation){
      $equation = preg_replace("/pi/","3.14159265",$equation);
      $equation = preg_replace("/e/","2.718281835",$equation);
      $equation = preg_replace("/([^0-9]+)\^([^0-9]+)/","",$equation);
       $equation = preg_replace("/[^0-9+\-.*\/()%]/","",$equation);
       $equation = preg_replace("/([+-])([0-9]+)(%)/","*(1\$1.\$2)",$equation);
       // you could use str_replace on this next line
       // if you really, really want to fine-tune this equation
       $equation = preg_replace("/([0-9]+)(%)/",".\$1",$equation);
       if ( $equation == "" ) {
               $return = 0;
       } else {
               eval("\$return=" . $equation . ";");
       }
       return $return;
}


-------------------------------------------------------------------------------------
Please refer to the following links before you reupload your MOD:

For further reading, you may want to review the following:


For help with writing phpBB MODs, the following resources exists:


If you feel this denial was not warranted, you can contact the MOD Team Leader, wGEric.

Thank You,
phpBB MOD Team


1.0.3 submitted Jan. 14, 2007.
  
Register to Join the Conversation
Have your own thoughts to add to this or any other topic? Want to ask a question, offer a suggestion, share your own programs and projects, upload a file to the file archives, get help with calculator and computer programming, or simply chat with like-minded coders and tech and calculator enthusiasts via the site-wide AJAX SAX widget? Registration for a free Cemetech account only takes a minute.

» Go to Registration page
Page 1 of 1
» All times are UTC - 5 Hours
 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

 

Advertisement