Why my php script for Show 10 TOPIC from SMF V1.x database Not work in SMF2.x

Started by AngelGirl, July 06, 2012, 10:46:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

AngelGirl

July 06, 2012, 10:46:11 PM
Hi, This is Php code script that i use for show 10 topic from SMF 1.x Database. (It 's work)
But it can not working in SMF 2.x

please Help me!

Code Select
<?php 

$list "10"// number of toppic
$sboard "1"//if want to spec Forum NO. change 0 instead 1
$board "68"// No. of forum

?>

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<!--<meta http-equiv="Content-Type" content="text/html; charset=utf8">
<meta http-equiv="Content-Type" content="text/html; charset=windows-874">-->

<title>&lt;?=$list ?&gt;WEBBOARD</title>

</head>
<body bgcolor=#FFFFFF link="#333333" vlink="#808080" alink="#00FF00" >

<span class="style1"></span>
<table width="100%" border="0" cellpadding="0" cellspacing="1" bgcolor="#FFCC99">
  <tr>
    <th><span class="style9"><?=$list ?>
    <span class="style12">LASTEST &quot;WEBBOARD&quot; </span></span>
  </tr>
  <tr>
    <td bgcolor="#FFFFFF"><table width="100%" border="0" cellpadding="0" cellspacing="3">
        <tr>
          <td><span class="style8">
            <?
include("../(yourfolder path)/Settings.php");

$host = $db_server;
$user = $db_user;
$pass = $db_passwd;
$database = $db_name;
$prefix = $db_prefix."topics";
$prefix2 = $db_prefix."messages";

@mysql_connect($host,$user,$pass) or die("sory cannot access please try next time");
$charset ="SET NAMES 'utf8'";mysql_query($charset)
or die('Invalid query: ' . mysql_error());
if ($sboard=="0") {
$Sql = "SELECT * FROM $prefix order by id_topic DESC limit 0,$list ";
} elseif ($sboard=="1") {
$Sql = "SELECT * FROM $prefix where id_board='$board' order by id_topic DESC limit 0,$list ";
}
$result = mysql_db_query($database,$Sql);
$nrow = mysql_num_rows($result);
while ($num = mysql_fetch_array($result)) {

$tid = $num["id_topic"];
$bid = $num["id_board"];
$fid = $num["ID_FIRST_MSG"];
$view = $num["numViews"];
$reply = $num["numReplies"];

$msql = "select * from $prefix2 where ID_MSG='$fid'";
$mresult = mysql_db_query($database,$msql);
$marr = mysql_fetch_array($mresult);
$title = $marr["subject"];
$poster = $marr["posterName"];
$today = date("d M Y");
$time = date("d M Y", $marr["posterTime"]);
if ($today==$time) {
$time = date("<font color='#FF0000'><b>today .</font></b>", $marr["posterTime"]);
} else {
$time = date("<b>d M Y</b>", $marr["posterTime"]);
}

echo "<span class='font'>\n";
echo "<img src=http://newharddisk.com/wp-content/themes/wp-chatter_ok/images/FeedIcon-16.gif border=0 alt='Topic $tid'>&nbsp;\n";
echo "<a href='../(yourfolder path)/index.php?board=$bid;action=display;threadid=$tid' target='_blank'><b>$title </b></a><font color=#006600> </font><font color=#BE2C60><b> by</b> : <img src=http://newharddisk.com/wp-content/themes/wp-chatter_ok/images/FeedIcon-16.gif> $poster</font></span><br>\n";
}

?>
          </span></td>
        </tr>
      </table></td>
  </tr>
</table>


</body>

</html>

Arantor

#1
July 06, 2012, 10:52:09 PM
Because things are quite a bit different in SMF 2. In any case doing what you're doing is actually potentially very very insecure and could lead to your database being compromised on anything not perfectly configured.

Use SSI.php and the ssiRecentTopics function, not this code.

AngelGirl

#2
July 06, 2012, 11:51:20 PM
Ahaaaa thanks for suggestion about  security   

(but this code are beautiful)  ;)

Arantor

#3
July 06, 2012, 11:54:54 PM
That code is far from beautiful.

vbgamer45

#4
July 06, 2012, 11:59:33 PM
Little bit cleaned up
Code Select

<?php 
$ssi_guest_access true;
include("../(yourfolder path)/SSI.php"); 
$list "10"// number of toppic
$sboard "1"//if want to spec Forum NO. change 0 instead 1
$board "68"// No. of forum

?>

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>&lt;?=$list ?&gt;WEBBOARD</title>

</head>
<body bgcolor=#FFFFFF link="#333333" vlink="#808080" alink="#00FF00" >

<span class="style1"></span>
<table width="100%" border="0" cellpadding="0" cellspacing="1" bgcolor="#FFCC99">
  <tr>
    <th><span class="style9"><?=$list ?>
    <span class="style12">LASTEST &quot;WEBBOARD&quot; </span></span>
  </tr>
  <tr>
    <td bgcolor="#FFFFFF"><table width="100%" border="0" cellpadding="0" cellspacing="3">
        <tr>
          <td><span class="style8">
            <?



if ($sboard=="0") {
$Sql = "SELECT * FROM smf_topics order by id_topic DESC limit 0,$list ";
} elseif ($sboard=="1") {
$Sql = "SELECT * FROM smf_topics where id_board='$board' order by id_topic DESC limit 0,$list ";
}
$result = mysql_query($Sql);
$nrow = mysql_num_rows($result);
while ($num = mysql_fetch_array($result)) {

$tid = $num["id_topic"];
$bid = $num["id_board"];
$fid = $num["id_first_msg"];
$view = $num["num_views"];
$reply = $num["num_replies"];

$msql = "select * from smf_messages where ID_MSG='$fid'";
$mresult = mysql_query($msql);
$marr = mysql_fetch_array($mresult);
$title = $marr["subject"];
$poster = $marr["poster_name"];
$today = date("d M Y");
$time = date("d M Y", $marr["poster_time"]);
if ($today==$time) {
$time = date("<font color='#FF0000'><b>today .</font></b>", $marr["poster_time"]);
} else {
$time = date("<b>d M Y</b>", $marr["poster_time"]);
}

echo "<span class='font'>\n";
echo "<img src=http://newharddisk.com/wp-content/themes/wp-chatter_ok/images/FeedIcon-16.gif border=0 alt='Topic $tid'>&nbsp;\n";
echo "<a href='../(yourfolder path)/index.php?board=$bid;action=display;threadid=$tid' target='_blank'><b>$title </b></a><font color=#006600> </font><font color=#BE2C60><b> by</b> : <img src=http://newharddisk.com/wp-content/themes/wp-chatter_ok/images/FeedIcon-16.gif> $poster</font></span><br>\n";
}

?>
          </span></td>
        </tr>
      </table></td>
  </tr>
</table>


</body>

</html>
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Arantor

#5
July 07, 2012, 12:01:02 AM
That's great, let's encourage everyone to write insecure queries.

vbgamer45

#6
July 07, 2012, 12:05:41 AM
There is nothing in secure there as variables are not being accepted for input. If you want spend the time making it better you can.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Arantor

#7
July 07, 2012, 12:07:07 AM
That's the point, there are several circumstances where those variables can be overridden from outside. (There *are* hosts who still use register_globals out there.)

I find it extremely bad form to post code for SMF 2 that doesn't follow any of the proper guidelines, it encourages more people to write bad code.

AngelGirl

#8
July 07, 2012, 09:33:54 AM Last Edit: July 07, 2012, 01:39:18 PM by AngelGirl
Hi vbgamer45 ,Thanks for you fix that code. but it error on
Code Select
$nrow = mysql_num_rows($result);
while ($num = mysql_fetch_array($result)) {

This is show for SMF V1.x ;D but can not show on SMF V2



Hi Arantor , I realize in your advise me about  secure in that code.
If i change my mind just for Case study ,can you suggestion me  how that code working in SMF V2.

help me?   ::)
Print
Go Up Pages1
User actions
Advertisement: