boardom

Trace · Joined: 25 Jan 2002 Posts: 23 Location: New Zealand

It's written for Moveable Type, but looking at it, it could be easily changed to b2 as all it requires is the ability to use categories and errrm, PHP

The article is at Scriptygoddess:

http://www.scriptygoddess.com/archives/000916.php#000916

Some other interesting coding tidbits there as well for anyone that's interested.

michel v · Posted: Thu Apr 25, 2002 10:54 pm Post subject:

Woah this hack is crazy and filled with bad coding practices...

In fact b2 could do it by checking if there's a cafeloguser cookie and check if it's valid, then if the person put a template tag like 'b2_post_form()' in the template it would output a form to add a new entry.
This could be coded by the next big release.

Off-topic, why is every hack of CGI blog scripts done with PHP ?

scriptygoddess · Joined: 26 Apr 2002 Posts: 2

Hi! I'm the one that wrote that script. I'm just learning PHP - so I'm interested to know why you think it's filled with bad coding practices. How would you do it differently?

As for why people like myself are using PHP even though the blog software is using CGI - because I don't know perl, but PHP is extremely easy to use/learn. That's my reason anyway - I'd imagine other people doing the same probably have the same reasons.

michel v · Posted: Fri Apr 26, 2002 8:02 pm Post subject:

Hi Jenn,

The bad practices that I was talking about were: using the short open tag <? instead of <?php (I've been guilty of this too for some time...), PRINTing HTML code (you can just stop PHP with ?> and go back to PHP after the HTML is over, saves you the hassle of escaping every double quote) and mixing double quoted strings with EOF-style strings (why?)
Also using a .ini file while you can aswell play secure and name it .php : check the notes there for a good way to hide the content of this file from a browser, without having to place the file out of the public_html directory (lots of people cannot access out of public_html).
You can remove the action=\"#\" bit too: if the action attribute is missing, it's assumed that the action field = the current file.

Last thing, you could just make them email you with a username, you would give them a password.
When visitors visit they are checked for cookies with their username and encoded password (you can check the encoded password against the .ini.php file's password if you encode the latter). If they do not have any, they're asked for username and password. When they input them, they got cookies for username and encoded password.
This way a same username could be used at two locations. If you don't trust your readers to keep the info confidential, you can make the script log the username and IP of the visitors everytime they log in: if a given username is used by more than 3 or 4 IPs regularly, warn the user by email, if it goes on just delete the username/password line.

---
It looks like I was also very tired yesterday, because at some point I believed part of your hack was about allowing the blog's authors to blog right from the blog's file. This is why I talked about it.
Notes to myself: never even bother trying to understand anything when you're too tired to have a clue.

scriptygoddess · Joined: 26 Apr 2002 Posts: 2

Great! Thanks for the tips.

One question (although I'll test this out later to see if it works or not) I thought that if you're PRINTing text within an if statement that you couldn't just end the php tag... That's the way JSP works though... I didn't think it worked that way with PHP... I guess I'll give it a try and see if in fact that's really the case...

and the action="#" - never knew that about it assuming it's the current page if it's left out... Excellent. Good to know.

As for the password - yeah, I had mentioned to Lynda (one of the other "scriptygoddesses") that we could do that... but it was more trouble than it was worth.

Really - my reason for wanting to "restrict access" to some posts wasn't so that I could reveal any government secrets or anything it was just so I could bitch about my mother and sister in law without worrying that one day they'd accidentally find the site and see what I said "behind their backs" LOL!! So I'm not too concerned with the security too much... (They're NOT exactly computer-pros)

Thanks again for the help!