Username:
Password: Forgot?
Register
-/+
Shoutbox - History
Bibby : #MakeJaxboardsGreatAgain
Sean : Always good to know how many of you still use Jaxboards - thanks for texting me about the domain expiration. I've renewed it and updated the email address so that it won't happen again. :)
Jimmy : is anyone else posting here in 2016? I am
Bryan : WOOO!
Kesha : always impressed by jaxboards loyal fanbase
Bibby : JaxBoards4ever
JJstorm : NEVER!!! LIVE JB LIVE! Doctor!!!
Thomas : rip jaxboards
Mario_Man : not till i pull the plug, anyway
Mario_Man : we will never die
1
 
Sample MySQL dump?, Trying to set up JXBD on a new server
Avatar
Posts: 5
Status: Offline
Group: Member
Member: #325
Quote
I'm trying to get the JXBD system set up on my server because I need a BBS that I can integrate with my site's authentication system that only supports authentication of AJAX queries. So far, I've downloaded the source code, fixed all the <? markers that need to be <?php so I don't end up with a spew of source code on the output, and did a very cursory security audit.

It is at this point, however, that I've gotten stuck. When I try to access the board, I get a "board not found" error because the database is empty and there's no code to populate it with tables. Unfortunately, there's also no database dump in the source code to use as a starting point.

Is there someplace where I could grab the msyqldump output of an empty jaxboards database? I'd rather not have to waste a week reverse-engineering the database structures from the PHP code. :-)

Thanks.
Rate: Awesome!SadUmm....Surprising!Useful! (List)
^ Top
Avatar
boss.
Posts: 1131
Status: Offline
Group: Admin
Member: #1
Quote
Hey dgatwood,

Thanks for your interest in the software. I haven't yet created an install file for the version that I have up for download, but I have attached all of the tables you should need to this post.

My apologies for not having this already available. Please let me know if you run into any other issues getting the thing running from the source code. Keep in mind the version that's up on git is the exact same copy that's running as the service we use here - it was written to be used as a service (handling multiple forums) as opposed to one single forum, but with a little bit of tweaking I can help you get up and running.


Thanks again for checking out an old project of mine.



Edited by: Sean, Jun 16th, 2013 @ 2:50 am
Rate: Awesome!SadUmm....Surprising!Useful! (List)
^ Top
Avatar
Posts: 5
Status: Offline
Group: Member
Member: #325
Quote
I'm assuming that "Service/mysql.php" is locked down on your servers behind authentication and HTTPS-only, right? :)


BTW, I have it up and running as a single board on my laptop. I'm currently doing a security audit, and although it looks like you've generally included what is probably reasonable code for avoiding injection attacks, my paranoia (having made and caught many mistakes over the years in this area) compels me to go through it and update all the query code using mysqli to eliminate any lingering doubts. :D


Something like:



 var $mysqli_connection=false;


...



 function connect($host,$user,$password,$database='',$prefix=''){
  $link=mysql_connect($host,$user,$password);
  $this->prefix=$prefix;
  if ($link&&$database) $this->select_db($database);


  $this->mysqli_connection = new mysqli($host, $user, $password, $database);


  if (!$this->mysqli_connection) return false;
  return $this->connected=$link;
 }


...




 function safequery($query_string /*, ... */ ) {
        $my_argc = func_num_args();
        $connection = $this->mysqli_connection;


        $stmt = $connection->prepare($query_string);
        if (!$stmt) return null;


        $typestring = "";
        $out_args = array();


        if ($my_argc > 1) {
            for ($i = 1; $i < $my_argc; $i++) {
                // syslog(LOG_EMERG, "Bind: $i\n");
                $value = func_get_arg($i);
                $type = "s";
                if (is_int($value)) $type = "i";


                $typestring .= $type;
                array_push($out_args, $value);
            }
            array_unshift($out_args, $typestring);
            // syslog(LOG_EMERG, "TYPES: $typestring, OUT ARGS: ".print_r($out_args, true)."\n");
            call_user_func_array(array($stmt, "bind_param"), $this->refValues($out_args));
        }
        if (!$stmt->execute()) {
                $this->lastfailedstatement = $stmt;
                return null;
        }
        return $stmt;
 }


 function refValues($arr)
 {
    $refs = array();


    foreach ($arr as $key => $value) {
            $refs[$key] = &$arr[$key];
    }


    return $refs;
 }





Followed typically by replacing calls to *->query with *->safequery, e.g.


$foo->query("select * from foo where bar = `$i`;");



becomes


$foo->safequery("select * from foo where bar = ?;", $i);



and, of course, replacing the mysql_* calls with the matching mysqli_* calls afterwards. Note that this code is not yet tested.


If you're interested in incorporating such a patch when I get done, shout.


Edited by: dgatwood, Jun 19th, 2013 @ 1:03 am
Rate: Awesome!SadUmm....Surprising!Useful! (List)
^ Top
Avatar
boss.
Posts: 1131
Status: Offline
Group: Admin
Member: #1
Quote
Hey dgatwood,


Because mysqli was not around when I first started work on Jaxboards, and because I no longer maintain the software, it is written to use the deprecated php mysql drivers. However, I did take great precaution to ensure that all queries were sanitized correctly. All queries are run through a single MySQL class (custom written) and are sanitized and handled there.


If you'd like to rewrite inc/classes/mysql.php to use mysqli instead, that would be a very welcome addition!
Rate: Awesome!x1SadUmm....Surprising!Useful! (List)
Awesome!x1
^ Top
Avatar
Posts: 5
Status: Offline
Group: Member
Member: #325
Quote
Sean
Hey dgatwood,


Because mysqli was not around when I first started work on Jaxboards, and because I no longer maintain the software, it is written to use the deprecated php mysql drivers. However, I did take great precaution to ensure that all queries were sanitized correctly. All queries are run through a single MySQL class (custom written) and are sanitized and handled there.


If you'd like to rewrite inc/classes/mysql.php to use mysqli instead, that would be a very welcome addition!



Done, but not yet fully tested. :)
Rate: Awesome!SadUmm....Surprising!Useful! (List)
^ Top
Avatar
Posts: 5
Status: Offline
Group: Member
Member: #325
Quote
Question:

in inc/classes/jax.php, on or around line 118, I see this line:

$row['buddies']=explode(",",$row['buddies']);

but there's no actual table field called buddies. I'm not seeing any other references to that field in the code, either, and it looks like the "friends" field is supposed to remain imploded, judging from other parts of the code, so I'm guessing it isn't a typo. Is that line just dead code?
Rate: Awesome!SadUmm....Surprising!Useful! (List)
^ Top
-/+
Users Viewing This Topic
1