Sample MySQL dump?Trying to set up JXBD on a new serverhttps://support.jaxboards.com/index.php?act=vt1116dgatwood:https://support.jaxboards.com/index.php?act=vt1116&findpost=325I&#039;m trying to get the JXBD system set up on my server because I need a BBS that I can integrate with my site&#039;s authentication system that only supports authentication of AJAX queries. So far, I&#039;ve downloaded the source code, fixed all the &lt;? markers that need to be &lt;?php so I don&#039;t end up with a spew of source code on the output, and did a very cursory security audit.<br /> <br /> It is at this point, however, that I&#039;ve gotten stuck. When I try to access the board, I get a &quot;board not found&quot; error because the database is empty and there&#039;s no code to populate it with tables. Unfortunately, there&#039;s also no database dump in the source code to use as a starting point.<br /> <br /> Is there someplace where I could grab the <span style="font-family:Courier"> msyqldump </span> output of an empty jaxboards database? I&#039;d rather not have to waste a week reverse-engineering the database structures from the PHP code. :-)<br /> <br /> Thanks.325Sat, 15 Jun 2013 17:08:33 +0000test:https://support.jaxboards.com/index.php?act=vt1116&findpost=1Hey dgatwood,<br /> <br /> Thanks for your interest in the software. I haven&#039;t yet created an install file for the version that I have up for download, but I have attached all of the tables you should need to this post.<br /> <br /> My apologies for not having this already available. Please let me know if you run into any other issues getting the thing running from the source code. Keep in mind the version that&#039;s up on git is the exact same copy that&#039;s running as the service we use here - it was written to be used as a service (handling multiple forums) as opposed to one single forum, but with a little bit of tweaking I can help you get up and running.<br /> <br /> <br /> Thanks again for checking out an old project of mine.<br /> <span style="color:rgb(0, 0, 0)"> <br /> </span><br /> <div class="attachment"><a href="index.php?act=download&id=20&name=jaxboards_sql_blueprint.sql" class="name">jaxboards_sql_blueprint.sql</a> Downloads: 149</div>1Sun, 16 Jun 2013 02:49:59 +0000dgatwood:https://support.jaxboards.com/index.php?act=vt1116&findpost=325I&#039;m assuming that &quot;Service/mysql.php&quot; is locked down on your servers behind authentication and HTTPS-only, right? <img src="emoticons/keshaemotes/smile.gif" alt=":)"/><br /> <br /> <br /> BTW, I have it up and running as a single board on my laptop. I&#039;m currently doing a security audit, and although it looks like you&#039;ve generally included what is probably reasonable code for avoiding injection attacks, my paranoia (having made and caught many mistakes over the years in this area) compels me to go through it and update all the query code using mysqli to eliminate any lingering doubts. <img src="emoticons/keshaemotes/grin.gif" alt=":D"/><br /> <br /> <br /> Something like:<br /> <br /> <br /> <div class="bbcode code"> &nbsp;var $mysqli_connection=false; ... &nbsp;function connect($host,$user,$password,$database=&#039;&#039;,$prefix=&#039;&#039;){ &nbsp; $link=mysql_connect($host,$user,$password); &nbsp; $this-&gt;prefix=$prefix; &nbsp; if ($link&amp;&amp;$database) $this-&gt;select_db($database); &nbsp; $this-&gt;mysqli_connection = new mysqli($host, $user, $password, $database); &nbsp; if (!$this-&gt;mysqli_connection) return false; &nbsp; return $this-&gt;connected=$link; &nbsp;} ... &nbsp;function safequery($query_string /*, ... */ ) { &nbsp; &nbsp; &nbsp; &nbsp; $my_argc = func_num_args(); &nbsp; &nbsp; &nbsp; &nbsp; $connection = $this-&gt;mysqli_connection; &nbsp; &nbsp; &nbsp; &nbsp; $stmt = $connection-&gt;prepare($query_string); &nbsp; &nbsp; &nbsp; &nbsp; if (!$stmt) return null; &nbsp; &nbsp; &nbsp; &nbsp; $typestring = &quot;&quot;; &nbsp; &nbsp; &nbsp; &nbsp; $out_args = array(); &nbsp; &nbsp; &nbsp; &nbsp; if ($my_argc &gt; 1) { &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; for ($i = 1; $i &lt; $my_argc; $i++) { &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; // syslog(LOG_EMERG, &quot;Bind: $i\n&quot;); &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; $value = func_get_arg($i); &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; $type = &quot;s&quot;; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if (is_int($value)) $type = &quot;i&quot;; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; $typestring .= $type; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; array_push($out_args, $value); &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; } &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; array_unshift($out_args, $typestring); &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; // syslog(LOG_EMERG, &quot;TYPES: $typestring, OUT ARGS: &quot;.print_r($out_args, true).&quot;\n&quot;); &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; call_user_func_array(array($stmt, &quot;bind_param&quot;), $this-&gt;refValues($out_args)); &nbsp; &nbsp; &nbsp; &nbsp; } &nbsp; &nbsp; &nbsp; &nbsp; if (!$stmt-&gt;execute()) { &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; $this-&gt;lastfailedstatement = $stmt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; return null; &nbsp; &nbsp; &nbsp; &nbsp; } &nbsp; &nbsp; &nbsp; &nbsp; return $stmt; &nbsp;} &nbsp;function refValues($arr) &nbsp;{ &nbsp; &nbsp; $refs = array(); &nbsp; &nbsp; foreach ($arr as $key =&gt; $value) { &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; $refs[$key] = &amp;$arr[$key]; &nbsp; &nbsp; } &nbsp; &nbsp; return $refs; &nbsp;} </div><br /> <br /> <br /> Followed typically by replacing calls to *-&gt;query with *-&gt;safequery, e.g. <br /> <br /> <br /> <div class="bbcode code">$foo-&gt;query(&quot;select * from foo where bar = `$i`;&quot;);</div><br /> <br /> <br /> becomes<br /> <br /> <br /> <div class="bbcode code">$foo-&gt;safequery(&quot;select * from foo where bar = ?;&quot;, $i);</div><br /> <br /> <br /> and, of course, replacing the mysql_* calls with the matching mysqli_* calls afterwards. Note that this code is not yet tested.<br /> <br /> <br /> If you&#039;re interested in incorporating such a patch when I get done, shout.<br /> <br /> 325Tue, 18 Jun 2013 20:39:03 +0000test:https://support.jaxboards.com/index.php?act=vt1116&findpost=1Hey dgatwood,<br /> <br /> <br /> Because mysqli was not around when I first started work on Jaxboards, and because I no longer maintain the software, it is written to use the deprecated php mysql drivers. However, I did take great precaution to ensure that all queries were sanitized correctly. All queries are run through a single MySQL class (custom written) and are sanitized and handled there.<br /> <br /> <br /> If you&#039;d like to rewrite inc/classes/mysql.php to use mysqli instead, that would be a very welcome addition!1Thu, 20 Jun 2013 01:25:45 +0000dgatwood:https://support.jaxboards.com/index.php?act=vt1116&findpost=325<div class="quote"><div class="quotee">Sean</div>Hey dgatwood,<br /> <br /> <br /> Because mysqli was not around when I first started work on Jaxboards, and because I no longer maintain the software, it is written to use the deprecated php mysql drivers. However, I did take great precaution to ensure that all queries were sanitized correctly. All queries are run through a single MySQL class (custom written) and are sanitized and handled there.<br /> <br /> <br /> If you&#039;d like to rewrite inc/classes/mysql.php to use mysqli instead, that would be a very welcome addition!</div><br /> <br /> <br /> <br /> Done, but not yet fully tested. <img src="emoticons/keshaemotes/smile.gif" alt=":)"/>325Sat, 22 Jun 2013 18:01:51 +0000dgatwood:https://support.jaxboards.com/index.php?act=vt1116&findpost=325Question:<br /> <br /> in inc/classes/jax.php, on or around line 118, I see this line:<br /> <br /> $row[&#039;buddies&#039;]=explode(&quot;,&quot;,$row[&#039;buddies&#039;]);<br /> <br /> but there&#039;s no actual table field called buddies. I&#039;m not seeing any other references to that field in the code, either, and it looks like the &quot;friends&quot; field is supposed to remain imploded, judging from other parts of the code, so I&#039;m guessing it isn&#039;t a typo. Is that line just dead code?<br /> 325Sun, 23 Jun 2013 03:25:34 +0000Thu, 28 Jan 2021 16:16:15 +0000