implementing a modification implementing a modification
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

implementing a modification

Started by Frederick, December 01, 2005, 02:41:48 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Frederick

December 01, 2005, 02:41:48 PM
Hello,

I've been programming a .PHP file that basically extracts data from the database and displays it in a fashion that is
rather difficult to implement using the functions I find in the installed files. If I can take a few seconds of your time,
this is what I'm doing:

My picture gallery is set up as a host for a forum about terrestrial orchids, hence it contains photographs of plants. I added
a couple of user-fields (user1 & user2) to help search and cataloguize the taxonomical structure that is used in biology (A plant
belongs to a genus and is a species in that genus, that's where the user-fields come in).
With those fields, together with the 'title', I can then build a structure that looks something like this :
http://www.bv229.k12.ks.us/biophilia/lysozy8.jpg

Hopefully you get my drift, it's better to build something like that from scrap rather than using the built-in coppermine functions.

I know how to code it, and I was thinking of putting all the code in 1 PHP-file in the root of the server.
My question:
- is this safe or does this violate a few rules of seperating graphics and functional code ? I noticed most php-packages like
coppermine embrace that filosofy.
- are there things - regarding safety against hackers - I should and definately should not do ?


Thanks in advance,
Fred

Joachim Müller

#1
December 02, 2005, 08:53:29 AM
as long as your custom php file is only meant to render additional data, but not to manipulate any files or the database, it's pretty safe to do what you're up to, as a malvolent visitor couldn't use it to attack your site (except by trying to bring it down in a DDoS attack). Hard to say more without seeing the actual code.

Frederick

#2
December 02, 2005, 02:54:18 PM
Hi Gaugau,

thanks for the pointers, I will post the code when finished.

Fred

Frederick

#3
December 08, 2005, 07:12:03 PM Last Edit: December 08, 2005, 07:20:47 PM by Frederick
Hi,

It's kinda finished, all I need to figure out is placing lines that connect everything in a tree-like manner.
The code is put in a file called boom.php (dutch for tree) and can be viewed here:
http://cpcomp.mybesthost.com/boom.php
As you can see, the genus and species aren't sorted alphabetically, I would like to implement this,
but the multisort() function refuses to work ...

Everything was rather fairly easy, an experienced PHP'er would probably do it in less than 30 minutes (my
area of expertise is embedded software).

I would like to receive comment whether the code doesn't contain security-flaws.

Regards,
Fred

Code Select


<?php

define('IN_COPPERMINE'true);
define('BOOM_PHP'true);

require('include/init.inc.php');

pageheader($lang_login_php['login']);
starttable('-1'$lang_login_php['enter_login_pswd'], 2);


global $CONFIG;
$limit '';

$result db_query("SELECT COUNT(*) from {$CONFIG['TABLE_PICTURES']} WHERE approved = 'YES' $ALBUM_SET");
$nbEnr mysql_fetch_array($result);
$count $nbEnr[0];
mysql_free_result($result);

$select_columns 'title, user1, user2, user3, pid, owner_name';

$result db_query("SELECT $select_columns FROM {$CONFIG['TABLE_PICTURES']} WHERE approved = 'YES' $ALBUM_SET ORDER BY pid DESC $limit");

$rowset db_fetch_rowset($result);
mysql_free_result($result);

$sorted = array(array(array(),array(),array()));

echo <<< EOT
<table align="center" width="850" cellspacing="1" cellpadding="0" class="maintable">
<tr>
<td colspan="3" class="tableh1"><span class="statlink"><b><a href="index.php">Home</a>&nbsp>&nbspclassification tree</a></b></span></td>
</tr>
</table>
EOT;

foreach($rowset as $key => $row){

$genus $row['user1'];
$species $row['user2']; 
$title $row['title'];
$pict_id $row['pid'];
$owner $row['owner_name'];

$temp count($sorted[$genus][$species]);

$sorted[$genus][$species][$temp][0] =$title;
$sorted[$genus][$species][$temp][1] =$pict_id;
$sorted[$genus][$species][$temp][2] =$owner;

}

//remove that unused 0-index in $sorted
unset($sorted[0]);

echo <<< EOT
<br><br><br>
<table align="center" width="850" cellspacing="1" cellpadding="0" class="maintable">

EOT;

foreach($sorted as $key1 => $row){
$temp $key1 $key1 'Not specified';

echo <<<EOT
<tr>
<td valign="top" class="thumbnails" width ="250" align="left">
Genus<br>$temp<br><br>
</td>
<td valign="top" class="thumbnails" width ="600" align="center"><table>
EOT;

asort($row);

foreach($row as $key2 => $spece){
$temp $key2 $key2 'Not specified';

echo <<<EOT
<tr>
<td valign="top" class="thumbnails" width ="250" align="left">
species<br>$temp<br><br>
</td>
<td valign="top" class="thumbnails" width ="350" align="center">
<table align="center" cellspacing="1" cellpadding="0" class="maintable">
EOT;

asort($spece);


foreach($spece as $key3 => $tittel){
echo <<<EOT
<tr>
<td valign="top" class="thumbnails" align="left" width="350">
EOT;
echo <<< EOT
<a href="http://cpcomp.mybesthost.com/displayimage.php?pid=$tittel[1]&fullsize=1">$tittel[0]</a><br>posted by $tittel[2]<br>
</td></tr>
EOT;
}
echo "</table>";
}

echo "</td></tr></table></tr>";
}
echo "</table>";
endtable();
pagefooter();
ob_end_flush();

?>
Print
Go Up Pages1
User actions