Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Modules
Author Message
rampantandroid
New Member
New Member


Joined: Dec 21, 2006
Posts: 5

PostPosted: Tue Apr 17, 2007 11:32 am Reply with quote

How can I write a php script that will allow someone to make a post from within a module of mine (using an HTML form, textboxes and such, and then take all of the data, format it into one long string and get it posted) to a specific forum, while still sending the posting data through mainfile and having the same (generally) amount of security you have when posting normally?

Thanks!
 
View user's profile Send private message
Gremmie
Former Moderator in Good Standing


Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Tue Apr 17, 2007 11:44 am Reply with quote

If you POST the form data back to your module file it will go through Sentinel (if you have it). You could then format the data and insert it into the database as a forum post.

_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module 
View user's profile Send private message
rampantandroid
PostPosted: Tue Apr 17, 2007 12:35 pm Reply with quote

Well, that works for one of my sites - but my PHPNuke 8 site which doesn't have Sentinel installed - what can I do there?
 
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Tue Apr 17, 2007 12:37 pm Reply with quote

Let me express some reservations about the solutions proposed. LOL: Please?

You need to take a look at what the Forums programs do when they post a post, so to speak. If I am not mistaken, there are a number of tables and fields within those tables updated and you'll need to replicate that to maintain the integrity of the Forums tables.
 
View user's profile Send private message Visit poster's website
Gremmie
PostPosted: Tue Apr 17, 2007 12:53 pm Reply with quote

rampantandroid wrote:
Well, that works for one of my sites - but my PHPNuke 8 site which doesn't have Sentinel installed - what can I do there?


Install Sentinel?

Edit: even if you don't have Sentinel installed, if you POST the form data back to your module using the usual conventions it will still "flow through mainfile", etc. Sentinel just does thorough checking of this data, whereas PHP-Nuke 8 does minimal checking.


Last edited by Gremmie on Tue Apr 17, 2007 1:15 pm; edited 1 time in total 
Gremmie
PostPosted: Tue Apr 17, 2007 12:55 pm Reply with quote

fkelly wrote:
Let me express some reservations about the solutions proposed. LOL: Please?

You need to take a look at what the Forums programs do when they post a post, so to speak. If I am not mistaken, there are a number of tables and fields within those tables updated and you'll need to replicate that to maintain the integrity of the Forums tables.


Agreed...you'd have to replicate the same logic that Forums does. Which makes me wonder what you are trying to do?
 
rampantandroid
PostPosted: Tue Apr 17, 2007 2:24 pm Reply with quote

fkelly wrote:
Let me express some reservations about the solutions proposed. LOL: Please?

You need to take a look at what the Forums programs do when they post a post, so to speak. If I am not mistaken, there are a number of tables and fields within those tables updated and you'll need to replicate that to maintain the integrity of the Forums tables.


Well, this is what I was hoping to get info on...I don't feel like taking the time (nor do I know enough about) to write a script to do security checking...

If nothing else, the solution of just POSTING the data can work temporarily. I know how the system works for making posts, I was just afraid of inserting the data directly into my nuke tables.
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Tue Apr 17, 2007 9:18 pm Reply with quote

You can write a script to POST data to other web scripts. That's generally how a lot of spam works. phpBB though has turned to using some session based checks which does stop some of these scripts. Though ultimately I think some spammers are turning to automated control of browsers to actually do that, bypassing these kinds of checks once again.

Look up how to use cURL in PHP. That is where you can do some powerful webpage retrieval stuff. But be surprised if it becomes complicated to replicate into POSTing data to phpBB, they've made it tough, but not impossible, to do.

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Modules

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©