Skip to content
A PHP bulletin board creatively titled Jake's Bulletin Board, circa 2003. (My first full coding project ever – complete with bugs and security holes and horrendous form!)
PHP Hack Smarty
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
admin
images
includes
modules/calculator first commit Oct 18, 2018
setup first commit Oct 18, 2018
README.md
conf.php
delete_reply.php
delete_reply_submit.php
edit_reply.php
edit_reply_submit.php
edit_topic.php
edit_topic_submit.php
forumlist.php
functions.php
index.php first commit Oct 18, 2018
login_submit.php
logout.php
members.php
new_reply.php first commit Oct 18, 2018
new_reply_submit.php first commit Oct 18, 2018
new_topic.php
new_topic_submit.php
pm_view.php
pmlist.php first commit Oct 18, 2018
private.php
private_submit.php
register.php
register_submit.php
topic_view.php first commit Oct 18, 2018
topiclist.php
user_profile.php
usercp.php
usercp_submit.php

README.md

A PHP4-based bulletin board creatively titled Jake's Bulletin Board. This was my first-ever full programming creation back in 2003 (if you couldn't tell) saved for posterity after being rescued from a dust-caked floppy disk.

Usage

If you're bored on a rainy day, potential activities could include:

  • Easiest code review you'll do in your entire career. (Or hardest, depending on your attitude.)
  • Hacking speed-runs to boost your infosec self-esteem.
  • Beating the world record for longest laugh, currently held by Mr. Belachew Girma of Ethiopia with 3 hours and 6 minutes.
  • Actually getting this to run in 2019.

Embarrassing Highlights

Who cares if somebody wants to delete a post with the ID "*" no matter the author? (delete_reply_submit.php)

  $query2 = "DELETE FROM jbb_replies
WHERE replyID ='$replyID'";
$result2 = mysql_query ($query2)
        or die ($query2); 

Sessions based on storing an auto-incremented user ID in a cookie. (login_submit.php)

session_id($user->userID);
session_start();
$_SESSION["ck_userID"] = $user->userID;
$_SESSION["ck_username"] = $user->username;
$_SESSION["ck_groupID"] = $user->groupID;

Viewing a "private" message based solely on a sequential message ID. (pm_view.php)

$query1 = "SELECT * FROM jbb_pm WHERE pmID = '$pmID'";

Incredibly ambitious emoticon and BBCode support. I honestly can't begin to explain this logic. (functions.php)

$replacement = '<IMG SRC=images/emoticons/smile.gif>';
$replacement2 = '<IMG SRC=images/emoticons/bigsmile.gif>';
$replacement3 = '<IMG SRC=images/emoticons/frown.gif>';
$replacement4 = '<IMG SRC=images/emoticons/crying.gif>';
$replacement5 = '<IMG SRC=images/emoticons/blush.gif>';
// ... yada yada yada ...
$replacement21 = '<a href="';
$replacement22 = '">';
$replacement23 = '</a>';
$replacement24 = '<FONT COLOR="';
$replacement25 = '</FONT>';
$replacement26 = '<FONT SIZE="';
$replacement27 = '<BR>';

$topicval = str_replace(':)', $replacement, $topicval);
$topicval = str_replace(':D', $replacement2, $topicval);
$topicval = str_replace(':(', $replacement3, $topicval);
$topicval = str_replace(':crying:', $replacement4, $topicval);
$topicval = str_replace(':blush:', $replacement5, $topicval);
// you get the point...
$topicval = str_replace('[URL=', $replacement21, $topicval);
$topicval = str_replace(':]', $replacement22, $topicval);
$topicval = str_replace('[/URL]', $replacement23, $topicval);
$topicval = str_replace('[FONT COLOR=', $replacement24, $topicval);
$topicval = str_replace('[/FONT]', $replacement25, $topicval);
$topicval = str_replace('[FONT SIZE=', $replacement26, $topicval);
$topicval = str_replace('
', $replacement27, $topicval);

// repeated five more times throught the code...

Saving new passwords as plaintext — probably the least problematic problem. (register_submit.php)

$query = "INSERT INTO jbb_users (username, password, email, avatar) VALUES ('$username','$password','$email','images/avatars/noavatar.gif')";

I guess I gave up on counting $querys by ones... (functions.php)

while ($topic = mysql_fetch_object($result30)) {
    $query40 = "SELECT * FROM jbb_users WHERE userID = '$topic->userID'";
    $result20 = mysql_query($query40)
        or die ($query40);
		
    $query50 = "SELECT * FROM jbb_replies WHERE replyID = '$replyID'";
    $result50 = mysql_query($query50)
        or die ($query50);

    $reply = mysql_fetch_object($result50);

    $query60 = "SELECT * FROM jbb_users WHERE userID = '$reply->userID'";
    $result60 = mysql_query($query60)
        or die ($query60);

    $user = mysql_fetch_object($result60);

    $query7 = "SELECT * FROM jbb_topics WHERE userID = '$reply->userID'";
    $result7 = mysql_query($query7)
        or die ($query7);

    $query8 = "SELECT * FROM jbb_replies WHERE userID = '$reply->userID'";
    $result8 = mysql_query($query8)
        or die ($query8);

    $usertopics = mysql_numrows($result7);

    $userreplies = mysql_numrows($result8);
}

Screenshots

Installation

Home

License

Do whatever the hell you want, it's not gonna work. 😉

You can’t perform that action at this time.