This is the community forum. For a developer response use the Client Area.
Follow us on Facebook, Twitter and YouTube!

Arbitrary ID (Outdated)
#1

There have been a few questions as to arbitrary IDs. I decided to make an add-on for this very purpose. You can find a packaged version here: http://www.commentics.org/add-ons.php#arbitrary_id

PHP Code:
<?php 
/************************************************** ARBITRARY ID **************************************************/
$current_page_url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
$current_page_url = sanitize($current_page_url,1,1,1);
$existing_pages = mysql_fetch_assoc(mysql_query("SELECT * FROM `".$mysql_table_prefix."pages` WHERE url = '$current_page_url'"));
$existing_custom_id = mysql_fetch_assoc(mysql_query("SELECT * FROM `".$mysql_table_prefix."pages` WHERE custom_id = '$current_page_url'"));
$arbitrary_id_reference = '';//Your value/variable here
if($existing_pages['url']==null && $existing_custom_id['custom_id']==null) {
mysql_query("INSERT INTO `".$mysql_table_prefix."pages` (reference, url, is_form_enabled, dated, custom_id) VALUES ('$arbitrary_id_reference', '$current_page_url', 1, NOW(), '$current_page_url')");
}
/******************************************************************************************************************/

All this does is check the database for any page which has a custom id or url of the current page, and adds a new page if there isn't one. The downside is that you'll need to either set the reference manually yourself later, or modify $arbitrary_id_reference to hold a variable value which will set the reference automatically, such as
PHP Code:
<?php 
$arbitrary_id_reference
= $_GET['page_title'];

There is one thing you need to know about arbitrary IDs, however. If someone decides to play around with the url, then that page will also be added. This is normal behavior. For example, look at a different comment script with built-in arbitrary IDs: http://www.gentlesource.com/comment-script/
Go to the front-end demo, and add something like "?add_an_extra_page=true" to the end of the url. Comment on that page, and it'll work. If you need convincing, you can go to the back-end. Sorry if I counter-advertised, I wouldn't recommend that script anyway. It looks nice, but it has some bugs, and adds a footer which doesn't look good on dark backgrounds. I've also found it to crash my site by adding alt codes (alt+num-8) to a comment. Commentics has much more features, and bans.

In order to prevent that from happening, you should add a strict check in front of your include script. Code can be found here: http://www.commentics.org/forum/showthre...612#pid612

The only other thing is that you need to change the include script to be
PHP Code:
<?php 
$page_id
= "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
$path_to_comments_folder = "comments/";
define ('IN_COMMENTICS', 'true'); //no need to edit this line
require $path_to_comments_folder . "includes/commentics.php"; //no need to edit this line

ENJOYSmile!

I'm giving you three guesses...
Reply
#2

I have just identified a possible security threat for this code. It is recommended to not yet use it. More info on the threat can be found here: http://seancoates.com/blogs/xss-woes

I'll try to find a fix as soon as possible.
The issue has now been fixed. It is safe to download and use this code, including the source above.

I'm giving you three guesses...
Reply
#3

New update:
Added a line of code to make it possible to disable the add-on in certain pages.
New code:
PHP Code:
<?php 
/************************************************** ARBITRARY ID **************************************************/
if(!defined('ARBITRARY_ID_DISABLED')){
$current_page_url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
$current_page_url = sanitize($current_page_url,1,1,1);
$existing_pages = mysql_fetch_assoc(mysql_query("SELECT * FROM `".$mysql_table_prefix."pages` WHERE url = '$current_page_url'"));
$existing_custom_id = mysql_fetch_assoc(mysql_query("SELECT * FROM `".$mysql_table_prefix."pages` WHERE custom_id = '$current_page_url'"));
$arbitrary_id_reference = '';//Your value/variable here
if($existing_pages['url']==null && $existing_custom_id['custom_id']==null) {
mysql_query("INSERT INTO `".$mysql_table_prefix."pages` (reference, url, is_form_enabled, dated, custom_id) VALUES ('$arbitrary_id_reference', '$current_page_url', 1, NOW(), '$current_page_url')");
}
}
/*******************************************************************************************************************/

To disable it, simply add
PHP Code:
<?php 
define
('ARBITRARY_ID_DISABLED','true'); //disable arbitrary id add-on
to the include code after
PHP Code:
<?php 
define
('IN_COMMENTICS', 'true'); //no need to edit this line

I'm giving you three guesses...
Reply
#4

Found a problem with the add-on. It registers "http://www.example.com/page.php" and "http://example.com/page.php" as two different pages. I'll fix that in the next version.

I'm giving you three guesses...
Reply
#5

I imagine you have a similar problem with domain.com/ and domain.com/index.php.

Have you completed the interview?
Reply
#6

Yeah, but I think that mine is much easier to fix. I'm almost done already.
For now, if anyone is having trouble with the script, add a redirect(VIA .htaccess) to your site with www in front of it.
Example:
Code:
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^yoursite.com [NC]
RewriteRule ^(.*)$ http://www.yoursite.com/$1 [L,R=301]
as seen on http://www.webweaver.nu/html-tips/web-redirection.shtml

I'm giving you three guesses...
Reply
#7

Another solution is replacing $_SERVER['HTTP_HOST'] with "www.yoursite.com" in the add-on, and in the include script. This means that you don't have to use .htaccess for this. I'm working on another solution right now.

I'm giving you three guesses...
Reply
#8

I post this as new thread , as the original thread is almost FIXED
I wonder, why Commentics is catching the following pages
I found them at ACP ---> Manage --> pages
Code:
http://falsafa.info/bonheur-c.php?test=1
http://falsafa.info/bonheur-c.php/errors.php
http://falsafa.info/bonheur-c.php/img/pen_pencil.gif
http://falsafa.info/bonheur-c.php/
http://falsafa.info/bonheur-c.php/errors.php?error=lol
For example, why gif images are stored as "Pages" !?
Where the errors.php file come from? I have no such page in my web site directory? I think Commentics should reject any non existent URL
Reply
#9

The above post has been moved here because it's a bug related to this add-on and not Commentics itself.

Have you completed the interview?
Reply
#10

sorry i get this problem

Fatal error: Call to undefined function sanitize() in /home/../public_html/comments/includes/commentics.php on line 51

in this line

$current_page_url = sanitize($current_page_url,1,1,1);

so can you help me to fix it ..

thanx
Reply


Possibly Related Threads…
Thread / Author Replies Views Last Post
Last Post by Steven
15-Mar-2011, 12:32 PM
Last Post by Static
31-Dec-2010, 08:09 AM

Forum Jump:


Users browsing this thread: 2 Guest(s)