I've got a WSN installation (3.12) in which I've added some custom integer member fields. Everything works great with the conditional template stuff in the 3.12 install and everything is happy.
Now I'm trying to emulate this same setup in a 3.15 install (on different server). The same member fields have been added and used in the templates in the same way, but I'm getting an eval error resulting from failed template variable replacement.
The first interesting area looks like this in the template (edit profile)...
<IF {MEMBERPENDINGLINKS} is 0> <IF {MEMBERLINKS} is 0> <IF {MEMBERCREDITS} is 0> etc.
In 3.15 I'm getting this result...
<?php if ("" == 0) { ?> <?php if ("" == 0) { ?> <?php if (0 == 0) { ?>
I don't know why these ints are replaced differently and I don't know why the quotes are in there, these are all integer fields. These fields were added as integer (and this has been verified via phpMyAdmin).
The second area uses the same fields but gets yet another different (invalid) result...
<IF {MEMBERPENDINGLINKS} is greater than 0 or {MEMBERLINKS} is greater than 0 or {MEMBERCREDITS} is greater than 0>
This results in...
<?php if ( > 0 || > 0 || 0 > 0) { ?>
Which is obviously fatal to the process, resulting in this error...
Parse error: syntax error, unexpected '>' in /home/sky/public_html/commonfuncs.php(349) : eval()'d code on line 194
I've tried taking the conditionals.php from 3.12 and moving it to the 3.15 install, that seemed to make things worse.
I've compared the phpMyAdmin structure for the member tables and they are identical on both installations. I've tried making the DB fields for the member variables to be "Not NULL" and defaulted to "0", but that didn't help either, so I put it back like the WSN admin panel created them.
I've also tried changing the template conditional syntax, but no luck.
I can't support versions that are years out of date, especially when I've informed everyone that said versions paint a big "come hack me" sign on the server and given very clear instructions on not using them, besides removing them from the downloads area and not retaining any copies of them on my computer.
I will say that nesting conditionals (<IF x><IF y></IF></IF>) or just using PHP tends to be more effective than long strings of conditionals, as conditionals are for simple stuff (though it's largely unimportant when your site is probably serving up warez and child porn in a hacked directory).
Also I can say that recent versions would've created with default 0 (if integer was selected).
Sorry, I thought that the 3.15 I was working on (for client) was a recent release.
Is 3.15 equivalent to 3.0.15 in the current versioning scheme, or 3.1.15, or something else?
Also are you saying that these instructions are not sufficient to deal with the hack issues...?
If you insist on continuing to use an older version, you can be fairly safe by making sure you have no directories chmoded to 777 (meaning you won't be able to use the attachments feature), deleting formemail.php if it exists (it was bundled with some older versions of WSN Links), and turning on the security image presuming your version supports it.
I would nest them, except I need OR and nesting is better suited to ANDs than ORs. But I like your suggestion of using PHP in the template. I can see how that might work...
3.15 was labeled 3.15... if you add the second dot it'd be 3.1.5. It was released March 19th, 2005. There have been 28 new releases since then. The current version is 3.3.18 (3.318 by old single-decimal format).
Also are you saying that these instructions are not sufficient to deal with the hack issues...?
Covering one possible exploit does nothing address a problem. The point is that all hackers have access to a shell with the php user's permissions. It's nearly impossible to run a site where nothing is writeable anywhere, and even if you do if you're on a shared server you're probably making other people's accounts vulnerable. As well, it would be possible to gather your mysql info from config.php and run arbitrary mysql queries without any writeable files.
Comments on Custom Field Replacement Issue
Member
Usergroup: Customer
Joined: Oct 25, 2004
Total Topics: 8
Total Comments: 28
Hello again,
Appreciate any help or ideas on this one...
I've got a WSN installation (3.12) in which I've added some custom integer member fields. Everything works great with the conditional template stuff in the 3.12 install and everything is happy.
Now I'm trying to emulate this same setup in a 3.15 install (on different server). The same member fields have been added and used in the templates in the same way, but I'm getting an eval error resulting from failed template variable replacement.
The first interesting area looks like this in the template (edit profile)...
In 3.15 I'm getting this result...
I don't know why these ints are replaced differently and I don't know why the quotes are in there, these are all integer fields. These fields were added as integer (and this has been verified via phpMyAdmin).
The second area uses the same fields but gets yet another different (invalid) result...
This results in...
Which is obviously fatal to the process, resulting in this error...
I've tried taking the conditionals.php from 3.12 and moving it to the 3.15 install, that seemed to make things worse.
I've compared the phpMyAdmin structure for the member tables and they are identical on both installations. I've tried making the DB fields for the member variables to be "Not NULL" and defaulted to "0", but that didn't help either, so I put it back like the WSN admin panel created them.
I've also tried changing the template conditional syntax, but no luck.
Any ideas?
Member
Usergroup: Customer
Joined: Oct 25, 2004
Total Topics: 8
Total Comments: 28
P.S. I've also tried the debug mode which doesn't really provide any useful info in this case.
Member
Usergroup: Customer
Joined: Oct 25, 2004
Total Topics: 8
Total Comments: 28
Paul, any ideas on this?
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
I can't support versions that are years out of date, especially when I've informed everyone that said versions paint a big "come hack me" sign on the server and given very clear instructions on not using them, besides removing them from the downloads area and not retaining any copies of them on my computer.
I will say that nesting conditionals (<IF x><IF y></IF></IF>) or just using PHP tends to be more effective than long strings of conditionals, as conditionals are for simple stuff (though it's largely unimportant when your site is probably serving up warez and child porn in a hacked directory).
Also I can say that recent versions would've created with default 0 (if integer was selected).
Member
Usergroup: Customer
Joined: Oct 25, 2004
Total Topics: 8
Total Comments: 28
Sorry, I thought that the 3.15 I was working on (for client) was a recent release.
If you insist on continuing to use an older version, you can be fairly safe by making sure you have no directories chmoded to 777 (meaning you won't be able to use the attachments feature), deleting formemail.php if it exists (it was bundled with some older versions of WSN Links), and turning on the security image presuming your version supports it.
But how do I reference the member variables?
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
3.15 was labeled 3.15... if you add the second dot it'd be 3.1.5. It was released March 19th, 2005. There have been 28 new releases since then. The current version is 3.3.18 (3.318 by old single-decimal format).
Also are you saying that these instructions are not sufficient to deal with the hack issues...?
Covering one possible exploit does nothing address a problem. The point is that all hackers have access to a shell with the php user's permissions. It's nearly impossible to run a site where nothing is writeable anywhere, and even if you do if you're on a shared server you're probably making other people's accounts vulnerable. As well, it would be possible to gather your mysql info from config.php and run arbitrary mysql queries without any writeable files.
But how do I reference the member variables?
Type template variables: scripts.webmastersite.net/w...inks/wsnmanual/articles/13