Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jakejarvis/jbb

A PHP bulletin board creatively titled Jake's Bulletin Board, circa 2003. (My first full coding project ever – complete with bugs and security holes and horrendous style!)
https://github.com/jakejarvis/jbb

first-project hello-world like-a-fine-wine php vintage

Last synced: 2 months ago
JSON representation

A PHP bulletin board creatively titled Jake's Bulletin Board, circa 2003. (My first full coding project ever – complete with bugs and security holes and horrendous style!)

Host: GitHub
URL: https://github.com/jakejarvis/jbb
Owner: jakejarvis
Archived: true
Created: 2018-10-18T16:40:52.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2019-09-19T05:38:06.000Z (over 5 years ago)
Last Synced: 2024-05-23T04:33:22.409Z (8 months ago)
Topics: first-project, hello-world, like-a-fine-wine, php, vintage
Language: PHP
Homepage: https://jarv.is/notes/my-first-code/
Size: 678 KB
Stars: 1
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-first-code - jakejarvis/jbb

README

        




A PHP4-based bulletin board creatively titled **Jake's Bulletin Board**. This was my first-ever full programming creation back in 2003 (if you couldn't tell) saved for posterity after being rescued from a dust-caked floppy disk.

## Usage

If you're bored on a rainy day, potential activities could include:

- Easiest code review you'll do in your entire career. (Or hardest, depending on your attitude.)

- Hacking speed-runs to boost your infosec self-esteem.

- Beating the [world record for longest laugh](http://goldenbookofrecords.com/longest-laughter/), currently held by Mr. Belachew Girma of Ethiopia with 3 hours and 6 minutes.

- Actually getting this to run in 2019.

## Embarrassing Highlights

Who cares if somebody wants to delete a post with the ID "`*`" no matter the author? ([delete_reply_submit.php](https://github.com/jakejarvis/jbb/blob/87b606797414b2fe563af85e269566fc5e076cc5/delete_reply_submit.php#L9))

```php

  $query2 = "DELETE FROM jbb_replies

WHERE replyID ='$replyID'";

$result2 = mysql_query ($query2)

        or die ($query2); 

```

Sessions based on storing an auto-incremented user ID in a cookie. ([login_submit.php](https://github.com/jakejarvis/jbb/blob/87b606797414b2fe563af85e269566fc5e076cc5/login_submit.php#L28))

```php

session_id($user->userID);

session_start();

$_SESSION["ck_userID"] = $user->userID;

$_SESSION["ck_username"] = $user->username;

$_SESSION["ck_groupID"] = $user->groupID;

```

Viewing a "private" message based solely on a sequential message ID. ([pm_view.php](https://github.com/jakejarvis/jbb/blob/87b606797414b2fe563af85e269566fc5e076cc5/pm_view.php#L13))

```php

$query1 = "SELECT * FROM jbb_pm WHERE pmID = '$pmID'";

```

Incredibly ambitious emoticon and [BBCode](https://en.wikipedia.org/wiki/BBCode) support. I honestly can't begin to explain this logic. ([functions.php](https://github.com/jakejarvis/jbb/blob/87b606797414b2fe563af85e269566fc5e076cc5/functions.php#L18))

```php

$replacement = '';

$replacement2 = '';

$replacement3 = '';

$replacement4 = '';

$replacement5 = '';

// ... yada yada yada ...

$replacement21 = '';

$replacement23 = '';

$replacement24 = '';

$topicval = str_replace(':)', $replacement, $topicval);

$topicval = str_replace(':D', $replacement2, $topicval);

$topicval = str_replace(':(', $replacement3, $topicval);

$topicval = str_replace(':crying:', $replacement4, $topicval);

$topicval = str_replace(':blush:', $replacement5, $topicval);

// you get the point...

$topicval = str_replace('[URL=', $replacement21, $topicval);

$topicval = str_replace(':]', $replacement22, $topicval);

$topicval = str_replace('[/URL]', $replacement23, $topicval);

$topicval = str_replace('[FONT COLOR=', $replacement24, $topicval);

$topicval = str_replace('[/FONT]', $replacement25, $topicval);

$topicval = str_replace('[FONT SIZE=', $replacement26, $topicval);

$topicval = str_replace('

', $replacement27, $topicval);

// repeated five more times throught the code...

```

Saving new passwords as plaintext — probably the least problematic problem. ([register_submit.php](https://github.com/jakejarvis/jbb/blob/87b606797414b2fe563af85e269566fc5e076cc5/register_submit.php#L10))

```php

$query = "INSERT INTO jbb_users (username, password, email, avatar) VALUES ('$username','$password','$email','images/avatars/noavatar.gif')";

```

I guess I gave up on counting `$query`s by ones...  ([functions.php](https://github.com/jakejarvis/jbb/blob/87b606797414b2fe563af85e269566fc5e076cc5/functions.php#L231))

```php

while ($topic = mysql_fetch_object($result30)) {

    $query40 = "SELECT * FROM jbb_users WHERE userID = '$topic->userID'";

    $result20 = mysql_query($query40)

        or die ($query40);

		

    $query50 = "SELECT * FROM jbb_replies WHERE replyID = '$replyID'";

    $result50 = mysql_query($query50)

        or die ($query50);

    $reply = mysql_fetch_object($result50);

    $query60 = "SELECT * FROM jbb_users WHERE userID = '$reply->userID'";

    $result60 = mysql_query($query60)

        or die ($query60);

    $user = mysql_fetch_object($result60);

    $query7 = "SELECT * FROM jbb_topics WHERE userID = '$reply->userID'";

    $result7 = mysql_query($query7)

        or die ($query7);

    $query8 = "SELECT * FROM jbb_replies WHERE userID = '$reply->userID'";

    $result8 = mysql_query($query8)

        or die ($query8);

    $usertopics = mysql_numrows($result7);

    $userreplies = mysql_numrows($result8);

}

```

## Screenshots

![Installation](images/readme-screen1.png)

![Home](images/readme-screen2.png)

## License

Do whatever the hell you want, it's not gonna work. 😉