1. Forum
  2. FSXNet
  3. FSX: General Chat

  • Quick reminder..

    From DaveW@21:3/184 to Spectre on Sunday, September 17, 2023 00:01:11
    Re: Quick reminder..
    By: Spectre to All on Sun Sep 17 2023 12:59 pm

    If you're not aware of it, have your BBS added to the FSX Webring. Not exactly a traditional webring. Drop me a line to have your BBS added.
    Hello,
    You can add mine. My website is:

    BBS.PCTechDr.xyz

    Let me know if you need any other info.


    DaveW
    Port of Call BBS
    BBS.PCTechDr.com Port:2323
    https://BBS.PCTechDr.xyz
    --- SBBSecho 3.14-Win32
    * Origin: Port of Call BBS - BBS.PCTechDr.com:2323 (21:3/184)
  • From Spectre@21:3/101 to All on Sunday, September 17, 2023 12:59:00
    If you're not aware of it, have your BBS added to the FSX Webring. Not
    exactly a traditional webring. Drop me a line to have your BBS added.

    http://webring.fsxnet.nz

    There's also Aus BBS registry.. its the best Australian BBS list in the world ;)

    http://ghostwheel.zapto.org

    Spec


    *** THE READER V4.50 [freeware]
    --- SuperBBS v1.17-3 (Eval)
    * Origin: Good Luck and drive offensively! (21:3/101)
  • From Vorlon@21:1/195 to Spectre on Sunday, September 17, 2023 15:38:02

    Hello Spectre!

    17 Sep 23 12:59, you wrote to all:

    There's also Aus BBS registry.. its the best Australian BBS list in
    the world ;)

    http://ghostwheel.zapto.org

    ----cut me here----
    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the
    right syntax to use near 's Lair'' at line 2
    ----cut me here----



    Vorlon


    --- GoldED+/LNX 1.1.5-b20230826
    * Origin: Dragon's Lair ---:- dragon.vk3heg.net -:--- Prt: 6800 (21:1/195)
  • From Spectre@21:3/101 to Vorlon on Monday, September 18, 2023 04:44:00
    ----cut me here---- You have an error in your SQL syntax; check the
    manual that corresponds to your MySQL server version for the right
    syntax to use near 's Lair'' at line 2 ----cut me here----

    Uh? No comprende... my sql is pretty rudimentry at best.. you'll have to
    fill me in on what you were using to get the error.

    Spec


    *** THE READER V4.50 [freeware]
    --- SuperBBS v1.17-3 (Eval)
    * Origin: Good Luck and drive offensively! (21:3/101)
  • From Vorlon@21:1/196 to Spectre on Monday, September 18, 2023 10:30:41
    Hi spec,

    On Monday September 18 2023, Spectre said to Vorlon:

    ----cut me here---- You have an error in your SQL syntax; check the
    manual that corresponds to your MySQL server version for the right
    syntax to use near 's Lair'' at line 2 ----cut me here----

    Uh? No comprende... my sql is pretty rudimentry at best.. you'll have
    to fill me in on what you were using to get the error.

    I think it bared on my system's name "Dragon's Lair".. I did try without the
    " 's " but it still had issues....


    --- Zeus BBS 1.5
    * Origin: -:-- Dragon's Lair --:- dragon.vk3heg.net Prt: 6800 (21:1/196.0)
  • From Vorlon@21:1/195 to Spectre on Monday, September 18, 2023 10:41:38

    Hello Spectre!

    18 Sep 23 04:44, you wrote to me:

    ----cut me here---- You have an error in your SQL syntax; check
    the manual that corresponds to your MySQL server version for the
    right syntax to use near 's Lair'' at line 2 ----cut me here----

    Uh? No comprende... my sql is pretty rudimentry at best.. you'll have
    to fill me in on what you were using to get the error.

    Just tried again now... It's now just saying ERROR.


    My system's details:

    Dragon's Lair
    dragon.vk3heg.net port 2323
    Public
    24/7
    Amiga OS
    Zeus BBS software
    Ascii/Ansi
    Jan 2007

    Features: Amiganet, FSXNet, Agoranet, Fidonet & local msg bases. Growing Amiga file base, online games,
    Aminet mirror. (I host the Australian Aminet Mirror and a copy is also on the bbs)

    Aminet CD rom ISO's (March 1994 - December 2002





    Vorlon


    --- GoldED+/LNX 1.1.5-b20230826
    * Origin: Dragon's Lair ---:- dragon.vk3heg.net -:--- Prt: 6800 (21:1/195)
  • From Spectre@21:3/101 to Vorlon on Monday, September 18, 2023 12:37:00
    I think it bared on my system's name "Dragon's Lair".. I did try without the " 's " but it still had issues....

    Hmm so you were trying to add yourself? I don't think I even considered
    fields with ' in them. I'm about 75% sure there is a problem I'm forgotten about in that script, and I added entries manually through the back end.
    I'll have to revisit it...

    Spec


    *** THE READER V4.50 [freeware]
    --- SuperBBS v1.17-3 (Eval)
    * Origin: Good Luck and drive offensively! (21:3/101)
  • From Spectre@21:3/101 to Vorlon on Monday, September 18, 2023 13:46:00
    My system's details:

    You've been inserted. :)

    I suspect it doesn't like the ' in Dragon's. It won't match dragon on the name. Not sure what to do with that. If you search by sysop it'll find you happily, just check the entry some time.

    Spec


    *** THE READER V4.50 [freeware]
    --- SuperBBS v1.17-3 (Eval)
    * Origin: Good Luck and drive offensively! (21:3/101)
  • From Spectre@21:3/101 to Vorlon on Wednesday, September 20, 2023 17:07:00
    forgotten about in that script, and I added entries manually through
    the back end. I'll have to revisit it...

    Yes I was trying to add my bbs to your list... It just didn't like me/it!

    Subsequent testing has shown. It doesn't like apostrophes in the data much.
    I was also unable to get it to add "Dragon's Lair", although it was happy enough to add a test system with no contentious characters in it.

    I don't know enough to decide if this is a PHP problem, or an SQL problem. Either way for now it'll have to continue the way it is. It did remind me, that although the option is there to do so, the edit script doesn't work either. Definately requiring back end manipulation to make any edits locally, this one I'll look into and see if I can't do something with it.

    Spec


    *** THE READER V4.50 [freeware]
    --- SuperBBS v1.17-3 (Eval)
    * Origin: Good Luck and drive offensively! (21:3/101)
  • From Vorlon@21:1/196 to Spectre on Thursday, September 21, 2023 10:18:34
    Hi Spec,

    On Wednesday September 20 2023, Spectre said to Vorlon:

    forgotten about in that script, and I added entries manually through
    the back end. I'll have to revisit it...

    Yes I was trying to add my bbs to your list... It just didn't like
    me/it!

    Subsequent testing has shown. It doesn't like apostrophes in the data much. I was also unable to get it to add "Dragon's Lair", although it
    was happy enough to add a test system with no contentious characters in
    it.

    Down with the apostrophes I say!.

    I don't know enough to decide if this is a PHP problem, or an SQL
    problem. Either way for now it'll have to continue the way it is. It
    did remind me, that although the option is there to do so, the edit

    Have yo done any googling to find somethat that's already out there to do
    the job?


    \/orlon
    aka
    Stephen

    Rocking FSXnet with an Amiga 4000 and Zeus BBS.

    --- Zeus BBS 1.5
    * Origin: -:-- Dragon's Lair --:- dragon.vk3heg.net Prt: 6800 (21:1/196.0)
  • From apam@21:1/182 to Spectre on Thursday, September 21, 2023 11:01:14
    I'm not familiar with "prepared statements" though. Is there anything
    worth
    looking at? Most of this work has just been trial and error..

    https://www.w3schools.com/php/php_mysql_prepared_statements.asp

    Andrew


    --- Talisman v0.47-dev (Linux/riscv64)
    * Origin: Smuggler's Cove - Private BBS (21:1/182)
  • From Spectre@21:3/101 to Vorlon on Thursday, September 21, 2023 12:05:00
    Have yo done any googling to find somethat that's already out there to do the job?

    Would have to admit I haven't, but I'm not even sure what I'd be looking for.

    Spec


    *** THE READER V4.50 [freeware]
    --- SuperBBS v1.17-3 (Eval)
    * Origin: Good Luck and drive offensively! (21:3/101)
  • From Spectre@21:3/101 to apam on Thursday, September 21, 2023 12:16:00
    https://www.w3schools.com/php/php_mysql_prepared_statements.asp

    Thanks. That appears to be similar to what I'm doing, other than it shows a predetermined list, not sure how it helps me.

    Spec


    *** THE READER V4.50 [freeware]
    --- SuperBBS v1.17-3 (Eval)
    * Origin: Good Luck and drive offensively! (21:3/101)
  • From apam@21:1/182 to Spectre on Thursday, September 21, 2023 12:58:23
    Thanks. That appears to be similar to what I'm doing, other than it
    shows a
    predetermined list, not sure how it helps me.

    My guess is you're making a query string by adding the form input to it.

    something like

    $something = $_GET['something']

    "SELECT stuff FROM table WHERE " . $something . " = 'something'"

    That's bad and causes SQL injections because $something is not sanitized
    first.

    You want to do something like

    $something = $_GET['something']

    $stmt = "SELECT stuff FROM table WHERE ? = 'something'"
    $stmt->bind_param("s", $something);

    $stmt->execute();

    by using the bind_param, it will sanitize $something, and you wont have
    issues with apostrophes.

    Andrew


    --- Talisman v0.47-dev (Linux/riscv64)
    * Origin: Smuggler's Cove - Private BBS (21:1/182)
  • From Spectre@21:3/101 to apam on Thursday, September 21, 2023 18:01:00
    My guess is you're making a query string by adding the form input to it.

    So far so good, I dump the form data into an array and write it from there. I'll have to do some more looking but there was some PHP for trying to ensure that nothing untoward was being accepted.. I'll have to hunt out the details.

    Spec


    *** THE READER V4.50 [freeware]
    --- SuperBBS v1.17-3 (Eval)
    * Origin: Good Luck and drive offensively! (21:3/101)
  • From Spectre@21:3/101 to apam on Thursday, September 21, 2023 18:51:00
    Quick Update...

    $query = htmlspecialchars($query);
    $query = mysql_real_escape_string($query);

    I don't really know what these do... its some function in the ubuntu in install.

    Spec


    *** THE READER V4.50 [freeware]
    --- SuperBBS v1.17-3 (Eval)
    * Origin: Good Luck and drive offensively! (21:3/101)
  • From Spectre@21:3/101 to Vorlon on Monday, September 25, 2023 06:03:00
    I wonder what software was used to do the old Austrlian bbs list? I hope it wasn't done by hand.....

    I suspect it was either a flat database or a spreadsheet. I suspect the database more... also it was mostly driven off the registry BBS so some of it was probably automated with some overview. Thats about all I can tell you.

    Spec


    *** THE READER V4.50 [freeware]
    --- SuperBBS v1.17-3 (Eval)
    * Origin: Good Luck and drive offensively! (21:3/101)
  • From Mike Dippel@21:4/176 to Spectre on Sunday, September 24, 2023 23:11:42
    On 9/25/2023 5:53 AM, Spectre wrote to Vorlon:

    I wonder what software was used to do the old Austrlian bbs list? I hope
    it wasn't done by hand.....

    I suspect it was either a flat database or a spreadsheet. I suspect the database more... also it was mostly driven off the registry BBS so some of it
    was probably automated with some overview. Thats about all I can tell you.

    Spec

    I know I am late to this discussion but is this a website you are talking about? If so, you
    can probably find it by doing a search at: https://archive.org/web/

    It is a great resource.

    Mike Dippel

    --- Platinum Xpress/Win/WINServer v7.0
    * Origin: The Hobby Line! BBS - hobbylinebbs.com (21:4/176)
  • From Vorlon@21:1/196 to Spectre on Wednesday, September 27, 2023 10:58:05
    Hi Spec,

    On Monday September 25 2023, Spectre said to Vorlon:

    I wonder what software was used to do the old Austrlian bbs list? I
    hope it wasn't done by hand.....

    I suspect it was either a flat database or a spreadsheet. I suspect the database more... also it was mostly driven off the registry BBS so some
    of it was probably automated with some overview. Thats about all I can
    tell you.

    TBBS software?

    I never called the bbs list bbs, so only sent a netmail/echomail about mine back in the day.

    \/orlon
    aka
    Stephen

    Rocking FSXnet with an Amiga 4000 and Zeus BBS.

    --- Zeus BBS 1.5
    * Origin: -:-- Dragon's Lair --:- dragon.vk3heg.net Prt: 6800 (21:1/196.0)
  • From Spectre@21:3/101 to Vorlon on Wednesday, September 27, 2023 21:22:00
    TBBS software?

    To be honest, I have no recollection what BBS software was in use. I don't
    even recall it being multiline so TBBS seems unlikely. Most of the QuickBBS clones had half reasonable scripting, and they were pretty much the norm, so
    it could've been anything.

    Spec


    *** THE READER V4.50 [freeware]
    --- SuperBBS v1.17-3 (Eval)
    * Origin: Good Luck and drive offensively! (21:3/101)
  • From Vorlon@21:1/196 to Spectre on Friday, September 29, 2023 11:35:35
    Hi spec,

    On Wednesday September 27 2023, Spectre said to Vorlon:

    TBBS software?

    To be honest, I have no recollection what BBS software was in use. I
    don't even recall it being multiline so TBBS seems unlikely. Most of
    the QuickBBS clones had half reasonable scripting, and they were pretty much the norm, so it could've been anything.

    TBBS although way to expensive even by today's standards, was well known for having a builtin database system...

    I never went past two lines before the internet took off, and really killed dialup bbs's.... But then my bbs also mutated into a small dialup isp and
    had 21-22 lines before the big players came to town along with adsl.. even
    at the entry speed of 128Kbps...


    \/orlon
    aka
    Stephen

    Rocking FSXnet with an Amiga 4000 and Zeus BBS.

    --- Zeus BBS 1.5
    * Origin: -:-- Dragon's Lair --:- dragon.vk3heg.net Prt: 6800 (21:1/196.0)
  • From apam@21:1/182 to apam on Thursday, September 21, 2023 13:00:02
    $stmt = "SELECT stuff FROM table WHERE ? = 'something'"

    Sorry, I got those somethings around the wrong way

    should be:

    $stmt = "SELECT stuff FROM table WHERE something = ?"

    Andrew


    --- Talisman v0.47-dev (Linux/riscv64)
    * Origin: Smuggler's Cove - Private BBS (21:1/182)
  • From Tracker1@21:3/149 to Spectre on Sunday, October 01, 2023 17:52:58
    ----cut me here---- You have an error in your SQL syntax; check the
    manual that corresponds to your MySQL server version for the right
    syntax to use near 's Lair'' at line 2 ----cut me here----

    Uh? No comprende... my sql is pretty rudimentry at best.. you'll have to fill me in on what you were using to get the error.

    You aren't sanitizing input via escapes or parameterized queries... so, someone inputting something like : "Spectre's Lair" for a BBS name will escape in your SQL...

    This means, I could enter something like "'; delete * from Users; --" and maliciously attack your mysql server.

    Whatever language you are using for your server-side code, do a search for parameterized queries and sanitizing database input. Also read up on SQL Injection Attack.


    --
    Michael J. Ryan
    +o roughneckbbs.com
    tracker1@roughneckbbs.com
    --- SBBSecho 3.15-Linux
    * Origin: Roughneck BBS - roughneckbbs.com (21:3/149)