Thread: For your viewing pleasure...

Hi. I am pretty new to this site and I am impressed with the work of Smoge. Great job. I recently downloaded a fully functional 30 day trial of Zend Suite (www.zend.com). Now I am no PHP expert, but I am trying to learn it as much as possible. I used the Code Analyzer to take a look at some of the coding for this software and here is what I found for global_settings.php:

Code Analyzer Output:
Unsafe use of variable in call include()/require() (line 14)
Unsafe use of variable in call include()/require() (line 15)
Unsafe use of variable in call include()/require() (line 16)
Unsafe use of variable in call include()/require() (line 17)
Unsafe use of variable in call include()/require() (line 1
Unsafe use of variable in call include()/require() (line 19)
First argument for define() is not a string (line 45)
First argument for define() is not a string (line 47)
First argument for define() is not a string (line 4
First argument for define() is not a string (line 49)
First argument for define() is not a string (line 50)
First argument for define() is not a string (line 51)
Assignment in condition (line 175)
Assignment in condition (line 243)
Variable $p_arr appears only once (line 317)
The value of variable $p_arr was never used (line 317)
Assignment in condition (line 47
Assignment in condition (line 517)
Assignment in condition (line 596)
Assignment in condition (line 743)
Bad escape sequence: \d (line 79
Assignment in condition (line 851)

Here is a description they gave for "Unsafe use of variable in call include()/require() (line 14)":
Catagory:Security
include() or analogous function is used with variable arguement. This can be dangerous since variables are in many cases controllable by remote users, and may also be altered or overwritten by mistake. This may lead to undesired behavior, and execution of arbitrary code. It is advisable to use constants instead, in such cases.
EXAMPLE:

Dangerous - $script_path = "/htdocs";

include($script_path."/foo.inc");

Recommended - define('SCRIPT_PATH', "/htdocs");

include(SCRIPT_PATH."/foo.inc");

My question to Smoge and anyone else viewing this post is: Do you think that modifying this script to conform with what the creators of PHP say is the correct syntax and coding will in some way crash or destroy this poorly written script??? If not, I would like to help Smoge make this script more stable for the people using it. I commend him for helping out with a script that obviously was written to get a quick buck and didn't really have any sound developing. I know that it will take more than some of the suggestions given by Zend to make this script right, but I am willing to try. I welcome any comments or suggestions

Hi tawlshawn,

I have been using Zend Studio for about 1 year with AEDating.

Do you think that modifying this script to conform with what the creators of PHP say is the correct syntax and coding will in some way crash or destroy this poorly written script???

To answer in short...Yes, it can crash your script. Some things noted by the Zend tool are important, many are not. You will find that some changes can cause problems for you depending upon which template you are using. Also, a few pages are used by different parts of the script at different times to build other pages. Any changes require pretty extensive regression testing.

It seems that AE has had several different developers working on the script over time. I have found that some things in the script are artifacts from previous code and are no longer necessary and were never cleaned up. Some things may only used by older templates but are not used by the newer ones, but to post the changes here might cause problems for some of our members, especially the less experienced. I have cleaned much of the unnecessary code out and, in some cases, have reduced the page size by 25%. But, like many here, I have modified much of my site and what might be unimportant to me might be a critical function for someone else.

I have been waiting for Smoge and his team to get a more stable codebase (SMART) that we can begin to help clean up. To work on the code independantly now would probably be, at best, redundant since we don't work from the same CVS. At worst, it could cause confusion and result in prolonged delays. I am patiently waiting for the SMART code that we can use and help Smoge continue his work toward a clean and stable platform to run our businesses.

Don't mean to sound negative, the Zend Studio is an awesome product. I recommend it for any serious PHP coder!

Best regards,
Alex

Hey Strategist;

Thanks for the insight. I just found it interesting that a script could be labeled "commercial grade" and have so many problems. The reality of it is that this script in the form they put out was beta script and should have never made it to the market for production use. Thank God for good people like Smoge and the people on this site for the work they are doing to get this script together. It seems to me that as long as you have a basic knowledge of PHP that you can just put out software and sell it and call it what you want....lol. I looked into creating a dating site using the Typo3 CMS system, but they have alot of mumbo jumbo that I feel just makes the process a headache. So I will keep studying PHP and Flash and wait for Smoge Take care!

Hi,

Yea - I know about these issues....

And they should be addressed, and will be in LOADED. (a child of SMART)

I know you have all be waiting a LONG TIME (since December 2005) for more activity in this area - and I have been working hard to lay the ground work for all of this... mostly releated to CVS and other issues - and this is now done.

So - things will move a bit faster now.

To add to these comments in this thread - I also would like to see, and actually, have it 50% done - to have aeDating run in PHP Safe Mode.

While SafeMode is not a fix-all, it is a good step in the right direction.

LOADED will be a SafeMode script.

Smoge