Posted by Tom on 03/21/07 18:42

On 21 Mar 2007 08:17:00 -0700, starman7 wrote...
>
>On Mar 19, 5:43 am, "Vince Morgan" <vin...@REMOVEoptusnet.com.au>
>wrote:
>> "starman7" <starm...@hotmail.com> wrote in message
>>
>> news:1174276558.004984.145320@l75g2000hse.googlegroups.com...
>>
>> > On Mar 18, 8:42 pm, "Vince Morgan" <vin...@REMOVEoptusnet.com.au>
>> > wrote:
>> > > "Vince Morgan" <vin...@REMOVEoptusnet.com.au> wrote in message
>>
>> > >news:45fde317$0$4753$afc38c87@news.optusnet.com.au...
>>
>> > > > >if ( strpos($config_content, 'dbuser') && (substr($config_content, 0,
>> > > > >5) != '<?php' || substr($config_content, -2) != '?>') )
>> > > > {
>> > Thanks for the insight. The application works without that code block
>> > - so I'm guessing the config file gets loaded despite the reported
>> > problem.
>>
>> Yep, you are correct. There is no "return" or "exit" so the script should
>> keep on running after the message.
>>
>>
>>
>> > Here's my actual config file:
>>
>> > <?php
>>
>> > //
>> > // phpBB 2.x auto-generated config file
>> > // Do not change anything in this file!
>> > //
>>
>> > $dbms = 'mysql4';
>>
>> > $dbhost = '127.0.0.1';
>> > $dbname = '1234567';
>> > $dbuser = '12345678';
>> > $dbpasswd = '123456789';
>>
>> > $table_prefix = 'phpbb_';
>>
>> > define('PHPBB_INSTALLED', true);
>>
>> > ?>
>>
>> What is being checked in the "if" condition is of three parts.
>> First it checks for a substring "dbuser". The function "strpos()" returns
>> FALSE if the substring in question is not found, but it does exist in the
>> file apparently.
>> If it did not exist then the first condition "strpos($config_content,
>> 'dbuser')" returning FALSE would cause the entire condition to return FALSE,
>> as the AND "&&" opperator does not bother evaluating any further if the
>> first part is FALSE.
>>
>> In the second part. If the first five chars of the file are not "<?php"
>> [minuse the quotes] or, the last two chars are not "?>" then the entire
>> condition evaluates as TRUE. If the condition as a whole returns TRUE you
>> get the message.
>>
>> It could be written as below, and still work.
>> if ( strpos($config_content, 'dbuser') AND (substr($config_content, 0, 5)
>> != '<?php' OR substr($config_content, -2) != '?>') )
>>
>> > any ideas why the code complains about it?
>>
>> I think the problem is discovered in the second part of the condition.
>> That will evaluate as TRUE if the first 5 chars are not exactly "<?php", OR
>> if the last 2 chars are not exactly"?>".
>> A space in either part would cause the message to be output.
>> That is where I would be looking with regard to the above.
>>
>> > i've tried even moving everything to one line, but always seem to get
>> > the error (unless i remove that block) - might this code be evaluated
>> > for some reason unintended by the author's warning?
>>
>> Can't help you there.
>>
>> >might removing
>> > this code decrease the app's security?
>>
>> Don't know.
>>
>> i should mention the
>>
>> > environment is selinux - which requires specific/enhanced
>> > permissions ... not sure if that's relevant given the above info ...
>>
>> Nope, can't see that being the case.
>>
>> If the first five chars are "<?php" and the last are "?>" including hidden
>> characters, I would be lost too.
>> If the var that the file was loaded into was empty the first part of the
>> condition would evaluate as FALSE and you wouldn't see the message.
>> I would be making absolutely certain the the file begins with "<?php" and
>> ends with "?>". No line break or spaces whatsoever either before the first
>> part, or after the last part.
>>
>> I believe you have a hidden character, or a line break, or space after the
>> "?>"
>>
>> HTH
>> Vince Morgan
>
>thanks vince -
>
>actually there seems to be an invisible space after the ending >
>but i can't see it - when i echo substr($config_content, -2) it's '>
>' (single quotes to indicate trailing space).
>how can i get rid of? why does it pass ** dbloader test? could the
>space be coming from outside the file?
>
>** dbloader is a php page that tests the config file (among other
>things) and reports it as ok
>


It's been a while since I worked with phpbb, but I believe the installation is
web based so you should only need to make a couple of tweaks to the database
name and login settings.

Once it's installed I think there's an "admin" directory created in the phpbb2
directory, so I would be very cautious about removing blocks that are probably
there for a purpose.

Beside the admin that controls the board, there are other assignments like
moderators that may need special permissions. If you're getting an error related
to "dbuser", you might need to check your login permissions to make sure you
have those setup right.

Tom
--
Newsguy.com - Basic Accounts $39.95 / 12 months

[Back to original message]