Inspired by a question I received earlier today, and a few sites that were brought to my attention recently...
What is so difficult about leaving a link to a website on a piece of software you have received for free? So-called "linkware" script authors don't make a penny from their scripts. All they ask is that you link back to their site, and in most cases will embed a link into the script they provide. Now I know of people who have spent HOURS going through a script simply to remove the credit line. Apparently the script in question (Cutenews) has its credit line encrypted or something and it's very difficult to remove. Cue the person asking on every forum and emailing everyone they know asking 4 OMGZ HLP PLZ, and when told that the credit line couldn't be removed, they decided not to use the script. WTF?! I don't know about you, but doesn't it seem like a lot more effort to go about trying to get rid of the credit than just, oh I don't know, leaving it where it is?
Some script authors will settle for a link on a credits page. I admit, I'd rather find a credit link there than nowhere else, but I still wonder why these people go to all the effort when they really, really don't have to.
Removing credits is one thing, but when you change the credit to reflect a different name or URL? That is beyond unacceptable. I had someone rename PHPAskIt to "GoddessFAQ 1.2". It was blatantly the same script, the same workings, the same layout, everything. When I contacted the site owner I got a rude reply saying the person had spent ages modifying the script and it wasn't even the same any more. Oh really? Somehow I don't think so. Everything on that site appeared to work in exactly the same way as PHPAskIt. I don't think there's even a million-to-one chance that someone could write exactly the same script purely by coincidence.
Anyway. I now have a layout for my CMS admin panel! Woo, it's a little bit easier to manage things around here now. :) I've fixed quite a few bugs as well - blank tags should now display without errors, non-existent pages/posts should no longer display a blank page, etc., etc.
Oh, and going back to PHPAskIt briefly... Version 3 is in the works, and will be out soonish (no definite date yet). If you have any feature requests, please get them to me ASAP :)
...and now back to my dissertation. Yes. Must not procrastinate any longer.
Ooh shiny things! *Wanders off*
Edit: Oh, and if you are going to remove the credit, don't give me some stupid excuse like "yeah well the code isn't that great so I'm going to be replacing it with my own soon". I don't care whether the code is great or not - it's good enough for your hundreds of questions at this very moment (and the last couple of years or so that you've been using it), so put the credit back. And for your information, the code "isn't that great" because you're using one of the very first versions of the script. Maybe if you upgraded you'd have more luck.
I highly doubt you'll be writing something better than what I did (if you are even doing so - if the script was as bad as you say it is, how can you have used it for almost two years?), even though it was the first version of PAI (and I knew NOTHING about security and stuff back then. It was literally a copy and paste of several PHP snippets) - you, person(s) in question, can't even design a website (LOLZ PAGEBUILDERZ!11), let alone a script. But thanks for leaving that insecure version up, I hope you get hacked through it. Idiots.
If by now you aren't aware of the serious vulnerabilities that exist within CodeGrrl.com's most popular scripts then I would recommend that you educate yourself as a matter of urgency.
As a result of the above vulnerability, I have recently discovered that certain people have been telling others to delete the affected file, protection.php, to avoid being hacked.
DO NOT DO THIS.
Deleting protection.php takes away the admin panel's password protection and you will be leaving your scripts wide open to much more than hacking.
At first I thought it was just a misinformed user telling others what they thought was best - I was wrong. Today I was alerted to the fact that it is in fact Surpass Hosting that is spreading this very seriously incorrect advice.
Please spread the word about this. Deleting protection.php is about as secure as leaving it unpatched on the server. You WILL be hacked if you leave it unpatched, and you will also be hacked if you delete it. If you've deleted protection.php, put it back as soon as possible and tell anyone else who may have deleted it to do the same.
If you are at all worried about running PHPFanBase or any other affected CodeGrrl.com script and have decided against keeping said scripts, you need to delete ALL the files associated with the scripts, not just protection.php.
Oh, and Surpass have apparently banned my script, PHPAskIt, because they believed the recent security vulnerability hoax that stated that my script could be hacked like the rest of the CG scripts. It CAN'T. It is not based on PHPFanBase like the vulnerable CodeGrrl scripts are, and can NOT be hacked through protection.php (there is no such file anyway) or through any similar method in other files.
It has been brought to my attention that there is a serious security vulnerability within all versions of PHPAskIt, which states that the conversion scripts for Wak's Ask&Answer and the classic Ask&Answer can be hacked through the directory variables.
The security vulnerability is a hoax. The import files CANNOT be hacked through the $qadir and $dir variables even with register_globals on.
I find it such a shame that the person who discovered this has gone round telling everyone who will listen that my script's insecure (and every major security site there is) but 1) won't inform me (I found out through a Google search) and 2) makes things up. I've contacted them several times but each time the mail has bounced back. *Rolls eyes* How mature.
← Older Entries | Newer Entries →