SMFPets Version 0.2

[AbsoluteBreeze]

Thank you David

[David]

My pleasure...I've probably got copies of almost all, if not all, of the missing files so if anyone needs them (including Daniel obviously) I'll post them as required.
 
 Server/drive problems are an absolute nightmare so I'm sure we'll all do all we can to help during this period while Daniel gets past his exams and has time to work on his site(s) again.

[Daniel15]

The dev.dansoftaustralia.net site will be back soon... I purchased a dedicated server for all my sites (anyone notice that this site is faster now? ), and will be setting it up again (from scratch, though - You'll need to reupload all your stuff again).

Server/drive problems are an absolute nightmare so I'm sure we'll all do all we can to help during this period while Daniel gets past his exams and has time to work on his site(s) again.

Exams are all over now (until the end-of-year ones) .
As for the hard drive failure, there's not much I can do. Recovery would probably be too expensive for me. I just need to get over it and move on .

[David]

 I could probably give some tips about servers...like making sure you use only drives that are rated for server use and that any backup that remains connected physically or electrically to the live system isn't a backup at all (at best it's a mirror but not a backup)...ideally have it go off site too.

 Most important though is to give a congratulation on good grades that I trust is appropriate?

 BTW hard drive failure like that usually costs, on average, upwards of $2,000 to fix via drive recovery companies so your decision to abandon such considerations was inevitable IMHO.

 Onwards and upwards...and the site is faster.

[AbsoluteBreeze]

It appears that the pets mod is open to a little security problem (highlighted in the SMF error log).

The desc field is sent to SQL without being cleansed - I guess this means it might be open to SQL injection. I haven't tested the name field.

Apostrophes and possibly smiley codes in description cause SMF security to report hacking attempts.

This morning I woke up to my error log showing......

Hacking attempt...
UPDATE shop_pets
SET name = 'Plopsy',
level = 1,
curap = 1,
maxap = 1,
happy = 9,
`desc` = 'Fluffy just like it's owner ;0)',
hunger = 8,
age = 1,
training = 1,
trainingend = '07176012305',
ownerid = 4926
WHERE pet_id = 14
File: /home/testuser/public_html/forum/Sources/shop/pet_engine.php
Line: 305

[Celdric]

I get the same error.  What do you mean by wrong package? sorry for being a php noob~ In advance, thanks for the reply.  FYI, this is a fresh install of smfshop3 and pet 0.2.

I just notice your reply GS123. There are 2 food packages available. One of them isn't working. At the time when I installed the pet mod it was in the fresh install package. I had to search the pet threads here for the correct one. Sorry, I can't remember where I found it.

[Celdric]

This mod is in beta development so a manual would be rather unlikely...I don't mean this unkindly but I'd never put a beta mod on a live forum...use it on a test forum and aid development by all means. Generally software isn't ready for live use until it's up to v1.0 or above so the version number says a lot to you.

David, somehow I have the feeling the ped mod will stay beta for ever. How else could be that so important issues like removing pets or the problem with the ' key in pet names are still continuing? At least I couldn't find any solutions. It's not meant rude and I neither blame anyone. This is a great mod, it just seems that the project is abandoned.

[David]

 I understand what you mean...the development of it has been a long road for sure and it's not anywhere near the end yet. Basil Beard (BB from now on) has had to learn as he goes along (I know that from reading his postings) he also has other commitments one way or another. I've worked with professional programmers in the past and many of those started off doing projects such as this in order to have something to learn on.

 I suppose the reason why I have a feeling that it will keep moving forward is that when we were all suffering the problems in v0.1 people thought that wouldn't get fixed yet here we are with v0.2 and, by comparison, few and minor problems. I'm not seeking to minimise the issues with v0.2 but v0.1 was way worse.

 BB did give a sort of mini roadmap for future development in a posting a while back and suggested that he was a good way along that path prior to issuing another version...that said he's never said that the project would become an official and approved one...actually he's cast doubt on that happening.

 I'm doing my best not to put words in BB's mouth as it were...just giving a digest, as I see it, of some of what he's said...no doubt he'll put me right if needs be.

 So...you may be right...the project may never get out of beta, but I do think it's rather premature to reach any conclusion on it at this point and am hopeful as to a new version coming out sometime relatively soon with bug fixes as well as new features (in a past posting of mine that was in reply to BBs request for member wish lists I made mine a maintainance release with bug fixes and no new features so from that you can, I hope, tell that I'd rather see bug free relable code slowly grow than leaving bugs in place and adding feature count.)

 I haven't given up on BB or his mod just yet...let's see what he has to say for himself about it should he happan on your posting and this reply.

 Having suffered from a mistake I made in using other beta code on a different forum (a phpBB one) I stand by what I said about not using it on a live/production forum...to do otherwise is to take big risks with the forum integrity. That mistake hurt so I hope I've saved others from something similar by speaking up about it.

 Maybe your posting will spur BB on to prove you wrong...I doubt you or I will mind that one little bit if it happens.

[AbsoluteBreeze]

Many people could argue that windows XP isn't truly out of BETA - that doesn't mean the product is dead.

Pets source is open for people to see/modify and fix.

I want this product and if that means getting my hands dirty then so be it. I'm not saying I am going to fix everything - but  I'll try and help where I can.

[David]

XP isn't truly out of ALPHA

...fixed it for you

[AbsoluteBreeze]

Sorry - your right I meant ALPHA

Whoever coded this (i'm still new here) has got a great product off the ground and I would like to say that I am not criticising - just pointing out some things that could be improved either by the original author or by the community.

I've been looking over this script and it really needs some attention.... probably more than I can offer.

The immediate thing that is problematic is that *all* $_GETS are being pushed straight into SQL query's. That opens the door for SQL injection.

For instance..

Shop-Pets.php - lines 56 - 58

Code: [Select]

elseif (isset($_GET['pet'])) {
$result = db_query("SELECT breed FROM {$db_prefix}shop_pets WHERE pet_id = {$_GET['pet']}", __FILE__, __LINE__);


That code is taking a variable $_GET['pet'] from the URL and squirting it directly into mysql,

The thing I noticed about it is that its a number - so lets convert it to a number(integer) first at the top of the function.

Code: [Select]

$_GET['pet'] = (int) $_GET['pet'];

As for non numbers (pet names etc) then other methods exist to clean them.

stripslashes($_POST['name']) should perhaps be used in place of $_POST['name'] on its own - or even in some cases htmlspecialchars($_POST['name'])

Luckily SMF does have a little protection for this... however it does mean that its easy to trip the script over and to lockup someones petshop.

Im not the most perfect programmer - so please don't take what I am saying as gospel, however I would suggest looking into sanitization methods.

[theintensity]

I love this mod.  The younger kids on my site do as well.

I noticed something today though that has me baffled.  The pets should be no more than 20 days old, and sometime between Sunday evening and now, they all miraculously aged to  389 - 391 days.   

Does anyone have any ideas on this?

[Celdric]

Thanks for your reply, David.    I agree to the most of your points. Well, let me add something. We are always talking about a "pet" mod. But in my opinion it's an universal mod. You can use it to create numerous characters or items instead of just pets.

For example you could make the rabbit to a Ferrari and the food to gasoline and depending on it's level the car could earn prize monies for you. Or you can create little virtual girl/boyfriends which have the kids to care. Or instead pets you can use the mod to offer houses that members can buy and have to maintain.

Or you could create forums jobs using the mod. Well, short you can use it for numerous purposes.  As for me, I'm using the pet mod on my adult board to offer kind of Penthouse pets, you know what I mean. lol

Anyway, there practically no limits in my opinon. That's what makes the mod so great. 
Although I wish the mod would be easier to costumize and that there would be more interesting skills.

[Daethian]

When I click Basil's link I get 404? Where can I download??

[David]

Try reading the rest of the topic before you post a query...I uploaded the file you need as an attachment to one of my posts...probably on page 7 of this topic or thereabouts.