To Smarty or not Smarty?

I am currently wondering wether I should use Smarty or not. As some may know, I love having total control over what's happening, yet it's pretty boring to code a template system.

I want your opinion on this please.

Those wondering what the fuck is happening right now: NO, I did not start coding anything. Although I am on SUMMER VACATION starting wednesday. I am goijng on a trip until july 10th, date at which I will finally be able to actually start coding this beast!

r3b1rth's Project Diagram

When you take on a project as big as r3b1rth, you need a lot of planning before you jump blindly into code. Today I was bored in class, so I made a big diagram of how I planned on making the different modules and classes interact with each other. It was extremely messy, so I decided to digitalize it.

I never learned UML, so I didn't feel like learning it today for just this ones time. I made this diagram using OpenOffice.org Draw (which for those types of things is much better than MS Office).

You can find the PDF right here. Grey boxes are simple classes (the Member class, for example, which will allow me to easily manage users). If it's not too clear for you (and I expect it might), don't worry, I understand myself. I just wanted my readers to see this because it was fun to make.

I realize now that this is definitely going to help me a lot to code. All I have to do now, well, is start choosing which class I want to start with (probably the DBAL or the Template System), and then when I'm done, choose another one, and so on. Then all that will be left will be the easy parts: the pages you actually see (viewtopic.php, etc).

In other r3b1rth-related news, I've decided to use PHP5's awesome error-handling system (try...catch), so I'll be completely dumping PHP4 compatibility.

Security hole found on locklegion.com - fixed

Today I realised that there was a huge security hole on locklegion.com. Not a coding-wise security hole, but a general hole. You see, I let people host almost any type of file on their LockStorage account. This includes html pages. Now, I'm sure you know cookies usually have a defined domain name and path. Since the locklegion.com forums are on the root path, I can't exactly restrict the cookie to be only on the root path. Now the problem is that LockStorage files were hosted on the same domain name (www)! A quick test with an html page showed that it was extremely easy to grab anybody's cookie! All you had to do was create a "malicious" html page, and get someone who has chosen to be remembered by the forum to view the page, and BAM! You had their cookie!

I resolved this issue by messing with Apache's very powerful mod_rewrite. I set up virtual subdomains for people with LockStorage accounts. You used to be able to access a file using something like www.locklegion.com/lockstorage/trashlock/somefile.html, now the (better) way to access it is like so: trashlock.locklegion.com/somefile.html. This obviously is easier to remember, and it's not on the same subdomain, so cookies don't get sent there! Awesome! I've made it so Apache redirects any "old" attempts to grab a file, just to make sure.

If you allow people to host Flash, or HTML on your server, be extremely careful! Put them on a seperate domain name or subdomain! People will be able to grab your cookies. It's a fact.

Hey look! It's a fucking UPDATE!

Heh. I know you all hate me, I know nobody visits this damn thing, and I know people think this is just another one of those abandonblogs. Well, you are mistaken, because here is an update! Wow! A rather big update in fact.

First of all: No, I still haven't done jack shit on the project (code-wise). All I've done so far is lay out tons and tons of ideas in my head. I do love planning ahead. I haven't started coding this because I was (wrongly) focused on ArtChat, and school. I've got 4 tests on Tuesday, in case anyone cares.

Now, there are a few things I'd like to explain:

• First and foremost, I've changed my mind about the scope of this project. I sort of feel like making this an open-source and public project. That's right, I want people to look at the code and just try to find an exploit. I also might've gotten a partner: LimonLock. At first I thought he was just a script kiddie, but damn was I wrong. He seems like a great coder, and he understands my coding standards :') . I am really glad that I'll be able to get help on this.
• As I've said, I want this forum software to be completely modular. I've thought of something that I think has never been done before in the world of PHP: an actual "plug-in" system that doesn't require modification of the actual source code of the software. I was thinking of making this an event-based system. For example, when a post is made, an onPost event is dispatched to all installed plug-ins. The plug-in can then do whatever it wants with the data sent to it. Plug-ins will also be able to overwrite methods.
• I'm going to try to save as much time as I can coding this forum software. I, like a lot of other programmers, hate coding HTML forms. I hate this shit because it's so repetitive, boring and you keep forgetting shit. This is why the templating system will come "bundled" with a Form Generator, and a complex one at that. Forms will be able to have Web 2.0 - style tabs and various pages. This will all be easily doable with a simple method-based form builder. Example:
  
  $myForm = new Form();
  $myForm->Page1 = $myForm->createPage();
  $myForm->Page1->addField(TEXT, 'UserName', $userData->UserName);
  
  
  Hopefully you will have understood that this would create a new form with a text field named "UserName" with adefault value of the UserName of the current logged in person. Well you sort of get the point. Making forms is going to be easy.
• The administration panel will be a bit Web 2.0. You might know my friend ArmLock, or theDrunkMonkey, or ABoxInABox, or anything you remember him as. He's developping Olympus, and he uses a great trick to have a constant set of buttons and other stuff at the top of the page, without using frames! I hate frames, and I am probably going to use a technique of the sort to make the administration panel.
• I am not sure about this, but I was thinking of letting the admin truely customize the forum from the admin panel. For example you could easily add a new field to a user's profile, instead of having to go in the code or developp a new plugin just for a field. You'd be able to set where the field shows, wether it is user-modifiable or not, wether it's a numeric, etc, etc.
  

And that's pretty much all I can think of right now. I usually get more ideas before I fall asleep, but I just can't remember them as I'm typing this.

Please post comments of actual quality, not just mindless blabber or insults.

Why, it's another phpBB subversion!

I woke up today, and saw in the oh-so-awesome phpBB administration panel that version 2.0.19, "we wish you all a happy new year", has been released, and guess what? It fixes even MORE security holes! Jesus Christ! When is this going to end? I'm sick of having to upgrade manually all my files, because my board is already heavily modified.

This wouldn't happen if phpBB was actually built with security and modularity in mind! I can't believe new exploits are always found. It's just insane how shitty the phpBB coders are. I know, they work for free, and give their time and sweat so people like me can run websites for significantly less, but why is this piece of shit the #1 used forum software?

Enough ranting. For those of you who care: I've finally gotten my new monitor, and i'ts awesome! I currently am unable to start work on r3b1rth (lmao) because I have gotten an offer to work on another project, and it's at max priority right now. I'll be done January 7th, so check back later!

Stupid comments

Whoever keeps posting comments such as "Lets have a baby, baby." or "I want to fuck you up the ass.", just stop. You're really not clever, nor funny. You really must have no life to think you're even remotely funny or cool posting things like that.

To those who are wondering what I'm doing: Right now I'm waiting to get my new 20.1" monitor to start work on r3b1rth. I currently have a shitty 15" monitor, and I hate the tiny amount of code I can see with it. I'll have a dual monitor set up, it will speed up development. Right now I've finished my project manager (well, a really basic project manager actually). I'll also get to skinning this Blog whenever I finish the r3b1rth skin, to have matching designs. How awesome.

Codename: r3b1rth

All big projects have a cool code name. I've always wanted this project to be called rebirth, but be written in a cool, hip way. LeekLock found r3b1rth which I think looks totally awesome.

So now, if you need to quickly reference to this project, just talk about r3b1rth. Nobody cares, nor do I think anyone is reading this. Oh well, my life is nothing but failure :(