If you're not aware of it, have your BBS added to the FSX Webring. Not
exactly a traditional webring. Drop me a line to have your BBS added.

http://webring.fsxnet.nz

There's also Aus BBS registry.. its the best Australian BBS list in the world ;)

http://ghostwheel.zapto.org

Spec


*** THE READER V4.50 [freeware]
--- SuperBBS v1.17-3 (Eval)
* Origin: Good Luck and drive offensively! (21:3/101)

Re: Quick reminder..
By: Spectre to All on Sun Sep 17 2023 12:59 pm

If you're not aware of it, have your BBS added to the FSX Webring. Not exactly a traditional webring. Drop me a line to have your BBS added.

Hello,
You can add mine. My website is:

BBS.PCTechDr.xyz

Let me know if you need any other info.


DaveW
Port of Call BBS
BBS.PCTechDr.com Port:2323
https://BBS.PCTechDr.xyz
--- SBBSecho 3.14-Win32
* Origin: Port of Call BBS - BBS.PCTechDr.com:2323 (21:3/184)

Hello Spectre!

17 Sep 23 12:59, you wrote to all:

There's also Aus BBS registry.. its the best Australian BBS list in
the world ;)

http://ghostwheel.zapto.org

----cut me here----
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the
right syntax to use near 's Lair'' at line 2
----cut me here----



Vorlon


--- GoldED+/LNX 1.1.5-b20230826
* Origin: Dragon's Lair ---:- dragon.vk3heg.net -:--- Prt: 6800 (21:1/195)

----cut me here---- You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right
syntax to use near 's Lair'' at line 2 ----cut me here----

Uh? No comprende... my sql is pretty rudimentry at best.. you'll have to
fill me in on what you were using to get the error.

Spec


*** THE READER V4.50 [freeware]
--- SuperBBS v1.17-3 (Eval)
* Origin: Good Luck and drive offensively! (21:3/101)

Hi spec,

On Monday September 18 2023, Spectre said to Vorlon:

----cut me here---- You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right
syntax to use near 's Lair'' at line 2 ----cut me here----

Uh? No comprende... my sql is pretty rudimentry at best.. you'll have
to fill me in on what you were using to get the error.

I think it bared on my system's name "Dragon's Lair".. I did try without the
" 's " but it still had issues....


--- Zeus BBS 1.5
* Origin: -:-- Dragon's Lair --:- dragon.vk3heg.net Prt: 6800 (21:1/196.0)

Hello Spectre!

18 Sep 23 04:44, you wrote to me:

----cut me here---- You have an error in your SQL syntax; check
the manual that corresponds to your MySQL server version for the
right syntax to use near 's Lair'' at line 2 ----cut me here----

Uh? No comprende... my sql is pretty rudimentry at best.. you'll have
to fill me in on what you were using to get the error.

Just tried again now... It's now just saying ERROR.


My system's details:

Dragon's Lair
dragon.vk3heg.net port 2323
Public
24/7
Amiga OS
Zeus BBS software
Ascii/Ansi
Jan 2007

Features: Amiganet, FSXNet, Agoranet, Fidonet & local msg bases. Growing Amiga file base, online games,
Aminet mirror. (I host the Australian Aminet Mirror and a copy is also on the bbs)

Aminet CD rom ISO's (March 1994 - December 2002





Vorlon


--- GoldED+/LNX 1.1.5-b20230826
* Origin: Dragon's Lair ---:- dragon.vk3heg.net -:--- Prt: 6800 (21:1/195)

I think it bared on my system's name "Dragon's Lair".. I did try without the " 's " but it still had issues....

Hmm so you were trying to add yourself? I don't think I even considered
fields with ' in them. I'm about 75% sure there is a problem I'm forgotten about in that script, and I added entries manually through the back end.
I'll have to revisit it...

Spec


*** THE READER V4.50 [freeware]
--- SuperBBS v1.17-3 (Eval)
* Origin: Good Luck and drive offensively! (21:3/101)

My system's details:

You've been inserted. :)

I suspect it doesn't like the ' in Dragon's. It won't match dragon on the name. Not sure what to do with that. If you search by sysop it'll find you happily, just check the entry some time.

Spec


*** THE READER V4.50 [freeware]
--- SuperBBS v1.17-3 (Eval)
* Origin: Good Luck and drive offensively! (21:3/101)

On 17 Sep 2023, Spectre said the following...

If you're not aware of it, have your BBS added to the FSX Webring. Not exactly a traditional webring. Drop me a line to have your BBS added.

http://webring.fsxnet.nz

There's also Aus BBS registry.. its the best Australian BBS list in the world ;)

http://ghostwheel.zapto.org

Spec

If you would like to add Noverdu The address is http://http://noverdu.com:808/

|23|04Dr|16|12Claw
|16|14Sysop |12Noverdu |14BBS |20|15Radio|10@|14HTTP://Noverdu.com:88
|16|10 Standard ports for SSH/Telnet |04 WEB|14@|12HTTP://noverdu.com:808 |20|15Global Chat, Global Messaging and Games! |16|10Ditch the Unsocial Media

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: Noverdu BBS (21:1/210)

Hi spec,

On Monday September 18 2023, Spectre said to Vorlon:

I think it bared on my system's name "Dragon's Lair".. I did try
without the " 's " but it still had issues....

Hmm so you were trying to add yourself? I don't think I even considered fields with ' in them. I'm about 75% sure there is a problem I'm
forgotten about in that script, and I added entries manually through the back end. I'll have to revisit it...

Yes I was trying to add my bbs to your list... It just didn't like me/it!


--- Zeus BBS 1.5
* Origin: -:-- Dragon's Lair --:- dragon.vk3heg.net Prt: 6800 (21:1/196.0)

forgotten about in that script, and I added entries manually through
the back end. I'll have to revisit it...

Yes I was trying to add my bbs to your list... It just didn't like me/it!

Subsequent testing has shown. It doesn't like apostrophes in the data much.
I was also unable to get it to add "Dragon's Lair", although it was happy enough to add a test system with no contentious characters in it.

I don't know enough to decide if this is a PHP problem, or an SQL problem. Either way for now it'll have to continue the way it is. It did remind me, that although the option is there to do so, the edit script doesn't work either. Definately requiring back end manipulation to make any edits locally, this one I'll look into and see if I can't do something with it.

Spec


*** THE READER V4.50 [freeware]
--- SuperBBS v1.17-3 (Eval)
* Origin: Good Luck and drive offensively! (21:3/101)

Subsequent testing has shown. It doesn't like apostrophes in the data
much.

You need to use prepared statements, it's not a PHP or MySQL issue.

The way it is now, is very likely open to SQL injection attacks.

Andrew


--- Talisman v0.47-dev (Linux/riscv64)
* Origin: Smuggler's Cove - Private BBS (21:1/182)

You need to use prepared statements, it's not a PHP or MySQL issue.

The way it is now, is very likely open to SQL injection attacks.

Input fields, which come from a form, are vetted by... whatever it is.. I can recall reading something about it, but aside from that I didn't look into it
to much.

Injection has been tried before, at one stage there was some half a dozen entries that were just chock full of crap..

I'm not familiar with "prepared statements" though. Is there anything worth looking at? Most of this work has just been trial and error..

Spec


*** THE READER V4.50 [freeware]
--- SuperBBS v1.17-3 (Eval)
* Origin: Good Luck and drive offensively! (21:3/101)

Hi Spec,

On Wednesday September 20 2023, Spectre said to Vorlon:

forgotten about in that script, and I added entries manually through
the back end. I'll have to revisit it...

Yes I was trying to add my bbs to your list... It just didn't like
me/it!

Subsequent testing has shown. It doesn't like apostrophes in the data much. I was also unable to get it to add "Dragon's Lair", although it
was happy enough to add a test system with no contentious characters in
it.

Down with the apostrophes I say!.

I don't know enough to decide if this is a PHP problem, or an SQL
problem. Either way for now it'll have to continue the way it is. It
did remind me, that although the option is there to do so, the edit

Have yo done any googling to find somethat that's already out there to do
the job?


\/orlon
aka
Stephen

Rocking FSXnet with an Amiga 4000 and Zeus BBS.

--- Zeus BBS 1.5
* Origin: -:-- Dragon's Lair --:- dragon.vk3heg.net Prt: 6800 (21:1/196.0)

I'm not familiar with "prepared statements" though. Is there anything
worth
looking at? Most of this work has just been trial and error..

https://www.w3schools.com/php/php_mysql_prepared_statements.asp

Andrew


--- Talisman v0.47-dev (Linux/riscv64)
* Origin: Smuggler's Cove - Private BBS (21:1/182)

Have yo done any googling to find somethat that's already out there to do the job?

Would have to admit I haven't, but I'm not even sure what I'd be looking for.

Spec


*** THE READER V4.50 [freeware]
--- SuperBBS v1.17-3 (Eval)
* Origin: Good Luck and drive offensively! (21:3/101)

https://www.w3schools.com/php/php_mysql_prepared_statements.asp

Thanks. That appears to be similar to what I'm doing, other than it shows a predetermined list, not sure how it helps me.

Spec


*** THE READER V4.50 [freeware]
--- SuperBBS v1.17-3 (Eval)
* Origin: Good Luck and drive offensively! (21:3/101)

Thanks. That appears to be similar to what I'm doing, other than it
shows a
predetermined list, not sure how it helps me.

My guess is you're making a query string by adding the form input to it.

something like

$something = $_GET['something']

"SELECT stuff FROM table WHERE " . $something . " = 'something'"

That's bad and causes SQL injections because $something is not sanitized
first.

You want to do something like

$something = $_GET['something']

$stmt = "SELECT stuff FROM table WHERE ? = 'something'"
$stmt->bind_param("s", $something);

$stmt->execute();

by using the bind_param, it will sanitize $something, and you wont have
issues with apostrophes.

Andrew


--- Talisman v0.47-dev (Linux/riscv64)
* Origin: Smuggler's Cove - Private BBS (21:1/182)

My guess is you're making a query string by adding the form input to it.

So far so good, I dump the form data into an array and write it from there. I'll have to do some more looking but there was some PHP for trying to ensure that nothing untoward was being accepted.. I'll have to hunt out the details.

Spec


*** THE READER V4.50 [freeware]
--- SuperBBS v1.17-3 (Eval)
* Origin: Good Luck and drive offensively! (21:3/101)

Quick Update...

$query = htmlspecialchars($query);
$query = mysql_real_escape_string($query);

I don't really know what these do... its some function in the ubuntu in install.

Spec


*** THE READER V4.50 [freeware]
--- SuperBBS v1.17-3 (Eval)
* Origin: Good Luck and drive offensively! (21:3/101)

Hi Spec,

On Thursday September 21 2023, Spectre said to Vorlon:

Have yo done any googling to find somethat that's already out there to
do the job?

Would have to admit I haven't, but I'm not even sure what I'd be looking for.

"Green eggs and ham!" %-;

I wonder what software was used to do the old Austrlian bbs list? I hope it wasn't done by hand.....

\/orlon
aka
Stephen

Rocking FSXnet with an Amiga 4000 and Zeus BBS.

--- Zeus BBS 1.5
* Origin: -:-- Dragon's Lair --:- dragon.vk3heg.net Prt: 6800 (21:1/196.0)

I wonder what software was used to do the old Austrlian bbs list? I hope it wasn't done by hand.....

I suspect it was either a flat database or a spreadsheet. I suspect the database more... also it was mostly driven off the registry BBS so some of it was probably automated with some overview. Thats about all I can tell you.

Spec


*** THE READER V4.50 [freeware]
--- SuperBBS v1.17-3 (Eval)
* Origin: Good Luck and drive offensively! (21:3/101)

On 9/25/2023 5:53 AM, Spectre wrote to Vorlon:

I wonder what software was used to do the old Austrlian bbs list? I hope
it wasn't done by hand.....

I suspect it was either a flat database or a spreadsheet. I suspect the database more... also it was mostly driven off the registry BBS so some of it
was probably automated with some overview. Thats about all I can tell you.

Spec

I know I am late to this discussion but is this a website you are talking about? If so, you
can probably find it by doing a search at: https://archive.org/web/

It is a great resource.

Mike Dippel

--- Platinum Xpress/Win/WINServer v7.0
* Origin: The Hobby Line! BBS - hobbylinebbs.com (21:4/176)

Hi Spec,

On Monday September 25 2023, Spectre said to Vorlon:

I wonder what software was used to do the old Austrlian bbs list? I
hope it wasn't done by hand.....

I suspect it was either a flat database or a spreadsheet. I suspect the database more... also it was mostly driven off the registry BBS so some
of it was probably automated with some overview. Thats about all I can
tell you.

TBBS software?

I never called the bbs list bbs, so only sent a netmail/echomail about mine back in the day.

\/orlon
aka
Stephen

Rocking FSXnet with an Amiga 4000 and Zeus BBS.

--- Zeus BBS 1.5
* Origin: -:-- Dragon's Lair --:- dragon.vk3heg.net Prt: 6800 (21:1/196.0)

TBBS software?

To be honest, I have no recollection what BBS software was in use. I don't
even recall it being multiline so TBBS seems unlikely. Most of the QuickBBS clones had half reasonable scripting, and they were pretty much the norm, so
it could've been anything.

Spec


*** THE READER V4.50 [freeware]
--- SuperBBS v1.17-3 (Eval)
* Origin: Good Luck and drive offensively! (21:3/101)

Hi spec,

On Wednesday September 27 2023, Spectre said to Vorlon:

TBBS software?

To be honest, I have no recollection what BBS software was in use. I
don't even recall it being multiline so TBBS seems unlikely. Most of
the QuickBBS clones had half reasonable scripting, and they were pretty much the norm, so it could've been anything.

TBBS although way to expensive even by today's standards, was well known for having a builtin database system...

I never went past two lines before the internet took off, and really killed dialup bbs's.... But then my bbs also mutated into a small dialup isp and
had 21-22 lines before the big players came to town along with adsl.. even
at the entry speed of 128Kbps...


\/orlon
aka
Stephen

Rocking FSXnet with an Amiga 4000 and Zeus BBS.

--- Zeus BBS 1.5
* Origin: -:-- Dragon's Lair --:- dragon.vk3heg.net Prt: 6800 (21:1/196.0)

$stmt = "SELECT stuff FROM table WHERE ? = 'something'"

Sorry, I got those somethings around the wrong way

should be:

$stmt = "SELECT stuff FROM table WHERE something = ?"

Andrew


--- Talisman v0.47-dev (Linux/riscv64)
* Origin: Smuggler's Cove - Private BBS (21:1/182)

----cut me here---- You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right
syntax to use near 's Lair'' at line 2 ----cut me here----

Uh? No comprende... my sql is pretty rudimentry at best.. you'll have to fill me in on what you were using to get the error.

You aren't sanitizing input via escapes or parameterized queries... so, someone inputting something like : "Spectre's Lair" for a BBS name will escape in your SQL...

This means, I could enter something like "'; delete * from Users; --" and maliciously attack your mysql server.

Whatever language you are using for your server-side code, do a search for parameterized queries and sanitizing database input. Also read up on SQL Injection Attack.


--
Michael J. Ryan
+o roughneckbbs.com
tracker1@roughneckbbs.com
--- SBBSecho 3.15-Linux
* Origin: Roughneck BBS - roughneckbbs.com (21:3/149)