Arbitrary ID (Outdated)

[Static]

There have been a few questions as to arbitrary IDs. I decided to make an add-on for this very purpose. You can find a packaged version here: http://www.commentics.org/add-ons.php#arbitrary_id

PHP Code:

/************************************************** ARBITRARY ID **************************************************/
$current_page_url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
$current_page_url = sanitize($current_page_url,1,1,1);
$existing_pages = mysql_fetch_assoc(mysql_query("SELECT * FROM `".$mysql_table_prefix."pages` WHERE url = '$current_page_url'"));
$existing_custom_id = mysql_fetch_assoc(mysql_query("SELECT * FROM `".$mysql_table_prefix."pages` WHERE custom_id = '$current_page_url'"));
$arbitrary_id_reference = '';//Your value/variable here
if($existing_pages['url']==null && $existing_custom_id['custom_id']==null) {
mysql_query("INSERT INTO `".$mysql_table_prefix."pages` (reference, url, is_form_enabled, dated, custom_id) VALUES ('$arbitrary_id_reference', '$current_page_url', 1, NOW(), '$current_page_url')");
}
/********************************************************************************​**********************************/ 


All this does is check the database for any page which has a custom id or url of the current page, and adds a new page if there isn't one. The downside is that you'll need to either set the reference manually yourself later, or modify $arbitrary_id_reference to hold a variable value which will set the reference automatically, such as

PHP Code:

$arbitrary_id_reference = $_GET['page_title']; 


There is one thing you need to know about arbitrary IDs, however. If someone decides to play around with the url, then that page will also be added. This is normal behavior. For example, look at a different comment script with built-in arbitrary IDs: http://www.gentlesource.com/comment-script/
Go to the front-end demo, and add something like "?add_an_extra_page=true" to the end of the url. Comment on that page, and it'll work. If you need convincing, you can go to the back-end. Sorry if I counter-advertised, I wouldn't recommend that script anyway. It looks nice, but it has some bugs, and adds a footer which doesn't look good on dark backgrounds. I've also found it to crash my site by adding alt codes (alt+num-8) to a comment. Commentics has much more features, and bans.

In order to prevent that from happening, you should add a strict check in front of your include script. Code can be found here: http://www.commentics.org/forum/showthre...612#pid612

The only other thing is that you need to change the include script to be

PHP Code:

$page_id = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
$path_to_comments_folder = "comments/"; 
define ('IN_COMMENTICS', 'true'); //no need to edit this line 
require $path_to_comments_folder . "includes/commentics.php"; //no need to edit this line 


ENJOY!

[Static]

I have just identified a possible security threat for this code. It is recommended to not yet use it. More info on the threat can be found here: http://seancoates.com/blogs/xss-woes

I'll try to find a fix as soon as possible.

---

The issue has now been fixed. It is safe to download and use this code, including the source above.

[Static]

New update:
Added a line of code to make it possible to disable the add-on in certain pages.
New code:

PHP Code:

/************************************************** ARBITRARY ID **************************************************/
if(!defined('ARBITRARY_ID_DISABLED')){
$current_page_url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
$current_page_url = sanitize($current_page_url,1,1,1);
$existing_pages = mysql_fetch_assoc(mysql_query("SELECT * FROM `".$mysql_table_prefix."pages` WHERE url = '$current_page_url'"));
$existing_custom_id = mysql_fetch_assoc(mysql_query("SELECT * FROM `".$mysql_table_prefix."pages` WHERE custom_id = '$current_page_url'"));
$arbitrary_id_reference = '';//Your value/variable here
if($existing_pages['url']==null && $existing_custom_id['custom_id']==null) {
mysql_query("INSERT INTO `".$mysql_table_prefix."pages` (reference, url, is_form_enabled, dated, custom_id) VALUES ('$arbitrary_id_reference', '$current_page_url', 1, NOW(), '$current_page_url')");
}
}
/********************************************************************************​***********************************/ 


To disable it, simply add

PHP Code:

define ('ARBITRARY_ID_DISABLED','true'); //disable arbitrary id add-on 


to the include code after

PHP Code:

define ('IN_COMMENTICS', 'true'); //no need to edit this line 


[Static]

Found a problem with the add-on. It registers "http://www.example.com/page.php" and "http://example.com/page.php" as two different pages. I'll fix that in the next version.

[Steven]

I imagine you have a similar problem with domain.com/ and domain.com/index.php.

[Static]

Yeah, but I think that mine is much easier to fix. I'm almost done already.

---

For now, if anyone is having trouble with the script, add a redirect(VIA .htaccess) to your site with www in front of it.
Example:

Code:

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^yoursite.com [NC]
RewriteRule ^(.*)$ http://www.yoursite.com/$1 [L,R=301]

as seen on http://www.webweaver.nu/html-tips/web-redirection.shtml

[Static]

Another solution is replacing $_SERVER['HTTP_HOST'] with "www.yoursite.com" in the add-on, and in the include script. This means that you don't have to use .htaccess for this. I'm working on another solution right now.

[Chafik]

I post this as new thread , as the original thread is almost FIXED
I wonder, why Commentics is catching the following pages
I found them at ACP ---> Manage --> pages

Code:

http://falsafa.info/bonheur-c.php?test=1
http://falsafa.info/bonheur-c.php/errors.php
http://falsafa.info/bonheur-c.php/img/pen_pencil.gif
http://falsafa.info/bonheur-c.php/
http://falsafa.info/bonheur-c.php/errors.php?error=lol

For example, why gif images are stored as "Pages" !?
Where the errors.php file come from? I have no such page in my web site directory? I think Commentics should reject any non existent URL

[Steven]

The above post has been moved here because it's a bug related to this add-on and not Commentics itself.

[Mr.only]

sorry i get this problem

Fatal error: Call to undefined function sanitize() in /home/../public_html/comments/includes/commentics.php on line 51

in this line

$current_page_url = sanitize($current_page_url,1,1,1);

so can you help me to fix it ..

thanx