[ prog / sol / mona ]

prog


Shiichan Installation

1 2019-11-16 17:29

Does anybody have any idea on how to install shiichan on a free hosting service e.g. 000webhost?

I get this error when I'm trying to run `admin.php` on my website:

Fatal error: Cannot re-assign $this in /storage/ssd3/865/11605865/public_html/admin.php on line 557

Explain and please give a solution to it. I am totally a newfag.

2 2019-11-16 21:31

shiichan

http://wakaba.c3.cx/shii/shiichan
"""Shiichan was a 2ch-type board in PHP. It was written in late 2004 by a guy named Shii. Currently, it is in a buggy beta stage, and no development is planned.
[...]
An actually working alternative: Kareha"""

admin.php
Cannot re-assign $this
line 557

The problem is:

else foreach ($board as $this) {

$this is special in PooHeaP and cannot be assigned to.
https://www.php.net/manual/en/language.oop5.basic.php
https://stackoverflow.com/questions/4035355/php-assign-value-to-this
https://stackoverflow.com/questions/19242647/cannot-re-assign-this
Compare with:
https://github.com/Capaverde/shiichan3960/blob/master/admin.php#L557

else foreach ($board as $thus) {

which uses $thus instead.

3 2019-11-24 07:44

>>2
It is fixed! But seems like there's another problem.
Whenever I try to make a thread on my website, it redirects me to localhost:8080. I tried to make changes in global settings txt a few times, but it keeps doing that same thing.

http://hateshinaiworld.000webhostapp.com/textboard

Try doing that

4 2019-11-24 12:30

>>3
Your first question contained all the information necessary to diagnose the problem: the error message, file name and line number. Your current question is very low on information, so reproduce the issue while DevTools > Network is open and post the entire request:
- method
- url
- all request headers
- all params / POST data
and the entire response:
- code
- all response headers
- any response body

5 2019-11-26 12:38

>>4
LMAO, just figured out it was the cache that was causing error.

Now, next problem appeared.
I can't log into `admin.php`. I used the default username `admin5` and password `password` as said in the `README.txt`, but it always gives me 'Bad Password' error.

Everything alright except that.

6 2019-11-26 13:01

password `password`

That's not what it says.

7 2019-11-26 14:57

>>6
Holy shit didn't notice. But I tried "default" as password, still ain't working.

8 2019-11-26 20:53

>>7
The correct password is indeed "default", as can be seen from:

$ grep -ne admin5 admin.php
29:if (!is_file("shadow.cgi")) { $q= fopen("shadow.cgi", "w"); fputs($q, "admin5<>c21f969b5f03d33d43e04f8f136e7682<>9999\n"); chmod("shadow.cgi", 0700); fclose($q); }
$ echo -n "default" | md5sum
c21f969b5f03d33d43e04f8f136e7682  -

so delete the file shadow.cgi and try again.

9 2019-11-27 00:35

>>8
Holy fuck you nailed it! It going smoothly now. I deleted the shadow.cgi file and it worked!!!

But, why wasn't it working when the shadow.cgi existed?

10 2019-11-27 01:12

>>9
The admin5:default credentials are added by the code when shadow.cgi is not present. After the initial setup phase a prudent admin will change the password to something more secure, so that random anons do not abuse the default password. If you got a shadow.cgi with a modified password, or if your shadow.cgi got corrupted for whatever reason, the easiest fix is to delete it, which will reenable the credentials from the readme.

11 2019-11-27 03:13

>>10
Awesome! Well, is there any way to change the timezone according to user's location i.e. local time by IP?
They are set in UTC maybe?

12 2019-11-27 11:31

>>11
Either that functionality is already present as a setting or configuration option in shiichan or it isn't. If you find the setting in the administration interface, enable it, otherwise you'll have to write it yourself. If you want to do it client-side, serve some javascript that gets the local time offset and rewrites the date/time fields, but this will not work for clients that have enough sense to browse with remote code execution disabled. If you want to do it server-side, find a geoip library and serve adjusted local times directly in the html, but this will trash a naive caching setup.

13 2019-11-27 14:00

>>12
I would like to use JavaScript. What should I have to do?

Also, the option to change timezone doesn't seem to be available on admin panel...

14 2019-11-27 14:45

Here's my stable website, changed to heliohost today
http://sonzaishinaiworld.heliohost.org

15 2019-11-28 00:15

>>13
- Identify all the timestamps you want updated. For example, post timestamps live in skin/*/post.txt as <%DATE%>.
- Wrap <%DATE%> in a span for easy lookup and tag it with a fresh class name.
- Find the places where timestamps are filled out. For example, post timestamps are filled out in include.php:PrintPost.
- Add the (milli)seconds since the epoch to a data attribute of the wrapper span.
- Create a javascript file and link it in the head of every view with timestamps, e.g. skin/*/threadtop.txt. Tell your server to serve it statically.
- Create an overall timestamp update function. Either invoke it at the bottom of every view with timestamps or add a scheduled invocation when the DOM has loaded into the head section.
- In the overall timestamp update function retrieve all elements with the fresh tagging class from above, loop over them and hand them off to an item update function.
- In the item update function retrieve the data attribute holding the (milli)seconds since the epoch, rebuild that date/time, get its local components and use them to rewrite the contents of the currently processed span.
- You now have client-side local timezone timestamps.

16 2019-11-28 03:31

>>15
I just got to know about XSS attacks which are caused by JavaScripts. Someone told me that my website might get attacked by XSS injections, because it's been running on shiichan and free host.
How can I prevent it?

17 2019-11-28 10:37

>>16

How can I prevent it?

Set a strong Content-Security-Policy, the strongest your website can function with
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
then go through the other recommendations here:
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

18 2019-11-29 01:58

>>17 I'll try to do them ASAP.

I think an overboard with all recent posts across the site would be helpful. How can I make such page (15 threads per page with last 5 replies)?

19 2019-11-29 12:41

>>18
There doesn't seem to be any support for view boards that get their content from other boards and cannot be posted to as opposed to regular posting boards, so you'll have to start with that. Add a setting to localsettings.txt to mark view boards, and check for it in post.php when posting and in every place a post form is included to omit it from view boards. With the current state of skins you might want to add separate templates for view boards. Also display the setting in the board management sections in admin.php and set it to regular-board in the board creation section. Have a single dummy view board with static content holding a single thread with a single post. Since all this is already a non-trivial undertaking but only a small fraction of the overall work required, have this much working first.

20 2019-11-29 16:08 *

I want to try it

21 2019-12-01 08:00

>>19
Also, sometimes ASCII arts don't show properly. How to fix that?

22 2019-12-01 10:54

>>21
Inspect the element displaying the ASCII art and ensure that it is using a monospaced font, that all wrapping is disabled and that the overflow is not hidden. Also check that the page charset is set to one that properly embeds ASCII, such as UTF-8. If after this the problem persists, upload and link a tarball containing a screenshot showing the problem, the final generated page source and all stylesheets linked by the page.

23


VIP:

do not edit these