mashable.com — "We got an email a few minutes ago from the guy claiming to be the Facebook PHP code ?leaker?: Trae McNeely of the SlashGear blog. Based on the link to the forum thread he provided, we were able to confirm with about 90% accuracy the story below."
Aug 14, 2007 View in Crawl 4
in2deepAug 14, 2007
This should be interesting!
Closed AccountAug 14, 2007
* @author Mark Slee** @package ubersearch*/ini_set('memory_limit', '100M'); // to besafe we are increasing the memory limit for searchinclude_once $_SERVER['PHP_ROOT'].'/html/init.php'; // finallib includeinclude_once $_SERVER['PHP_ROOT'].'/lib/s.php';include_once $_SERVER['PHP_ROOT'].'/lib/browse.php';include_once $_SERVER['PHP_ROOT'].'/lib/events.php';include_once $_SERVER['PHP_ROOT'].'/lib/websearch_classifier/websearch_classifier.php';flag_allow_guest();$user = search_require_login();if($_POST) {$arr = us_flatten_checkboxes($_POST, array('ii'));$qs = '?';foreach($arr as $key=>$val) {$qs .= $key.'='.urlencode($val).'&';}$qs = substr($qs, 0, (strlen($qs)-1));redirect($_SERVER['PHP_SELF'].$qs);}// If they performed a classmates search, these values are// needed to pre-populate dropdownsparam_get_slashed(array('hy'=>$PARAM_STRING,'hs'=>$PARAM_INT,'adv'=>$PARAM_EXISTS,'events'=>$PARAM_EXISTS,'groups'=>$PARAM_EXISTS,'classmate'=>$PARAM_EXISTS,'coworker'=>$PARAM_EXISTS));$pos = strpos($get_hy, ':');if($pos !== false) {$hsid = intval(substr($get_hy, 0, $pos));$hsyear = intval(substr($get_hy, $pos+1));} else {$hsid = intval($get_hs);$hsyear = null;}tpl_set('hs_id', $hsid);tpl_set('hs_name', get_high_school($hsid));tpl_set('hs_year', $hsyear);tpl_set('is_advanced_search', $get_adv);tpl_set('user', $user);tpl_set('count_total', 0); // pre-set count_total for the sake of adspage length// Events search calendar dataparam_get(array('k' => $PARAM_HEX,'n' => $PARAM_SINT));if (($get_k == search_module::get_key(SEARCH_MOD_EVENT, SEARCH_TYPE_AS))) {$EVENTS_CAL_DAYS_AHEAD = 60;$events_begin = strftime("%Y%m01"); // first of the month$events_end = strftime("%Y%m%d", strtotime(strftime("%m/01/%Y")) +(86400 * $EVENTS_CAL_DAYS_AHEAD));$events_params = array('dy1' => $events_begin,'dy2' => $events_end);param_get(array('c1' => $PARAM_INT, 'c2' => $PARAM_INT), 'evt_');if (isset($evt_c1)) { $events_params['c1'] = $evt_c1; }if (isset($evt_c2)) { $events_params['c2'] = $evt_c2; }$results = events_get_calendar($user, $get_n, $events_params);tpl_set('events_date', $results['events_date']);}// Holy s**t, is this the cleanest f**king frontend file you've ever seen?!ubersearch($_GET, $embedded=false, $template=true);// Render itrender_template($_SERVER['PHP_ROOT'].'/html/s.phpt');/*** login function for s.php** @author Philip Fung*/function search_require_login() {//check if user is logged in$user = require_login(true);if($user 0 && !is_unregistered($user)) { return $user; }// this is an unregistered userparam_get(array('k' => $GLOBALS['PARAM_HEX'], // search key(used by rest of ubersearch code)));global $get_k;$search_key = $get_k;//Let user see event or group search if criteria are obeyedif ($search_key&& (search_module::get_key_type($search_key) ==SEARCH_MOD_EVENT || search_module::get_key_type($search_key) ==SEARCH_MOD_GROUP) //event or group search) {return $user;} else {go_home();}}Posted by Facebook Secrets at 9:49 PM 5 comments Saturday, August 11, 2007Facebook Home Page Code include_once $_SERVER['PHP_ROOT'].'/html/init.php';include_once $_SERVER['PHP_ROOT'].'/lib/home.php';include_once $_SERVER['PHP_ROOT'].'/lib/requests.php';include_once $_SERVER['PHP_ROOT'].'/lib/feed/newsfeed.php';include_once $_SERVER['PHP_ROOT'].'/lib/poke.php';include_once $_SERVER['PHP_ROOT'].'/lib/share.php';include_once $_SERVER['PHP_ROOT'].'/lib/orientation.php';include_once $_SERVER['PHP_ROOT'].'/lib/feed/newsfeed.php';include_once $_SERVER['PHP_ROOT'].'/lib/mobile/register.php';include_once $_SERVER['PHP_ROOT'].'/lib/forms_lib.php';include_once $_SERVER['PHP_ROOT'].'/lib/contact_importer/contact_importer.php';include_once $_SERVER['PHP_ROOT'].'/lib/feed/util.php';include_once $_SERVER['PHP_ROOT'].'/lib/hiding_prefs.php';include_once $_SERVER['PHP_ROOT'].'/lib/abtesting.php';include_once $_SERVER['PHP_ROOT'].'/lib/friends.php';include_once $_SERVER['PHP_ROOT'].'/lib/statusupdates.php';// lib/display/feed.php has to be declared here for scope issues.// This keeps display/feed.php cleaner and easier to understand.include_once $_SERVER['PHP_ROOT'].'/lib/display/feed.php';include_once $_SERVER['PHP_ROOT'].'/lib/monetization_box.php';// require login$user = require_login();print_time('require_login');param_request(array( 'react' => $PARAM_EXISTS));// Check and fix broken emails// LN - disabling due to excessive can_see dirties and sets when enabled.//check_and_fix_broken_emails($user);// migrate AIM screenname from profile to screenname table if neededmigrate_screenname ($user);// homepage announcement variables$HIDE_ANNOUNCEMENT_BIT = get_site_variable('HIDE_ANNOUNCEMENT_BIT');$HIDE_INTRO_BITMASK = get_site_variable('HIDE_INTRO_BITMASK');// redirectsif (is_sponsor_user()) {redirect('bizhome.php', 'www');}include_once $_SERVER['PHP_ROOT'].'/lib/mesg.php';include_once $_SERVER['PHP_ROOT'].'/lib/invitetool.php';include_once $_SERVER['PHP_ROOT'].'/lib/grammar.php';include_once $_SERVER['PHP_ROOT'].'/lib/securityq.php';include_once $_SERVER['PHP_ROOT'].'/lib/events.php';include_once $_SERVER['PHP_ROOT'].'/lib/rooster/stories.php';// todo: password confirmation redirects here (from html/reset.php),// do we want a confirmation message?param_get_slashed(array('feeduser' => $PARAM_INT, //debug: gets feed for user here'err' => $PARAM_STRING, // returning from a failed entry on an orientation form'error' => $PARAM_STRING, // an error can also be here because the profile photo upload code is crazy'ret' => $PARAM_INT,'success' => $PARAM_INT, // successful profile picture upload'jn' => $PARAM_INT, // joined a network for orientation'np' => $PARAM_INT, // network pending (for work/address network)'me' => $PARAM_STRING, // mobile error'mr' => $PARAM_EXISTS, // force mobile reg view'mobile' => $PARAM_EXISTS, // mobile confirmation code sent'jif' => $PARAM_EXISTS, // just imported friends'ied' => $PARAM_STRING, // import email domain'o' => $PARAM_EXISTS, // first time orientation, passed on confirm'verified' => $PARAM_EXISTS)); // verified mobile phoneparam_post(array('leave_orientation' => $PARAM_EXISTS,'show_orientation' => $PARAM_INT, // show an orientation step'hide_orientation' => $PARAM_INT)); // skip an orientation step// homepage actionsif ($req_react && validate_expiring_hash($req_react, $GLOBALS['url_md5key'])) {$show_reactivated_message = true;} else {$show_reactivated_message = false;}tpl_set('show_reactivated_message', $show_reactivated_message);// upcoming eventsevents_check_future_events($user); // make sure big tunas haven't moved around$upcoming_events = events_get_imminent_for_user($user);// this is all stuff that can be fetched together!$upcoming_events_short = array();obj_multiget_short(array_keys($upcoming_events), true, $upcoming_events_short);$new_pokes = 0;//only get the next N pokes for display//where N is set in the dbget to avoid caching issues$poke_stats = get_num_pokes($user);get_next_pokes($user, true, $new_pokes);$poke_count = $poke_stats['unseen'];$targeted_data = array();home_get_cache_targeted_data($user, true, $targeted_data);$announcement_data = array();home_get_cache_announcement_data($user, true, $announcement_data);$orientation = 0;orientation_get_status($user, true, $orientation);$short_profile = array();profile_get_short($user, true, $short_profile);// pure priming stuffprivacy_get_network_settings($user, true);$presence = array();mobile_get_presence_data($user, true, $presence);feedback_get_event_weights($user, true);// Determine if we want to display the feed intro message$intro_settings = 0;user_get_hide_intro_bitmask($user, true, $intro_settings);$user_friend_finder = true;contact_importer_get_used_friend_finder($user, true, $used_friend_finder);$all_requests = requests_get_cache_data($user);// FIXME?: is it sub-optimal to call this both in requests_get_cache_data and here?$friends_status = statusupdates_get_recent($user, null, 3);memcache_dispatch(); // populate cache data// Merman's Admin profile always links to the Merman's homeif (user_has_obj_attached($user)) {redirect('mhome.php', 'www');}if (is_array($upcoming_events)) {foreach ($upcoming_events as $event_id => $data) {$upcoming_events[$event_id]['name'] = txt_set($upcoming_events_short[$event_id]['name']);}}tpl_set('upcoming_events' , $upcoming_events);// disabled account actions$disabled_warning = ((IS_DEV_SITE || IS_QA_SITE) && is_disabled_user($user));tpl_set('disabled_warning', $disabled_warning);// new pokes (no more messages here, they are in the top nav!)if (!user_is_guest($user)) {tpl_set('poke_count' , $poke_count);tpl_set('pokes' , $new_pokes);}// get announcement computationstpl_set('targeted_data' , $targeted_data);tpl_set('announcement_data' , $announcement_data);// birthday notificationstpl_set('birthdays' , $birthdays = user_get_birthday_notifications($user, $short_profile));tpl_set('show_birthdays' , $show_birthdays = (count($birthdays) || !$orientation));// user infotpl_set('first_name' , user_get_first_name(txt_set($short_profile['id'])));tpl_set('user' , $user);// decide if there are now any requests to show$show_requests = false;foreach ($all_requests as $request_category) {if ($request_category) {$show_requests = true;break;}}tpl_set('all_requests', $show_requests ? $all_requests : null);$permissions = privacy_get_reduced_network_permissions($user, $user);// status$user_info = array('user' => $user,'firstname' => user_get_first_name($user),'see_all' => '/statusupdates/?ref=hp','profile_pic' => make_profile_image_src_direct($user, 'thumb'),'square_pic' => make_profile_image_src_direct($user, 'square'));if (!empty($presence) && $presence['status_time'] > (time() - 60*60*24*7)) {$status = array('message' => txt_set($presence['status']),'time' => $presence['status_time'],'source' => $presence['status_source']);} else {$status = array('message' => null, 'time' => null, 'source' => null);}tpl_set('user_info', $user_info);tpl_set('show_status', $show_status = !$orientation);tpl_set('status', $status);tpl_set('status_custom', $status_custom = mobile_get_status_custom($user));tpl_set('friends_status', $friends_status);// orientationif ($orientation) {if ($post_leave_orientation) {orientation_update_status($user, $orientation, 2);notification_notify_exit_orientation($user);dirty_user($user);redirect('home.php');} else if (orientation_eligible_exit(array('uid'=>$user)) == 2) {orientation_update_status($user, $orientation, 1);notification_notify_exit_orientation($user);dirty_user($user);redirect('home.php');}}// timezone - outside of stealth, update user's timezone if necessary$set_time = !user_is_alpha($user, 'stealth');tpl_set('timezone_autoset', $set_time );if ($set_time) {$daylight_savings = get_site_variable('DAYLIGHT_SAVINGS_ON');tpl_set('timezone', $short_profile['timezone'] - ($daylight_savings ? 4 : 5) );}// set next step if we canif (!$orientation) {user_set_next_step($user, $short_profile);}// note: don't make this an else with the above statement, because then no news feed stories will be fetched if they're exiting orientationif ($orientation) {extract(orientation_get_const());require_js('js/dynamic_dialog.js');require_js('js/suggest.js');require_js('js/typeahead_ns.js');require_js('js/suggest.js');require_js('js/editregion.js');require_js('js/orientation.js');require_css('css/typeahead.css');require_css('css/editor.css');if ($post_hide_orientation && $post_hide_orientation
Closed AccountAug 14, 2007
You also assume that Facebook is a well-coded, well structured website. Looks can be deceiving.
tuxidomasxAug 14, 2007
shoulda posted it to a Swiss serverthen he could laugh at them and make fun of their C&D letter on the site
nerdyninjaAug 14, 2007
PHP can be partially precompiled by the Zend Optimizer, as I understand it. And personally, I prefer PHP for development and/or rapid prototyping to ASP.NET.
ridv34Aug 14, 2007
Nice, now I'm going to make my own facebook, with blackjack, and hookers! In fact, forget the facebook! Ah screw the whole thing...
ozziekAug 14, 2007
Is this an easy mistake to make in PHP coding?
nerdyninjaAug 15, 2007
@wicketr - PHP isn't terrible for large applications, really - just look at Facebook (considering how many hits it gets, and how complicated the site has become, I'd say it's doing just fine). Considering the design of PHP is modular and it's compiled before execution (and not parsed) I don't see what your problem with it is. I consider it to have more flexibility and functionality than ASP.NET and isn't slow like Java.