6 minute read

During the summer of 2007 I decided to purchase a new domain name with a dating theme.

The idea was to start a dating website. Although a fairly saturated market place, I figured it’d be another one to add to my profile.

Earlier on in the year I remember coming across an article on the .net magazine website, entitled “

Creating your own dating site” (part2, part3).

In the article Karl Hodge explains how PHPizabi is the ideal social networking site engine with messaging and chat features.

One of the most interesting statements very early on in this article is this:

PHPizabi is a refreshingly professional, 100 per cent open source, social networking and dating application.

But we’ll come back to this later.

We begin with the preparation steps, where we see a screenshot of the author’s attempt: “dogmeet.net” – it looks pretty neat.

Sure i’m a pretty advanced user, so I’ll skip this and jump directly to the comments to see what’s been said.

just google phpizabi and you get www.phpizabi.net – it’s open source which means you can download it all from the interweb.

Thanks Sam, this should get me started.

Visiting the site, I’m greeted with quite a pretty looking site, however the last entry in their news is a vulnerability report from back in August 2008, I figured this would be fixed by now and proceeded to download regardless.

The file I got given was “PHPizabi_0.848b_C1_HFP1.zip“.

I skip to step 2: Installation.

I quickly notice that the installation I’m using is nothing like the (better looking) screenshots in the tutorial, but I thought “never mind it must be a newer version”.

Upon completion of the fairly straightforward installation I get straight to work.

First thing I look at is the themes. There is only one provided and it looks nothing like the (better looking) one seen on the article. Strange, I thought, perhaps they are using a different package.

From here I proceeded to to investigate what other themes I can get for free. I soon found out that “not many” was the answer, although I did find a link entitled “PhpIzabi Mods, 24 mods & themes:FREE DOWNLOAD“. I figured it may be worth a look at.

Pretty wrong. The themes were no better coded than the shipped one. Poor markup, poor use of CSS, and just generally not very good looking.

This would take some time to cleanup. I started anyway.

I cleaned up the “frame.tpl” making it all XHTML, removed the table layout, and added new styles to handle it. I also cleaned up “home.tpl” and a few more of the tpl files.

I eventually started getting somewhere, so decided to browse around the site I had started to form. Some of the pages simply didn’t look right, and wouldn’t populate correctly. I decided to look at the code.

In a way, I wish I never had. In the “index.php” I noticed a lot of poor coding, stuff that I’d not seen since about 2005, makes sense since the copyright says 2005, and last modification date was September 3rd 2006.

This isn’t very reassuring, this would need a LOT of work to bring it up to speed for 2008. Perhaps I downloaded the wrong version? There must be a more up to date version or a simply better version?

It was at this point that I decided to read the included documentation starting with the “UPDATE_README.TXT”. Here I find this:

To perform an update from PHPizabi 0.4XX, please visit the PIO website to download

the latest migration tool – http://online.phpizabi.net

Interesting. 0.4XX must have been a fairly popular version for them to create a migration tool for and I also found that the “phpizabi online” contained lots of mods and themes.

However, looking at the “core” releases I found that the latest release was “Mar. 5th 2007”. This is not good for any project.

What the hell is going on here? Time to do some research.

I came across the PHPizabi demo site, which looks similar to the version I have (apart from the mention of Alicia), only it has broken pages too (see Inkspot). I’m convinced I have the wrong version now.

This is when I discover phpizabi.com, and their about section:

PHPizabi was founded in mid 2005 by Jeff Knipp whom hired Claude Desjardens to code a personal website. A short time later Claude and Jeff agreed to become 50/50 partners and the personal project became what was destined to be known as PHPizabi.

In August 2005 the first release of PHPizabi was made available to the general public to download free of charge. PHPizabi has gained international fame through various publications as one of the best free community software on the market and has a broad following of users.

In November 2006, Jeff was illegally removed from the PHPizabi project by Claude Desjardens. Though legal remedy has not been ruled out, the best interest of the community was taken into consideration and thus the creation of this site which was created to offer the community an alternative to the non-community oriented support provided by the PHPizabi.net site.

Where the net site surrounds themselves around those only wishing to make a buck or two by allowing people to sell 1 line code mods for ridiculous prices, we believe in the open source community spirit. While we do have the Mod Club, we have many mods that are free, and as always support is 100% free.

Turns out there’s legal issues surrounding this project. This is no good.

I decided to return the original article and try and figure out where it all went so wrong.

On the first page, I find the following statements which I had clearly missed:

Find the file PHPizabi_0.415b_R3.zip on this issue’s CD and drag it over to your hard drive

return to the CD and find the file 0415bR3_sphfixHFP.zip

As it seems, they ARE using a different version, it appears to be the earlier 0.4XX version mentioned in the upgrade text in the newer version. I found this:

PHPizabi 0.415b R4 6.03Mb      11/23/2005      No support      Encrypted (IonCube)

Low and behold here we have the version mentioned in the article, released back in 2005, however it has IonCube Encryption on the core files. Odd because I remember the article saying that it was 100% open source. Guess not.

Further research via google news finds me an article describing a known vulnerability in PHPizabi. I also discovered that there is still no fix, dubbing PHPizabi as the most hackable Dating Script on the Internet. There’s no end to security issues in PHPizabi.

It seems I’m not alone, others have also had bad experiences with PHPizabi and apparently support sucks even when you pay.

So what now? I CANNOT use this, it’s unprofessional, barely usable, unmaintainable, poorly coded and worst of all vulnerable to exploitation. This project is dead.

So with the help of my earlier research, and wikipedia, I found some alternatives:

Also checkout this social networking solution comparison table at techcrunch.

What did you decide to go with and why?

Hopefully a “refreshingly professional, 100 per cent open source, social networking and dating application”, but I don’t hold high hopes.

UPDATE: I decided to share my article with the PHPizabi.com forum, however I guess they didn’t agree with me as I’m banned. The reply post notification via email from blackbook says: “yea ya like giving links to my paid mods for free..your banned dude”, thanks, as good as an excuse as any I guess, but it begs the question: now who’s “wishing to make a buck or two”? Besides, let’s face it, if nobody is going to want to use PHPizabi, who’s going to want to use the mods anyway?

UPDATE2: I’m looking at writing a dating site solution using CakePHP as the framework, based on Matt Inman’s Mingle2. I sympathise with his decision to write his own solution. Wish me luck!

Comments