I've been quietly working on the script behind the site http://medichan.org/
The only reason I wrote it originally was because the free host I switched to after having no reason to pay $120 for a year of Dreamhost doesn't support Perl or MySQL. It uses only flat files and runs fairly well. I have some improvements to make before releasing the source code, but what do you think? It's kind of a mix between a text board like kareha and a very simple web forum.
It doesn't show a summary of recent discussion on the front page, and is therefore as uselessly user-unfriendly as all other phpBB-style forums.
I posted on Medichan a while back telling you how good it was. I enjoy it.
i love how you use .htm extensions.
http://validator.w3.org/check?uri=http%3A%2F%2Fmedichan.org%2Fmed.php%3Fact%3Dread%26id%3D1191803910634&charset=%28detect+automatically%29&doctype=Inline&group=0
also you have the worst getCookie() function I've seen yet
also your bbcode script allows javascript URLs and is therefore xss-exploitable
also bbcode is an amazingly dumb concept in the first place. if you're going to allow some sort of tag-based syntax just parse html and strip out unsafe tags.
A better concept is to parse HTML and only allow safe ones. Well, that's probably what you meant but it's better to be explicit about this stuff.
Not really, since you're parsing a subset. As long as you make sure to render anything you don't understand harmless, it's fairly easy.