2005-01-07 """""""""" * Improved search indexing to properly deal with words containing dots (e.g file.php) and words containing hyphens (e.g. round-up). 2005-01-05 """""""""" * Fixed footer.php outputting an error message when accessed directly. Reported by paul_w. 2004-12-28 """""""""" * Added option "Report new registrations" that sets whether people on the admin mailing list are notified when a new user registers in the forums. 2004-12-21 """""""""" * Environment and database statistics are now hidden from moderators in admin_index.php. Suggested by Madoor. * Increased max size of AIM and Yahoo Messenger field to 30 characters. * Fixed moderator column of forums not being updated when a moderator usernames changes. Reported by zargoth. 2004-12-20 """""""""" * Added ability to exclude forums from extern.php output (e.g. a test forum). * Users can now delete their own avatar. * Moderators can now, if "Edit user profiles" is enabled in admin/permissions, delete user avatars. 2004-11-27 """""""""" * Added FAQ entry "I've updated the database manually, but the changes have no effect. What's up?" that describes how to deal with manual database updates and the cache. 2004-11-25 """""""""" * Fixed notification e-mails being sent out to users even though the topic had been moved to a forum that the subscribed user doesn't have read access in. * Added option that sets whether guests are required to enter an e-mail address or not when posting. 2004-11-24 """""""""" * Replaced the new admin option "Image max width" with "Image max height". Instead of limiting the maximum width of images, which is taken care of by scrollbars anyway, the new setting limits the height of images. 2004-11-23 """""""""" * Added forum attribute "Sort topics by" that sets by which attribute topics are sorted in viewforum.php - last post (default) or topic start. * Replaced $pun_root with the constant PUN_ROOT. This change not only decreases the risk of potential security problems, but also removes the need to "globalize" the variable in every function it is used. Thanks to anythingwilldo for reporting a potential security problem in common.php that lead to this change. * Rewrote code for disallowing "shouting" in subjects, messages and signatures to prevent problems with certain locales. * Replaced username with user_id in the cookie. It's more efficient this way. 2004-11-22 """""""""" * Implemented second iteration of Paul's new and improved markup and CSS. 2004-11-15 """""""""" * Fixed various forms that allowed you to post what appeared to be empty messages with the help of non-printable characters. * Added function pun_trim(). The function replaces certain non-printable characters with regular spaces and trims the result. 2004-11-07 """""""""" * Rewrote and optimized online list and visit management code. Instead of running one DELETE and one INSERT on the online table and one UPDATE on the users table, the forums now, on average, runs one SELECT and one UPDATE on the online table. The users last visit column is updated when the user is removed from the online list. Due to the rewrite, one query less is executed on basically all pages. The column "last_action" has been removed from the users table and a new column "idle" has been added to the online table. If idle=0, the user is online. If idle=1, the user is considered to be offline, but he/she won't be removed until "Timeout visit" seconds have passed since the last action. * PunBB no longer sets a new cookie for every page view. Since PunBB doesn't store last visit/last action data in the cookie anymore (since 1.1), there is no need to set a new cookie with username and password hash on every page view. This means a few bytes less traffic between the webserver and the client. The downside of this is that users will have to re-login when the cookie expires after a year. Not a big deal though. 2004-11-05 """""""""" * Simplified database adapter (especially for PostgreSQL) classes a bit. Running PunBB with PostgreSQL now requires PHP 4.3.0 or later. * Added support for MySQL 4.1 and later via the MySQL Improved extension (mysqli). As a result of this, a new database adapter class has been added. 2004-11-04 """""""""" * Fixed registration welcome mails and subscription notifications mails not being sent out when the board title contains a colon. 2004-11-03 """""""""" * Added Jabber field to the user profile. 2004-10-31 """""""""" * Moved the commonly accessed links "Show new posts since last visit" and "Mark all topics as read" from the footer to the header. * Added search link "Show your subscribed topics" to the footer. The search shows all topics to which the currently logged in user is subscribed to. * Fixed redirect page being sent to the client unnessecarily when the redirect delay, for some reason, is set to 0 seconds. 2004-10-30 """""""""" * Implemented a user group system that replaces the old static guest/user/moderator/admin system. PunBB now comes with four preset user groups: Administrators, Moderators, Guests and Members. These four groups can be edited, but not removed. On top of the four preset groups, administrators can add any number of their own user groups. The user groups have a set of global permissions and options such as whether members of a group are allowed to post new topics and if they are allowed to use the search feature. Some of these global permission settings can then be overridden by forum specific settings. As a result of the new user group system, basically all scripts have been updated and two new tables have been introduced into the database. A new admin page, "Groups", has been added and the admin page "Forums" has been restructured to allow editing of forum specific group permissions. A number of user and forum properties are obsolete and have been removed. The user property "status" has been replaced by a group ID and in forums, the properties "admin/moderator only" and "closed" have been removed. A bunch of the old options and permission settings in the admin interface have also been removed. * Added global moderator permission settings to admin/permissions. It is now possible to allow/disallow moderators from editing user profiles, renaming users, changing user passwords and using the ban system. * Moderators can no longer edit the profiles of other moderators and administrators. * Removed the function is_admmod() from functions.php as it is no longer useful. * Added setting "Image max width" to admin/options. The setting controls the maximum width of images in posts and signatures. If set to anything but 0 (the default), images will take up, at most, that much horizontal space. 2004-10-27 """""""""" * Fixed (hopefully) cookies being rejected by IE6 in forums that reside in "domain redirect frames". Thanks to rewozz for helping me test it. 2004-10-23 """""""""" * Fixed search not stripping out short keywords (<3) and therefore always resulting in "Your search returned no hits." when used with AND. Reported by Frank H. 2004-10-18 """""""""" * Reworded board statistics and put them all in lists. /Paul * Removed permissions from the board index. They won't make much sense when the user groups system is in place. /Paul 2004-10-17 """""""""" * Fixed Internet protocol names containing digits (e.g. ed2k) being prepended with http://. 2004-10-11 """""""""" * Added menu navigation to profile similar to the admin interface. The profile is no longer one very long page, but instead devided into sub- pages. 2004-09-29 """""""""" * Added admin plugin support. Adding third party admin interface functionality should now be much easier. * Merged admin_menu() and moderator_menu() into generate_admin_menu(). 2004-09-28 """""""""" * The display of the forum rules is now displayed properly instead of in a message() box with the header "Info". 2004-09-27 """""""""" * Switched admin interface navigation from horizontal to vertical layout. * Incorporated new admin interface markup/CSS by Paul Sullivan. The admin interface now has the same look and feel as the rest of the pages. 2004-09-25 """""""""" * E-mail addresses are now, regardless of the user e-mail privacy setting in the profile, never displayed for guests. This will prevent e-mail harvesters from picking up addresses from PunBB boards. * Added meta tag to prevent search engine indexing of pages such as post.php, delete.php etc. Not all robots support the meta tag (the important ones do), but it's less hassle than teaching people how to use robots.txt. 2004-09-20 """""""""" * Added function pun_setcookie() to functions.php. All calls to PHP's setcookie() are now done here. * Added a cookie seed to improve cookie security. Each PunBB installation now has a unique seed that is prepended the password hash and hashed once more (md5) before being stored in the cookie. This not only makes it a lot harder to "crack" a cookie hash, but also makes sure cookies hashes are board specific. Thanks to zaher for the suggestion. * Fixed ban messages being a bit odd when the expiry date was "Today". Reported by Chacmool. 2004-09-19 """""""""" * Added search link "Show todays posts" to the footer of the index page. The search shows the last 24 hours' active topics. 2004-09-14 """""""""" * Added post preview and post error messages similar to edit.php (see 2004-09-10 below). 2004-09-12 """""""""" * Changed the defaults to allow subjects, posts and signatures to contain all caps characters. * Added language selection in the register and profile forms. If more than one language pack is installed, it is now possible to select one of them while registering or in the profile. * Added default language option to admin/options. * Updated the language pack code a bit. Instead of being called e.g. "en" or "se", the packs are now named "English" and "Swedish". I removed the unnessecary prefix to the language pack filenames as well. 2004-09-10 """""""""" * Post errors (such as missing subject, flood protection, invalid BBCode etc.) are now displayed above the post new message form instead of on it's own page. This prevents the old "go back and notice the 10K post you just wrote is gone problem". Reported by CodeDuck and Andy. 2004-09-08 """""""""" * Added post preview. 2004-09-07 """""""""" * Removed the generic JavaScript that disables submit buttons upon form submittal. The code is now placed directly in the onsubmit event handler of the affected forms. Should shave off a few bytes in quite a few files. * Prettied up the code for form field auto focus and required form field validation. * Fixed subscriptions not being removed when deleting topics. Reported by paolo. * Rewrote topic reply counting code to be less error prone. The reply count for a topic is now re-calculated whenever a post is added or removed. 2004-09-06 """""""""" * Added checkbox to delete user confirmation form that sets whether all posts made by the user should be deleted as well. * Created functions delete_post() and delete_topic() in functions.php. The functionality was taken from delete.php which after this change is much smaller. The new functions will also be used in profile.php when deleting all posts by a user. 2004-09-05 """""""""" * Added check to install.php that makes sure the cache directory is writable. 2004-09-04 """""""""" * Added table collision check to install.php. Thanks to Smartys for suggestion. 2004-09-03 """""""""" * Fixed closed topics not being properly marked in search results. * Replaced all occurances of three dots (...) with the HTML entity …. 2004-09-02 """""""""" * Rewrote e-mail address validation pattern to be less restrictive. Reported by Elrond. * Fixed missing call to pun_htmlspecialchars() in profile.php when confirming user delete. Reported by Smartys. * Fixed missing calls to pun_htmlspecialchars() in admin_options.php. Reported by Smartys. * Fixed incorrect display of "Zapped by" when the user was deleted. Reported by Smartys. 2004-09-01 """""""""" * Fixed two typos in the english language pack for moderate.php. Reported by Smartys. * Fixed missing pun_htmlspecialchars() call for ranks in admin_ranks.php. Reported by Smartys. * Tweaked the search indexing a bit. It now inteprets e.g. Swedish characters correctly even if the locale is non-Swedish. * Fixed a paging bug in paginate(). Fix provided by Chacmool. Reported by Jansson. * Added missing $pun_root for stopwords file() command in search_idx.php. * Fixed missing pun_htmlspecialchars() call for user title in profile.php. Reported by Smartys. * Replaced smiley icon set with icons supplied by Rasmus Schultz of www.mindplay.com. * Fixed "Change password" link in profiles always being visible for moderators even though they sometimes don't have permission to change passwords. Reported by Smartys. 2004-08-31 """""""""" * Added check to post.php to prevent people posting to redirect forums. Reported by Smartys. * Fixed an XSS vulnerability in post.php. Reported by ra from Belarus. 2004-08-30 """""""""" * Fixed admin/bans incorrectly reformatting ban expire dates when using a date format other than Y-m-d. Reported by Falconey. * Fixed $tpl_main not being accessible in the message() function. Reported by jacobswell. * Added the ability to show a full list of users online via extern.php. * Fixed user remaining in the online list even though he/she was just deleted. Reported by Smartys. * Added user id to the log out link to prevent malicious users linking directly to login.php?action=out and thereby logging out users. 2004-08-28 """""""""" * Added help.php entry that explains how to use color names (blue, red, green ...) with the color tag. Suggested by Razmooze. * Fixed a bug where img tags could point to files that aren't images. E.g. links to login.php?action=out that would log out any user that views the page. Reported by XuMiX and Bizzy_D. * Rewrote parts of the user authorisation code. The two user data arrays $cookie and $cur_user have now been merged into one array, $pun_user. Having all user data in one place not only makes the code a bit prettier at places, but also eases integration with other applications and makes things a little less confusing. 2004-08-27 """""""""" * Fixed missing $pun_root for style dir command in admin_options.php. Reported by Jansson. * Fixed "Show avatars" option being visible regardless of global avatar setting. Reported by Rasmus Schultz. * Fixed user list paging bug. Reported by cmatner. 2004-08-26 """""""""" * Added admin option to show/hide user information and contact links in the topic view. * Added FAQ entry for presumably common question about PHP not having write access to the cache directory. * Added admin option to show/hide version number in the footer. The default is to hide the version number. 2004-08-25 """""""""" * Added template for help page. * Removed all remnants of the profile option "Open links in new windows". 2004-08-24 """""""""" * All markup and CSS completely redone by Paul Sullivan. One line in the changelog doesn't quite do this update justice. Suffice to say, the changes affect pretty much every line of markup in the forums. PunBB now outputs semantically correct XHTML 1.0 Strict markup. Due to the much greater use of CSS, it is possible to radically alter the appearance of PunBB without touching a line of PHP code. 2004-06-29 """""""""" * Paul added a bunch of more "exotic" timezones such as -3.5 and +13. 2004-06-16 """""""""" * Fixed various typos in the Swedish language pack. Reported by Razmooze. 2004-06-04 """""""""" * Fixed a small typo in admin/permissions. Reported by ataylor. 2004-06-01 """""""""" * Added redirect forums. 2004-05-30 """""""""" * Fixed error messages in the database abstraction layer classes displaying file name instead of line number and vice versa. Reported by jacobswell. 2004-05-27 """""""""" * Removed the stopwords "and" and "not" from the english stopwords list. They are treated separately anyway and having them in the list just takes up space and slows things down. Thanks to Adam Jankowski for alerting me to this. 2004-05-20 """""""""" * The IP address used when registering is now saved and displayed for admins and moderators in the user profile. The IP address appears after the registration date. 2004-05-16 """""""""" * Fixed search in admin_users.php being case sensitive in PostgreSQL. * Rearranged things in the user list so that it looks more like search now. * Added username search (with wildcards) to userlist.php. 2004-05-15 """""""""" * Added stopwords doesnt, now, well, ive, really, thats, think and ill to the english stopwords list. * Added breadcrumbs to edit and delete pages. * Merged two queries in delete.php. * Merged four queries into two in edit.php * Added tongue smiley :P. * Added index to the moved_to column of the topics table. This speeds up a few queries. 2004-05-14 """""""""" * Rewrote parts of the avatar upload code to support uploads when open_basedir restrictions are in effect. The new code actually turned out a lot prettier. * Added profile option "Show images in signatures". The option is the equivalent of "Show images in posts", but for signatures (duh!). * Replaced profile option "Show images" with "Show images in posts". The new setting applies only to posts and user posted images (via the [img] tag). 2004-05-13 """""""""" * Replaced profile option "Convert smilies to images by default" with the new option "Show smilies as icons". The new options sets whether smilies are displayed at all regardless of any other settings. * Applied patch from Rasmus Schultz that hides the style selection box if there is only one style to choose from. 2004-04-27 """""""""" * Renamed the username field to just "Name" in the post form for guests. Thanks to sleddog for suggestion. * Fixed moderators and admins not being removed from the forum moderator lists when being degraded to regular users. Reported by Mike and ConnyT. 2004-04-16 """""""""" * Fixed empty alt text for new post indicator images. Reported by Gribber. 2004-04-11 """""""""" * Fixed missing translation of topic stick/unstick redirect message. Reported by Jansson. 2004-04-06 """""""""" * Merged the language files for post.php and edit.php as most of the strings are identical. * The HTTP_REFERER check now strips out "www." before performing the check. This way, having a HTTP_REFERER that differs from base_url only by the www part will not lead to an error. Thanks to ssb for the suggestion. 2004-04-03 """""""""" * Improved get_remote_address() to disregard obviously local IP addresses. 2004-03-03 """""""""" * Multiple forum IDs (comma-separated) can now be passed to extern.php. 2004-03-02 """""""""" * Made search automatically redirect the user to the cached result page. This prevents the forum from doing a new search every time you go back to the results page from one of the result topics. Thanks to ssb for the suggestion. 2004-02-23 """""""""" * Turned up the error reporting level to E_ALL. At this level, all usage of uninitialized variables is reported, so basically all scripts have had minor changes to initialize all variables before they are accessed. 2004-02-22 """""""""" * Changed linebreaks from LF to CRLF in all outgoing e-mails (the RFC says so and a few SMTP servers require it). 2004-02-07 """""""""" * Moved the separator text for links in the navigation bar and in viewtopic (website, e-mail, edit etc.) into the lang packs. Changing the separator is now only a matter of editing the language file. Thanks to Paul for suggestion. 2004-02-03 """""""""" * Rewrote IP stats feature in admin/users. It is now 10 to 100 times faster depending on number of posts. * Merged two queries in viewtopic.php when displaying "the dot". This change involved adding a multi-column index to the posts table, but also the removal of another index. 2004-02-01 """""""""" * Changed a number of calls to the query function to utilize the new argument mentioned below. This will increase performance and decrease memory consumption to some degree. * Added a second optional argument to the query function in the DB class. This arguments sets whether the query should be buffered or unbuffered. The argument doesn't apply to PostgreSQL since PHP has no function pgsql_unbuffered_query(). * Removed a number of superfluous else statements to increase consistency in the scripts. 2004-01-29 """""""""" * Added caching of bans. This removes one query per page. * Added caching of ranks. This removes one query in viewtopic.php. 2004-01-25 """""""""" * Added a similar cache for the quick jump drop-down menu. This change removes one query from a couple of pages. * Implemented simple file-based caching of the config variables. Instead of fetching the variables from the database every page view, a PHP script is included that defines the $pun_config array. If the file is deleted or if any of the config variables are altered in the admin interface, the cached script is updated. This enhancement removes one query from all pages. 2004-01-24 """""""""" * Added SQLite support. * Merged two queries in viewtopic.php. * Added an index to the column user_id in the online table. * Renamed table search_results to search_cache. It's just a more suitable name for that table. 2004-01-22 """""""""" * Added replacement variable to the redirect template to be able to show executed queries in case PUN_SHOW_QUERIES is enabled. * Increased speed of all pages when running on PostgreSQL by wrapping all queries in one transaction to avoid auto commit. * Rewrote query, transaction and error handling in DB layer. * Removed function fetch_array() from DB layer since it is never used. I have yet to discover a situation where you would want an associative array with both numeric and string indexes for the same elements. 2004-01-21 """""""""" * Moved function escape() into the DB layer. To call the function, use $db->escape(). The move of the function to the DB layer is required because different databases use different escaping mechanisms. E.g. just using addslashes() doesn't work for SQLite. * Removed the function unescape(). The superglobal arrays $_GET, $_POST and $_COOKIE are now stripped of any extra slashes (added by magic_quotes) in common.php. * Switched from using fopen()/fread()/fclose() to the faster and leaner file_get_contents() when loading template files. An implementation of file_get_contents() has been added to functions.php for systems running a PHP version prior to 4.3.0. 2004-01-15 """""""""" * Changed the column type for word id in the search index from INT to MEDIUMINT. The maximum value for an unsigned MEDIUMINT is 16777215 and that is well enough. This change should shave save a few percent space. It only applies to MySQL though. 2004-01-14 """""""""" * Removed keyword OUTER from all left joins. 2004-01-10 """""""""" * Cleaned up some of the BBCode parsing code. Renamed function truncate_url() to handle_url_tag() and added function handle_img_tag(). 2004-01-08 """""""""" * Implemented pre-parsing of BBCodes during posting. This pre-parsing attempts to clean up the BBCode in the message. It strips out excessive whitespace before and after some BBCode tags and convert all tags to lower case. The forum now makes sure that all BBCode is nice and tidy. 2004-01-06 """""""""" * Converted all other scripts to XHTML 1.0 Transitional. 2004-01-05 """""""""" * All output is now valid XHTML 1.0 Transitional thanks to patch supplied by Eelco Lempsink. Thank you very much!