1 (edited by daris 2009-03-12 13:25)

Topic: [extension release] Portal

Adds a portal to your forum

Features:
- displays news/articles from selected forum
- customizable pages
- customizable panels (content is stored in database or in external files in panels directory)

Old version

This is the old version of my extension which is for PunBB 1.3 Beta. If you want to run this extension on stable 1.3 release, you should go here instead

2 (edited by StevenBullen 2008-02-18 20:47)

Re: [extension release] Portal

But!... I would prefer not changing the index.php to forum.php
It's nice... but still feel it could be done better and simpler. big_smile

3

Re: [extension release] Portal

I think the portal needs to be a little better than this for wide use.

I had problem with width of left and right side so added constant width for page wink

4 (edited by StevenBullen 2008-02-18 20:50)

Re: [extension release] Portal

daris wrote:

I think the portal needs to be a little better than this for wide use.

I had problem with width of left and right side so added constant width for page wink

Nah forget that comment. tongue

It looks fine on ie6. Just think its a bit overboard. I would prefer a simple portal simliar to the mini-portal. This way you can build on to it yourself. wink

5

Re: [extension release] Portal

Thanks dude. It will be very profitable.

Re: [extension release] Portal

Ooh, very nice smile

Re: [extension release] Portal

And now, a couple comments after having looked at the code:

1. Extensions should not be putting files outside of their folders.
2. Extensions should not require modifying CSS files.
3. Your index page shouldn't give errors if the extension isn't installed (which your readme indicates it will): it should gracefully handle the problem
4. You shouldn't use short tags (<? as opposed to <?php).
5. This is just a "make your code look like the rest of PunBB code" thing, but when using query builder you should be using tablename AS t rather than just tablename (and selecting t.* as opposed to just *)
6. You use many hook names that were already assigned (copy/paste from admin/forums and include/cache?). That is bad and sure to mess up your code as soon as someone tries using those hooks.
7. Your extensions should support more than just MySQL.
8. Looking at the code, it seems like your "file" field allows for a directory traversal.
9. You would have been better served merging extensions/portal/admin/portal.php into hooks in admin/options.php so you don't have to replicate so much code.

Ooh, this ended up being much longer than I planned it. I'll stop now. tongue

8 (edited by daris 2008-02-19 23:20)

Re: [extension release] Portal

Smartys wrote:

8. Looking at the code, it seems like your "file" field allows for a directory traversal.

That's one which i can't understand (sorry, but my english isn't good tongue )

There is new release (1.1)

Re: [extension release] Portal

http://en.wikipedia.org/wiki/Directory_traversal

10 (edited by lie2815 2008-02-20 07:50)

Re: [extension release] Portal

The search options should be aligned more nicely...
Except for that, looks great! I especially like the User Panel...

FluxBB - v1.4.8

Re: [extension release] Portal

for the next release

change userpannel to
------------
Whos Online?
----------
Welcome SuperMAG

( ) AVATOR

Registered users online: 1
Guests online: 1
Online:  SuperMAG, daris,
shedrock, matf,etc

Users: 265
Topics: 213
Posts: 1036
--------------------------like the www.megapun.com

a little improved

-------
Search
------------

------------------------
---------------------- Text
Display results:

-As topics
-As posts 

Submit



*----------------------------*

Remove latest topics .. you have latest posts ... make latest posts at right down search ...


and also advertising banner up the welcome message like the www.megapun.com

and also advertising pannel down menu ...

and also can u make affatite like www.megapun.com

and also active topics down welcome message like www.megapun.com

------------ and also change this *---------------------.

if logged in and you posted the post
Posted: 15-02-2008 03:59 pm by: SuperMAG | Views: 50 | Replies: 2 
                                                                    Report | Delete | Edit | Reply | Quote

if logged in or not logged in ----  and you didnt posted the post
Posted: 04-02-2008 12:16 pm by: Jogge | Views: 106 | Replies: 2




------------------------------- thats all for now and sorry i put megapun alot...... thanks

MyFootballCafe.com  is Now Online!

12

Re: [extension release] Portal

8. Looking at the code, it seems like your "file" field allows for a directory traversal.

But where? In portal page or in admin panel?

and also advertising banner up the welcome message like the www.megapun.com

and also advertising pannel down menu ...

and also can u make affatite like www.megapun.com

and also active topics down welcome message like www.megapun.com

This portal has configurable panels so you can create new own panels as you want (you can put php code)

13 (edited by daris 2008-02-20 21:16)

Re: [extension release] Portal

New Release (1.2)

Demo: see first post
Download: as above wink

Changes:
- added active topics on index page
- user panel renamed to who's online (and modified)
- better positions for some panels
- link in crumbs for forum pages don't redirect to index.php (it's portal page), but forum.php.

PS. One new release for a day tongue

Re: [extension release] Portal

More stuff smile
1. Again, the extension really shouldn't require you renaming files/uploading files outside of the extensions folder.
2. It looks like you allow several XSS attacks. You should be sanitizing all output that might contain HTML (eg: poster names, subjects, etc).
3. The directory traversal I talked about earlier still appears to exist
4. I still see the use of short tags
5. Again, you would have been better served merging extensions/portal/admin/portal.php into hooks in admin/options.php so you don't have to replicate so much code.
6. Again, you use many hook names that were already assigned (copy/paste from admin/forums and include/cache?). That is bad and sure to mess up your code as soon as someone tries using those hooks.
7. Again, your extensions should support more than just MySQL.

Re: [extension release] Portal

more suggesions

1- a little update to active topics

http://img70.imageshack.us/img70/1492/actvietopicsmo1.jpg

2- few other small things ... look at this image
http://img255.imageshack.us/img255/7773/fewotherhc5.jpg

3- what smarty said big_smile big_smile big_smile big_smile

MyFootballCafe.com  is Now Online!

Re: [extension release] Portal

I agree with others, ppl should not have to rename files or place files outside extensions folder, anyways very nice work.

After you logout from site via logout button on the top of the page, it redirects to forum.php, wouldnt it be better to redirect to the main page instead? Just thinking...

punbb 1.3 is great, extensions are sooooooo nice and easy to use big_smile tongue

17 (edited by daris 2008-02-22 18:56)

Re: [extension release] Portal

New release (1.3)

Changes:
- enable/disable panels
- passes validation
- admin panel section settings/portal moved to settings/features (before Automatically check for updates)
- some small fixes

1- a little update to active topics

Code comes from viewforum.php and active topics looks as viewforum.


1. Again, the extension really shouldn't require you renaming files/uploading files outside of the extensions folder.

Bu how in other method set portal page as index page?

3. The directory traversal I talked about earlier still appears to exist

I added:

if (ereg('../', $file))
    message($lang_common['Bad request']);

Did this fix problem?

5. Again, you would have been better served merging extensions/portal/admin/portal.php into hooks in admin/options.php so you don't have to replicate so much code.

Done

6. Again, you use many hook names that were already assigned (copy/paste from admin/forums and include/cache?). That is bad and sure to mess up your code as soon as someone tries using those hooks.

Now it should be fixed

7. Again, your extensions should support more than just MySQL.

I don't know what is difference with MySQL and others

18

Re: [extension release] Portal

daris wrote:

I don't know what is difference with MySQL and others

SUM usually tends to be the main sticking point in most mods, with regards to db queries, and then the db installer itself, (if there is one). Either of those apply?

Re: [extension release] Portal

Bu how in other method set portal page as index page?

Hook into index.php, in_start.

Did this fix problem?

No (at least not optimally). Just use the basename function on $_POST['file'] when storing it as $file (I hope I'm remembering those variable names right, I'm doing this off the top of my head).

I don't know what is difference with MySQL and others

I was specifically talking about database creation code. Take a look at install.php for an idea of the differences.

20 (edited by daris 2008-02-23 13:40)

Re: [extension release] Portal

Smartys wrote:

Bu how in other method set portal page as index page?

Hook into index.php, in_start.

Like this?

if (!isset($_GET['forum']))
    require PUN_ROOT.'extensions/portal/index.php';

Re: [extension release] Portal

Exactly smile
And then you would have index.php and index.php?forum (which could be rewritten using the SEF URLs to anything you want).

22

Re: [extension release] Portal

Next release (1.4)

Changes:
- all files moved to extensions/portal
- some small fixes

Re: [extension release] Portal

I still see short tags, it still doesn't support MySQL, I still see what looks to be some unsanitized output that can be used for XSS, and I see some coding standard stuff that should be changed. I still see some duplicated hooks (very bad!!!)
ie:

while (stuff) {
}

should be

while (stuff)
{
}

But very, very, very good job overall tongue

Re: [extension release] Portal

in the new release i get this ....

An error was encountered

--------------------------------------------------------------------------------

The error occurred on line 43 in /home/supermag/public_html/extensions/portal/include/active_topics.php

Database reported: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND t.deleted=0 ORDER BY last_post DESC LIMIT 0, 5' at line 1 (Errno: 1064).

MyFootballCafe.com  is Now Online!

25 (edited by SuperMAG 2008-02-25 10:35)

Re: [extension release] Portal

SuperMAG wrote:

in the new release i get this ....

An error was encountered

--------------------------------------------------------------------------------

The error occurred on line 43 in /home/supermag/public_html/extensions/portal/include/active_topics.php

Database reported: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND t.deleted=0 ORDER BY last_post DESC LIMIT 0, 5' at line 1 (Errno: 1064).

this error was because of deleted posts log extensions which i dont know why and hope it is fixed in the next release ..


------------------------------------------------------------------------------


but there is another thing ...

so of the urls and not in SEF ... can u modify it that when u eneble SEF in the Admin area the Other links also become SEF ...

i mean these links:

1- http://supermag.wsnw.net/1.3/index.php?forum
can you make it like this: http://supermag.wsnw.net/1.3/forum.html

2- http://supermag.wsnw.net/1.3/extensions … ticles.php
can u make it like : http://supermag.wsnw.net/1.3/article-1- … ticle.html

3- http://supermag.wsnw.net/1.3/extensions … s.php?id=1
can you make it as same as the articles like: http://supermag.wsnw.net/1.3/p1-Example-page.html

-----------------------------------------------------------------------------

another thing ... some urls are different in some places like:

Test post ---------------> this url is http://supermag.wsnw.net/1.3/topic1$2.html (it should be changed to what ever the sitting are)
If you are looking at this (which I guess you are), the install of PunBB appears to have worked! Now log in and head over to the administration control panel to configure your forum.

Posted: Today 09:47:00 | Author: SuperMAG | Views: 2 | Comments: 0

-----------------------------------------------------------------------------------

also another this ...

make and option in the admin / portal page that from which forum you take the news in the main page and how many news ....

and also make an option wiether to show active topics or not ....

------------------------------------------------------------------------------------

OVER ALL >>> THIS IS A GREAT EXTENSIONS WHICH WILL BE USED BY MANY WEBSITES IN THE FUTURE /// THANKS ALOT

MyFootballCafe.com  is Now Online!