You are not logged in. Please login or register.
Active topics Unanswered topics
Search options (Page 1 of 3)
Does anyone there browse forums at work when you're supposed to be ... you know ... working?
I would like to have a work skin which would at a quick glance look like some common work application like Excel(tm) or perhaps Word(r). So far I haven't found anything like it for PunBB so if you have found please point me to right direction if such a skin exists already.
The alternative is to create one, but personally I'm currently quite busy with work (ironically). I'm fairly experienced with CSS and PunBB skinning having done couple of my own, but as said the time constraints are unsurmountable.
Any takers? Anything from a quick draft to a complete product would be fine. For an usable product I'll buy you a beer (or soda if you prefer).
Another usefull merge tool is KDiff3. With winmerge they are alike with the exception of kdiff3 being able to do three way merges.
The Forums are now in live usage with some tweaks in the style. You are now welcome to criticize and perhaps try out the game too.
http://forums.alliancewars.com
A bit bland for my taste. Check the screenshot 
BTW. According to subSilver licence you should have a line somewhere saying that those images originate from phpBB group.
While it seems quite hard to redirect the browser with an image (as if the exploit doesn't work as described) it was quite easy to pass that exif_imagetype test as it checks only for three characters in the path (which happens to be a directory this time) and with supplying an authentic image when the exif data and the image data is correct. I believe with getimagetype the result would be same.
If the redirect worked you would get the phishing example shortly, but some things can be made with the exploit I just made. In the forums which use php sessions the users with cookies off will publish their session id in the address bar. By checking referrer in the "image" it is possible to steal that info and the identity with it. Not in punbb, but perhaps in phpbb.
CodeXP and Smartys: you'll have an email inbound shortly.
Btw. That non caching version doesn't work, because it still writes the data and points the url to a local file.
It would be better to check which extensions are allowed because it is still possible to use perl, asp, php3, python or domino scripts and if you have access to the server you can change the extension to whatever you wish. .jpg for that matter.
Now that I've read the description the flaw is not in bbcode itself, but any method of linking an off site image can be used to (for example) phish.
So you're asking for a proof of consept, right 
. I accept the challenge. If I understood the reports correctly check back tomorrow. Anyway it might just be the wind blowing through my lips, because right now I don't have time to verify the vulnerabilities.
Btw. Cookies are to be consumed with milk or tea
From the descriptions above I'm not sure if these are separate exploits, but anyhow this is clearly not a non-issue.
Apparently it allows to run php scripts from other servers and perhaps injecting Javascript to the site. In both cases it can be used to phish user account details by redirecting the user to some other site that looks like punBB requesting for login and then reverting back to the originating bbs. People who won't actively follow what address bar says all the time could be fooled to give their credentials. And this is just one possible use for an exploit like this.
If I weren't so busy I would dig my sources for copy/pasteable proof of consept. Something quite similar was tried before inthe web based game I'm developing.
Paul wrote:Or maybe most people can get their point across using unstyled text.
THEY CAN ALLWAYS LEAVE THE CAPS LOCK ON ... to be completely ignored .
I beg to differ. From what Jeremie (plus some accents) wrote the textile seem at least as intuitive and explicit as bbcode or even more so. For example making links with custom link text is quite cumbersome in bbcode because in different forums you might or might not need the quotes around the link text. Same goes with the quote tag with quoted name. Personally I have to check the syntax most of the time when I post and yes, I've been around the block few times. You would think that 10k posts in phpBB, Invision and now Pun would teach you how to post links, but using the edit button afterwards is no exception.
Textile on the other hand seems already familiar. I've stumbled across it once before and having used text only forums (not as in forum software) like e-mail, usenet, news and bbs' (again not as in forum software) from the beginning with 2k baud modems I believe that would be quite natural form of expression to me. However the problem is the new generation of internet users who barely never see plain text in the internet nowadays.
Also I think every forum system uses bbcode because very few of the developers even think about having something else. It has more or less become the defacto standard in forums and therefore the functionality should remain. While replacing bbcode with textile could be refreshing it's quite impossible nowadays.
Looking forward a mod.
Hehe. That was the third alternative I had. As it works slightly differently on different browsers I left it out.
Thanks.
Actually it's not made with png alpha filters, but two separate images. In theory I could get IE to fix the background image(s) to the top left corner of the viewport, but few months ago when I last tried it it wasn't too reliable.
I had a version with 50% transparent black png, but that slowed down the scrolling significantly as compared to this two image thingamabob.
Still needs some tuning, but yeah, it looks kinda neat to me: http://forums.alliancewars.com
Oh. The skin is too cool for IE and all the really 'cool' things are for gekko (haven't tested it yet on Opera either) so grab your favourite Moz and enjoy.
Constructive critisism appreciated.
(edit) Speling
You could allways reduce the size of current css by running the files through a program which removes comments and unnecessary white space before putting them online. Try http://flumpcakes.co.uk/css/optimiser/ for example and propably you'll go under 10k easily.
Though banning is done mostly because the user writes something nasty on the forums. In some cases taking away writing permissions is sufficient and even desirable. An option perhaps?
Sean wrote:PHPBB
+ Gigantic community, so many mods and styles available.
- (styles) of which 95% is pure garbage to sift through before finding one suitable one that proves to be garbage after you have used it for two weeks. (Happened to me more than once)
- There is something fundamentally wrong in the permission management. I can't put my finger on it, but setting up permissions in one special case was a snap in invisionboard (when it was still free) after struggling with PHPBB for weeks. Haven't transferred that to PunBB yet though.
True. The examples in http://punbb.org/docs/dev.html#syndication work if they are used on the browsers address line, but when used in anchor tags & is required.
Encode the ampersands (= change & to &) in links that point to extern.php and remove duplicate id's and you're left with ~three errors. These are all in your own board menu code in (output) lines 36-46.
Follow the rest of the hints the validator gives you and it will validate eventually. Vanilla PunBB code does.
In the way you said it before it does
Perl and Python can do web scripting but it's not their main purpose. ASP on the other hand isn't suitable for anything, but that's just me and my buttocks talking
It applies to PHP just as much, but it's seldom used in other occasions than web scripting. M0n0wall is one refreshing example.
I personally wouldn't use Perl or Python over PHP in web scripting. I have created applications with all of them, but my personal preference is in the c-like syntax of PHP.
ASP is more or less a Windows thing (tm). I did a search engine based on Windows indexing service with it and it was quite a pain in the nether regions to do. Weakest of the four when it comes to language constructs.
Removed some typoes
Where did you get PunBB 2.x anyway? Is there something you should tell us Rickard .
The time needed for modifying the layout went from ~4 hours to ~40 minutes for me.
edit: typoes
graue wrote:www.doesntwork.com
Gary13579 wrote:http://punbb.org/Not exactley a 'bug', but its quite annoying.
I posted a reply using the
tag, and the first line withen the quote is a URL. It wouldnt turn the URL into a link, because it was right next to the quote tag.
I tried editing it, and it just moves the URL right back to the top (after trying to add spaces and a new line).
In the end I just added '123' to the top, but it is annoying 
Works if you do that.
Do what? Seems that the automatic parsing doesn't like ] in front of an ]www.url.com
Wonder if a space does it: ] www.test.com
And by automatic I mean leaving the url bbcode tags out which way most of the people writes their links.
Posts found: 1 to 25 of 55