True. It is very nice.

Is the Pun template you made for the site open-source too? smile

Before I download this plugin and play, can someone tell me whether it lets me enable the image upload feature *only in specific forums*.

For example, my punBB might have 10 regular forums where members can only post normally without including images, and then one 'Image Gallery' forum where image uploads etc are allowed via this plugin.



sktsav wrote:

As an administrator/moderator, how do I get an email for all new posts or is there a way to subscrible to a forum rather than a topic.

Just if anyone is interested, not really a mod per se.

When PunBB generates page titles for topic posts within a specific forum, the page <TITLE> tag generated by viewtopic.php reads something like:


This is good, but it would be better if viewtopic.php by default also showed in the page <TITLE> the forum name, as well as the topic subject, like so:


eg so one would see:


instead of the present default <TITLE> of the topic post, which would be


This matches up with the breadcrumb navigation links, and may also help a tiny bit in SEO.

If you want to do this, amend line 163 in viewtopic.php from this:

$page_title = pun_htmlspecialchars($pun_config['o_board_title'].' / '.$cur_topic['subject']);

to this:

$page_title = pun_htmlspecialchars($pun_config['o_board_title'].' / '.$cur_topic['forum_name'].' / '.$cur_topic['subject']);


(11 replies, posted in PunBB 1.2 discussion)

hcgtv wrote:

b) The developer community has grown over the last couple of years, PunRes is a testament to this growth.

This does not quite give an accurate picture of the development community.

Unless I am mistaken, at the moment there is only really one core developer - Rickard. Everyone else does important stuff (inc Paul) like CSS, layout, mods, styles etc, which while important and useful is essentially secondary.

So while it is true that there are lots of people developing around punBB nowadays, if Rickard got hit by a bus, PunBB as an application would also be stopped in its tracks.

I know the source code is GPL'd and there are lots of talented people about who could probably keep the project going forward in Rickard's (theoretical) absence, but at the moment he is the only guy doing core code - fixing security bugs, building 1.3 etc.

That is a bit of risk you may have to accept in adopting PunBB.

I mean, Rickard's young, he's healthy and he still appears enthusiastic about the project smile so you can probably bank on having quite a few years of PunBB ahead, but at the end of the day it is still just one guy's project.


(2 replies, posted in PunBB 1.2 troubleshooting)

Quaker, you got it the wrong way around.

He wanted to know how to post into punBB from another script, not use an external script like extern.php to draw posts out of PunBB.

extern.php is not a solution.


(19 replies, posted in PunBB 1.2 discussion)

vnpenguin wrote:

Hi all,
It's very sad to tell you that our forum (with latest release of PunBB) was hacked last week sad
Our backup server is compromised. We lossed db with md5 hashed-password. I dont know how they can login into our forum with admin control panel.

Anyone here could confirm me : MD5 hash is hackable ? Admin password in this case is 10 char length with letter + number + special char,... sad
If you tell me that MD5 hash is not hackable, so where is the cause of our accident ?

Thank you,

Have a look at the war-stories over at the AdminZone about people's forums being hacked, and how, for some possible ideas about the way your site may have been compromised: … y.php?f=24

Read a few of the 'my forum has been hacked' posts to see how others have also been affected using a variety of forum packages (not just pun), and the conclusions they drew.

There are lots and lots of ways your hack could have been done, in short.

Bottom line is: it may be very hard to tell sometimes exactly how the attack was done, esp. if you aren't able to do the forensics properly due to lack of access to logs, poor change management, no baselines etc. But while it can happen to anyone, you can take some steps to reduce the risk of it happening again.


(68 replies, posted in PunBB 1.2 discussion)

Denver Dave wrote:

Good point on the accessibility.  Perhaps we could have trusted and non-trusted users where only the non-trusted get the image.

Or maybe another non-image based approach to authenticating users and posts would be to use a form based approach where the input form buttons are randomised and the user has to then input a verification code using those form buttons.

Akin to the login page here:

except with randomised key assignments on the 'keyboard' every time the page was generated, instead of standard QWERTY.

Someone applying to be a new forum user would get a confirmation email saying login to page X, using randonly assigned password punched in via the randomly assigned keys of the form-based 'keyboard'.

Would be reasonably accessible too, I expect, although I am not sure exactly how screen readers etc handle web forms.

Sehr geehrter Besucher,

leider ist ein Fehler aufgetreten: Die gewünschte Seite wurde nicht gefunden.

Haben Sie sich vielleicht vertippt oder eine alte URL aufgerufen? Wenn nicht, informieren Sie bitte den Webmaster dieser Homepage per Email. Um zu der vorherigen Seite zurück zu kehren, verwenden Sie bitte einfach die "Zurück" - Taste Ihres Browsers.

ie I get a 404 on that link you posted...

Connorhd wrote:

Look in the mail templates in the language folder wink

Wow. I never knew that.  Nothing about this in the documentation on Useful to know.



(68 replies, posted in PunBB 1.2 discussion)

Aha. So far so good.

So I guess no one has had experience of spambot attacks on a punbb board then, injecting 'pill link' posts etc.

If that is the case, that's reassuring.

Evolving Websites wrote:
sirena wrote:

Is your site alive? I can't open it at all.
'Cannot find server or DNS Error' error etc

Works for everyone else big_smile

Hmm. Interesting. I really can't open your site, but if I hop onto another system and look at your site remotely, it does come up. Tracerts etc also work fine, and there doesn't seem to be anything wrong with the DNS entries etc for your domain.

I wonder if somewhere upstream from me there is a block on your domain or server IP address for some reason? Maybe one of the other 40+ sites on your server and IP address has done something my ISP doesn't like?

Indeed, none of those other sites that share your IP address are accessible to me either. Hmmm.

Either the IP address of your server is being blocked by my ISP, or your server is blocking *my* IP address for some reason from accessing your web site and those other sites that share your server.

Very weird.

Not to worry - if it's only me, no probs.

Is your site alive? I can't open it at all.
'Cannot find server or DNS Error' error etc


(68 replies, posted in PunBB 1.2 discussion)

I was just curious about how big a problem spam was on people's punbb forums, esp the larger boards.

Is it an admin headache one should really plan for in building a pun forum, and does the conventional punbb registration process provide a sufficient obstacle to spam bots? Or is it really a non-issue.

What's the current conventional wisdom around here on the topic?


(5 replies, posted in PunBB 1.2 show off)

A very nice job. Consistent well applied colours, fonts and style elements, and a nice fast board. I even like your favicon too.

Dark colour themed boards usually don't work well (for me), but this one does.

HOWEVER it wasn't a good idea though to stick a big 220k, 700x1100 pixel PNG image though in your posting here on punBB... a smaller image would have done the job, if you needed to post an image at all.

And BTW: why does no-one apparently know anymore how to do image compression? That 220k image you posted took me just 1 second to knock down to a 50k GIF or a 52k PNG, with no visible decline in quality. Why waste valuable electrons and bandwidth smile


(24 replies, posted in PunBB 1.2 discussion)

I for one won't welcome any change that would see punBB URL's looking like:

Probably not good for SEO either.

The way punBB handles things at the moment seems fine to me...


(4 replies, posted in PunBB 1.2 show off)

Can I suggest you apply a bit more compression to those JPG's you use. Your site was very slow to load

The reason is that your JPG's are HUGE, esp blueforum.jpg (~250k) and rhapsody.jpg (57k). All up your images add up to about 300k!!

There is no excuse for that, esp on a punBB site smile.

Apply 70% or more compression to those JPGs - they will shrink massively and look no worse for it

Also your background image blueforum.jpg is WAY too large at 700x800!.

You either (a) don't need it at all, or (b) should choose a smaller JPG and have it tile/repeat.


To change the slogan or board description, log onto your board as Administrator.

Then (in the English menu) go to the 'Options' link on the 'Admin menu' on the left hand side of the page.

That header line can be changed right there at the top of the form under 'Board Description'.

When done, click 'Save Changes'.

That's the slogan changed.

To modify or add a logo, you have a variety of options.

You can do it by modifying the CSS alone for the specific style sheet you are using already. If you want a logo to show up in the title/header box for example, just modify the CSS that applies to the 'pun_title' CSS element to include a background image within your existing favorite style sheet.

Or you can include a logo above the punBB, or supply a separate header to run above punBB for example, by including the header HTML etc elements you want by editing the <your punbb>/include/main.tpl text file.


More info:

As I mentioned in my original post, 'I know it can be done against the individual punBB admin_files in other ways under *nix and IIS, but this would be easier and tidier.'

.htaccess is fine, and HTTP authentication against specific files is doable too under IIS with no hassle for a site administrator, but most hosting users wouldn't know how to do either. 

Some popular hosting interfaces (ie cPanel) make it possible for users to easily setup authentication against Apache directories, but not files. Hence my suggestion.

And the easier something is to do, the more likely it will be done.

I also have a personal preference for web apps to better segment their files by function to make managing them easier.

punBB does that in part already (/img, /cache, /plugins, /style etc) so logically why not /admin?

It would be handy if punBB kept all its admin files in a discrete directory off the forum root.

That way it would be easier to password protect them (eg running under Apache) through user interfaces like cPanel, which easily let folks PWD protect whole directories but not specific files.

I know it can be done against the individual punBB admin_files in other ways under *nix and IIS, but this would be easier and tidier.

Request rating (self assessment):

Urgency scale 1(low) - 5(now!) -  1
Criticality scale 1(not) - 5(extremely) - 1
Usefulness scale 1(not) - 5(indispensable) - 3.5 (extra points as a security improvement)

Overall score: 5.5/15



(38 replies, posted in PunBB 1.2 discussion)

Smartys wrote:
sirena wrote:

Ugh. Quit with the wiki's, pls.

What's wrong with an old-fashioned Manual in HTML (and PDF for printing), for God's sake?


If need be, just continue to build that up, not branch the documentation out into a (shudder) wiki.


(38 replies, posted in PunBB 1.2 discussion)

AlanCollier wrote:

Manuals need updating and I'm sure that Rickard doesn't have the time, or motivation.

Manuals don't have to be any harder to do than a wiki. A wiki lets people share content maintenance but that can also happen with old-fashioned structured manuals too. People did actually do this stuff before wikis smile

AlanCollier wrote:

I think PunBB would benefit hugely from an official wiki and it wouldn't take more than an hour or two to get one started.


That's usually the problem with wikis. They can take just 15 minutes to setup.

But after setting them up the administrators throw in a few items, play with the layout and the options a bit, and then 30 minutes later they lose interest, but still just kind of expect the wiki to magically get filled up with high-quality, well-structured user-contributed content.


(38 replies, posted in PunBB 1.2 discussion)

Ugh. Quit with the wiki's, pls.

What's wrong with an old-fashioned Manual in HTML (and PDF for printing), for God's sake?

I hate wikis. They are almost always SO dis-organised, sloppy and hard-to-use.

Using them for documentation purposes is IMHO a big mistake.

I love Wikipedia, and the wiki concept in general as 'collaborative knowledge sharing' is fine, but everywhere I see wikis used for documentation of software or web-apps it is usually a huge mess.

A good model of how things should be done is, for example, the docs for the ISPconfig hosting control panel:

Nice! Simple! Usable!

What's not to like?

A wiki like the punres one is fine for collecting user contributed tips and mod info etc, but 'official' app documentation works best the old-fashioned way.

A good read for PHP / LAMP developers in general:

Five common Web application vulnerabilities

I hope PunBB has all of these issues taken care of ... smile


(3 replies, posted in PunBB 1.2 discussion)

Paul wrote:

It makes max-width work in IE6 which is how images in posts are resized. Without it large images in IE6 would be cropped rather than shrinking.

Aha. That sounds handy. Looks like its a keeper then.

Thanks for the info.