Topic: feeds to all forum content

In version 1.2 only public areas of the site have feeds.

I know most of the feed readers do not support cookies, but some do.
I use sage, which being a firefox extension, inherits  its cookies.
It would be really cool to be able to subscribe feeds of a topic i of any topic/forum/category, regardless if it's in a public area or not.

Is this a feature of punbb1.3?

Re: feeds to all forum content

It's a feature we're currently putting off until 1.4.
http://dev.punbb.org/ticket/60
The reason, as the ticket states, is that we need a secure way to allow people to pass their information. Some feed readers support HTTP authentication via including the username and password in the URI, for example: we don't want people accidentally disclosing their username/password by copy/pasting a link.

3 (edited by MattF 2008-04-09 02:24)

Re: feeds to all forum content

pedrotuga: That concept has always struck me as being one that has issues. At least with your browser, you still require the login also. Working off of cookie info alone would most probably be best in some form of extension, if anyone likes the prospect.

Re: feeds to all forum content

1.4 ... what is going on ... i thought we are on 1.3 ... why guys dont you guys put the things of 1.4 in 1.3 ... why just wait for another thing ... this is alittle annoying

MyFootballCafe.com  is Now Online!

5

Re: feeds to all forum content

SuperMAG wrote:

1.4 ... what is going on ... i thought we are on 1.3 ... why guys dont you guys put the things of 1.4 in 1.3 ... why just wait for another thing ... this is alittle annoying

Stop being a drama queen. Something like the aforementioned setup has the ability to bollocks your restrictions the first time some muppet puts their feed link on a public system, and they will, without fail.

Re: feeds to all forum content

MattF wrote:
SuperMAG wrote:

1.4 ... what is going on ... i thought we are on 1.3 ... why guys dont you guys put the things of 1.4 in 1.3 ... why just wait for another thing ... this is alittle annoying

Stop being a drama queen. Something like the aforementioned setup has the ability to bollocks your restrictions the first time some muppet puts their feed link on a public system, and they will, without fail.

what drama crap ...
what ever ..... i didnt even understand the feed stuff that the member asked ... i just wanted to say why dont they apply features in 1.3 rather to apply it in 1.4 ........ if you have future plans ...

its not good when you ask for a feature you say it will be in 1.3 ... and after that you will say it will be in 1.4 ... you guys know that upgrading from one version to another is pain in the brain ...

MyFootballCafe.com  is Now Online!

7

Re: feeds to all forum content

SuperMAG wrote:

i just wanted to say why dont they apply features in 1.3 rather to apply it in 1.4 ........ if you have future plans ...

If they did that, 1.3, nor any other release, would ever get released. Plus, one can but hope that something like that *never* makes it into core.

Re: feeds to all forum content

MattF wrote:
SuperMAG wrote:

i just wanted to say why dont they apply features in 1.3 rather to apply it in 1.4 ........ if you have future plans ...

If they did that, 1.3, nor any other release, would ever get released. Plus, one can but hope that something like that *never* makes it into core.

i am not saying about that idea in particulare .... i am saying that they should put all thier ideas for 1.4 in 1.3 ... final version is bitter then every new version per year ... afcource they will be updating but not full upgrading ...

MyFootballCafe.com  is Now Online!

9

Re: feeds to all forum content

SuperMAG wrote:

i am not saying about that idea in particulare .... i am saying that they should put all thier ideas for 1.4 in 1.3 ... final version is bitter then every new version per year ... afcource they will be updating but not full upgrading ...

Do you have any idea of how many possible bugs or unexpected consequences a single item can have? That's the point of new releases. To incorporate new features when, AND ONLY WHEN, they have been fully designed, implemented and tested.

Re: feeds to all forum content

SuperMAG, I think you haven't realized that you (nor anybody) are not entitled to make demands on the dev team. The closer thing you can do is suggestions.
And please, don't hijack this topic you guys hmm

Smartys, i think you got me wrong, i was probably not so clear in the details.

I suggested that the feeds would have no more authentication than any other forum page. Basically only browser based feed readers would catch those feeds.

Like, when you show a viewtopic, I guess punbb uses php's session system to check user's permission, as far as I know sessions rely on cookies.
The only thing i suggested is to extend the user authentication check to the feed generator script. That should not be a lot of work and it would be very practical for some people, like me.

11 (edited by MattF 2008-04-09 16:09)

Re: feeds to all forum content

pedrotuga wrote:

The only thing i suggested is to extend the user authentication check to the feed generator script. That should not be a lot of work and it would be very practical for some people, like me.

And it would also be the absolute worst nightmare of a Drac admin, if it was part of the core system, especially with such weak checks as those.

Re: feeds to all forum content

MattF wrote:
pedrotuga wrote:

The only thing i suggested is to extend the user authentication check to the feed generator script. That should not be a lot of work and it would be very practical for some people, like me.

And it would also be the absolute worst nightmare of a Drac admin, if it was part of the core system, especially with such weak checks as those.

???
I don't understand what you mean, at all.
What does this have to do with Drac? BTW, i didn't even know what drac was until i googled it just now.

I am talking about the XML feeds generated by punbb. What does this have to do with email?

Dokuwiki for example has this feature. You request a feed. If you don't have the authentication cookie you just don't get it in the HTTP reply. Simple as that, I don't see how this affects other forum features nor how it adds new authentication issues.
No new system needs to be implemented.

Re: feeds to all forum content

It'd be a few lines of code anyway. Change the few lines of code that say

fp.group_id='.PUN_GUEST

to

fp.group_id='.$pun_user['g_id']

And solved. Common.php is included anyway.

Re: feeds to all forum content

In which line and file is that?
Is that punbb 1.3 or 1.2?

I believe that somewhere in extern.php in the sql query... right?

Any chances this be default in punbb 1.3?

Re: feeds to all forum content

Those are from 1.3's extern.php.

Re: feeds to all forum content

pedrotuga: It can be an extension. If we're going to implement a system, it will be a more robust one, one that can be used without needing browser / RSS reader integration. wink
MattF: I don't see what's so bad about the change, other than that the need to login is non-obvious.
SuperMAG: If you don't understand why major versions exist and why we don't have an endless development cycle for 1.3 (although it may seem that way it times wink ), which seems to be the case, please just accept what you have been told in this topic and stop asking about it.

17

Re: feeds to all forum content

pedrotuga wrote:

What does this have to do with Drac? BTW, i didn't even know what drac was until i googled it just now.

Not that Drac. big_smile Apologies. I was skimping on the typing. Draconian. big_smile

smartys wrote:

MattF: I don't see what's so bad about the change, other than that the need to login is non-obvious.

But he's referring to a system where it is reliant upon a cookie only. What if two people share a machine? A login has to be cracked, somehow. A cookie is stored for all and sundry with access to that machine to see, for starters. Having good security is pretty pointless if you're going to allow cookie authentication for feeds.

Re: feeds to all forum content

As opposed to cookie authentication for logins, which is what we use? wink
The idea is simply to use the login cookie as the authentication mechanism. That means nothing changes for regular RSS readers, but those which are integrated with a browser can view the RSS feed with the permission of the logged in user. It's not a bad idea and it might be worth implementing, except for the fact that we want to do better. We want to provide users with a secure way to view their RSS feeds, one that does not require that the user disclose their username/password in the query string.

Re: feeds to all forum content

You could generate a unique token that can be changed and they have to pass in the URL?

Re: feeds to all forum content

MattF wrote:
SuperMAG wrote:

i am not saying about that idea in particulare .... i am saying that they should put all thier ideas for 1.4 in 1.3 ... final version is bitter then every new version per year ... afcource they will be updating but not full upgrading ...

Do you have any idea of how many possible bugs or unexpected consequences a single item can have? That's the point of new releases. To incorporate new features when, AND ONLY WHEN, they have been fully designed, implemented and tested.

i know still they can test it in 1.3 ... no much need for big version like 1.4 ... i mean look at the difference between 1.2 and 1.3 ...

pedrotuga wrote:

SuperMAG, I think you haven't realized that you (nor anybody) are not entitled to make demands on the dev team. The closer thing you can do is suggestions.
And please, don't hijack this topic you guys hmm

Smartys, i think you got me wrong, i was probably not so clear in the details.

I suggested that the feeds would have no more authentication than any other forum page. Basically only browser based feed readers would catch those feeds.

Like, when you show a viewtopic, I guess punbb uses php's session system to check user's permission, as far as I know sessions rely on cookies.
The only thing i suggested is to extend the user authentication check to the feed generator script. That should not be a lot of work and it would be very practical for some people, like me.

i am not making any demands ... they are free on what ever they do ... all the posts i do in these cases are suggestions ... and i dont know what you mean by hijacking etc. ...

Smartys wrote:

pedrotuga: It can be an extension. If we're going to implement a system, it will be a more robust one, one that can be used without needing browser / RSS reader integration. wink
MattF: I don't see what's so bad about the change, other than that the need to login is non-obvious.
SuperMAG: If you don't understand why major versions exist and why we don't have an endless development cycle for 1.3 (although it may seem that way it times wink ), which seems to be the case, please just accept what you have been told in this topic and stop asking about it.

what ever

MyFootballCafe.com  is Now Online!

Re: feeds to all forum content

SuperMAG: It will not be the only feature in 1.4. There is no roadmap at this point for what will be in 1.4, just a few ideas that we've pushed there. When it is released, it will be just as big a change as 1.3: hence bumping to 1.4 instead of 1.3.1.

Re: feeds to all forum content

Ok, i already now what will be my first punbb 1.3 extension.
Would it be ok to ask for you guys to make sure there hooks in extern.php in the right spot to achieve this?

Re: feeds to all forum content

I just glanced through and it shouldn't be an issue: all the queries are done via the query builder and are properly hooked. However, you should be the one looking, since you're the only one who knows what hooks you need. wink

24

Re: feeds to all forum content

feeds as in rss feeds?


Q

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

25

Re: feeds to all forum content

Smartys wrote:

As opposed to cookie authentication for logins, which is what we use? wink
The idea is simply to use the login cookie as the authentication mechanism. That means nothing changes for regular RSS readers, but those which are integrated with a browser can view the RSS feed with the permission of the logged in user.

That cookie authentication part is a bit of a misnomer though. The cookie, in essence, doesn't mean diddley when the user isn't logged in. Plus, what's the point of a feed that you can only access once you're logged in? And if the auth mechanism contains some form of system whereby you don't have to be logged in to view it, then again, that comes back around to my original point. Security.

I'm quite willing to be corrected on my viewpoint if I've grabbed the totally wrong end of the cluestick, btw. big_smile