1

(15 replies, posted in PunBB 1.2 discussion)

pedrotuga wrote:
elbekko wrote:

PHP5 fixes most of PHP4's issues, but because the majority of web hosts still use PHP4, applications like PunBB have to find workarounds for native PHP5 things in PHP4.

the majority of web hosts still use php4?!?!?

I would be very surprise if clicking on the google top ten for "web hosting"
php5 would not be suported on lets 8 of them ( not to say all of them )

It's true that many webhosts use PHP4 (not necessarily a 'majority', but I doubt if anyone really knows that).

For a webhost, the issue is compatibility of clients' scripts. When you have thousands of clients there's a good chance that a significant percentage are running PHP scripts that will break under PHP5. Simply switching overnight to PHP5 would inundate the host's support desk and piss off a large number of clients. So the transition to PHP5 has to be done gently, and involve the clients. Some hosts offer PHP4 and PHP5, and provide the client the option to choose. PHP4 will disappear, but it will take time.

2

(8 replies, posted in Feature requests)

I agree about waiting for 1.3. Regards to implementing, I'd use a server alias. Think about how a webmail app like Squirrelmail is implemented server-wide. It's not exactly the same, but a little bit similar. The ability to customize would depend on the separation of code from templates & CSS. There'd be a "master" config file and "local" (account-specific) config files. If for e.g. a local config file specified a customized stylesheet, it would be used. Otherwise the stylesheet specified in the master config would be used. Same for templates. The local config file could be 'found' by using the PHP $_SERVER[] variables for server name and path. So you could have local config files distinguished by domain and also by path (within the same domain). I'm rambling, sorry smile

3

(8 replies, posted in Feature requests)

The demo is not available so I couldn't give it a try. From a look into the source code, it seems to only provide the ability to run multiple forums on the same domain. The idea is a single installation that is accessible from any domain hosted on a server.

4

(8 replies, posted in Feature requests)

Not a feature request as such -- more an idea for consideration and hopefully discussion.

I use punBB on my own website, it's great, wouldn't dream of changing. I check by here now and then, and when I see a new release I get my site updated within a day or two.

I'm also a webserver administrator. Security vulnerabilities of dynamic web applications pose a serious concern for me and every web server admin. Software authors usually respond quickly to recognized security flaws and release new versions. But too often, existing installations of insecure versions are not updated. Inexperienced webmasters are sometimes simply not aware of the potential for security vulnerabilities, or they forget, or they install something to 'try it out' and later abandon it (without removing it). The onus for keeping web applications up-to-date is on the webmaster, but frequently the consequences of outdated, insecure web applications fall on the server admin (such as when the server is turned into a spam-machine by an insecure mail script). Often the only recourse is to search out insecure scripts across the server, and disable or update them -- a tedious and ongoing task.

My idea is to move away from account- or domain-based installations of web applications to server-based installations. Meaning, there is just a single installation of the application on the server and every hosted domain can access it -- one installation of scripts to be maintained and updated by the server admin. Each individual account/domain would store its own data and be able to make unique customizations via templates and CSS.

That's the punBB : Server Edition, the server administrator's dream smile No other forum has taken this kind of approach (or other web app, to my knowledge, with the exception of webmail apps). It could make punBB truly unique. It's all quite do-able, I'm sure, just needs a little re-thinking. (Actually I currently use this approach with a small CMS I've written. I have about 25 sites on one server -- all chugging away from a single set of core scripts, using domain-specific stylesheets & images, and reading/writing data to domain databases.)

Just a thought... love to hear your comments.

5

(6 replies, posted in PunBB 1.2 discussion)

Thanks folks. The rate of these registrations is picking up, 7 today. Does Admin > Bans apply to new registrations or currently registered members only?

Ah, found it... Admin > Permissions, 'Allow banned email addresses'.

Small correction on the Admin > Bans page (actually the supplemental page). The help text says 'See "Allow banned e-mail addresses" in Options for more info.' But 'Allow banned email addresses' is on the Permissions page, not Options.

6

(6 replies, posted in PunBB 1.2 discussion)

I'm seeing a rather odd and somewhat disturbing trend during the past week. Just about every day I get one or two people register at my punBB board with a mail.ru email address. I have email confirmation on for registration, so the addresses must be valid. The user IP's trace (as far as I can tell) to Russia and China. Looking at my Apache logs I see each of these new members does exactly the same thing: (a) register, (b) visit the board's first forum, and (c) go away without viewing any posts -- not to be seen again. Are these 'sleepers', with some nafarious schemes up their sleeves? Or am I just paranoid smile

Anyone see a pattern like this before?

I can confirm that it now works correctly for both - and + timezones (I changed my system TZ to check). Also, it works with IE6 as well as Firefox 1.5 (on Windows 2000).

Very nice work Nibbler, thanks.

ps. Maybe you should update the linked js file (in your first post)?

Installed this on my punbb. It adjusted my profile timezone to GMT +3.5, when the correct TZ is GMT -3.5. Tested using Firefox 1.5 on Windows (2000). Yes, my system TZ is set correctly smile

9

(13 replies, posted in General discussion)

Just a FYI... site5.com runs PHP as CGI (phpsuexec) on their servers. Which means that you can chmod 600 all your PHP files (especially config files) and you're neighbours can't access them.

10

(9 replies, posted in PunBB 1.2 discussion)

Well it took 2 days and about 6 hacked-up scripts, but I finally got there smile

http://forums.ourlabrador.ca

11

(9 replies, posted in PunBB 1.2 discussion)

Well like I said, fortunately I don't have that problem. I have one instance of 'same username / different email'. Once username was registered over a year ago with 0 posts, so I deleted it, thereby avoiding the issue. I suppose if I had to deal with it I would: (a) rename the instance of the username that was registered secondly, (b) adjust topics and posts accordingly, and (c) notify the user, perhaps gving him/her an ooportunity to select a new username.

Any idea why I get the message, "Bad request. The link you followed is incorrect or outdated" when I click on an imported topic, even though (a) the topic id exists in the database, and (b) the posts for the topic exist in the database, with the correct topic_id? This happens for all imported topic.

12

(9 replies, posted in PunBB 1.2 discussion)

Connorhd wrote:

it wouldn't be easy, you could probably make a script to do it, but what happens when the same user is on both forums?

That depends on whether it's the same person, or different people using the same username. The only check wold be the email address. If the username and email both match, then I'm importing the posts and updating the user's postcount. If not... well I only have one case like that, and the duplicate user has 0 posts smile

I've been working on a script to do the merger, but it's tricky. Topic ids and post ids of the imported data have to be altered, amongst other things. So far I've got the users, topics and posts to import, with new (incremented) ids, and correct data entered into last_post for each topic. But something isn't right yet. When I go to a forum and click an imported topic, e.g. 'id=892',  I get an error message about an outdated link. But in the database, the topics table does indeed have topic id 892 in there...

Back at it tomorrow I hope.

13

(9 replies, posted in PunBB 1.2 discussion)

Any suggestions on how I might merge two PunBB forums -- I mean two separate installations. I'd like to bring all the users, topics & posts from one installation into another installation.

Thanks.

(I should add -- both are version 1.2.6.)

14

(4 replies, posted in Programming)

Hey stewy,

I'd been interested to see the rest of the code once the bug is straightened away.

I know all those NF places, being a townie myself by birth smile It's great to find a fellow Newfoundlander here!

15

(10 replies, posted in Programming)

One thing I'd add is... work hard at keeping your programming separate from your HTML layout and design. It makes it much easier to maintain/update both. For example if you want to re-design the layout of a page, it's a PITA if the HTML is scattered all over the place amidst programming code.

16

(99 replies, posted in Programming)

SciTE -- http://scintilla.sourceforge.net/SciTE.html

A wonderful programming text editor for a variety of languages, including PHP. Free, open source, different OS's.

17

(1 replies, posted in PunBB 1.2 discussion)

Some interesting stuff here about website abuse, particularly for forums:
http://www.britecorp.co.uk/articles/web … g-website/

Probably a good idea to watch your userlist for users with 0 posts, and to add something like this to your robots.txt:

Disallow: /forum/userlist.php
Disallow: /forum/profile.php

18

(24 replies, posted in Programming)

My 2 cents.... judge a webhost by their service, support and reputation, not merely by the price and feature list. Cheap is great, but cheap and unreliable isn't.

Do some research, for example at http://www.webhostingtalk.com/

19

(25 replies, posted in Programming)

The email address is also munged on the mail composition form. Also there is a 30-second flood control, and the same message cannot be sent twice.

20

(25 replies, posted in Programming)

The subject of protecting email addresses from spam harvesting has been discussed here, so I thought someone might want to comment on the method I've implemented:

http://www.labradorstraits.net/mwm/blog.php?id=16

21

(25 replies, posted in Programming)

Added Blog navigation and introduced the Guestbook feature over the past few days.

22

(25 replies, posted in Programming)

Hey, nobody noticed the typo? smile

Anyway, it's in place now.

23

(25 replies, posted in Programming)

Boys will be boys as my dear old mom used to say :)

Someone just changed the value for page width, etc. to rediculously large absolute values (e.g. 7200 pixels).

In normal use a site administrator wouldn't hack his/her own site like that, at least not intentionally. Regardless, some sanity checking is required for page width, sidebar width and photo sizes.

I've worked up this to implement tonight or tomorrow:

// Check a value submitted from the Site Settings form:
function checkValue($string,$max_abs,$min_abs,$max_rel,$min_rel,$value) {
    // If the last char of submitted string is '%' we note it then remove it:
    if (substr($string, -1) == "%") {
        $rel=TRUE;
        $string = substr($string, 0, -1);
    }
    // Remove any non-numerial chars from the string:
    $length = strlen($string);
    $charnum = 0;
    $badchars = array();
    while ($charnum < $length) {
        $char = substr($string, $charnum, 1);
        if (!preg_match("/[0-9]/", $char)) {
            array_push($badchars, $char);
        }
        $charnum++;
    }
    foreach ($badchars as $bad) {
        $string = str_replace($bad,"",$string);
    }
    if (!$string) {
        $string = "0";
    }
    // Check that the value falls within the set range for relative (%) values.
    // If not, reset it and produce a warning message:
    if ($rel) {
        if ($string > $max_rel) {
            $new_string = $max_rel;
            $msg = "You specified $string% for $value. 
            The maximum allowed value is $max_rel%.";
        }
        elseif ($string < $min_rel) {
            $new_string = $min_rel;
            $msg = "You specified $string% for $value. 
            The minimum allowed value is $min_rel%.";
        }
        else {
            $new_string = $string;
        }
        $new_string = $new_string . "%";
    }
    // Or check that it falls within the set range for absolute (pixel) values.
    // If not, reset it and produce a warning message:
    else {
        if ($string > $max_abs) {
            $new_string = $max_abs;
            $msg = "You specified $string pixels for $value. 
            The maximum allowed value is $max_abs pixels.";
        }
        elseif ($string < $min_abs) {
            $new_string = $min_abs;
            $msg = "You specified $string pixels for $value. 
            The minimum allowed value is $min_abs pixels.";
        }
        else {
            $new_string = string;
        }
    }
    return array($string,$new_string,$msg);
}

If a $msg is generated, the user will be sent back to the site setting form after submitting. The msg (in red) will be inserted below the input field for the particular value, and the value in the input field willl be reset to the $new_string (sanitized) value.

If anyone has comments, suggestions they're always welcome.

24

(25 replies, posted in Programming)

Yes, though it's a little more complicated than that. Percentage values are allowed as well as pixels. So if a percentage value is entered, we need to check that it does not exceed 100% (and also some sane low-end value, like 50%, for when someone types 10% but really meant 100%). If it isn't a percentage value then we need to check that the value isn't rediculously high or low.

25

(25 replies, posted in Programming)

Yes someone messed it up by setting silly things like page width = 8000. Thanks! smile It reminded me that I need to verify some of those submitted values. I'm sure the person set that page width intentionally, but a real user could easily make a typo and put '8000' instead of '800'.