pradtf: Could you paste a copy of your register.php here?
2,826 2007-06-15 20:55
Re: new registration disabled unsuccessfully (27 replies, posted in PunBB 1.2 discussion)
2,827 2007-06-15 20:53
Re: slide show and Punbb (7 replies, posted in PunBB 1.2 troubleshooting)
http://gprep.net/forum/ gives me a 403 error: make sure the permissions are set correctly
2,828 2007-06-15 13:20
Re: Putting brackets into text (4 replies, posted in PunBB 1.2 discussion)
[email]code tags 
2,829 2007-06-15 10:49
Re: "There is no valid language pack 'English' installed. Please reinstall (26 replies, posted in PunBB 1.2 troubleshooting)
That's interesting.
Try deleting the .php files in the cache directory
2,830 2007-06-15 10:48
Re: another 2 bug maybe. (2 replies, posted in PunBB 1.2 troubleshooting)
1.
$redirect_url = (isset($_SERVER['HTTP_REFERER']) && preg_match('#^'.preg_quote($pun_config['o_base_url']).'/(.*?)\.php#i', $_SERVER['HTTP_REFERER'])) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : 'index.php';Your issue is using www. versus not using it. The reason it's an issue is that the base URL either has it or does not have it. Your users being able to access the site from multiple URLs is your issue, not PunBB's.
2.
if (!is_valid_email($form['admin_email']))
message('The admin e-mail address you entered is invalid.');I tried entering the email you gave me and it validated without an issue. You'll have to provide the actual email if you want me to check this out (although the email should never be valid in PunBB if you're getting an error there)
2,831 2007-06-15 10:44
Re: it's no use that ' email required ' for guest posting (8 replies, posted in PunBB 1.2 troubleshooting)
Well, if you don't care about the email address requirement, simply disabling the requirement is the eaisest way to do this. The input is still there, but it isn't required for people to fill it out.
2,832 2007-06-15 10:39
Re: Video tutorials (37 replies, posted in News)
shirish wrote:
A slightly OT, I looked at http://dev.punbb.org & while it is was nice to see you guys using trac dunno why you guys didn't use the roadmap structure. That way it becomes easier for guys to have some kind of idea as to when a release is almost over. You could also try 0.10.4 as its supposed to also have tickets to email enabled.
More than slightly OT, you would have been much better making a topic in PunBB Discussion for this
We do use the roadmap feature (it doesn't tell you when a release is almost ready though, it tells you when there are lots of/few tasks marked for that release). And I'm not sure what you mean by "tickets to email," email notification has been around for quite a while
2,833 2007-06-15 10:35
Re: How does PunBB do against spam attacks (28 replies, posted in PunBB 1.2 discussion)
Hmm, how about we all calm down and drop the bickering? 
2,834 2007-06-15 03:13
Re: it's no use that ' email required ' for guest posting (8 replies, posted in PunBB 1.2 troubleshooting)
Apexfinest: Consider yourself warned. Do not hijack other people's topics. My post in your topic was very clear. If you have any questions about it, send me an email.
2,835 2007-06-15 03:07
Re: Pokemon Website (1 replies, posted in PunBB 1.2 troubleshooting)
Closed
You'll need to talk to Connorhd, since he runs MyPunBB. We can't help you with issues with that setup.
Also, you're using a free forum host: there is no way you'll be able to create a whole site with just that, let alone a full Flash application like the main Pokemon website. If you want to create a website, you'll need to get some real web space first.
2,836 2007-06-15 03:06
Re: it's no use that ' email required ' for guest posting (8 replies, posted in PunBB 1.2 troubleshooting)
Hmm, I can't understand what you're trying to say 
2,837 2007-06-15 01:04
Re: slide show and Punbb (7 replies, posted in PunBB 1.2 troubleshooting)
Where did you upload the contents of the upload folder to?
2,838 2007-06-15 00:16
Re: How does PunBB do against spam attacks (28 replies, posted in PunBB 1.2 discussion)
zap wrote:
For one thing, there's SQL sprinkled all over the place in the php scripts without systematic (AFAICS) protection against injection. SQL queries built on the fly with user input screams "it's the 90s and security isn't an issue yet". Maybe there's something I don't see (SQL/php isn't really my domain) but it sure doesn't look solid.
Unfortunately, that's the way it has to be done to support anyone using the mysql extension (as opposed to mysqli) and (I think) the SQLite extension. Prepared statements, stored procedures, etc aren't features that everyone with a PHP install supports, so this is the way it has to be done.
I would disagree with your overall assessment though. User input is properly sanitized (using $db->escape or intval, depending on the type of data) before being put into the query. We're not just accepting any input from $_GET and shoving it into the query.
If you have a suggestion for another way to construct queries, I'd be interested to hear it.
zap wrote:
Well for one, we didn't get the registration alert emails for the spammers' users. I also implemented a few checks here and there in the register and post scripts and it was clear by looking at the db afterwards that the users/posts had not gone through there. For example, I tried a "minimal first post delay" which was enforced when I manually registered a user but which the spam posts got around like it was a joke (the db often had delays under 10 seconds).
I'd gladly report any SQL inject bug if I only knew how to track it down. Server logs were quite unhelpful; anyone who can inject stuff can obviously fake their IP in the db so it's like looking for a needle in a haystack...
Are you running the latest version (1.2.15)? Have you actually checked the IPs against entries in the access_log? What mods are you using on your forum?
Could you provide a link to your forum? I'd like to investigate this a bit myself.
Before I forget to say it, zap, thank you for clarifying your post
2,839 2007-06-14 21:36
Re: How does PunBB do against spam attacks (28 replies, posted in PunBB 1.2 discussion)
sirena wrote:
It could just be a troll.
But it pays to keep an open mind. SQL injections and the like are not unheard of with PHP apps.
Certainly not. In fact, they're fairly common in PHP applications as a whole 
However, the level of injection he's describing (adding an arbitrary number of rows with arbitrary data to 2 different tables) seems fairly unlikely at this point.
sirena wrote:
Of course more information is needed though from the original poster on their diagnosis of the problem and the steps they took to address spam within punBB. The minimal information zap supplied doesn't make their post very useful at all.
Exactly. If there's something wrong, we can't fix it without more information than "it sucks."
2,840 2007-06-14 17:26
Re: site in map problem (19 replies, posted in PunBB 1.2 troubleshooting)
OK, lets see how much I can simplify this
Download the database management plugin. Unzip it. Upload the file to the plugins directory of your forum directory. Go to your forum and click on Administration. There should be a list of plugins on the left side. Click on the link that says database management. Scroll down until you see a textbox. Enter the following into the box:
update #__config set conf_value="http://www.mydomain.com/foldername" where conf_name="o_base_url"where http://www.mydomain.com/foldername is the proper path to the folder
click the button to submit. Then, in your FTP program, go to the cache directory of your forum directory and delete all the files ending in .php
2,841 2007-06-14 16:56
Re: site in map problem (19 replies, posted in PunBB 1.2 troubleshooting)
Run this SQL query
update prefixconfig set conf_value="http://www.mydomain.com/foldername" where conf_name="o_base_url"where prefix is your database prefix and http://www.mydomain.com/foldername is the proper path to the folder
Then, delete the .php files in the cache directory in the forum directory
2,842 2007-06-14 16:44
Re: site in map problem (19 replies, posted in PunBB 1.2 troubleshooting)
admin_options.php wrote:
Bad HTTP_REFERER. If you have moved these forums from one location to another or switched domains, you need to update the Base URL manually in the database (look for o_base_url in the config table) and then clear the cache by deleting all .php files in the /cache directory.
2,843 2007-06-14 16:36
Re: site in map problem (19 replies, posted in PunBB 1.2 troubleshooting)
meh
duh
<?php
header("Location: http://www.mydomain.com/foldername/");
exit;2,844 2007-06-14 16:25
Re: site in map problem (19 replies, posted in PunBB 1.2 troubleshooting)
OK, so, I THINK I understand you now
header("Location: http://www.mydomain.com/foldername/");
exit;Save that as index.php in the root
2,845 2007-06-14 16:07
Re: site in map problem (19 replies, posted in PunBB 1.2 troubleshooting)
Hmm, let me make sure I have this right.
The forum was originally at
www.mydomain.com/forum/
Now, it's at
www.mydomain.com/foldername/forum/
and you want
www.mydomain.com
to redirect to
www.mydomain.com/foldername/forum/
header("Location: http://www.mydomain.com/foldername/forum/");
exit;btw: My code example was meant to be put in the root of the site, not in the PunBB index.
2,846 2007-06-14 15:15
Re: If pun_user is authenticated AND is in usergroup N (4 replies, posted in PunBB 1.2 modifications, plugins and integrations)
True
2,847 2007-06-14 15:14
Re: site in map problem (19 replies, posted in PunBB 1.2 troubleshooting)
And after consultation with someone who knows Dutch, I'm told I should replace the word "map" with the word "folder" 
There are a couple ways to redirect from a page to a folder. You can put the following as your index.php
header("Location: http://www.mysitename.blabla/myfoldername/");
exit;with the proper folder name and domain name, of course. That's just one method.
2,848 2007-06-14 15:06
Re: Modification in registration (14 replies, posted in PunBB 1.2 modifications, plugins and integrations)
No, there are no plans to include this in 1.3, although I'm sure it could be written as an extension.
The easiest way to do this in 1.2 is probably to set activate_string for the new user to the properly hashed password, activate_key for the new user to a key, and not to set a password for the user. Then, change the registration email to be similar to the change password email and use the change_pass feature of profile.php as a means of activation. The user then can't login until the password change link is clicked.
2,849 2007-06-14 14:57
Re: How does PunBB do against spam attacks (28 replies, posted in PunBB 1.2 discussion)
zap wrote:
It does like crap, to put it mildly. We had PunBB installed on our site by the person who built the whole thing and have been spammed pretty heavily for the last few months.
Do you allow guest posting? Do you use any of the anti-spam mods? Do you require users to verify their registration via email? Using an unmodded, completely open version of just about any forum software is going to get you spam.
zap wrote:
I updated to the latest version, hacked a few scripts here and there to fool bots but it's not use.
Assuming you're not using any of the anti-spam mods that have been released, might I suggest doing so? A lot of homemade anti-spam solutions I've seen people come up with have mistakes in the code that renders them ineffective. Using one of the mods should avoid that issue.
zap wrote:
Having read through some of the code it becomes clear that this was never written with security in mind.
Security is something we take very seriously, so I'm surprised to hear you say that. I'm not exactly sure what you mean though: care to clarify?
zap wrote:
The spammers we get are injecting users and posts straight into our database without ever going through the registration page. This means most of the "fixes" posted here won't work.
I have to go with Dr Jeckyl and say that without more information, this is a bogus claim. I've seen anti-spam solutions work extremely well (I've also seen PunBB forums which have never experienced spam) and I have never seen an SQL injection in PunBB that would allow something like that. If you think you've found an SQL inject in PunBB though (I'm talking about PunBB itself, not a mod you installed or coded yourself), I would encourage you to report it so we can fix it.
zap wrote:
I had to spend several hours coding my own anti-spam thing which, for now, seems to hold up.
Doesn't that directly contradict what you said earlier, that it was "no use" to try to deter spam from a PunBB forum?
zap wrote:
I know the PunBB people are not going to like this but I feel you should be warned.
Well, it's nice of you to want to look out for another user. However, it would be even better if you could clarify some of your criticism and not make such broad claims without evidence to back it up.
2,850 2007-06-14 14:43
Re: Skin making question (5 replies, posted in PunBB 1.2 troubleshooting)
winger wrote:
Is there a way to make your skin in photoshop or whatsoever, and then put it as punbb skin?
I know spinkBB, Very nice.. but I'm just curious..I can make a skin but I can't code at all
Any solutions apart from spinkBB ?
Not really, skins are CSS