Run a query to check? 
3,101 2007-05-20 21:38
Re: Users login status on an external page? (7 replies, posted in PunBB 1.2 modifications, plugins and integrations)
3,102 2007-05-20 21:16
Re: Users login status on an external page? (7 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Did you already have the first two lines in your code?
3,103 2007-05-20 20:36
Re: Users login status on an external page? (7 replies, posted in PunBB 1.2 modifications, plugins and integrations)
define('PUN_ROOT', './');
require PUN_ROOT.'include/common.php';
if ($pun_user['is_guest'])
{
}
else
{
}Moved to Integration
3,104 2007-05-20 13:40
Re: Missing Moderator options (7 replies, posted in PunBB 1.2 troubleshooting)
That's an issue with your CSS, the HTML has the footer there but for whatever reason it's being hidden
3,105 2007-05-20 12:47
Re: Vulnerable to spambots (89 replies, posted in PunBB 1.2 discussion)
PunBB doesn't rely on Javascript and it's going to stay that way 
Not to mention that those scripts don't seem to help with spam per-se, the first script describes itself as:
Purpose: Base flood, XSS and SQL Injection protection
3,106 2007-05-20 12:33
Re: Missing Moderator options (7 replies, posted in PunBB 1.2 troubleshooting)
Link?
3,107 2007-05-20 11:30
Re: Using PunBBs authentication code in libarry for CodeIgniter (2 replies, posted in PunBB 1.2 discussion)
Assuming your code is released under the GPL, yes
3,108 2007-05-20 11:02
Re: page access to a cirtin group (3 replies, posted in PunBB 1.2 troubleshooting)
== if you want it to only be seen gy group 2
3,109 2007-05-20 00:27
Re: Single post topic forum (13 replies, posted in Programming)
MattF wrote:
Smartys wrote:You need to edit the initial query for $cur_post to grab the post_replies column
Just been having a look at the delete.php db query, and it looks as if the post_replies is already in the lookup? This line:
$result = $db->query('SELECT f.id AS fid, f.forum_name, f.moderators, f.redirect_url, fp.post_replies, fp.post_topics, t.id AS tid, t.subject, t.posted, t.closed, p.poster, p.poster_id, p.message, p.hide_smilies FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.id='.$id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());Is that the right one, the fp.post_replies? If so, would I just use $cur_post['post_replies'] instead of the $cur_topic['post_replies'] var?
Thanks once again.
Matt
You're right, I could have sworn that it wasn't in the query though
3,110 2007-05-19 21:40
Re: changing base url ? (7 replies, posted in PunBB 1.2 troubleshooting)
elbekko wrote:
Setting it in the admin panel should automatically update the cache
Indeed: and if it wasn't working you would be getting an error
3,111 2007-05-19 21:40
Re: Single post topic forum (13 replies, posted in Programming)
You need to edit the initial query for $cur_post to grab the post_replies column
3,112 2007-05-19 19:25
Re: Single post topic forum (13 replies, posted in Programming)
Well, it won't be disabled, the link is just hidden. You would need to make a similar edit in delete.php
3,113 2007-05-19 17:08
Re: Vulnerable to spambots (89 replies, posted in PunBB 1.2 discussion)
eric235u wrote:
[my two cents]
when i join a website or forum i despise overly time consuming activation processes. i'm not a trick pony and don't jump through hoops.
it seems that the best way of slowing down spam is to keep the methods varied and modular. if there's four or five punbb antispam modules that all work differently we would be in a better strategic position than if one module were included in the official release. this argument i think is self evident.
[/my two cents]
Agreed (although certain mods are very effective, I've seen Akismet work very well on the PunBB blog)
3,114 2007-05-19 15:43
Re: Vulnerable to spambots (89 replies, posted in PunBB 1.2 discussion)
gil wrote:
But I cannot use punbb in an "open" configuration (guest allowed, or no e-mail procedure), so I think there is a fundamental problem. If a function is provided, we should be able to use it without extension.
You can use it. However, you have to deal with spam. Just because you can do something does not mean that it's necessarily prudent to do so
For an example, how about buying a computer. If I buy a computer, the first thing I need to do is update it, get security tools (eg: firewall, antivirus, etc). It works perfectly "out of the box," but if you use it like that you will be hacked.
gil wrote:
If a spambot can fight a forum software, it can not fight all the administrator in the world. So why not an option with two text fields, a "question" and an "answer", both defined (as often as wished) by the admin? And each guest message or inscription, the "question" is displayed, and the answer is checked (whithout spaces, no capital letters). Like a standard anti-captcha, but here, a spambot cannot spam all the forum in the world, each forum must be first manually attacked.
Spammers already pay people to manually register accounts for them
Plus, this makes for a great deal more work for the administrator
3,115 2007-05-19 15:31
Re: Single post topic forum (13 replies, posted in Programming)
Unless I'm wrong, that's easily possible
Create a forum, edit its permissions in admin_forums.php. Make sure that people can only post topics, not replies. Then make sure people can edit their own posts. Tada!
3,116 2007-05-19 14:28
Re: Blacklist Integratation with Project HoneyPot (8 replies, posted in PunBB 1.2 discussion)
http://www.punres.org/viewtopic.php?id=3380
I made a mod specifically for this list
3,117 2007-05-19 13:16
Re: how about a simple gaming clan script (5 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Moved to Modifications
3,118 2007-05-19 10:54
Re: Vulnerable to spambots (89 replies, posted in PunBB 1.2 discussion)
trakman wrote:
the last thing I wanted to read was someone getting defensive and saying: well it's not a 'bug'
This is as important as a buffer overflow/exploit. Developers should stop working on 1.3 until this is addressed in 1.2
Out-of-the-box pun installs are too vulnerable to spam.
To quote Wikipedia, "A computer bug is an error, flaw, mistake, failure, or fault in a computer program that prevents it from working correctly or produces an incorrect result."
PunBB is working exactly as intended. 1.3 will have more tools to deal with spam. In the meantime, if you are having a problem, there are plenty of modifications around to help you. Those modifications will protect you even better than they would if we coded them in for the reason you stated: as soon as a method becomes popular enough, spammers will try to reverse engineer it.
Take the "add an extra timezone" tweak: if we wer to put that in, spammers would immediately just change their programs to pick a legitimate timezone. Instead, since it's done by individual forum owners, it can actually trick some bots who are registering.
calande wrote:
Yes obviously. Considering that this is not a bug, one could also consider that MySQL injections are not bugs because one could argue that "no one is supposed to type some SQL commands in the search field". Same rationale.
An SQL injection compromises the safety of the data in the database. It's a bug because it allows a user to bypass the protections built in to the queries. Spammers are bypassing nothing, they are simply registering and posting in a legitimate manner (albeit in an automated manner as well).
As I've said before though, that's not to say that we don't consider spam a big deal. We do. However, saying "oh, it's a bug! it's a bug!" and demanding that we "fix it" isn't productive. Fighting spam is difficult. If you have suggestions on how to deal with it, by all means tell us them. If you think one of your suggestions should be added to 1.3, PLEASE post it in Feature Requests.
I'm going to start writing some anti-spam mods for 1.2 I've been putting off
3,119 2007-05-18 23:31
Re: Migration tool problems (4 replies, posted in PunBB 1.2 troubleshooting)
Yeah, I'm not sure either, since I don't recall anything in the code that would be doing intense processing
Could you check your server's error log and see if anything popped up?
3,120 2007-05-18 23:14
Re: Migration tool problems (4 replies, posted in PunBB 1.2 troubleshooting)
Just viewing the page, before submitting anything?
3,121 2007-05-18 21:18
Re: Vulnerable to spambots (89 replies, posted in PunBB 1.2 discussion)
calande wrote:
I think it's going to take at least a few years before spambots are able to read the operation that is written inside an image, and then process it and give the result. People who have problems reading can click the "speaker" icon to hear it loud.
http://www.cs.sfu.ca/~mori/research/gimpy/
http://www.botmaster.net/pictocod/
etc
CAPTCHAs can and have been broken.
As for the sound, I have not yet seen any PHP that generates a sound file for given characters (and most likely there would be issues with running it on hosts)
MadHatter wrote:
Smartys wrote:MadHatter wrote:i'm not talking about a captcha solution or extension. I'm talking about re-thinking the sign up process so that automated registrations are overly difficult or infeasible.
And how would you do that?
let me say that I'm not as versed in the registration process as you guys are, so take this with a grain of salt.
if this were me (which its not), I would probably put all registrations in a temp table. create a new uuid in that table with the user info. when users sign up, they are added to a temp users table and pull the generated uuid from the table after its inserted, then place that uuid into an activation email to the user. crate an activation page that the user has to type / paste in the uuid and submit it. have an activation threshold for activation attempts and date range and when it reaches the first of those limits, the temp record is deleted (and or banned, depending on preferences).
thats my 2 second thought process, so I'm sure there are many more, more efficient ways to stop automated registrations from signing up in punbb, but this was the first thing that came to mind. looking at the apps / scripts that do the automated spamming would probably be fruitful too.
Bots can deal with activation emails though
And even if they couldn't, we already have an activation code process (and a cron job to remove unverified users after x days isn't difficult)
3,122 2007-05-18 16:55
Re: Vulnerable to spambots (89 replies, posted in PunBB 1.2 discussion)
calande wrote:
It's relative. What is time-consuming for a spambot is considered normal to end-users, ie: calculating 84x34 = ?
People already type what is in a captcha. It's commonplace.
Calculating 84x34 is far easier for a bot than for a human
And there are issues with CAPTCHAs, a lot of which have already been mentioned
3,123 2007-05-18 16:38
Re: Vulnerable to spambots (89 replies, posted in PunBB 1.2 discussion)
Then I guess you missed my point: users hate time-consuming processes
3,124 2007-05-18 16:29
Re: Vulnerable to spambots (89 replies, posted in PunBB 1.2 discussion)
calande wrote:
Nope, no legitimate user use something automatic to sign up and post messages. At least not me
The whole process has always been manual for regular users.
I was referring to "When the whole process needs to be manual and time-consuming, spammers give up."
3,125 2007-05-18 15:30
Re: Vulnerable to spambots (89 replies, posted in PunBB 1.2 discussion)
calande wrote:
Actually I have an antispambot filter on the pcbsd.org forum, and for 5 months we have had only 1 or 2 spams. Combinations of spam filters are best. And there needs to be antispambots also for registered users, otherwise spammers register accounts manually and then send loads of spam using spambots. When the whole process needs to be manual and time-consuming, spammers give up.
As do legitimate users 