In that case, you would change default '' to default 0
However, as I said, that's not the only change necessary
3,951 2007-02-26 03:02
Re: Private Messaging Problem (11 replies, posted in PunBB 1.2 troubleshooting)
3,952 2007-02-26 03:00
Re: Executable Code in profiles (24 replies, posted in PunBB 1.2 discussion)
Burnsy86 wrote:
This is kind of scary. Is it possible for these guys to hack into our servers through PunBB? What if someone has their forums on an e-commerce site? yikes...
Unless I've missed something, nobody has found an exploit in PunBB here 
3,953 2007-02-26 02:54
Re: Executable Code in profiles (24 replies, posted in PunBB 1.2 discussion)
The whole point of having the cache is that it isn't stored in the database 
And the stuff doesn't have to be world writable: it completely depends on your settings. I know, for example, that my cache files, avatars, etc are only writable by the user that created them
3,954 2007-02-26 02:04
Re: How does authentication in PunBB work? (24 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Take a look at the aptly named check_cookie and pun_setcookie functions in include/functions.php?
3,955 2007-02-26 02:04
Re: Link Disguise (6 replies, posted in PunBB 1.2 discussion)
Not as a default feature
3,956 2007-02-26 02:03
Re: Private Messaging Problem (11 replies, posted in PunBB 1.2 troubleshooting)
You have to edit install_mod.php to change the default values for some int columns (ie: owner) to be actual integers
3,957 2007-02-26 01:30
Re: Link Disguise (6 replies, posted in PunBB 1.2 discussion)
You can't use HTML, you need to use BBCode
3,958 2007-02-26 00:24
Re: register.php (22 replies, posted in PunBB 1.2 troubleshooting)
The database should have nothing to do with this, nor should install_mod.php
3,959 2007-02-26 00:15
Re: Executable Code in profiles (24 replies, posted in PunBB 1.2 discussion)
<Limit GET POST PUT>
Order Allow,Deny
Deny from All
</Limit>3,960 2007-02-25 23:52
Re: register.php (22 replies, posted in PunBB 1.2 troubleshooting)
Only thing I see in common that wouldn't be elsewhere is lang/English/register.php: I doubt that's requiring functions.php though
3,961 2007-02-25 23:05
Re: Executable Code in profiles (24 replies, posted in PunBB 1.2 discussion)
IDunno wrote:
Hi Smarty,
Would it be possible to throw in a .htaccess file in the the cache folder or any other "writable folders" to stop someone from accessing php files? Say something like this::
<Files *.php>
Deny from all
</Files>Would this work? Just wondering...
Thanks
A similar .htaccess file is there by default: I would assume it was removed by your friendly hacker
3,962 2007-02-25 14:29
Re: Executable Code in profiles (24 replies, posted in PunBB 1.2 discussion)
I would contact your host and ask them: they're in a better position to figure it out.
3,963 2007-02-25 14:06
Re: Executable Code in profiles (24 replies, posted in PunBB 1.2 discussion)
I can't be certain, but my guess is that the person had some other access to your forum (ie: they compromised another site) and then used a script to deface more sites on the same server
3,964 2007-02-25 13:48
Re: Executable Code in profiles (24 replies, posted in PunBB 1.2 discussion)
Could you email a copy of the file to me please? My email is smartys at this domain
3,965 2007-02-25 13:18
Re: register.php (22 replies, posted in PunBB 1.2 troubleshooting)
It shouldn't but you can try removing the files. To be honest, I have no way of knowing what the isssue is
3,966 2007-02-25 13:04
Re: register.php (22 replies, posted in PunBB 1.2 troubleshooting)
Were there any other edits you did?
3,967 2007-02-25 12:59
Re: register.php (22 replies, posted in PunBB 1.2 troubleshooting)
And if you revert your changes for one file at a time, does it go back to normal?
3,968 2007-02-25 12:57
Re: Executable Code in profiles (24 replies, posted in PunBB 1.2 discussion)
That would be an XSS attack. As far as I know there aren't any in PunBB right now, so I'd look into the mods you have installed. If you manage to find the cause, make sure to report it to the author (you can email any member of the dev team if the bug happens to be in PunBB)
3,969 2007-02-25 12:53
Re: register.php (22 replies, posted in PunBB 1.2 troubleshooting)
OK, could your paste your edited copy of header.php, register.php, and functions.php here please?
3,970 2007-02-25 12:49
Re: A thought about using one db table set for several forum installations (2 replies, posted in PunBB 1.2 discussion)
Actually, you have it backwards (I'm talking about 1.3 behavior here).
The links use the base URL and the includes use PUN_ROOT. For 1.2, the only difference is that links, etc don't use base URL
3,971 2007-02-25 12:47
Re: register.php (22 replies, posted in PunBB 1.2 troubleshooting)
What was the last file(s) you edited?
3,972 2007-02-25 12:42
Re: How to change this? (1 replies, posted in Programming)
Moved to Programming
Did you restart Apache after editing php.ini?
3,973 2007-02-25 03:35
Re: set_default_user() (1 replies, posted in Feature requests)
$pun_user is not the same for all guest users. In addition, it fetches from the online table on every pageview in that query because the value in the table changes every pageview. You can't just eliminate the query.
3,974 2007-02-25 03:23
Re: Posts orderd by date posted (3 replies, posted in PunBB 1.2 discussion)
viewtopic.php
FIND
$result = $db->query('SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'users AS u ON u.id=p.poster_id INNER JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id LEFT JOIN '.$db->prefix.'online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id='.$id.' ORDER BY p.id LIMIT '.$start_from.','.$pun_user['disp_posts'], true) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());REPLACE WITH
$result = $db->query('SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'users AS u ON u.id=p.poster_id INNER JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id LEFT JOIN '.$db->prefix.'online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id='.$id.' ORDER BY p.id DESC LIMIT '.$start_from.','.$pun_user['disp_posts'], true) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());That looks like quite a big change, but I just added "DESC" to the end of the order by clause
3,975 2007-02-25 03:22
Re: Is there a way...? (4 replies, posted in PunBB 1.2 discussion)
Keep in mind that the announcement can now not be used for normal announcements, it is only shown for guests