Hello,
Have you guys ever considered of making Private Messaging system private messages really private? I am thinking about encoding messages in database and using user password as passphrase. Maybe someone already did such thing and can give some advices to me?
1 2009-03-19 18:09
Topic: Encoding PMS messages (0 replies, posted in PunBB 1.2 modifications, plugins and integrations)
2 2009-03-15 10:54
Re: md5 (?) encoded ip addresses (32 replies, posted in PunBB 1.3 discussion)
Thanks for advice.
function get_remote_address()
{
return md5(sha1(gethostbyaddr($_SERVER['REMOTE_ADDR'])));
}That should be fine?
3 2009-03-15 08:23
Re: md5 (?) encoded ip addresses (32 replies, posted in PunBB 1.3 discussion)
1) Yes, it would be much easier 
2) And what about using sha1 at first, and then encrypt it with md5? For example md5(sha1($_SERVER['REMOTE_ADDR']))?
4 2009-03-14 13:53
Re: md5 (?) encoded ip addresses (32 replies, posted in PunBB 1.3 discussion)
I forgot to mention about post.php. But it is simple - all get_remote_address() to sha1(get_remote_address())
5 2009-03-14 11:48
Re: md5 (?) encoded ip addresses (32 replies, posted in PunBB 1.3 discussion)
First of all, I encoded old data in registration_ip, poster_ip, and ip (bans table) and changed VARCHAR lenght of those rows to 40. Even ip row in bans table, because baning range of sha1 encoded IP adresses is not possible (IMO). Then in registrer.php changed both get_remote_address() to sha1(get)remote_address(). In funtions.php also changed all get_remote_address() to sha1(get)remote_address() except for the
function get_remote_address() at line 725. Changing $cur_ban_ips[$i] = $cur_ban_ips[$i].'.'; to į $cur_ban_ips[$i] = $cur_ban_ips[$i]; was done in punbb 1.2.21. In 1.3.2 it's changed already. In search_funtions.php also all get_remote_address() changed to sha1(get_remote_address()). Than in admin/bans.php
at line 279 removed those lines:
if ($c > 3 || !ctype_digit($octets[$c]) || intval($octets[$c]) > 255)
message($lang_admin_bans['Invalid IP message']);and at line 190:
<span class="fld-input"><input type="text" id="fld<?php echo $forum_page['fld_count'] ?>" name="ban_ip" size="45" maxlength="255" value="<?php if (isset($ban_ip)) echo $ban_ip; ?>" /></span>changed to
<span class="fld-input"><input type="text" id="fld<?php echo $forum_page['fld_count'] ?>" name="ban_ip" size="43" maxlength="40" value="<?php if (isset($ban_ip)) echo $ban_ip; ?>" /></span>And I think that's it for basic stuff. Other changes are "cosmetical", because sha1 encoded IP addresses are 40 symbols long, so for exampe in viewtopic.php it would be out of range.
6 2009-03-14 09:32
Re: md5 (?) encoded ip addresses (32 replies, posted in PunBB 1.3 discussion)
Ok, I've changed $cur_ban_ips[$i] = $cur_ban_ips[$i].'.'; to į $cur_ban_ips[$i] = $cur_ban_ips[$i]; and it seems work fine.
7 2009-03-13 20:15
Re: md5 (?) encoded ip addresses (32 replies, posted in PunBB 1.3 discussion)
Maybe it's something wron with that line:
if (substr($user_ip, 0, strlen($cur_ban_ips[$i])) == $cur_ban_ips[$i]) ?
8 2009-03-13 15:36
Re: md5 (?) encoded ip addresses (32 replies, posted in PunBB 1.3 discussion)
Still facing same problem
I think it's fine (function.php):
//
// Check whether the connecting user is banned (and delete any expired bans while we're at it)
//
function check_bans()
{
global $db, $pun_config, $lang_common, $pun_user, $pun_bans;
// Admins aren't affected
if ($pun_user['g_id'] == PUN_ADMIN || !$pun_bans)
return;
// Add a dot at the end of the IP address to prevent banned address 192.168.0.5 from matching e.g. 192.168.0.50
$user_ip = sha1(get_remote_address());All IPs in ban table are sha1 encrypted.
9 2009-03-13 15:10
Re: md5 (?) encoded ip addresses (32 replies, posted in PunBB 1.3 discussion)
I have started working on this. In register.php and functions.php changed get_remote_address to sha1(get_remote_address) ant it works fine, but there is one problem: when I am trying to ban encoded ip, it just doesnt work. Ban put, but you can register from that ip again.
10 2009-03-13 09:33
Topic: md5 (?) encoded ip addresses (32 replies, posted in PunBB 1.3 discussion)
Hello,
For some reasons I would like to encode (just like passwords) IP addreses. What i want to do is to leave IP addresses unknown for everybody, even admins, and in place of it generate some kind of indentification code. In general, would it be possible? If yes, I believe it wouldn't be easy . Which file is responsible for placing ip adresses to database?
11 2008-11-02 12:18
Re: Timezone and automatic usergroup change (4 replies, posted in PunBB 1.2 troubleshooting)
And one more question. How to do that: for new users change group automatically after one week membership in forum.
12 2008-11-02 12:10
Topic: Timezone and automatic usergroup change (4 replies, posted in PunBB 1.2 troubleshooting)
Hello, I am using PunBB 1.2.20 and server time zone is -07 MST, but how to change default value in register.php from -07 to +02, because my country timezone is +02. Thanks.
EDIT: Altered the topic subject. //Anatoly