1

(5 replies, posted in PunBB 1.2 discussion)

But I don't mind if people say bitch..

The thing is I'd like to keep them from registering with names like "Admin" and "Moderator". These aren't words I want to censor.

There used to be something you could do in the config file to restrict names but I can't find a reference to it anymore.

2

(5 replies, posted in PunBB 1.2 discussion)

How do I disallow usernames? Like let's say I don't want a user registering with "bitch" in their username. As in bitchx.

3

(13 replies, posted in PunBB 1.2 discussion)

Oh the link to that message he (Lacertosum) posted is here: http://jacquelinepassey.blogs.com/blog/ … refox.html toward the bottom of the page.

4

(13 replies, posted in PunBB 1.2 discussion)

So, this morning I get this email from some concerned user of my site telling me that a guy who has registered is a hacker and hacked a phpbb board (they sent me the address to that). They forwarded me this message by this hacker (the email address he used to post the message and the one used to sign up for my board are the same):

As a hacker, I can say with 100% certainty that Firefox is a better browser in terms of security than IE. IE's severely flawed implementation of HTML makes it so that just about every XSS (Cross Site Scripting) attack in the book works on it.

I can do IE-Compatible XSSes via tables, images, xml tags, bgsound tags, object tags, frame tags, iframe tags, and on and on. Not nearly as many of those will work in Firefox. In fact ALL of the XSSes I have done have worked in IE. However, only a handful have worked in Firefox.

About the patching of other security flaws that have been discovered, flaws discovered in Firefox (of which far fewer have been discovered than in IE, and the criticality of them has been lower) have been patched in short order. However, Microsoft has taken months to patch security flaws in IE before.

As far as features go, Firefox has a good number of them built in. Even if there is less than IE, Firefox has a robust plug-in interface; a plug-in can be written to do most anything in Firefox.

I even have a cookie editor for Firefox so I can effortlessly forge cookies. Forged cookies can be used to get unauthorized access to website features, and even entire accounts, so the cookie editor plug-in is really handy. There are MANY plug-ins for Firefox to add more features and functionality to the browser. And more are being developed every day.

These reasons are why Firefox is the browser of choice for hackers. It is more secure and more extensible.

By the way, while previewing the first version of my post, I discovered that this comments page may be vulnerable to XSS. I will do a test post to make sure (Don't worry, it will just create a simple alert() box if successful.)

Alrightythen, should I be concerned? I'm downloading the FF cookie edit extension now to see what it does but in the meantime is there a way to make sure cookies are protected?

Connorhd wrote:

put a # before SetEnvIfNoCase and try

also it could well have nothing to do with .htaccess, it could be to do with the main apache config, why don't you just contact your host?

I am the host.

Putting the # in front worked.

I found what seems to be causing in issue in my htaccess. It's this:

# kill referral spam
SetEnvIfNoCase Referer ".*(blackjack|buy|card|cards|cash|casino|casinos|chat|cheat|cialis|credit|debt|diet|doobu|finance|financing|gambling|gaming|hold|holdem|info|insurance|interest|learnhowtoplay|levitra|loan|mortgage|nude|payday|pics|pills|phentermine|poker|porn|prozac|rates|reductil|refinance|roulette|sex|slot|tecrep|valium|viagra|video|vinhas|wsop|xanax|xxx|yelucie).*" goodbye
<Files *>
order deny,allow
deny from env=goodbye
</Files>

I don't understand why that would be causing an issue. It's only happening when I want to move a topic.

Well it's not my htaccess file because one of the first things I tried was a blank one. Is this a server issue or a punbb issue? Can anyone else offer up some more suggestions?

I keep getting a 403 error when I try to move a topic. Then if I go to the index, I continue to get a 403. I have to clear cache and cookies to get back to the site.

This is what's in my error log:

[Mon May  9 14:48:08 2005] [error] [client 63.16.76.65] client denied by server configuration: /home/rav/public_html/forum/moderate.php

But I haven't banned myslef or anything, I'm confused.

Would it be too much to ask if you'd add colors?

TheBaker wrote:

It's all working fine, but when I edit a post without a poll, I get these errors:

Notice: Undefined index: question in /xxxxx/include/punpoll/edit_save.php on line 6

Notice: Undefined index: answers in /xxxxx/include/punpoll/edit_save.php on line 9

It doesn't stop anything working, it's just annoying. Any ideas how I could stop them from appearing?

I get the same errors yet everything works fine. I just put an @ in the edit.php to stop seeing the errors. Like so: @require PUN_ROOT.'include/punpoll/edit_form.php';

Thanks Gary! smile

ACT - Auto Close Topics

12

(3 replies, posted in General discussion)

Thanks Connorhd. I'll keep a lookout for it.

13

(3 replies, posted in General discussion)

Is there anyway to close topics by age. Like if the topic is 30 days old and there have been no replies in 14 days, close the topic?

It works fine now. The errors were my fault. I had punpoll installed before and had to delete the table, then run the install again.

Thanks for your reply. I've found $pun_root in other places and replaced it. I'm not getting any errors but I can't save a post with a poll. I did however see some warnings in my error log:

[error] PHP Notice:  Undefined variable:  poster in /home/username/public_html/forum/include/punpoll/viewtopic.php on line 48
[error] PHP Notice:  Undefined index:  type in /home/username/public_html/forum/include/punpoll/post_save.php on line 27

I get this error in admin_options.php
Notice: Undefined variable: pun_root in /home/ravingat/public_html/forum/admin_options.php on line 404

I've tried it many ways what I have is

<?php $pun_root = '../forum/';
require $pun_root.'config.php';
require $pun_root.'include/common.php';
$URL = "http://ravingatheist.com/forum/img/uploads/";
$maxsize = 153600; ?>
<html dir="ltr">
        <head>
            <title>Upload an Image</title>
            <link rel="stylesheet" type="text/css" href="../../style/Oxygen.css">
        </head>
        
        <body>
<table cellpadding="10" bgcolor="#ffffff" width="100%" height="100%" style="font-size: 12px; ">
<td valign="top">

<?php
    if ($cookie['is_guest']) message($lang_common['No permission']);
     if (isset($_POST['upload'])) 
    {

It doesn't work it says

Warning: main(../forum/config.php): failed to open stream: No such file or directory in /home/-------/public_html/forum/img/uploads/upload.php on line 2

I'm using punbb 1.2 btw.

How do I check for a cookie in upload.php to make sure guests can't upload?

19

(15 replies, posted in PunBB 1.2 bug reports)

Thank-you!

20

(15 replies, posted in PunBB 1.2 bug reports)

Ahh see everything is screwy..

21

(15 replies, posted in PunBB 1.2 bug reports)

Can I stop them from registering with quotations?

22

(15 replies, posted in PunBB 1.2 bug reports)

Well, it's breaking them. The user's name is like hello "aka" good-bye.

hello "aka" good-bye wrote:

this is a quote

When I remove the quotations from the name the quotes are rendered normally and the rest of the page is not broken.

23

(15 replies, posted in PunBB 1.2 bug reports)

I have users who have registered with quotes " " in their names, it's braking the [ quote ] in posts. How can I stop them from registering with quotes?

I can't wait for an upgrade sad

25

(1 replies, posted in General discussion)

I understand how the permissions for user titles work. What I'd like to do (and I did search) is have the title "New member" only until they are not a new member (after 20 posts) then allow them to edit their own user title. Is there a way to do this?