at start you need to execute 2 queries:
SET AUTOCOMMIT = 0
BEGIN
and in end_transaction:
COMMIT
or
ROLLBACK
if there was an error
You are not logged in. Please login or register.
PunBB Forums → Posts by Riklaunim
at start you need to execute 2 queries:
SET AUTOCOMMIT = 0
BEGIN
and in end_transaction:
COMMIT
or
ROLLBACK
if there was an error
Polish lang for polls (utf-8 compatible font required to see special chars)
<?php
// Language definitions used in viewforum.php
$lang_polls = array(
'Poll' => 'Ankieta',
'New poll' => 'Stwórz now? ankiet?',
'New poll legend multiselect' => 'Ustaw informacje (ankieta wielokrotnego wyboru)',
'New poll legend yesno' => 'Ustaw informacje (ankieta wielokrotnego wyboru tak/nie)',
'New poll legend' => 'Ustaw informacje',
'Multiselect' => 'Ankieta wielokrotnego wyboru',
'Yesno' => 'Ankieta wielokrotnego wyboru tak/nie',
'Regular' => 'Zwyk?a Ankieta',
'Question' => 'Pytanie',
'Option' => 'Opcja',
'Optional' => '(Opcjonalne)',
'Yes' => 'Warto?? logicznego Tak (Zgadzam si?, tak itp.)',
'Null vote' => 'Pusty g?os',
'Poll preview' => 'Podgl?d Ankiety',
'No' => 'Warto?? logicznego Nie',
'Create new poll' => 'Stwórz Ankiet?',
'Poll select' => 'Wybierz typ ankiety',
'Already voted' => 'Ju? g?osowa?e? w tej ankiecie',
'Vote success' => 'Twój g?os zosta? zapisany',
'Empty option' => 'Ankieta ma pust? opcj?.',
'No options' => 'Ankieta musi zawiera? opcje.',
'Low options' => 'Ankieta musi zawiera? wi?cej ni? jedn? opcj?.',
'No question' => 'Ankieta musi zawiera? pytanie.',
'Too long question' => 'Pytanie nie mo?e zawiera? wi?cej ni? 70 znaków.',
'No yes' => 'Ta ankieta musi zawiera? warto?? (Tak).',
'Too long yes' => '(Tak) warto?? nie mo?e by? wi?ksza ni? 35 znaków.',
'No no' => 'Ta ankieta musi zawiera? warto?? (nie).',
'Too long no' => '(Nie) warto?? nie mo?e by? wi?ksza ni? 35 znaków.',
'No message' => 'Podaj wiadomo??.',
'Too long message' => 'Post mo?e maksymalnie zajmowa? 64KB.'
);
I'm migrating jakilinux.org forum (phpBB) and after the migration I had to install some hacks. Some of them needs some updates to work:
Private Messaging System 1.2.2
I had to alter the SQL in install_mod.php to create table on MySQL 5:
default:
$sql = 'CREATE TABLE '.$db->prefix."messages (
id INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,
owner int(10) NOT NULL DEFAULT 0,
subject VARCHAR(120) NOT NULL DEFAULT '',
message TEXT,
sender VARCHAR(120) NOT NULL DEFAULT '',
sender_id int(10) NOT NULL DEFAULT 0,
posted INT(10) NOT NULL DEFAULT 0,
sender_ip VARCHAR(120),
smileys TINYINT DEFAULT '1',
status TINYINT DEFAULT '0',
showed TINYINT DEFAULT '0',
PRIMARY KEY (id)
) TYPE=MyISAM;";
easy Poll 1.1.3
from the readme:
#---------[ 9. FIND (line:113) ]---------------------------------------------------
#
$sql = 'SELECT id, poster, subject, posted, last_post, last_post_id, last_poster, num_views, num_replies, closed, sticky, moved_to FROM '.$db->prefix.'topics WHERE forum_id='.$id.' ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC LIMIT '.$start_from.', '.$pun_user['disp_topics'];
#
#---------[ 10. REPLACE WITH ]---------------------------------------------------
#
$sql = 'SELECT id, poster, subject, posted, last_post, last_post_id, last_poster, num_views, num_replies, closed, sticky, moved_to, question FROM '.$db->prefix.'topics WHERE forum_id='.$id.' ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC LIMIT '.$start_from.', '.$pun_user['disp_topics'];
#
#---------[ 11. FIND (line:117) ]---------------------------------------------------
#
// With "the dot"
switch ($db_type)
{
case 'mysql':
case 'mysqli':
$sql = 'SELECT p.poster_id AS has_posted, t.id, t.subject, t.poster, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_views, t.num_replies, t.closed, t.sticky, t.moved_to FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'posts AS p ON t.id=p.topic_id AND p.poster_id='.$pun_user['id'].' WHERE t.forum_id='.$id.' GROUP BY t.id ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC LIMIT '.$start_from.', '.$pun_user['disp_topics'];
break;
case 'sqlite':
$sql = 'SELECT p.poster_id AS has_posted, t.id, t.subject, t.poster, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_views, t.num_replies, t.closed, t.sticky, t.moved_to FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'posts AS p ON t.id=p.topic_id AND p.poster_id='.$pun_user['id'].' WHERE t.id IN(SELECT id FROM '.$db->prefix.'topics WHERE forum_id='.$id.' ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC LIMIT '.$start_from.', '.$pun_user['disp_topics'].') GROUP BY t.id ORDER BY t.sticky DESC, t.last_post DESC';
break;
default:
$sql = 'SELECT p.poster_id AS has_posted, t.id, t.subject, t.poster, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_views, t.num_replies, t.closed, t.sticky, t.moved_to FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'posts AS p ON t.id=p.topic_id AND p.poster_id='.$pun_user['id'].' WHERE t.forum_id='.$id.' GROUP BY t.id, t.subject, t.poster, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_views, t.num_replies, t.closed, t.sticky, t.moved_to, p.poster_id ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC LIMIT '.$start_from.', '.$pun_user['disp_topics'];
break;
}
}
#
#---------[ 12. REPLACE WITH ]---------------------------------------------------
#
// With "the dot"
switch ($db_type)
{
case 'mysql':
case 'mysqli':
$sql = 'SELECT p.poster_id AS has_posted, t.id, t.subject, t.poster, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_views, t.num_replies, t.closed, t.sticky, t.moved_to, t.question FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'posts AS p ON t.id=p.topic_id AND p.poster_id='.$pun_user['id'].' WHERE t.forum_id='.$id.' GROUP BY t.id ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC LIMIT '.$start_from.', '.$pun_user['disp_topics'];
break;
case 'sqlite':
$sql = 'SELECT p.poster_id AS has_posted, t.id, t.subject, t.poster, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_views, t.num_replies, t.closed, t.sticky, t.moved_to, t.question FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'posts AS p ON t.id=p.topic_id AND p.poster_id='.$pun_user['id'].' WHERE t.id IN(SELECT id FROM '.$db->prefix.'topics WHERE forum_id='.$id.' ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC LIMIT '.$start_from.', '.$pun_user['disp_topics'].') GROUP BY t.id ORDER BY t.sticky DESC, t.last_post DESC';
break;
default:
$sql = 'SELECT p.poster_id AS has_posted, t.id, t.subject, t.poster, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_views, t.num_replies, t.closed, t.sticky, t.moved_to, t.question FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'posts AS p ON t.id=p.topic_id AND p.poster_id='.$pun_user['id'].' WHERE t.forum_id='.$id.' GROUP BY t.id, t.subject, t.poster, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_views, t.num_replies, t.closed, t.sticky, t.moved_to, t.question, p.poster_id ORDER BY sticky DESC, '.(($cur_forum['sort_by'] == '1') ? 'posted' : 'last_post').' DESC LIMIT '.$start_from.', '.$pun_user['disp_topics'];
break;
}
}
Old queries, to make it work add "question" and "t.question" to the current queries.
If I spot something more I'll post it
second is bit better as it doesn't use global variables
Yes, it is possible, but u should to rewrite many queries.
not realy. punBB uses include/dblayer/ db backend files and queries go throught them (for example mysql.php). If you edit query function it will work. Here is my old hack:
function query($sql, $unbuffered = false)
{
global $db_prefix;
IF(ereg('rk_bans', $sql) or ereg('rk_groups', $sql) or ereg('rk_online', $sql) or ereg('rk_users', $sql))
{
$sql = str_replace($db_prefix.'bans', 'cms_rk_bans', $sql);
$sql = str_replace($db_prefix.'groups', 'cms_rk_groups', $sql);
$sql = str_replace($db_prefix.'online', 'cms_rk_online', $sql);
$sql = str_replace($db_prefix.'users', 'cms_rk_users', $sql);
}
if (defined('PUN_SHOW_QUERIES'))
..................
You can use strpos and not ereg in my case forum have ***_rk_ prefix and cms_rk_ is the "main forum"
punDokuWiki is a more integrated dokuwiki - it will use punBB styles and you will have controll of permissions in punBB Admin Panel. The problem is that it hasn't been updated for a long time
punBB auth module in DokuWiki will allow to use punBB users in dokuWiki and set permissions against them in DokuWiki "Admin Panel"
I've didn't played with custom pages but at base it is a "custom page generator" which can be extended etc. to do more complex things.
Edit:
version 0.2 released (the same link)
- error messages are now saved and punFramework shows simple error message
- few fixes & tweaks (fixed typos in docs, added "You are: " section)
- added Polish docs
download: phpclasses
punFramework v 0.1 is a small MVC "framework" for punBB (1.3-dev), requires PHP5 - it allows you to create extra dynamic pages using forum layout very easily - you can make news, articles module or just wrap usefull stuff
In the package you will find 2 txt files - punFramework.txt describes how to install it (unpack & upload) and what is it and how it works. punFramework-example.txt - how to display 10 latest news (using topics and posts from selected forum) in punFramework. The example code is also included - just point your browser to /mvc.php?c=punnews see screenshot
It isn't finished yet, it isn't fully punned but do you like the concept? the framework? Any suggestions are welcomed.
I'm testing the 1.3-developement version of punBB and I've got few look&usability ideas.
links in the Admin Panel menu
it would be nice if similar links would be grouped - see this screenshot
Some text-size mini icons also could increase the ease of use (on screen also)
- Icons: I've used tango icons. See www.kde-look.org and www.gnome-look.org for Tango and other icons.
extra navbar
There is extra top navbar marked red on the screenshot. It's rather pointless to display it on non-topic/forum pages
I think my class - link can be usefull
Some examples:
www.php.rk.edu.pl - punBB + Code Igniter (pun Admins can enter site "admin panel")
www.cms.rk.edu.pl / www.linux.rk.edu.pl - my "CMS" integrated with punBB (chained user system)
1.3 won't come out rather soon, and I'm planning to work on my sites in next week or two
punDokuWiki release is old and DokuWiki had some releases. DokuWiki has auth plugin for punBB but the punDokuWiki version offers better integration and it would be nice if someone upgraded the package to latest releases
Link: here
I've published two simple classes that can be used to integrate punBB (or phpBB) user system with other scripts. The class can login, logout, register user, can check if user is logged in, is admin, is user and even make queries via the forum
viewtopic.php?id=8637 <- look at those links $_GET['id']
SQL injection or XSS attacks are made mostly by links - the $_GET array. All data send by forms is in $_POST array and the code doesn't touch it (like posts can have HTML code or "union" phrase..)
strip_tags will remove all tags from $_GET - XSS will be hard to execute because $_GET['variable'] will be stripped out of the code
The extra function "hacked": a ../ in a variable (which points with a patch to a file or folder like index.php?foo=files/bla.txt) means "go one folder up" - punBB doesn't use ../ so if we foud such thing - die, hacker trying to get a file/list of files. union, select, drop - common SQL commands (SQL injection). 1=1 1='1 1="1 - common things in examples of SQL injection. - if you have a query like: select foo from bar where filed=$_GET['x'] and a link: index.php?x=1 OR 1=1 would make: where field=1 or 1=1 1=1 is always true so "where" gets pointles
forms are send via _POST
I have this in /include/common.php at the top. It prevents from some hacking attempts
$_COOKIE= array_map("strip_tags", $_COOKIE);
$_GET = array_map("strip_tags", $_GET);
function hacked($data)
{
$data2 = $data;
$data = strtolower($data);
IF(ereg('\.\./', $data))
{
die('../ in GET');
}
IF(ereg('union', $data))
{
die('union in GET');
}
IF(ereg('select', $data))
{
die('SELECT in GET');
}
IF(ereg('drop', $data))
{
die('DROP in GET');
}
IF(ereg('1=', $data))
{
die('1= in GET');
}
return $data2;
}
$_GET = array_map("hacked", $_GET);
array_map executes a function on each array element The code will strip any tags in _GET (links) and cookies and will die if it will find ../ select, drop, 1=, union in links (SQL injections etc.)
I was playing with Firebird/Interbase. I've made a punbb driver for it (alfa,alfa) but this DB is quite annoying. punBB in post table has "message" field and Firebird doesn't like such filed name etc. etc. I need to read some more docs and maybe then I'll manage to gef pun working very big maybe
Ok, redownload and overwrite rewrite.php and .htaccess (with htaccess.txt) it will now convert &p= (pagination) and "New posts". IF it won't work try to replace & in rewrite.php with &
ok, look at my forums: http://www.cms.rk.edu.pl/forum/ look on the forums and topics links
download: link
This little hack rewrites links to forums and topics to look like .html ones like viewtopic.php?id=124 will become topic_124.html All info is in the readme.
I have all the "integration" in a class... the methods:
function check_login()
{
IF($this->pun_user['group_id'] == 3) return false;
IF($this->pun_user['username'] == 'Guest') return false;
IF($this->pun_user['password'] == 'Guest') return false;
IF($this->pun_user['id'] == 1) return false;
return true;
}
function logout()
{
punapi::query('DELETE FROM '.$this->db_prefix.'online WHERE user_id='.$this->pun_user['id']);
pun_setcookie(1, random_pass(8), time() + 31536000);
}
function login_form()
{
ob_start();
echo '<center><form id="login" method="post" action="'.PUN_ROOT.'login.php?action=in" onsubmit="return process_form(this)">
<input type="hidden" name="form_sent" value="1" />
<input type="hidden" name="redirect_url" value="'.$_SERVER['SCRIPT_NAME'].'" />
<B>'.$this->lang[5].'</B><BR />
<input type="text" name="req_username" size="15" maxlength="25" /><BR /><BR />
<B>'.$this->lang[6].'</B><BR />
<input type="password" name="req_password" size="15" maxlength="16" /><BR /><BR />
<input type="submit" name="login" value="Login" />
</form></center>';
$module = ob_get_contents();
ob_end_clean();
return $module;
}
function login_block()
{
ob_start();
IF (punapi::check_login() == true)
{
echo $this->lang[11].'.<center><B><A href="index.php?mod=user&act=logout">'.$this->lang[9].'</a></b></center>';
echo '<BR><center>[<a href="index.php?mod=user&act=editp">'.$this->lang[13].'</a>]</center>';
echo '<center>[<a href="index.php?mod=user&act=mail"><B><U>'.$this->lang[19].'</U></B></a>]</center>';
}
elseIF (punapi::check_login() == false and isset($_POST['login']))
{
echo $this->lang[10];
echo '<META HTTP-EQUIV="Refresh" CONTENT="2; URL=index.php">';
}
elseIF (punapi::check_login() == false)
{
echo punapi::login_form();
echo '<BR><center>[<a href="forum/register.php">'.$this->lang[12].'</a>]</center>';
echo '<center>[<a href="index.php?mod=user&act=mail"><B><U>'.$this->lang[19].'</U></B></a>]</center>';
}
$module = ob_get_contents();
ob_end_clean();
return $module;
}
The "login_block" is for login/logout/register thing (using punBB system)
And on /index.php before the classes are called I have:
define('PUN_ROOT', 'forum/');
include_once PUN_ROOT.'include/common.php';
I have few sites in Polish:
http://www.cms.rk.edu.pl/ - PHP and CMS
http://www.crpg.rk.edu.pl/ - Baldurs Gate, Icewind Dale and D&D RPG game
http://www.linux.rk.edu.pl/ - Linux
and one small, English:
http://www.english.rk.edu.pl/
All of them are based on my RkCMF, integrated with punBB - add forum/index.php to the link to see it (user, comments, forums are used) + those sites run in a multisite - 1 copy of files for all of them (punBB have beed hacked to work nicely with such settings) + all sites have one user system.
A new release 2005.07 check www.english.rk.edu.pl to get it. Docs are in the package.
I have my RkCMF integrated with punBB, RkCMF is a CMF/CMS for managing text data and "Add a comment" for articles and news uses forums for that
article: http://www.cms.rk.edu.pl/art_222.html
comments in: http://www.cms.rk.edu.pl/forum/viewtopic.php?id=262
Topic is "Created" by admin but with user name art_ARTID or news_NEWID and it is used to search/locate topic for comments. Currently I've released RkCMF 2005.07 Test 1 and stable is the next release which will have english installer (punBB installer is lang-hardcoded) and It will have an english support site
a part of a class
///
function create_comment($message, $poster, $subject)
{
global $config;
$posted = time();
$last_post = $posted;
$forum_id = $config['comment_forum'];
IF(!punapi::query('INSERT INTO '.$this->db_prefix.'topics (poster, subject, posted, last_post, last_poster, forum_id) VALUES(\''.$poster.'\', \''.$subject.'\', \''.$posted.'\', \''.$last_post.'\', \''.$poster.'\', \''.$forum_id.'\')'))
{
echo 'error1<BR>';
}
$topic_id = punapi::insert();
IF(!punapi::query('INSERT INTO '.$this->db_prefix.'posts (poster, poster_id, message, posted, topic_id) VALUES(\''.$poster.'\', 2, \''.$message.'\', \''.$posted.'\', \''.$topic_id.'\')'))
{
echo 'error2<BR>';
}
$post_id = punapi::insert();
IF(!punapi::query("UPDATE ".$this->db_prefix."topics SET last_post_id='".$post_id."' WHERE poster = '".$poster."'"))
{
echo 'error3<BR>';
}
}
function are_comments($poster)
{
$result = punapi::query('SELECT id FROM '.$this->db_prefix.'posts WHERE poster=\''.$poster.'\'');
IF(count($result) > 1)
{
$result = punapi::query('SELECT id FROM '.$this->db_prefix.'topics WHERE poster=\''.$poster.'\' LIMIT 1');
foreach($result as $res)
{
return $res->id;
}
}
else
{
return false;
}
}
function get_comment_id($poster, $message = false, $subject = false)
{
$result = punapi::query('SELECT id FROM '.$this->db_prefix.'topics WHERE poster=\''.$poster.'\' LIMIT 1');
IF(count($result) == 1)
{
foreach($result as $res)
{
return $res->id;
}
}
else
{
punapi::create_comment($message, $poster, $subject);
return punapi::get_comment_id($poster);
}
}
PunBB Forums → Posts by Riklaunim
Powered by PunBB, supported by Informer Technologies, Inc.