(1 replies, posted in PunBB 1.2 show off)

For this rather populair web based game at ogame.org in which I play at 3 universes. I'm hosting now 3 forums all running PunBB because it's light, simple and fast.


There is not much to see at the forums. There all closed for the members to discuss there strategy. But I just wanted to share my opinion about punBB.

Because I like it so much im starting to wonder if it would no be a great replacement for my geeklog cms installation.
Because punbb has such a great internal structure you can easily build a cms around punbb for a simple but effective website.

Main problem will be the complete different styling and approach of the GUI of the macromedia and adobe products.

Those are completely different. Would be a same if the are going to mess with that

the repository is meant to be a central place to store resources for open source software. Like punBB.
Resource are in this case. plugins , mods , hacks , styles and such.  ANd yes punres does the same but on a different way.

And the repository will support other software later on to.

With the repository you can browse in the different resource categories.
Find information about them.

Currently only a download link. But working on a option to store the files. And working on a option to view the different files.
Preview of the resource -> working on it.
Users Ratings
There will be a compatabilty list. So you can see which versions of punbb are supported.

Authors can add and edit resources with ease.

I hope this will make things a litte bit more clear

Author can link there downloads to there own site. And im working on a feature to upload the plugins and such to the site.


(10 replies, posted in PunBB 1.2 troubleshooting)

do you have persitent mysql connections enabled ????.

If so turn it off. Non persitent connections will be terminated much earlier.  persitent connection do not really work with php. And cost more resources then the save.

thank you. I have never heard of that problem before. I starting to dislike css tongue . It's too bad that there are still so much difference between the browser.

Paul wrote:

You are suffering from FOUC (flash of unstyled content). See here for the fixes

Other than that, looking good.

I think Rickards point about multiple repositories is that resources will be spread over different webistes. If people are going to make resource sites then wouldn't it be a good idea for them all to link back to each other since the addresses of other resources are themselves a resource.

Thanx for the warning. I applied a fix . But it seems i don't experience the problem with the version of ieplorer I got. Could you confirm if the problem is corrected?

How do you mean exactly ??.

With the second draft the repository will look something this.

---admininstration ( a sub category for plugin )
-Firefox( for instance)

In the next days I will also make a search function. Which is really missing at this point. Strange enough never tought about such a function till today. A bit stupid of me.

Last couple of days I have been working on this new site Resource Repository for Open Source Software . The Resource Repository is meant to be a place for resources like plugins, mods, styles and such. I really love punBB, so in return I decided to start supporting punBB first, but it will support other software in the future too.

I know there already is punres which does the same, but there are still plenty of differences... And is not meant to be a replacement.

As a resource developer you can add as many resources as you like. And edit as much as you like.

I hope you will all like it. So far the repository contains 2 resources. If the rightful author wishes to take control of those resources please let me know.

Next couple of days new function will be added. Those functions will include search, preview, user ratings and such. So if you browse the site an find strange things or bugs. PLease let me know.

Let me know what you guys think of it.


(14 replies, posted in General discussion)

Rickard wrote:

Orpheus: But then people could just as well just save the image to their harddrive and upload it?

true. Was thinking about it later on . My fault.  another working smile possibility is to check if the off-site image exists before including it.
But this would mean that every time a topic is being viewed the server must check all off-site image. Creating a lot of httpd connections and eating up  a lot of resources. As direct result it will take longer for the topic to load.

So not really an option I guess for punBB. But for those who really like such an option maybe as a hack.


(14 replies, posted in General discussion)

Maybe there could be an option added or a hack. Where the users gives an url to offsite avater. Then punBB could download (cache ) the image. This will fix the broken image problem and the possibilty to verify that the image is according to forum rules.

Offcourse you will not save bandwidth with this option.  And you could encouter problems with copyrights.

Smartys wrote:
Orpheus wrote:

To correct the user profile direct edit in de db is then necessary.

I think there's an admin plugin to do that, and it's only one query wink

Orpheus wrote:

Again this will affect very few users of punBB. The only normal example I can think of is when you de-install a language but forget to delete the language directory itself.

Deleting the directory IS how you uninstall the language (along with changing the language of anyone who is using it).

Orpheus wrote:

My idea to correct this would be to test for the correctness of the language before updating db

You mean open every file and check that every variable is defined? Or just that all the necessary files exist (which doesn't mean the files couldn't be blank wink ).

It just really seems un-necessary: the only time a dir would be in there is if you put it there. wink

I know it's only one query ? That is not really the problem. And not everybody have plugins installed wink

And yes I know that deleting the dir would be the right way to deinstall a language . But there is allways the possibilty that you forgot to do so offcourse.

And yes I mean to check if each necessary files exist. Checking each variable would be overkill. The files can indeed still be blank but that would be a really great exception.

The function might be overkill. But checking if all necessary files are present before updating the database would be a good idea.

Gre3n wrote:

same "question/problem" for me smile

i've my own login system and i would like to improve it in order to automatically create their forum accounts for my members.

there is the description of the `users` table at http://punbb.org/docs/dev.html#dbtables (hope it's still up to date)

my idea is simply to send a sql insert query when someone register ? what do you think ?

now what about the features like :
- Newest registered user
- Total number of registered users

is there a script i've to run to update these values ?

thank you

use the same sql query as used in register.php of punBB and you will be fine.

For the features you should take a look at extern.php of punBB. with the correct call you can get the forum stats.
These stats will show total members and the newest member.

I found out that when you got a directory in the lang directory it will be listed as a language in the options for profile, register and admin.

Normally you won't have empty dirs in lang but because i update my site trough a cvs. There is a directory CVS in lang.  The CVS dir will show up every where as a language option.

When you select the language that is actually a empty dir. PunBB will report that the language files are missing. But will update the user settings with the faulty language. Leaving the forum unusable for the user.

To correct the user profile direct edit in de db is then necessary.

Again this will affect very few users of punBB. The only normal example I can think of is when you de-install a language but forget to delete the language directory itself.

My idea to correct this would be to test for the correctness of the language before updating db. And to prevent for empty dirs showing up in the forum. There might be a need for a function that checks if all necessary files for a language are present.

Maybe not a real bug but something that could be addressed for a future version.


(58 replies, posted in General discussion)

Normally you would check your code for errors. By reviewing the code. Simply but ( walk trough your code step by step to find out what it exactly does. And compare that to what it really should do.

Finding bugs like xss hacks and sql injections is some what difficult. Your first stop is to learn what xss hacks and sql injections are. You will find may resources on both of them. As soon as you understand what those bugs mean you also should know how to avoid them.

A good rule for developing php is.

never ever trust user input. Allways check the data you receive. Is it what you expected ?? Did it arrive from the location you expected. Make use of htmlspecialchars to filter our any html related code etc.

This is in no way complete for more info read as much as you can. If you read an article on php make sure you read the comments to. This will help you unterstand if the article is any good or not. Doesn't make sense to learn stuff the wrong way.

I thought this bug was allready addressed with version 1.2.1 ?? If the problem is so Odd can it be that there is something wrong with the way PHP is doing the regexpress .  It could be a bug in PHP itself ?


(58 replies, posted in General discussion)

ssl doesn't make your cookie more secure or your login for that matter.
The only thing SSL does. Is encrypt your data. It is still possible to hijack your cookie with ssl enabled.

The banks simply use ssl to make sure when your banking that somebody who is listing on your line can't read the data without the keys.
But is doesn't mean that somebody can't login under your name. or use some kind of xss hack.

A good auth would involve a handshake . Something like what the ssh and ssl protocol do.  But what ever you choose there is allways the need for the cookie.

What ever you cookie may contain. a session id or an encrypted password.
So you can make your auth as strong as you like. But when somebody can make an XSS hack that steals your cookie it's useless.

PS ssl and ssh are as strong as the encypted methods used. For example if your using blowfish or some other older encryption method. Your begging for trouble.


(58 replies, posted in General discussion)

Well Connorhd your right  you can't even trust you're own family. smile But still would be nice if punBB 1.3 would ask your old password to if your an admin.


(58 replies, posted in General discussion)

Your right when you say that sessions would be stronger overall. The password(in md5) will then no longer be present in your cookies.  But still its vulnerable.

Still some could steal your cookie by an XSS attack. And use your session for the remaining time.

A some what more of an security issue. Is the way you can change your password in profile.php.

Last week I logged into my forum as admin at my brothers pc. After a short break a came back online at a different pc. Noticed that I no longer could log in as admin. And that my password was changed. Just before I wanted to change it directly in MySQL . My brother said he had changed the pass for the fun.

So really nothing to worry about.

The moral of this story is. That punbb should ask for your old password when changing to a new password.

I?m sorry if this is already done . Because at that time I was running punbb 1.2 .

Whoops just noticed it that it allready has been fixed.

you could tweak the template main.tpl or else try to modiy header.php


(5 replies, posted in PunBB 1.2 show off)

Well the whole last box will probarly be removed and so will the upper box to.


(58 replies, posted in General discussion)

Bwongar.com wrote:

SHA1 is broken

thx for the url . good to know. Well im off changing the protection schemes big_smile


(5 replies, posted in PunBB 1.2 show off)

Andy wrote:

You removed the copyright.. hm.

That's right

The FAQ says its okay. The reason that I removed it for this site is quite simple. We have a fixed couple of visitors tongue  No more than 15 or so. And none of those visitors will ever start his own forum.

The end goal is supreme intergration if i find the time. When done everything should look as one.
Im using punBB on a different location to. Don't worry everything is out of the box. Not even modifications.


(58 replies, posted in General discussion)

Bwongar.com wrote:
Orpheus wrote:

But why this discussion ???

The question was raised 'How can we make this more secure?' so I just put in my two cents.

I didn't mean you with it. It was more a question for the topicstarter.

Your handshake idea sounds good. But it relies on Javascript which is not allways enabled and support can vary by  browser.

If the TS wants better protection then first make sure your using SHA1 instead of MD5 if not allready.


(5 replies, posted in PunBB 1.2 show off)

Nothing specially really. Using the standard css for now still have to change it into the house style.

Using backend of punBB for the whole site. Works great for the moment.


Is a site about a group of friends. Still work in progress!