Or allowing moderated post-review for a certain forum only?
That way users can post important news or similar in dedicated forums for that area while having a standard forums as well...

77

(18 replies, posted in General discussion)

Ahh, i got the impression that he hosted it from his own hardware with a domainname from the hostultra thingie...

78

(18 replies, posted in General discussion)

If you're using a *nix flavor for hosting, i believe the proftpd (www.proftp.org) have name-based virtual host support much like apache have.

If you're interested in getting ftp up for each subdomain etc...

79

(23 replies, posted in Feature requests)

I think it'd be better to make some new files, alongside the current ones, and mod the output to fit into the small screen of handhelds etc.

Then you could choose to either visit the regular forum or the modded one with an examination of the http-request...

80

(3 replies, posted in General discussion)

I think your safest bet would be this:
1; Grab the php windows zip-archive here http://se2.php.net/get/php-4.3.3-Win32. … m/a/mirror
2; Unpack the zip-archive INTO your current php-dir where phptriad put it for you. This will update the php-binaries and dll's etc.

Restart apache.
Try installing PunBB again.

I'm not making any promises that it'll work tho, you should make a backup of your config-files if you have modified them.

LHA rules *feels nostalgic* smile

82

(10 replies, posted in PunBB 1.2 bug reports)

One possible solution for those who must use a proxy, could be to have an option-switch to turn off the http_referrer check in the admin-section.

For me it isn't a problem since i have a public ip for my router and the ipnat/ipf in the router doesn't interfere with surfing.
And my ISP doesnät require the use of proxy, but i have the option if i want to.

Mod anyone?

Or you could do the following check when uploading:

<?
            $path = $DOCUMENT_ROOT . "/photo/";
            $image = getimagesize($_FILES['memberPhoto']['tmp_name']);
            if ($_FILES['memberPhoto']['size'] > 25600) {
                print("Photo to large. Max 25kb. Try again.");
            } elseif ($image[2] != 2) {
                print("Photo is not of an approved type. Only JPEG is allowed.");
            } elseif ($image[0] > 155) {
                print("Photo is to wide. Max width is 155 pixels.");
            } elseif ($image[1] > 155) {
                print("Photo is to high. Max height is 155 pixels.");
            } elseif (move_uploaded_file($_FILES['memberPhoto']['tmp_name'], $path . $o->memberID . ".jpg")) {
                print("Photo Uploaded...");
            } else {
                print("Upload Failed. Try Again or report error to webmaster.");
            }
            ?>

Or you could just play with imagecreate as well to automaticly resize the img by using getimagesize as reference: http://se2.php.net/manual/en/function.getimagesize.php

This is how you would verify in your own scripts against the punBB userbase, for shared userbase throughout your site for example.

This example is for PGSQL (I'm running 7.3.4)

    $DBString = "host=localhost port=5432 dbname=punbb user=pun password=pun";
    $DBConn = pg_connect($DBString);

    $username = trim($_POST['username']);
    $password = md5(trim($_POST['password']));

    $pun_users = "users";
    $pun_prefix = "";
    $SQL = "SELECT * FROM " . $pun_prefix . $pun_users . " WHERE username = '" . $username . "' AND password = '" . $password . "'";
    $Q = pg_query($SQL);
    $ROW = pg_fetch_array($DBConn, $Q);
    $NUM = pg_num_rows($ROW);
    pg_close();

    if ($NUM == "1")
    {
        print("Username & Password Verified");
    }
    else
    {
        print("Username/Password Combo not found.");
    }

This example is for MySQL (Haven't been tested live)

    $DBConn = mysql_connect("localhost", "pun", "pun");
    mysql_select_db("punbb");

    $username = trim($_POST['username']);
    $password = md5(trim($_POST['password']));

    $pun_users = "users";
    $pun_prefix = "";
    $SQL = "SELECT * FROM " . $pun_prefix . $pun_users . " WHERE username = '" . $username . "' AND password = '" . $password . "'";
    $Q = mysql_query($SQL);
    $ROW = mysql_fetch_array($Q);
    $NUM = mysql_num_rows($ROW);
    mysql_close();

    if ($NUM == "1")
    {
        print("Username & Password Verified");
    }
    else
    {
        print("Username/Password Combo not found.");
    }

It assumes you get username and password from a form using post-method.
You all get the idea, and you could haxxor it up as you like...

85

(8 replies, posted in General discussion)

Jim wrote:

hmm mysql 5MB ;(


I think it's 5mb mail, but hey, try it...it's free...

86

(15 replies, posted in Feature requests)

I've mailed some info to ya Kennel.
Cactus, if you don't have a phpbb forum to work with/on, ask kennel to fwd the email i sent him (can't find your mail anyplace sad

87

(18 replies, posted in Feature requests)

That would not work on hosts similar to webhotels where you don't have your own server/config-persmissions.

One possibility when dumping would be to do backup in 2000 bit chunks with automatic naming like: backup_0-2000.sql, backup 2001-4000.sql or with a userdefined value if the host can take a higer value (the user could experiment on this)

An alternate would be to make the script dump the to a local dir within the admin-dir via the fputs (?) and just append to the file in 4k chunks.
Same with restore, to have an option to read a file in a local file-path with fopen and let it read in 4K chunks.

This way the sql-file can be accessed via ftp.

88

(18 replies, posted in Feature requests)

For a big forum (big datafile), be aware of scripttimeout, max upload file size etc as well when/if implementing backup/restore-routines.

I've got an old phpbb1.4 board that is 10mb, another phpbb2 forum in the 30mb-size, and this is a pain to handle i tell you... =/

Anyways, i don't think the search-idx tables would need to be backed up as a new serchindex should be built after a restore, if your changing db-type atleast.

89

(18 replies, posted in Feature requests)

ps21 wrote:
I try to learn one new thing everyday. Thank you for taking care of Sunday smile

You're very welcome smile

90

(10 replies, posted in Programming)

Heh, sound good then, i'll give it a go...

91

(8 replies, posted in General discussion)

i don't know, never tried them, but the offer hosting+mysql for free.
and i haven't heard of them until i stumbled on them which increases the likelyhood of them being reasonable stable and not over loaded yet

92

(18 replies, posted in Feature requests)

It's really not a big bother to me if it's included or not as i run both phpmyadmin and phppgadmin on a protected subdomain on my local server (i use this as basepoint for all db-admin) but it would be nice to have the db-data-dump included.

Not all have the skills or ability to use a admin-tool as it's generally requires a little "hands-on" with installing such scripts.

ps21; If the db-server only allow 'localhost' access, you have to make backups/restore etc from the webserver(script) or via ssh/similar. Just as a note.

Mod anyone? smile

93

(10 replies, posted in Programming)

Ok.

I've got a hypothetical here:
I put the username, md5-hash password, ip, lastVerify in the cookie.

I put the sessionid, username, ip, lastVerify in a session.

On each page i check if the cookie-info corresponds to the session-info and if they match, then the user should be who they say they are, and if the session and cookie-info doesn't match up i force them to login (the cookie/session might be hijacked).
If the session & cookie match up, but the cookie is older then, say, 120sec's, verify the user against db to make sure all is ok (take sessionid & ip from the session, username, md5-password & ip from the cookie and all 4 must be present in the db to validate the user.

Stored in the db on the user-row is: username, sessionid, md5-pass, loginIP.

Of course i would make an option to bypass the ip-check if user is on dialup for instance with a field-value of 1/0 or similar.

I would like to not have a db-check on each page, but rather in a timed manner, mainly if the db is hosted off-site.

Wouldn't this be a viable option, or am i way off here?

94

(18 replies, posted in Feature requests)

One advantage of an "in-board" backup of only the data (topics, posts, users, settings etc) and not the table-structure itself, is that you can dump the forum, from say a mysql db, and import in into a pgsql-installation from within theadmin-interface of the board.

Just a thought tho.

95

(10 replies, posted in Programming)

Do you verify the user on each pageview in pun?
That is, do you query the db with userinfo?

I had an idea of putting some known variables, like email, remote_addr, username and some md5-hash in the cookie, and the same info in the session-vars and maybe use a loginTimeout of 60 or 120secs, and thus check if the timeout is older the X secs and do valitade, or if the cookie-info doesn't match those in the current session-vars do validate the user.

I'm looking to put the least stress on the db as possible, while maintaining a reasonably high security for the members, ie making sure that the persion is who it states.

EDIT: And i usually make md5's of info that does not -need- to be cleartext, like username for instance.

Thus a bunch of md5-hashes of the above variables in the cookie should be pretty safe?

96

(8 replies, posted in General discussion)

Try www.polarhome.com

97

(6 replies, posted in Programming)

Ahh, yes of course *missed that*

This way i can: $FIELDS[DBNAME] . $FIELDS[MEMBER_TALBE] . $FIELDS[DBNAME][MEMBER_TABLE]['session']
to build querys that will work with multiple db's, multiple tables and still not break the internat code structure if i wanted to make my script authenticate against say, pun, with pun's username/password fields if i wanted.

I think this approach is very underrated to make code portable because it looks complex when it's really not.

Anyways, now it's StarTreff-time...

98

(6 replies, posted in Programming)

My thoughs was this:
DEFINE("DBNAME", "somename");
DEFINE("MEMBER_TABLE", "somename2");

$FIELDS['DBNAME']['MEMBER_TABLE']['session'] = "your_own_field_name";

but inside the code, use: $FIELDS['DBNAME']['MEMBER_TABLE']['session'] for the internal structure...

That way you -should- *fingers crossed* be able to make a very pluggable script/module etc in an objectified way and just print out the stuff where you want it via this $obj->printBox(); for instance.

You follow my thought?

99

(10 replies, posted in PunBB 1.2 troubleshooting)

try running htmlspecialchars(str_replace("<br>", "\n", $text)) or something?

100

(6 replies, posted in Programming)

Does 3d arrays ($VAR['name']['name2']['name3']) put lots of extra work on the server cpu, ram etc, or are they just like any other arrays?

I'm thinking of using these kind of array-naming to handle multiple userdefined db's, tables etc in a project i'm working on...

Comments?