Nope I don't think so. It's a simple GET-link. Why use HTML entities here
login.php?action=out&id=4159Also why don't the other navigational links have an & in them?
Just make view source on this very page and please look at the top.
Regards
Alex
1 2006-07-18 07:44
Re: The Logout link has an amp; in it (5 replies, posted in PunBB 1.2 discussion)
2 2006-07-17 21:02
Topic: The Logout link has an amp; in it (5 replies, posted in PunBB 1.2 discussion)
Hello,
I've noticed this minor bug - the produced HTML-code:
<li id="navlogout"><a href="login.php?action=out&id=4159">Logout</a></li>should probably be this instead:
<li id="navlogout"><a href="login.php?action=out&id=4159">Logout</a></li>Regards
Alex
3 2006-07-14 21:06
Re: height=100% not working for a Flash movie (4 replies, posted in PunBB 1.2 troubleshooting)
overflow:visible; seems to have helped me:
<DIV STYLE="overflow: visible;">
<object type="application/x-shockwave-flash"
data="/Pref.swf" width="100%" height="100%">
<param name="movie" value="/Pref.swf">
<param name="bgcolor" value="#FFFFFF">
</object>
</DIV>Regards
Alex
4 2006-07-14 16:02
Re: height=100% not working for a Flash movie (4 replies, posted in PunBB 1.2 troubleshooting)
Hello Paul!
It is very stupid of me not to close the OBJECT-tag. Thank you for noticing that.
I have closed it now but the situation at http://preferans.de/height.php hasn't improved.
I'm not sure if you're right or not about PunBB's CSS not causing this problem.
When I replace the flash movie by an image then the HEIGHT=100% works
as expected - http://preferans.de/height2.php
I'm thankful for any hints (even though I'm not sure if it's still on topic)
Regards
Alex
5 2006-07-14 12:42
Topic: height=100% not working for a Flash movie (4 replies, posted in PunBB 1.2 troubleshooting)
Hello,
I'm using PunBB 1.2.12 and would like to embed a Flash movie
at 1 of its pages. The Flash movie should be strechted and that
is why I have added HEIGHT=100% and WIDTH=100% to its
OBJECT- and EMBED-tags:
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0"
width="100%" height="100%" id="Pref">
<param name="movie" value="Pref.swf" />
<param name="bgcolor" value="#999999" />
<param name="FlashVars" value="id=1&hash=xxx">
<embed src="Pref.swf" bgcolor="#999999" width="100%" height="100%"
name="Pref" FlashVars="id=1&hash=xxx" type="application/x-shockwave-flash"
pluginspage="http://www.macromedia.com/go/getflashplayer" />Unortunately while the WIDTH=100% seems to work, the HEIGHT doesn't.
I suspect that PunBB CSS settings are the cause and have tried putting
this line into /style/phpbb_blue.css and /style/Radium.css :
HTML, BODY, OBJECT { MARGIN: 0; PADDING: 0; WIDTH: 100%; HEIGHT: 100%; }That didn't help either. The height of my Flash movie is too tiny
and it looks like it has been squashed by a hammer. Here it is:
http://preferans.de/height.php
Does anybody please have an advice for me? I'm not very fluent in CSS
Regards
Alex
PS: I'm using Firefox 1.0.7 both on Linux and Windows
6 2006-05-22 06:47
Re: Why redirect? Why HTTP_REFERER? (3 replies, posted in PunBB 1.2 discussion)
Thank you, the both replies make sense to me!
7 2006-05-21 21:31
Topic: Why redirect? Why HTTP_REFERER? (3 replies, posted in PunBB 1.2 discussion)
Hello,
first: this post is not flame at all. I'm just curious.
I was thinking about web forum software in general
and it really seems to me that the best way for a web
forum is to use cookies. Because if you'd use hidden
fields, then you'd have to change every link into a button.
And another alternative, the URL: if you'd put the auth.
token into the URL, then you can't make bookmarks,
the URL also looks ugly and you can't send it to others.
So cookies are the way to go.
But why does PunBB shows a redirection page after
each action? If it's for setting cookies, then why can't
it just send the cookie-headers while displaying the next page?
And another question is: why HTTP_REFERER is needed
at all in PunBB. Since it is forgeable, as most here know.
What is it's purpose?
Thanks
Alex
8 2006-02-28 13:26
Re: Users with invalid e-mails register despite Verify registration: Yes (4 replies, posted in PunBB 1.2 bug reports)
Thank you for the explanation and Connorhd's AP_User_management.php has worked for me too
9 2006-02-28 09:28
Topic: Users with invalid e-mails register despite Verify registration: Yes (4 replies, posted in PunBB 1.2 bug reports)
Hello Rickard and others,
I'm using PunBB 1.2.10 (with English, Russian and German lang packs) under
OpenBSD and with PostgreSQL 8.1.0 here: http://www.preferans.de/forum/
First of all: thank you for the nice forum!
Now to my problem: I've installed PunBB a month ago and already about 30 users
have registered. I'm worried by the few users, which keep registering with an
invalid e-mail address, like from5663@preferans.de or and4676@preferans.de
(I'm sure they are invalid, because I'm the owner of the "preferans.de" domain):
http://www.preferans.de/forum/profile.php?id=41
http://www.preferans.de/forum/profile.php?id=42
Interestingly their usernames are the same as their e-mail addresses.
So is it maybe a bug in PunBB 1.2.10? Because I have set Verify registration: Yes
in the Admin - Options. Or are those just unconfirmed registrations, which will be
dropped later (could you please refer me to the .php script which does this cleanup)
and I don't have to worry about those, since they won't be able to login?
And here is what I see in the database (the 2 suspicious users and my config):
punbb=> select * from users where username like '%preferans.de';
id | group_id | username | password | email | title | realname | url | jabber | icq | msn | aim | yahoo | location | use_avatar | signature | disp_topics | disp_posts | email_setting | save_pass | notify_with_post | show_smilies | show_img | show_img_sig | show_avatars | show_sig | timezone | language | style | num_posts | last_post | registered | registration_ip | last_visit | admin_note | activate_string | activate_key
----+----------+-----------------------+------------------------------------------+-----------------------+-------+----------+-----+--------+-----+-----+-----+-------+----------+------------+-----------+-------------+------------+---------------+-----------+------------------+--------------+----------+--------------+--------------+----------+----------+----------+------------+-----------+-----------+------------+-----------------+------------+------------+-----------------+--------------
41 | 32000 | from5663@preferans.de | e618a2d52c4829df50b5b16be791b090ac82d8e8 | from5663@preferans.de | | | | | | | | | | 0 | | | | 0 | 0 | 0 | 1 | 1 | 1 | 1 | 1 | 0 | Russian | phpbb_blue | 0 | | 1141115943 | 217.174.249.110 | 1141115943 | | |
42 | 32000 | and4676@preferans.de | 9cd4aa97c1157eac18778b7c0a8194b54f7b8b22 | and4676@preferans.de | | | | | | | | | | 0 | | | | 0 | 0 | 0 | 1 | 1 | 1 | 1 | 1 | 0 | Russian | phpbb_blue | 0 | | 1141115989 | 192.138.77.36 | 1141115989 | | |
(2 rows)I'm worried most by the fact that the 2 fields activate_string and activate_key above are cleared. Does it mean the users have somehow managed to confirm their bogus e-mail addresses?
punbb=> select * from config;
conf_name | conf_value
------------------------+---------------------------------------------------------------------------
-----------------------------------------------
o_cur_version | 1.2.10
o_default_style | phpbb_blue
o_time_format | H:i:s
o_date_format | Y-m-d
o_timeout_visit | 600
o_timeout_online | 300
o_redirect_delay | 1
o_show_version | 0
o_show_user_info | 1
o_show_post_count | 1
o_smilies | 1
o_smilies_sig | 1
o_make_links | 1
o_default_user_group | 4
o_topic_review | 15
o_disp_topics_default | 30
o_disp_posts_default | 25
o_indent_num_spaces | 4
o_quickpost | 1
o_users_online | 1
o_censoring | 0
o_ranks | 1
o_show_dot | 0
o_quickjump | 1
o_report_method | 0
o_mailing_list | alexander.farber@gmail.com
o_avatars | 1
o_avatars_dir | img/avatars
o_additional_navlinks | 0 = <A HREF="/">Java Pref</A>
4 = <A HREF="/impressum.php">Impressum <IMG SRC="/bundesflagge.gif" WIDTH=13 HEIGHT=8></A>
o_search_all_forums | 1
o_base_url | http://www.preferans.de/forum
o_admin_email | alexander.farber@gmail.com
o_webmaster_email | alexander.farber@gmail.com
o_subscriptions | 1
o_smtp_user |
o_smtp_pass |
o_regs_allow | 1
p_sig_img_tag | 1
o_regs_verify | 1
o_rules | 0
p_subject_all_caps | 0
o_maintenance | 0
p_allow_dupe_email | 0
p_mod_edit_users | 1
p_mod_rename_users | 0
p_mod_change_passwords | 0
p_mod_ban_users | 0
p_message_bbcode | 1
p_message_img_tag | 1
p_message_all_caps | 1
p_sig_all_caps | 1
p_sig_bbcode | 1
p_sig_length | 400
p_sig_lines | 4
p_allow_banned_email | 1
p_force_guest_email | 1
o_board_title | Preferans.de
o_server_timezone | 1
o_default_lang | Russian
o_gzip | 1
o_regs_report | 1
o_avatars_size | 20000
o_smtp_host | 127.0.0.1
o_announcement | 0
o_board_desc | <I>???????? ???????</I>
o_avatars_width | 200
o_avatars_height | 200
o_rules_message | Don't be rude!
o_announcement_message | Achtung!!!
o_maintenance_message | The forums are temporarily down for maintenance.
Please try again in a few minutes.<br /> <br /> /Alex
(70 rows)Regards
Alex
PS: Please feel free to register there - then you'll be able to set English as display language
http://www.preferans.de/forum/register.php
10 2005-12-09 19:49
Re: perekur.org (8 replies, posted in PunBB 1.2 show off)
Dr.Jeckyl wrote:
Thank you I'll try that out.
Do you also know a mod to upload images to a users profile page? (like his/her fotos)
I've browsed punres.org but didn't find it yet
11 2005-12-09 17:20
Re: perekur.org (8 replies, posted in PunBB 1.2 show off)
Hi,
your site looks good!
Could you please share how do you attach the thumbnailed images? Ist some mod or your own coding?
Regards
Alex
12 2005-12-05 10:06
Re: hostel.nstu.ru (8 replies, posted in PunBB 1.2 show off)
seva wrote:
Hello Seva,
I liked your site! Especially the module showing banned users on the right
and the thumbnailed fotos at the user profiles.
Could you (or someone else) please tell me, which PunBB mods are these?
Thank you
Alex
13 2005-07-29 18:34
Re: Hosting: Shared vs Virtual (13 replies, posted in General discussion)
Yeah ok. We're not talking about backups here.
The Apache process needs to read your files, right?
And this means your neighbours will read them too 
14 2005-07-29 13:10
Re: Hosting: Shared vs Virtual (13 replies, posted in General discussion)
Ok, everyone should choose what's more comfortable for them.
One more argument against sharing a site is that your neighbours
might be peeking at your files if something is not tight.
15 2005-07-29 10:08
Re: Hosting: Shared vs Virtual (13 replies, posted in General discussion)
Since you're using Debian: check out OpenBSD.
I did this switch few years ago and love it:
good quality of packages and base (i.e. you don't have the rpm-hell
situations when 1 package suddenly conflicts with another) secure: you don't spend much time patching it:
just look here, how many (not many!) patches were there:
http://openbsd.org/errata.html (for base)
http://openbsd.org/portsplus/ (for packages) they maintain their own version of Apache 1.3.x
with many security changes and chroot
See here how to try out punBB on OpenBSD.
And if you like it, you can go for a root server.
Here is an example how to set it up (uses serial console)
http://www.bsdguides.org/guides/openbsd … strato.php
And when you get the root server, setup the pf too
(OpenBSD's nice firewall) to protect your forum even more.
16 2005-07-23 14:59
Re: Is it possible to use punBB with cookies disabled? (9 replies, posted in Feature requests)
Peace! :-)
17 2005-07-23 14:25
Re: Is it possible to use punBB with cookies disabled? (9 replies, posted in Feature requests)
Sorry, but your internet cafe example can be applied both to cookies and to URLs in cache.
BTW you can put an expiry date into the string that you are hashing
(with MD5 or SHA) to prevent users tampering with it. Here is an example:
http://modperl.com/book/chapters/ch6.ht … ss_Control
What I'm trying to say is that cookies, URL and hidden fields are actually same
for the ticket methods. With the exception that some users disable the former.
Regards
Alex
18 2005-07-23 09:30
Re: Is it possible to use punBB with cookies disabled? (9 replies, posted in Feature requests)
Tobi wrote:
And I wouldn't want it, this URL session handling is insecure like nothing else.
I mean anybody could find a URl with a valid session identifier somewhere...
How is it more insecure than saving the session id in the cookies?
If you add a hash on the username + expiry date + IP (actually the subnet),
then it should be ok, I think
Regards
Alex
19 2005-07-22 15:41
Topic: Is it possible to use punBB with cookies disabled? (9 replies, posted in Feature requests)
Hi,
I'm using PunBB 1.2.6 with Postgresql 7.4.3 and PHP 5.0.4
which was compiled with --enable-trans-sid and --enable-session.
Is it possible for a user with cookies disabled to still login and use PunBB?
Can't cookies be replaced by the SID? My quick Firefox-test failed...
Regards
Alex
20 2005-07-22 14:35
Re: Login Box and Recognition (4 replies, posted in PunBB 1.2 modifications, plugins and integrations)
No I think you have to include common.php:
http://punbb.org/docs/dev.html#integration
21 2005-07-21 13:45
Re: Printing username and password as <PARAM> for a Java-applet (3 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Ahh nevermind - for whatever reason it is not allowed to have <HTML> etc. code before the
<?php
define('PUN_ROOT', './forum/');
require PUN_ROOT.'include/common.php';
?>22 2005-07-21 11:52
Re: Printing username and password as <PARAM> for a Java-applet (3 replies, posted in PunBB 1.2 modifications, plugins and integrations)
I've also tried this code:
<?php
define('PUN_ROOT', './forum/');
echo "PUNROOT = " . PUN_ROOT . "<BR>\n";
$filename = PUN_ROOT . 'include/common.php';
if (is_readable($filename)) {
echo "The file $filename is readable";
} else {
echo "The file $filename is NOT readable";
}
//require $filename;
?>And when the last line above is commented, it works as expected:
PUNROOT = ./forum/
The file ./forum/include/common.php is readableBut when I remove the comment before require, I get an empty page:
<html><body></body></html>Funnily all the other PunBB 1.2.6 pages work fine.
What could be wrong with require please?
Regards
Alex
23 2005-07-21 10:46
Re: Printing username and password as <PARAM> for a Java-applet (3 replies, posted in PunBB 1.2 modifications, plugins and integrations)
My current problem is - I've followed http://punbb.org/docs/dev.html#integration
and have put the following index.php file at the top of my website:
<HTML>
<HEAD>
<TITLE>Test integration</TITLE>
</HEAD>
<BODY>
<?php
define('PUN_ROOT', './forum/');
require PUN_ROOT.'include/common.php';
//print_r($pun_user);
?>
<P>
Hello <?php echo pun_htmlspecialchars($pun_user['username']); ?>!
</P>
</BODY>
</HTML>But it does only create this page:
<html><body></body></html>In the error_log I don't see anything. All normal punBB pages do work.
I've searched the punBB scripts for this string:
fgrep -r '<html><body></body></html>' forum/but have found nothing, is it coming from PHP itself? (I don't know PHP well,
but I'm reading the "PHP Cookbook" currently in order to catch up...)
And when I comment the first 2 PHP-lines above, then the output is
as expected "Hello ", but the $pun_user is of course not initialized 
(and I see in the error_log
[Thu Jul 21 12:57:49 2005] [error] PHP Fatal error: Call to undefined function pun_htmlspecialchars() in /htdocs/index.php on line xx)
Regards
Alex
24 2005-07-21 09:11
Topic: Printing username and password as <PARAM> for a Java-applet (3 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Hi,
is there please a way to print the username and the password
of a logged in user at a web page?
I have a small multiplayer card game as a Java applet and would like
to avoid the need for the users to authenticate twice (first entering the
username + password into the punBB's web form, and then entering
the same into the text fields of my applet) and thus I would like to print
the username and pasword as
<APPLET ...>
<PARAM NAME="username" VALUE="....." />
<PARAM NAME="password" VALUE="....." />
</APPLET>and then just fetch them by the applet (using getParameter() function).
Regards
Alex
25 2005-07-19 07:19
Re: Howto: punBB + postgresql on OpenBSD 3.7 (3 replies, posted in PunBB 1.2 show off)
Rickard wrote:
Regarding 13. Doesn't PHP connect via the UNIX socket if you just put localhost in the host name field?
Edit: I just read up on the documention and you're right. If the host field is in the connection string, it will use TCP/IP.
Hi Rickard,
yes, I didn't want Postgresql to listen on an internet socket because of 2 reasons:
1) it is less secure (and probably that is why the default installation of Postgresql on OpenBSD doesn't listen on internet socket)
2) the local unix domain sockets are 2-3 times faster than the TCP/IP sockets (s. the "Unix Network Programmiing" book by Stevens, chapter 15.9)
By the way, the mini_sendmail-chroot-1.3.5 instalation and the step 11) can (and should) be skipped,
when you use the SMTP-sending over localhost:25 (since OpenBSD does listen for local connections there by default).
I had to apply this bugfix to admin_options.php of 1.2.6 though, because otherwise the SMTP value was ignored:
// Only update values that have changed
if (array_key_exists('o_'.$key, $pun_config) && $pun_config['o_'.$key] != $input)Regards
Alex