1

(3 replies, posted in PunBB 1.2 discussion)

Why can mods get into administration pages? http://imagesocket.com/images/psyduckdd2.gif

ad·min·is·tra·tion n.

   1. The act or process of administering, especially the management of a government or large institution.

2

(2 replies, posted in PunBB 1.2 bug reports)

Yeesh. I must have deleted that while tweaking, though I can't for the life of me remember when or why. Sorry for the useless topic.

Perhaps there's a reason for it, but topic subjects aren't censored in viewforum like they are everywhere else.

Your server may be blacklisted in a spam database. Talk to your host.

Gahaha, too right. I need caffeine.

define('PUN_ROOT', './'); //change this to your forum's directory
require PUN_ROOT.'include/common.php';

$result = $db->query('SELECT username FROM '.$db->prefix.'users') or error('Unable to fetch user usernames', __FILE__, __LINE__, $db->error());
while ($row = $db->fetch_assoc($result)) {
 $usernames[] = $row['username'];
}
define('PUN_ROOT', './'); //change this to your forum's directory
require PUN_ROOT.'include/common.php';

$result = $db->query('SELECT username FROM '.$db->prefix.'users') or error('Unable to fetch user usernames', __FILE__, __LINE__, $db->error());
$usernames = $db->fetch_assoc($result);

That'll put all your users usernames in a $usernames array unless I've borked it somehow.

7

(1 replies, posted in PunBB 1.2 discussion)

I've modified my forum to hide the edited message when the edit was performed before any subsequent posts were made in the topic, but in the process, I needed to edit the big post-fetching query in viewtopic to be buffered rather than unbuffered so the inner post-searching query wouldn't terminate the outer one. Everything seems to work fine, but I was wondering if there's anything I should watch out for, like if buffered queries make servers catch fire or something. I don't know much about the advantages or disadvantages of query buffering.

8

(4 replies, posted in Programming)

Connorhd wrote:

Hmm, sorry i don't really have any ideas

Looking at the php.net page again though, other people have

function safestrtotime ($s) {
       $basetime = 0;
       if (preg_match ("/19(\d\d)/", $s, $m) && ($m[1] < 70)) {
               $s = preg_replace ("/19\d\d/", 1900 + $m[1]+68, $s);
               $basetime = 0x80000000 + 1570448;
       }
       return $basetime + strtotime ($s);
}

theres some other alternatives on there too http://uk2.php.net/strtotime (just search the page for negative)

Thanks, I'll try that.

9

(4 replies, posted in Programming)

Thanks, Connorhd. The fact that functions could take negative stamps in input but not output was confusing me.

Moving on... is there a simple way to work with dates without using timestamps?

10

(4 replies, posted in Programming)

Is it just me or does PHP disallow negative timestamps (referring to time before the Unix Epoch) in some functions, like strtotime? When I first started running into this problem, I figured it was my host's PHP installation not allowing negative timestamps whatsoever, but apparently this isn't the case.

On my host, this code prints a nicely formatted, correct date :

echo date("m/d/Y", -884908800);

But this prints -1 on dates previous to January 1, 1970:

$month = 'December';
$day = 17;
$year = 1941;

echo strtotime($month . ' ' . $day . ', ' . $year);

It's really annoying me that I can't work with dates in some functions. What gives?

PHP 4.4.2

quaker wrote:

ban the ip and user name in the user groups

pilch73 wrote:

I have a person who i must have banned 100 times but he keeps re-registering as a new user with different ip's/username etc

Does anyone know if there exists a public blacklist of known anonymous proxies, something like Spamhaus but for IP addresses?

12

(4 replies, posted in PunBB 1.2 discussion)

Rickard wrote:
elbekko wrote:

Use queries with the LIKE statement

No, that will not use fulltext indexing. You need to add a fulltext index to the affected columns and then change the search script to issue queries on the form MATCH (field) AGAINST('searchtext'). I think there was a mod for this. Not sure though.

I found this one, but it doesn't attempt switching the search method entirely.

I've had a closer look at search.php, and I think I'm going to hold back on attempting a job like this if no one else has even tried it before. I expect my hosting costs to go through the roof, but I'll prune some posts or something if I have to.

Thanks.

13

(4 replies, posted in PunBB 1.2 discussion)

Can anyone explain to me the best way to modify search.php to use MySQL's proprietary fulltext search instead of PunBB's database-independent one? Or, if anyone has the modified version laying around, feel free to send it along. smile

Obsolete'd!

Connor's plugin is much more extensive than mine. Thanks for the pointer.

That's a bit of a letdown. Thanks, Smartys.

ontap wrote:

That's what I was wondering -- if someone could somehow take advantage of this set up. I couldn't figure out exactly how you would do it though, since to the outside world you wouldn't have any way (or would you?) of knowing that this was pulling from a PunBB include.

Not unless I'm missing something. I just feel a little nervous about admin functions being available to anyone through a carefully written URL, even a hidden one.

Thanks for the tremendous reply. I think I'm going to split up my files instead, to avoid using $_GET variables -- your method seems a little insecure. An enterprising member (or even a guest) could easily make himself an admin from the perspective of the included page if he knew what he was doing.

What we really need is for someone to shed some light on why pages aren't being found with URL variables. Perhaps it's a common mistake on our part.

I do a lot of manual database work on my site, and forums often end up confused over the number of topics and replies when I clear some data. This tends to mess up a lot of post-redirecting features, so I decided to spend a few minutes writing a plugin to run update_forum on all forums. It's ridiculously simple, but I find it handy. Plus the comically large button is fun to use.

Edit: this one does it much better.

Hello,

I'm currently working on building a website off of PunBB 1.2.10. However, because relative paths across the /forum folder and others don't seem to want to cooperate on including pages with variables being passed through the URL ("include 'rightbar.php';" works fine, "include 'rightbar.php?pg=index';" does not, but get this: "include 'http://www.domain.com/rightbar.php?pg=index';" does the trick), I've given up and begun to use absolute paths (starting from "http://"). The problem here is that this method of includes seems to break cookie reading. Directly reading the pages will produce the right information, but including them from another page using a full URL will make me appear as a guest.

Is there anything I can do to read cookies from pages with absolute URLs, or will I be forced to stop using URL variables in included pages altogether?

P.S. I've tried the "base" header tag, but it didn't fix the problem.