No one is understanding what I'm asking, and the solution is:
header("Cache-control: private");1 2006-04-26 01:20
Re: PHP POST data confirm (4 replies, posted in Programming)
2 2006-04-15 22:44
Re: PHP POST data confirm (4 replies, posted in Programming)
No no, okay. If you submit a form, you go to the next page. But if you hit BACK then FORWARD, your browsers asks "Warning!: This page contains cached data." I want to get rid of that.
3 2006-04-14 21:28
Topic: PHP POST data confirm (4 replies, posted in Programming)
Okay, this forum does it but I can't for the life of me figure out how. When you submit a form, and then hit back, my pages show the "This page contains POST data.... blablabla" I want to surpress that while still using POST vars. Any ideas?
4 2006-04-01 05:17
Re: Invite System (MSN, Yahoo, Gmail) (1 replies, posted in Feature requests)
No offense, but services like that are extremely dangerous. You're basically inviting anyone to steal your password. A safer method would to manually input addresses, one per line, however this introduces opportunities for abuse, and may also implicate your server for spam.
5 2006-03-13 10:12
Re: Junior Administrators 1.0 (4 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Critiques:
I don't like how you managed the new permissions. You've modified far too much hard code and put in too many logical statements to determine if the user is a Junior Admin, notoriously the following:
if ($pun_user['g_id'] > PUN_ADMIN && $pun_config['o_jadmins_pg#'] != '1')
I feel this is unnecessary.
Change #63 can be shortened:
if ($pun_user['g_id'] == PUN_JADMIN)
$jquery = "AND g_id!='.PUN_ADMIN.' AND g_id!='.PUN_JADMIN.' ";
$result = $db->query('SELECT g_id, g_title FROM '.$db->prefix.'groups WHERE g_id!='.PUN_GUEST.' '.$jquery.'ORDER BY g_title') or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error());Could use a lot more work, kind of sloppy given the professional nature of PunBB
6 2006-03-10 01:44
Re: Sticky to Something else (2 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Looks a lot like this post. Oh well, least it's easy to find.
7 2006-03-09 01:35
Topic: Separate Stickies from Posts (2 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Simple modification to separate the stickes from the regular posts by using a divider. This does not add any additional queries or add to runtime.
It will also not show if there are no stickied topics.
Files modified: 1
Filename: viewforum.php
Line 189
if ($cur_topic['sticky'] == '1')
{
$subject = '<span class="stickytext">'.$lang_forum['Sticky'].': </span>'.$subject;
$item_status .= ' isticky';
$icon_text .= ' '.$lang_forum['Sticky'];
}
CHANGE TO:
if ($cur_topic['sticky'] == '1')
{
$stickydivide = 1;
$stickyflag = 1;
$subject = '<span class="stickytext">'.$lang_forum['Sticky'].': </span>'.$subject;
$item_status .= ' isticky';
$icon_text .= ' '.$lang_forum['Sticky'];
}else{
$stickyflag = 0;
}Line 214 (add below where it says, "ADD THIS PART")
// Should we show the "New posts" and/or the multipage links?
if (!empty($subject_new_posts) || !empty($subject_multipage))
{
$subject .= ' '.(!empty($subject_new_posts) ? $subject_new_posts : '');
$subject .= !empty($subject_multipage) ? ' '.$subject_multipage : '';
}
// ADD THIS PART:
if($stickyflag == 0 && $stickydivide == 1){
echo "<tr><td colspan=4 style=\"padding:0;margin:0;\"><h2><strong>Forum Topics</strong></h2></td></tr>";
$stickydivide = 0;
}Here are some screenshots:
8 2006-03-01 00:35
Re: Increased Security and Code Optimization (15 replies, posted in Feature requests)
Browse hacker forums. Even experienced hackers/crackers won't even bother trying to hack a database with salted sha1 passwords.
9 2006-02-25 05:16
Topic: Mail Bomb Exploit and Fix (3 replies, posted in Feature requests)
Post deleted.
10 2006-02-22 19:32
Re: Increased Security and Code Optimization (15 replies, posted in Feature requests)
What kind of server wouldn't?
11 2006-02-22 19:18
Topic: Increased Security and Code Optimization (15 replies, posted in Feature requests)
For logins, I like how you've switched to SHA1, however you still don't use salts. Hackers have pre-generated lists of SHA1 encoded words. If you used salts, they'd have to regenerate their entire list to crack just one password.
Salt basically works on this principle:
user's password: password
user's password + salt: password51MmfJzkfL5
sha1: sha1(password51MmfJzkfL5)
password stored in DB: (sha1)51MmfJzkfL5So when they login, the server grabs the last # chars (your salt), appends it to the submitted password, generates the SHA1, and compares.
Also, reviewing your code you do this many times:
<?php echo $var ?>This is the shorthand version and may save some keystrokes in the future:
<?=$var ?>This performs the exact same echo.