(75 replies, posted in Supported extensions)

Thank you, if it is a problem too big (many times pun stop bots works, it's just a random error, and it seems to work nice against spam) i cool try that captcha service.

Hello, i would be interested (and i guess not only me) to have this mod as an extension for punbb 1.4.4, to be able to edit topic and post timestamp :
http://punbb.informer.com/forums/topic/ … -datetime/
Any way to do it ?

I would be interested too as an extension, but looking at edit.php the code has changed a lot in punbb 1.4.4 so i guess it wouldn't work anymore with the latest version of punbb (downgrade to punbb 1.2 would be a problem with php 5.6 i guess, so i want to avoid this).

Hello, when it comes to facebook it reads open graph meta and in punbb there's no meta og, any way to use meta og in the topics / posts ?



(115 replies, posted in Supported extensions)

I have a problem with that extension, when i try to register as new member on my forum i can not even register and of course i can not post...is there a way to be less radical against supposed "spam" ?


(75 replies, posted in Supported extensions)

I've tried it and came back to pun stops bots, because trying fancy stop spam, testing post or registering, i could not even post as guest or new member, too much efficiency... wink


(75 replies, posted in Supported extensions)

chovy wrote:

I found a problem when used with openid extension...after registering with openid, I can sign in fine, but the pun stop bot question keeps popping up when I put a valid answer -- the result is I'm unable to post.

I have the same problem with the latest version of punbb and pun stop bots, sometimes it keeps asking with good answers and it seems that when it does, it's non stop, until you try with another browser or delete cookies and come back, so i guess this bug is a problem of cookies ?


(5 replies, posted in PunBB 1.4 bug reports)

Hello, when i switch from php 5.6 to php 7.0 i get these errors on the top of the forum :
"Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; DBLayer has a deprecated constructor in /xxx.com/punbb/include/dblayer/mysqli.php on line 16 Warning: Cannot modify header information - headers already sent by (output started at /xxx.com/punbb/include/dblayer/mysqli.php:16) in /xxx.com/punbb/header.php on line 16 Warning: Cannot modify header information - headers already sent by (output started at /xxx.com/punbb/include/dblayer/mysqli.php:16) in /xxx.com/punbb/header.php on line 17 Warning: Cannot modify header information - headers already sent by (output started at /xxx.com/punbb/include/dblayer/mysqli.php:16) in /xxx.com/punbb/header.php on line 18 Warning: Cannot modify header information - headers already sent by (output started at /xxx.com/punbb/include/dblayer/mysqli.php:16) in /xxx.com/punbb/header.php on line 19 Warning: Cannot modify header information - headers already sent by (output started at /xxx.com/punbb/include/dblayer/mysqli.php:16) in /xxx.com/punbb/header.php on line 22"

and at the beginning of the topics list in a forum, these errors :
"Warning: gmdate() expects parameter 2 to be integer, float given in /xxx.com/punbb/include/functions.php on line 453 Warning: gmdate() expects parameter 2 to be integer, float given in /xxx.com/punbb/include/functions.php on line 457 Warning: gmdate() expects parameter 2 to be integer, float given in /xxx.com/punbb/include/functions.php on line 472"

These errors will be fixed in the next version ? Anyway to fix it ?


Hello, as you may already know, there will be a bug in the date system after 2038, due to the way the dates are coded in databases :
"What is the unix time stamp?
The unix time stamp is a way to track time as a running total of seconds. This count starts at the Unix Epoch on January 1st, 1970 at UTC. Therefore, the unix time stamp is merely the number of seconds between a particular date and the Unix Epoch. It should also be pointed out (thanks to the comments from visitors to this site) that this point in time technically does not change no matter where you are located on the globe. This is very useful to computer systems for tracking and sorting dated information in dynamic and distributed applications both online and client side.

What happens on January 19, 2038?
On this date the Unix Time Stamp will cease to work due to a 32-bit overflow. Before this moment millions of applications will need to either adopt a new convention for time stamps or be migrated to 64-bit systems which will buy the time stamp a "bit" more time."

I've made some tests and when i put a date of 2038 in a post, it changes to 1903 or something like that...
How much the 64 bits systems will delay the bug of the timestamp coding ?


I've seen it is possible to put flash games into posts (a .swf works inside the post) with that extension, maybe it's not risky.
But i've made a bug of the forum trying the possibily of a javascript code, this sounds risky...
Just with that script inside a post (which is not risky script, just an effect on letters but it closed the topic, nobody could answer, and also closed the possibility of editing or deleting the post, so what about a risky javascript ?) :

<script language="JavaScript1.2">

Neon Lights Text

var message="Welcome to JavaScript Kit!"
var neonbasecolor="gray"
var neontextcolor="yellow"
var flashspeed=100  //in milliseconds

///No need to edit below this line/////

var n=0
if (document.all||document.getElementById){
for (m=0;m<message.length;m++)
document.write('<span id="neonlight'+m+'">'+message.charAt(m)+'</span>')

function crossref(number){
var crossobj=document.all? eval("document.all.neonlight"+number) : document.getElementById("neonlight"+number)
return crossobj

function neon(){

//Change all letters to base color
if (n==0){
for (m=0;m<message.length;m++)

//cycle through and change individual letters to neon color

if (n<message.length-1)

function beginneon(){
if (document.all||document.getElementById)


If a javascript code can cause dysfonctions of the forum, i guess it would be better not allowing javascript in the html code.
EDIT : if i put "<script>" at the beginning it doesn't try to run the script, i guess the script could run because of the  "<script language="JavaScript1.2">" at the beginning of the script, a case that wasn't expected in the extension and let the script trying to run and cause dysfonctions.

Ok, maybe the script in the last version is secure enough, i don't know, what do you think ?
About security, i've seen that part in the script code :

//Removing possible attacks
          if (strpos($text, '<script>') !== false && strpos($text, '</script>') !== false )
                          $text = str_replace(array('<script>', '</script>'), ' ', $text);
                            elseif (strpos($text, '<body>') !== false && strpos($text, '</body>') !== false )
                          $text = str_replace(array('<body>', '</body>'), ' ', $text);
                            elseif (strpos($text, '<html>') !== false && strpos($text, '</html>') !== false )
                          $text = str_replace(array('<html>', '</html>'), ' ', $text);
                            elseif (strpos($text, '<head>') !== false && strpos($text, '</head>') !== false )
                          $text = str_replace(array('<head>', '</head>'), ' ', $text);
          elseif (strpos($text, '<script>') !== false)
                          $text = str_replace('<script>', ' ', $text);
          elseif (strpos($text, '</script>') !== false)
                          $text = str_replace('</script>', ' ', $text);
          elseif (strpos($text, 'text/javascript') !== false)
                          $text = str_replace('text/javascript', ' ', $text);
        elseif (strpos($text, '</head>') !== false)
                          $text = str_replace('</head>', ' ', $text);
         elseif (strpos($text, '</body>') !== false)
                          $text = str_replace('</body>', ' ', $text);
         elseif (strpos($text, '<head>') !== false)
                          $text = str_replace('<head>', ' ', $text);
         elseif (strpos($text, '<body>') !== false)
                          $text = str_replace('<body>', ' ', $text);
         elseif (strpos($text, '<html>') !== false)
                          $text = str_replace('<html>', ' ', $text);
         elseif (strpos($text, '</html>') !== false)
                          $text = str_replace('</html>', ' ', $text);

Is it safe enough like that ?

Yes i have tried before, it works as a user, new user or guest (if we allow guests to post).
Maybe a way to avoid news users to use htm would be to hide the html button from bbcode buttons and tell the html function only to users that you know well ? If it helps in some functions allowing html for some members.
I've seen Abir made some changes to avoid some security attacks, maybe it's secure enough now, i don't know, i guess it would be enough if new users don't see it o can't do it.

Hello, i guess that allowing every new user to post html may be dangerous, would that be possible to allow only admin to post and edit html in post ?