(0 replies, posted in Feature requests)

I'm not sure whether this subject has popped up before, but I suspect that new users sometimes have a problem with their assigned password because of similar letters, especially O/0 and l/I/1, depending on the font of the email reader. I recently got an email from a user who couldn't log in after registering.

Quick fix in imports/functions.php, function random_pass($len) :

$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';

// replace this by:

$chars = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz23456789';

OK, added to the Wiki now.

Smartys wrote:

since the user was able to register we can assume a basic knowledge of English.

Well, my forum (see my user info) is in Dutch/Swedish, aimed at people who want to learn the other language. Many of the new members are not anywhere near a basic knowledge of the other language. My customized Punbb install already tries to set the default language depending on what the browser tells in the Accept-Language HTTP headers, but apparently not all browsers have this value set by default.

Plus, if the administrator were to customize the welcome email, he/she would need to customize the email for every language.

That's true, but that's the price I'm willing to pay for setting up a forum that is explicitly bi-lingual. Actually, I do every language customization in English as well, just in case I ever want to use punbb with all my modifications to set up a new forum.

I don't recall whether all languages were included in punbb at installation, or whether I had to download separate language packs after installation. Here at punbb.org, there is no support for other languages than English.

Anyway, if there are too many complications for including this into the default punbb distribution, what is the recommended way to make sure that administrators can find this as a mod?

This might be a boundary case of a bug versus feature, but I'll post it here (in bugs) anyway. I have a bi-lingual forum. When registering, the new user can select a language. However, the confirmation email is in the default language set for the board. That wouldn't be a big problem if it weren't for the fact that a foreign-language email is much more likely to end up in the spam filter of the recipient than when in his/her native language, as is evidenced by the large number of hotmail addresses that signed up but never logged in.

Here's the fix (for punbb 1.2.11; it doesn't seem to be addressed in the updates up to 1.2.15).

File: register.php

        // Add the user
        $db->query('INSERT INTO '.$db->prefix.'users (username, group_id, password, email, email_setting, save_pass, timezone, language, style, registered, registration_ip, last_visit) VALUES(\''.$db->escape($username).'\', '.$intial_group_id.', \''.$password_hash.'\', \''.$email1.'\', '.$email_setting.', '.$save_pass.', '.$timezone.' , \''.$db->escape($language).'\', \''.$pun_config['o_default_style'].'\', '.$now.', \''.get_remote_address().'\', '.$now.')') or error('Unable to create user', __FILE__, __LINE__, $db->error());
        $new_uid = $db->insert_id();

+        // Reset language if different from current default language (affecting email and result page)
+        if ($pun_user['language'] != $language) {
+           global $pun_user, $lang_common, $lang_register;
+           $pun_user['language'] = $language;
+            include PUN_ROOT.'lang/'.$pun_user['language'].'/common.php';
+           include PUN_ROOT.'lang/'.$pun_user['language'].'/register.php';
+       }

Lines with a '+' are new. (I can't provide line numbers since my version already differs quite a bit from the original).


(7 replies, posted in PunBB 1.2 show off)

I changed the layout a while back. It took my quite a bit of time to shoehorn the xhtml from punbb into a new design just by changing the CSS. Any comments?

A couple of members complained about the font size. It turns out there is no way to please all, so members can select the font size in their profile.

The reason for the font size problems appears to be that web browsers have standardized on 16px fonts as the default font size, which most people consider too large. So web designers either specify an absolute size of 13px, or a relative size of about 80%. I had set my browser to 13px default many years ago and had forgotten about it. So in my browser, font size 100% looked fine, but for others it looked huge...


(114 replies, posted in Programming)

Well, I normally keep my code to max 100 columns wide and test the code in a separate (browser) window NEXT to the programming window, or keep several windows open with code in different files.


(114 replies, posted in Programming)

pedrotuga wrote:

with most of the editors you can turn on and off the word wrap.

The problem for me is that I don't like either alternative. Either the lines are cut off (impossible to read how the code works) or the lines are folded around (hard to read unless the line wrapping is really smart, and in any case for me unpleasant to modify).

It's a matter of taste I guess.


(114 replies, posted in Programming)

Thanks all for the comments. I will look in the Linux-compatible options next time I do some punbb hacking. But I'm not sure I can part with the emacs keybindings that are hardwired into my brain. smile

To Ruckus: that is indeed an "interesting" color scheme you have in Edit Pad Pro. Deep blue on a black background, your eyes must be genetically modified if you find that relaxing to the eye. smile But I also see that you use long lines and therefore need horizontal scrolling, something I find incredibly annoying. Sometimes I do "view source" on a web page to see how the designer did something and that's not easy if it is in a couple of 2000-character long lines. I personally also find automatic word wrapping like in wordprocessors (I rarely use them) to be mildly annoying when I am copyediting a paragraph and my mental map of where the things are in the paragraph that need work needs constant adjustment because I added a few words to the beginning of the paragraph.


(68 replies, posted in PunBB 1.2 discussion)

My spambot visitor always tries to spam topics 10 and 12. As far as I can tell it never watches the result page because it has already tried some 1400 times in 2.5 months. All attempts were blocked by the captcha.


(114 replies, posted in Programming)

I have been customizing my copy of punbb a bit and I keep wondering how Rickard and other php programmers deal with their sourcecode?

I have been using emacs for over 10 years now, because it knows syntax and indentation rules for most programming languages. But with php it gets quite confused because of the mixing of HTML and PHP's C-like syntax, even within single lines. Moreover, it appears to me that programmers nowadays like to use extremely long lines of code. Either I have to use an editor which cuts off the right part of the line (which means I have to do horizontal scrolling all the time while looking at the code) or let the editor wrap around long lines, which means the indentation gets messed up. Am I old-fashioned with my preference for lines that are max 80 or maybe 120 characters long?

So what is the recommended software for editing punbb code?

P.S. I am a long-term Linux user in case you didn't guess that from my emacs usage. smile


(1 replies, posted in PunBB 1.2 bug reports)

Actually, I think that I modded punbb right after installation for the same reason in header.php (similar header(...) line after the no-cache headers.)


(1 replies, posted in PunBB 1.2 bug reports)

If the webserver and/or php settings default to a different charset than punbb (e.g. utf-8 versus iso-8859-1), then the redirect page that is shown after posting has conflicting charsets in the HTTP headers versus the html code.

In Opera, the charset specified in the HTTP headers takes precendence over that in the HTML document, which means that rather than "inlägget sparat", i see "inl`gget sparat" every time.

Fix: in functions.php, function redirect, find this:

// START SUBST - <pun_char_encoding>
$tpl_redir = str_replace('<pun_char_encoding>', $lang_common['lang_encoding'], $tpl_redir);
// END SUBST - <pun_char_encoding>

and add:

header("Content-Type: text/html;charset=".$lang_common['lang_encoding']."\n");


(68 replies, posted in PunBB 1.2 discussion)

hcgtv wrote:

the problem with blacklists is that they become a chore to keep updated.

I'm trying to explain that it is trivial to update my blacklist automatically due to the access patterns used by bots (no session keys, user agent, probably headers as well). Although I'm not sure I want to be serving out such a blacklist to all forums on the WWW.

THaCAA, HumanAuth

THaCAA is trivial to beat automatically. Just download the package and you have a list of all questions. HumanAuth suffers  from the same accessibility problem as distorted text. Moreover it is a huge investment to create the image library and -relatively- easy to write a program that uses this same library to solve the questions.

MadHatter wrote:

personally I find the distorted text captcha the most annoying.

I agree it is somewhat annoying. But it is the best trade-off up to now between how easy it is to generate them with a computer, how hard it is to solve them automatically, and how easy it is to solve them for a human.  And you only need to use it for new user registrations and anonymous posts. The alternative to me would be manual removal of those 800 spam posts I got over the last 6 weeks.


(68 replies, posted in PunBB 1.2 discussion)

MadHatter wrote:

my spammers never used the same ip address.

Mine don't either, at least most of the time. But what I mean is if a couple of us have a realtime blacklist we could do IP lookup. So far my list has 600+ ip addresses that were used for 800+ spam messages over the course of 6 weeks. It would be trivial to keep this list up-to-date in realtime, with a dynamic webpage, e.g. www*example.com/spamcheck?ip= that gives a simple YES or NO.

It is of course a bit harder to arrange for other websites to submit blacklisted IP addresses, but there probably is some way around it.

A punBB mod could query the above URL whenever an anonymous visitor tries to post or create an account. That way you don't have to annoy your visitors with captchas.


(68 replies, posted in PunBB 1.2 discussion)

I have an idea:

My CAPTCHA code logs failed attempts along with the reason: wrong code or missing session information. It is very clear that the spambots don't deal with sessions. I have a big list of IP addresses that are being used for spamming. In principle we could set up some kind of public IP blacklist, so that webmasters who don't want captchas for accessibility reasons could automatically block these IP addresses.

I already checked the Spamcop.net blacklist, but the forumspammer I'm dealing with apparently doesn't use the same IP addresses for email spam.

Paul wrote:

I'm afraid for an accurate answer to your question you would need to consult a Dutch lawyer.

That's of course true, but I guess that there are plenty of people over here who have dealt with the issue. For this kind of things the Dutch law isn't that different from the laws in other EU countries, I suppose.

Most forums on the web have a huge page of legalese describing all the rights, responsibilities, and duties of those who contribute to the forum. The punbb forum is an exception to this rule with the one-liner "Don't post anything you wouldn't want your mother to see.".

In an ideal world, that should be more than enough, as the moderators weed out the inappropriate posts. However, in reality angry users might resort to legal threats. I read in the Swedish forum about a guy who was threatened to be sued for not complying to the Swedish privacy law which requires explicit consent in order to store personally identifiable information. (It seems to me that it's pretty clear that information will be stored if you fill out an online registration form, but who am I?). I can imagine hairy copyright issues if the forum posts are moved to another website at some point in the future, and so on.

So what is the minimum ruleset that will cover me legally for this kind of things? For the record, my site is in Europe (Netherlands).


(1 replies, posted in Archive)

Det ser ut som om du har lyckats på  http://mammdiin.com/forum/ smile


(2 replies, posted in Archive)

Det är inte tydligt vad du menar. Du måste registrera en sitemap på https://www.google.com/webmasters/sitemaps/login; sedan tar det några timmar innan den blir nedladdat. Sitemaps är alltid i XML.


(7 replies, posted in PunBB 1.2 show off)

pedrotuga wrote:

Maybe the color scheme would look diferent if you dont use those huge leters.. OT:last post is about peps person wink

Hmm, what browser did you use? I tested in Firefox and Opera and the letters don't seem particularily large. In principle the font has size 100% of whatever you have as a default in your browser, and the headings are maybe 120 or 140% of the default. Were you referring to the base font or to the headings?

By the way, I actually think the default font for punbb Oxygen is way too small. The problem is that the font is specified as 'Verdana, Arial, Helvetica'. Verdana is (I think) much wider compared to its height than Helvetica. Since my Linux computer doesn't have Verdana, it falls back to helvetica, which appears much smaller at the same nominal font size. Hmm, I see that I did the same thing, but now it's Nimbus Sans as a primary font in my stylesheet, followed by Arial (=Helvetica) as a fallback for Windows computers. smile [edit: updated stylesheet with verdana]

I don't get what you mean by 'peps person' smile


(20 replies, posted in PunBB 1.2 troubleshooting)

I encountered the same problem today, fixed it, and posted it in another thread, but I was unaware of this thread. smile


(3 replies, posted in PunBB 1.2 bug reports)

What a coincidence that there are now two threads about the same subject within a week. smile I figured that this is a bug since it leads to non-validating XHTML output, and since I kept up with the bugfixes it is was not yet implemented.


(3 replies, posted in PunBB 1.2 bug reports)

I tried validating a forum page and got loads of errors which could be traced back to microsofts browser uploading windows-latin data as iso-8859-1 in a new forum message.

I fixed the problem, see the code below. Since my customized punbb code differs too much from the official tree, I can't give you a patchfile. The name 'demoronize' is inspired by Demoroniser. This bugfix only corrects the most common offending characters and replaces the other ones by question marks since I was too lazy to look up the unicode numbers of the other ones (the whole range 0x80 to 0xa0). smile

Extra function in include/functions.php (the . in "&"."#8364;" is because otherwise a € will show up in this post:

// remove non ISO-8859-1 characters from $text, return cleaned $text
function demoronize($text)
  // common Microsoft non ISO-8859-1 characters
  $search=array("#\x91#", "#\x92#", "#\x93#", "#\x94#", "#\x95#", "#\x96#", // smart quotes
        "#\x80#" // euro
  $replace=array("'", "'", "\"", "\"", "-", "-",
  $text = preg_replace($search, $replace, $text);

  // delete less common Windows-only characters
  return preg_replace("#[\x80-\xa0]#", "?", $text);

In post.php, after the "validate bbcode syntax" block somewhere around line 170:

// and validate character set iso-8859-1
$message = demoronize($message);

In include/parser.php (the last line is added):

    // Convert applicable characters to HTML entities
    $text = pun_htmlspecialchars($text);
    $text = demoronize($text); // remove non iso8859-1 characters that are left in the database


(7 replies, posted in PunBB 1.2 show off)

Rador8 wrote:

The colors are crazy !

I agree that they are somewhat unconventional. smile But I find the standard color schemes a bit too boring. Judging from the SQL query below it seems that most users aren't bothered changing to one of the standard stylesheets.

mysql> select id,style,num_posts from users where num_posts>=5 order by -num_posts;
| id  | style  | num_posts |
|   2 | Lagom  |       157 |
|  58 | Lagom  |       146 |
|   7 | Lagom  |        66 |
|  11 | Lagom  |        36 |
|  66 | Lagom  |        34 |
|  65 | Lagom  |        32 |
| 106 | Lagom  |        30 |
|  77 | Oxygen |        25 |
|  97 | Lagom  |        21 |
|   4 | Lagom  |        20 |
|  39 | Lagom  |        20 |
|  33 | Sulfur |        18 |
|  69 | Lagom  |        14 |
| 119 | Lagom  |        14 |
|  70 | Lagom  |        13 |
|  67 | Lagom  |        11 |
| 101 | Lagom  |        10 |
| 124 | Lagom  |        10 |
|  12 | Lagom  |         9 |
|  19 | Lagom  |         9 |
|  63 | Lagom  |         9 |
|  74 | Lagom  |         9 |
|  50 | Lagom  |         8 |
| 103 | Lagom  |         8 |
|  45 | Lagom  |         7 |
| 107 | Lagom  |         7 |
|   9 | Cobalt |         6 |
|  38 | Lagom  |         5 |
|  49 | Lagom  |         5 |
|  72 | Lagom  |         5 |


(7 replies, posted in PunBB 1.2 show off)

My forum has already been running for a while; time to announce it here. :)


The site is for Dutch people learning Swedish and the other way around. I made some modifications to the php code, so I hope that when punbb 1.3 is released, it won't have too many nice new features, because that would mean I have to backport a few things.

My mods:
* Style sheets (in the colors of the Swedish flag); other layout for avatars
* List of active topics
* Auto-sensing the preferred language for guests (Swedish or Dutch; Gecko (Mozilla/Firefox/etc) and Opera users that don't have selected Swedish or Dutch in their browsers will get English.
* Captcha for guest posts and new registrations. I designed the Captcha after reading some papers about how captchas can be defeated. This one should be pretty tough for OCR algorithms.
* Posts can only be modified within 7 days after posting; within the first 30 minutes, there won't be a 'last modified' message.
* Quote length limiter. Posts are refused if more than about 50% of the message consists of quotes. (That needed some finetuning to deal with quotes containing lots of short lines)
* rel="nofollow" in links to pages that shouldn't be indexed by search engines (user info and such). Although these pages contain a meta robots tag, I've also put them into robots.txt, which means that google doesn't fetch the pages, but their URLs will still show up on Google if there's any page linking to them.
* The admin account gets to see the last visit date in the user list.