176 Reply by deadram

(14 replies, posted in Feature requests)

Richard wrote:

If you try to view the userlist on my forum, all you see is this:

If you have guest viewable forums (ie: they can see posts), your giving away valid usernames. If you (or your users) re-use usernames across different systems, well... same thing.

If you truely want to stop "crackers" (ie: viruses/scrikidios) just implement something with "X fails in Y minute == block for Z minutes"

Normally preventing 5+ log-in with the same username, or from the same IP for 15 minutes at a time will slow down brute force cracking enough to fill your logs with enough info to nail the bugger using up your bandwidth to try thier latest version of 1337autocrak. That's about 480 attempts per day, 3360 per week, if you don't notice this in your logs, re-write your log parsers! If your users have passwords that can be cracked in 3360 attempts, then write a script to brute force thier passwords durring off hours, and force a password reset on the found weak passwords. Or better yet do a spell check on passwords and if a match comes up with less then 3 differences don't allow the password. Then again, unless your working for that secret world goverenment organization running the inter-galactic stargate program, I doubt you'll need this much protection. Monthly stored backups, and weekly backups (rotated monthly) and daily backups (rotated weekly) of your database can restore any damage done to a forum in less time then it takes to go for a pee (women excluded, not trying to be sexist, that just the way it is though tongue).

I'll admit more security is good security, but one has to understand that some people can't tell left mouse click from reset button on a computer. Limiting easy of use and accessability so that the admin doesn't have to write one more script is lazy IMHO. Course if you want your users to have image verification each time they log on, and force them to have a retinal scan to post be my guest.

Go to forum: Feature requests

177 Reply by deadram

(14 replies, posted in Feature requests)

userlist.php
...
Need I say more?

Go to forum: Feature requests

178 Reply by deadram

(14 replies, posted in PunBB 1.2 troubleshooting)

As far as I know, the font-family's first option is always used, unless that font is missing from the client computer. In your css files, just add 'arial' as the first entry. ie:

FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif

to

FONT-FAMILY: Arial, Verdana, Helvetica, sans-serif

Now for the size... Anywhere you see FONT-SIZE: <some number><percent sign, or 'em' or what not> just increase the numbers a bit. ie:

FONT-SIZE: 68.75%

to

FONT-SIZE: 80%

And for em use a smaller increase

FONT-SIZE: 1em

to

FONT-SIZE: 1.5em

px is a pixel mesurement of static size, never use this.
em is a relative size (I ~think~ it's based on the ratio of x to y screen size, along with the average distance to the viewer from the screen). Anyways... em is a better way to write px, it's a polite version.
% is a relative size based on what the inherited size is. 100% meens the same size, 200% meens twice as big, 50% meens half as big.

Anyways, hope my rambling helps big_smile

Go to forum: PunBB 1.2 troubleshooting

179 Reply by deadram

(14 replies, posted in Feature requests)

Done.

Install Directions wrote:

open ./lang/<languages>/login.php

Find (line 6):

// Miscellaneous
'Wrong user/pass'        =>    'Wrong username and/or password.',

replace with:

// Miscellaneous
'Wrong user'            =>    'Wrong username.',
'Wrong pass'            =>    'Wrong password.',

open ./login.php

find (line 48 or therr abouts):

    $authorized = false;

    if (!empty($db_password_hash))
    {

replace with:

    $authorized = false;

    if (!isset($user_id))
    {
        message($lang_login['Wrong user'].' <a href="login.php?action=forget">'.$lang_login['Forgotten pass'].'</a>');
    }

    if (!empty($db_password_hash))
    {

find (line 72 or there abouts)

    if (!$authorized)
        message($lang_login['Wrong user/pass'].' <a href="login.php?action=forget">'.$lang_login['Forgotten pass'].'</a>');

replace with:

    if (!$authorized)
        message($lang_login['Wrong pass'].' <a href="login.php?action=forget">'.$lang_login['Forgotten pass'].'</a>');

Go to forum: Feature requests

180 Reply by deadram

(17 replies, posted in PunBB 1.2 discussion)

agreed on the source. I've picked through it about 100 times and never really had to much trouble finding what I was looking for big_smile

Go to forum: PunBB 1.2 discussion

181 Reply by deadram

(14 replies, posted in PunBB 1.2 troubleshooting)

http://www.w3schools.com/css/css_reference.asp This is my one stop shop for css information. Has some examples with font too, as far as I can remeber.

Go to forum: PunBB 1.2 troubleshooting

182 Reply by deadram

(14 replies, posted in Feature requests)

Makes sence, people can already look at the user list as guests to find out what usernames are valid, no point in trying to hide something that should be right infront of them when they make a mistake logging on.

EDIT--

@Gizzmo I think he meens if username does not exists, then print "hey no user found, buddie"

Go to forum: Feature requests

183 Reply by deadram

(8 replies, posted in PunBB 1.2 troubleshooting)

Try this, AFAIK it's more polite to browsers (and to people who need really big text to read the screen).

DIV.postmsg {font-size: 125%;}

Go to forum: PunBB 1.2 troubleshooting

184 Reply by deadram

(10 replies, posted in PunBB 1.2 show off)

Thanks for letting me not think big_smile

I'll put that in later today or tomorrow wink

EDIT --

All finished. I changed your color coding around a bit though ;p Thanks again.

Go to forum: PunBB 1.2 show off

185 Reply by deadram

(10 replies, posted in PunBB 1.2 show off)

If the user changes his style, this won't fix the problem. I'll just force the bg of the ad div's to be white regardless of style. Don't really feel like doing much to clean this up ;p

Go to forum: PunBB 1.2 show off

186 Reply by deadram

(10 replies, posted in PunBB 1.2 show off)

Dam you IE users! Dam you IE for being such a pain in the arse! Dam IE to hell!

Hurm... Only way to blend them in is to change the bg color of the entire div to white then... Seems IE ignores the transparent property, or else has issues with inherance...

Then again, it is a good way to encourage users to install firefox, and rid me of these dam IE problems once and for all...

*Hurmughfuls* ok, ok, I'll see about installing IE soes I can get the dam browser to work...

Go to forum: PunBB 1.2 show off

187 Reply by deadram

(10 replies, posted in PunBB 1.2 show off)

My ISP finally decided to bring my connection speed back to normal... soes if you view the forums now, you'll acctually be able to browse them tongue

Go to forum: PunBB 1.2 show off

188 Reply by deadram

(4 replies, posted in PunBB 1.2 discussion)

Could just cheat and grep for 'class="*"', but you'd need to be running linux tongue

Once you figure out all the names make a "color" css, so that all "box" class items are red, and all "inbox" class items are blue, etc... That makes using the browser source a litle easier. Ohh, don't forget to make everything have at least a 1px margin/border/padding. That way even is the item is suppoed to be a spacer, you'll still see the colors tongue

Go to forum: PunBB 1.2 discussion

189 Reply by deadram

(5 replies, posted in PunBB 1.2 modifications, plugins and integrations)

My bad, pogenwursts2win big_smile

Go to forum: PunBB 1.2 modifications, plugins and integrations

190 Reply by deadram

(4 replies, posted in PunBB 1.2 discussion)

I havn't used the wiki before, but this might help http://wiki.punres.org/Wiki_index#Styles. If not maybe you could wiki this list into the docs? big_smile

Go to forum: PunBB 1.2 discussion

191 Reply by deadram

(2 replies, posted in PunBB 1.2 troubleshooting)

Maybe try to rebuild the search index from the admin panel anyways. Might make things a litle cleaner?

Go to forum: PunBB 1.2 troubleshooting

192 Reply by deadram

(1 replies, posted in PunBB 1.2 modifications, plugins and integrations)

1) You could just edit profile.php and remove the input fields for them options, then run a single db query to remove any settings that have been added to each user. Thereby forcing each user to use the site defaults.

2) That would need a modification to the code (and probably) an update to the database to add the post-per-page to the forum table.

Go to forum: PunBB 1.2 modifications, plugins and integrations

193 Reply by deadram

(6 replies, posted in PunBB 1.2 modifications, plugins and integrations)

"security" is an illusion. No matter how tight you box up your computer there's always a way to "break" it. I could disconnect my computer from the internet, and lock it up inside my room, but if I give my friend the key... well... tongue Optical character recognition (OCR) software has been around for ages, and I know of a few people who have managed to write neural-nets to do image to text for the more garbled verifications (that even I have trouble reading with my own dam fleshy eyes! Dam you yahoo, dam you hotmail, dam you and your skwinty eyed verification systems!).

The best way to stop bots is with a series of many systems (image ver, e-mail ver, user management, a good keen eye and some brains tongue). That being said, many bots are either scriptkiddios or fools who are trying to sell junk, and they lack basic computer literacy, so as to be unable to "update" or alter thier bot. It's normally enough to just rename the "username" field to "realname" and the "realname" field to "username" (<input name="<username|realname>"). Hehe, I'd love to see 500 hits from a bot trying to log on with it's real name, lol. Plus, if you don't have a problem with bots yet, it's a safe bet you don't have to worry for a while big_smile

Go to forum: PunBB 1.2 modifications, plugins and integrations

194 Reply by deadram

(5 replies, posted in PunBB 1.2 modifications, plugins and integrations)

When you install punbb, upload one copy to folderforum1, another copy to forumfolder2.
Then run install.php in forumfolder1, and fill it out normally, then use the "prefix" option to add a prefix to the table entries. A good prefix might be "forum1_".
Then run install.php in forumfolder2, and fill it out normally, this time pick a different prefix, such as "forum2_".

That should do it, for any number of forums.

Go to forum: PunBB 1.2 modifications, plugins and integrations

195 Reply by deadram

(3 replies, posted in PunBB 1.2 discussion)

I tried that once, well it was more of an online chat then a forum, great way to learn a new scripting language big_smile Long as you don't mind GNU GPL'in your forum, it might be faster to just canabilize the punbb code, or at least reference it tongue

Go to forum: PunBB 1.2 discussion

196 Reply by deadram

(13 replies, posted in PunBB 1.2 modifications, plugins and integrations)

deadram wrote:

I could always write that script I asked about, to convert a diff into the "PunBB install directions".

done

Your gonah have to wait for a while for me to sort through that dam file though... the diff between my pun and pun1.2.13 is about 2000 lines, and the converted readme is 4000... I have to sort through what was changed when and with who, and all that... I modded my punbb like a 19 year old with a honda civic, and too much cash to spare.

Go to forum: PunBB 1.2 modifications, plugins and integrations

197 Reply by deadram

(3 replies, posted in PunBB 1.2 modifications, plugins and integrations)

Hookais, it'sall done, and cleaned up a litle... I'mah just put it on punres, since my webserver is gonah be awfully slow for the next few days... (I love my ISP... to bad they ain't gonah get my money anymore!).

Lemme post it and then I'll edit this to set-up a link.

EDIT --

Ok, for people interested in this script it's on punres right now. I've put it under a blessing instead of a licence, I think I can do that, since it's built to help punbb modders, and not built using anything punbb (other then your readme syntax ;p). If it's a biggy I can GPL it, but I'd rather not have to think ;p

Go to forum: PunBB 1.2 modifications, plugins and integrations

198 Reply by deadram

(3 replies, posted in PunBB 1.2 modifications, plugins and integrations)

Not a bad project (even works under wine, on linux), but it's not terribly automated. I've started a perl script to do 90% of the work for me though, and all's I have to do is remove a few extra lines here and there. You need "diff" and a perl environment to run the script, plus it's a couple hundred lines already, so I'll be posting it to my website instead of as a code section. Sorry to yous windows users, but I dony care 'nuff 'bout yous to make it windows compatible (should run fine with cgwyn or whatever that thing is called though; and the may even be a decent port of diff to windows command prompt... no need for cygwn if you can find one).

I wonder... Rickard, how many people hit this site with linux running? only me lol? tongue

Go to forum: PunBB 1.2 modifications, plugins and integrations

199 Reply by deadram

(4 replies, posted in PunBB 1.2 discussion)

Whachousai??? :roll:

Ummm, do you meen where is that option to delete users? Log-in as an administrator, click "user list", click the user you don't like and what to delete. Now on the left side you'll see a menu. click "Administration", then "delete user". Now you get a new page, and on it is a checkbox. Select the checkbox to delete all the users posts and topics, along with that user, then click the "delete" button again to confirm deletion.

Go to forum: PunBB 1.2 discussion

200 Reply by deadram

(45 replies, posted in News)

http://www.w3.org/Consortium/Overview wrote:

To lead the World Wide Web to its full potential by developing protocols and guidelines that ensure long-term growth for the Web.

Look at these stats and find out why w3 is "recommened". Basically Microsoft owns the magority of the www browser market, and uses this power to force people to use IE to connect to websites built with microsoft's line of web development tools. The more people who use IE the more web pages developed for IE, the more people buy development tools from microsoft, the more people have to use IE... crazy, sad, cruel, and quiet close to illegal, circle of inevitable large homogeneous populations, that are a risk to society (via tailored viruses, scripts, etc).

http://winehq.org/site/why wrote:

The question is not whether Microsoft has evil intents, or whether it may go out of business, but whether its plans match yours. A company may want to deploy thin clients to simplify administration and save money on per-client Windows licenses. But is Microsoft going to make it viable and undercut its Windows market? Where is the alternative if Microsoft implements its software subscription model? If Microsoft is not interested in catering to your market, then you have no other provider to turn to.

So to sum up, should microsoft decide not to implement the standards, they will simply encorage the mess of a web we used to have back in the 14.4 modem days. You had to run netscape and IE to view every page on the web, and even then not all of them displayed correctly. If this is the goal of microsoft, there really isn't much we can do about it, short of buying the company and I don't think that's practical. In the "it's not practical to buy microsoft" way, the w3 standards are recommened. In all other way they are standards, because the text-to-voice web browser for your sister's friend's cousine's blind friend needs these standards to read the titles and heading in order. And that guy at work with the $80/month cellphone with wireless internet access needs these standards to render the pages in a resonably readable fashion. And that guy with the mac, this one with linux, that one ssh'ing into a box and running a text based browser to hide his real ip, need I go on?

Go to forum: News