101 Reply by MarcB

(4 replies, posted in Programming)

Hmmmm not sure if the plug-in is custom, might not work. What I have done is to serve files that the user already has a program to view/interact with. So to say, pdf files if you have an acrobat viewer. That works great cause if they don't, they receive the pdf file which they can save and view later on. Of course, if these files should be propietary (and thus not really transferrable to be saved), you've got far more problems than I do wink

Anyway, the solution proposed should work fine, just modify slightly the act of submitting a file: instead of copy&paste to the server, or ftp it, use an upload php page and update the page at the same time.

You can even add ease of use with 'add new doc' (and then ask for a name) or 'update existing doc' (and then use all the fields you already have, including description etc...). And of course, filtering the file types and everything. In the end, you get much more control.

So, I hope this helps, if you don't see it as a solution, please re-state the details (somehow differently, that is wink ), and if you're using something else to work that out, please let us know. I am always available to learn new ways to do things smile

Marc

Go to forum: Programming

102 Reply by MarcB

(18 replies, posted in PunBB 1.2 discussion)

Well, it's certainly fancier. Not sure I like it better, though. I'll have to get used to it wink
The problem is that modding only works if there are few changes. If this was a new release, I'd be going through hell to implement it.

BTW, I'm curious about the exit(); lines that you've been adding after the header(Location:...); I thought the parser would never execute code after that, but now I am not so sure it might be the client that upon receipt changes the request. I miss the Server.Transfer and Response.Redirect commands... sniff wink

Marc

Go to forum: PunBB 1.2 discussion

103 Reply by MarcB

(6 replies, posted in Programming)

Yay, I luv u!!!!!
overflow-y: hidden;
I would have never figured out that one. Now let's see if I can still use it. I'd have killed for that a few months ago.

And when I said not implemented, I meant not implemented in MSIE, that is. I know they say it's just buggy, but... I never saw it work, so to me it's not implemented wink

Cheers!

Go to forum: Programming

104 Reply by MarcB

(1 replies, posted in Programming)

Just for the record, I'd do it adding a cat id to the field:
1:link1
1:link2
1:link3
2:link1
2:link2
2:link3
3:link1
3:link2
3:link3
And filter the characters before the ; (or # or whatever).

Or simply use an array, what's wrong with that? Query the DB once, and order the records by cathegory. Then fill your array with one index equaling that of the cathegory.

If I understood the question, both are easy to implement.

Cheers,
Marc

Go to forum: Programming

105 Reply by MarcB

(10 replies, posted in Programming)

I wouldn't revive this topic if I didn' find it really interesting from the security point of view.

My objection would be that it's just as easy to hijack a cookie as a session ID, so if you somehow circumvent the ip check, might as well just use a cookie, even if you're checking against the DB.

So my advice would be to create new sessions, use cookies that expire as the navigation window closes or the user logs out (if they do it from some internet cafes, they're not allowed to close the navigator).

Even so, I'm worried about IP spoofing, but I can't do much about it, I'm currently working on such a system. Cookies are two times encrypted: IP+seed for the first layer, then a user-dependent seed for the second layer, where I obtain the password hash. That I verify against the DB every time. I don't see the advantage in overloading the web server, since I found out that usually the DB server is idle most of the time.

I might sound a bit paranoid, but these are simply requirements for this type of apps (I usually do banks... in the good sense, that is, I don't rob 'em wink ). The only advantage I see in using the session is that you know that the user logged in previously, but you can as well add his IP to a database field when he logs in, the process doesn't even need to be synchronic, and add an additional field to the where on verification.

The other point, is that you overestimate user speed. If you're designing an application (for a forum or the likes, there are better security settings to tweak), users musg be doing something, and that usually takes lots of time.

In my case, every page is meant to supply/update info from/to the database, so since I already must open a connection, what the hell, I might as well verify the user.

I just don't know, many of these might be prejudices, and since this thread is quite old, you might have already implemented this system, what's your feedback? I'm always very interested in discussing security improvements.

Marc

Go to forum: Programming

106 Reply by MarcB

(4 replies, posted in Programming)

Hmmm why not keeping a small db where you keep the name and revision in a sepparate field. add records after generatio or upload, that's pretty easy to do.

To read the latest revision filenames, it'll be something like
select name_field, max(revision_field) as revision_field from document_database group by name_field
(or avoid max and group by, if you want them all), you then compose the real filename as name_field."_rev-".revision_field

As an addition, you could serve the files directly to the requester, avoiding the need to give a direct link to the real file. If you need details, ask.

Now, my VAT number is... wink

Go to forum: Programming

107 Reply by MarcB

(11 replies, posted in Programming)

I've done just that today (implementing the same user/pwd for the private site and for punBB), although that comes from different packages and the userlist is different, it would be quite easier if you design your own package with that in mind. If you still on thta, and need ideas just ask.

Go to forum: Programming

108 Reply by MarcB

(6 replies, posted in Programming)

Rickard, that is an unfortunate not well implemented feature of CSS, it should work with position: fixed, but I still have to see that work somewhere.

If you find out how, please let me know, I am also strongly interested in that. Never managed to do it solely with css, but would certainly be neater.

fixed 
The box's position is calculated according to the 'absolute' model, but in addition, the box is fixed with respect to some reference. In the case of continuous media, the box is fixed with respect to the viewport (and doesn't move when scrolled). In the case of paged media, the box is fixed with respect to the page, even if that page is seen through a viewport (in the case of a print-preview, for example). Authors may wish to specify 'fixed' in a media-dependent way. For instance, an author may want a box to remain at the top of the viewport on the screen, but not at the top of each printed page. The two specifications may be separated by using an @media rule, as in: 
Example(s):


   
@media screen { 
  H1#first { position: fixed } 
}
@media print { 
  H1#first { position: static }
}

Go to forum: Programming

109 Reply by MarcB

(18 replies, posted in PunBB 1.2 discussion)

diff -crbB punbb-1.1.1/upload/footer.php punbb-1.1.2/upload/footer.php
*** punbb-1.1.1/upload/footer.php    Thu Jan  8 22:43:30 2004
--- punbb-1.1.2/upload/footer.php    Sat Feb 14 02:33:11 2004
***************
*** 72,79 ****
                              <select name="id" onchange="window.location=('viewforum.php?id='+this.options[this.selectedIndex].value)">
  <?php
  
!     if ($cur_user['status'] < PUN_MOD)
!         $extra = ' WHERE f.admmod_only=\'0\'';
  
      $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id'.$extra.' ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
  
--- 72,78 ----
                              <select name="id" onchange="window.location=('viewforum.php?id='+this.options[this.selectedIndex].value)">
  <?php
  
!     $extra_sql = ($cur_user['status'] < PUN_MOD) ? ' WHERE f.admmod_only=\'0\'' : '';
  
      $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id'.$extra.' ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());

That must be a bug, if you're renaming it to extra_sql, in the next line it should also be extra_sql instead of extra, right?

Marc

BTW, having the diff file makes a big difference, since I can implement it as if it was a mod, line by line, without having to reapply all my changes. Thanks a lot! smile

Go to forum: PunBB 1.2 discussion

110 Reply by MarcB

(16 replies, posted in Feature requests)

Well, that's fine, modifying the mod is not that hard, however, there's always the problem of adding users to groups... well, maybe that's professional deformation, in my case, all users belong to one group or another, that is, there's one section exclusive for every type of user. So for me to assign the users to groups was easy, I did everything directly through SQL, I'd have to build a front end for that, and for group creation and modification (something else I did lazily ;-).

My other problem, is that I've been going through some security enforcement modifications, mostly encrypting cookies and hiding menus. I've also scrapped the copyright and link from the guest front page, cause I don't want non-users to be able to even see what software is running (that surgical removal was not that easy, since you have to dig deep into the code to find a place where it won't disrupt everything else... it would have been much easier to completely remove the copyright lines, but I've got this thing about giving proper credit...). The point is, I can find the easy lines to be mod, but maybe some subtlety will be lost, so... at this very moment, I can't release this mod. Give me at least a week or so, and maybe I will have something to show up :-)

Marc

Go to forum: Feature requests

111 Reply by MarcB

(16 replies, posted in Feature requests)

Awww, the whole post gone to hell!!!

Well, here's how I'm doing it now:
I got the original + EFAM, then add a new table that defines groups, and modify EFAM to work instead of with users, with groups. It's much easier, cause I rely completely on the work of others wink . I lose the capability of adding individual users, but I can always create a group with 1 user... then I add/remove groups to forums.

Most of the management is done by hand i.e. I have a pool of 400 initial users, so I assign them directly trough SQL, so I hav no front end for that. If the approach seems interesting, I could try releasing a mod for a mod... hey, I might be the first one to do that wink

Marc

Go to forum: Feature requests

112 Reply by MarcB

(33 replies, posted in PunBB 1.2 modifications, plugins and integrations)

BTW, an email server per se, is not possible through php. You can however create a cgi script or something alike as your own email engine, but php has the sendmail function that allows you to send email provided the machine is running an smtp engine.
There are packages, though, and they need not be large files, some viruses incorporate their own smtp engine (on windows machines that allow raw sockets, AFAIK).

But there are indeed email frontends that allow you to check your email from an imap/pop server and to send emails. No need to reinvent the wheel wink

Marc

Go to forum: PunBB 1.2 modifications, plugins and integrations

113 Reply by MarcB

(33 replies, posted in PunBB 1.2 modifications, plugins and integrations)

Wow, they've certainly grown up... wouldn't have recognized them in a thousand years wink I remember the series, though... uncle Jesse was my favourite character, of course.

You have mail.

Go to forum: PunBB 1.2 modifications, plugins and integrations

114 Reply by MarcB

(33 replies, posted in PunBB 1.2 modifications, plugins and integrations)

Hehehe, next thing I'll search on google will be "open source webmail php mysql" ;-)

Marc

Go to forum: PunBB 1.2 modifications, plugins and integrations

115 Reply by MarcB

(14 replies, posted in General discussion)

If you ask *me*, it came up through google, when looking for an "open source forum php based software"... not directly but through one of those sites that listed phpBB, vBulletin and others. It stated this one was the fastest... got curious, visited the website and... I loved the colors.

Oh, and then I misread "Powered by punBB"... thought it said "Toward my bunny"...

Go to forum: General discussion

116 Reply by MarcB

(7 replies, posted in General discussion)

@Redhook: php is pretty simple to understand, most books deal halfway with the installation process, and most also deal with MySQL installation, which is not that bad if you don't have any experience at all with them.

Most important places are www.php.net (look for the manual) and www.mysql.net (idem), cause when you've got a doubt you'll go there to see.

Ok, the book I learnt from was from sitepoint, something like 'build your own website applications using mysql and php'. But I don't think it's incredibly better than anything else you'll find around. Hell, if you look around, you'll even find some free books floating around. Take whatever you're comfortable with. And then play a lot with it.
Since you already have a project in mind, that helps.

Marc

Go to forum: General discussion

117 Reply by MarcB

(33 replies, posted in PunBB 1.2 modifications, plugins and integrations)

@Starfish: you've got email

@Jochem: who are the twin beauties? If you can spare a clone... I could do with her wink

Go to forum: PunBB 1.2 modifications, plugins and integrations

118 Reply by MarcB

(5 replies, posted in PunBB 1.2 modifications, plugins and integrations)

@Frank: Hmmm what you say makes lots of sense. I just didn't think it through this way, maybe cause when I set up the changes, I leave the "old" code commented out, and this way I can reverse a mod (cough, cough) easily, or at least I can reverse it wink

@Louis: sounds like a CVS repository to me... wink

Marc

Go to forum: PunBB 1.2 modifications, plugins and integrations

119 Reply by MarcB

(33 replies, posted in PunBB 1.2 modifications, plugins and integrations)

Unfortunately this website doesn't support attachments ;-)
Send me your email and I'll send it to you, it's really a small file, and you'll have to correct what's already stated here.

Marc

Go to forum: PunBB 1.2 modifications, plugins and integrations

120 Topic by MarcB

(5 replies, posted in PunBB 1.2 modifications, plugins and integrations)

Hi all,

has anybody noticed that in order to correclty apply all changes easily it would be better to state the mod lines in reverse order?
That is, instead of:

#
#---------[ 5. FIND (line 127) ]----------------------------------------------
#
    $cur_closed = $_POST['closed'][$id];
#
#---------[ 6. AFTER, ADD ]---------------------------------------------------
#
    $cur_locked = $_POST['locked'][$id];
#
#---------[ 7. FIND (line 141) ]----------------------------------------------
#
    if ($cur_admmod_only != '1') $cur_admmod_only = '0';
#
#---------[ 8. AFTER, ADD ]---------------------------------------------------
#
    if ($cur_locked != '1') $cur_locked = '0';
#
#---------[ 9. FIND (line 146) ]----------------------------------------------
#
    $db->query('UPDATE '....
#
#---------[ 10. REPLACE WITH ]------------------------------------------------
#
    $db->query('UPDATE '...
#

writing it so:

#
#---------[ 5. FIND (line 146) ]----------------------------------------------
#
    $db->query('UPDATE '....
#
#---------[ 6. REPLACE WITH ]------------------------------------------------
#
    $db->query('UPDATE '...
#
#---------[ 7. FIND (line 141) ]----------------------------------------------
#
    if ($cur_admmod_only != '1') $cur_admmod_only = '0';
#
#---------[ 8. AFTER, ADD ]---------------------------------------------------
#
    if ($cur_locked != '1') $cur_locked = '0';
#
#---------[ 9. FIND (line 127) ]----------------------------------------------
#
    $cur_closed = $_POST['closed'][$id];
#
#---------[ 10. AFTER, ADD ]---------------------------------------------------
#
    $cur_locked = $_POST['locked'][$id];
#

This way you make sure that when people reach line 127 (after editing lines afterwards), the target code will still be there.

Of course, everyone can do as it pleases him/her, but assuming it's all the same for developers, and if and only if nobody oposes, I propose changing the order in future releases.

If there's a reason why it's done like it's done, I'd like to hear it, since I am curious and I've already learnt a lot about PHP browsing through the code of punBB and some of its mods. Learning doesn't hurt... too much wink

Greets,
Marc

Go to forum: PunBB 1.2 modifications, plugins and integrations

121 Reply by MarcB

(33 replies, posted in PunBB 1.2 modifications, plugins and integrations)

Yep, since yesterday I can't DL anything from there. And just today was the forum available. I think they are moving and links might be broken temporarily...

Marc

Go to forum: PunBB 1.2 modifications, plugins and integrations

122 Reply by MarcB

(33 replies, posted in PunBB 1.2 modifications, plugins and integrations)

Hehe, you knew it would solve it ;-)

Thanks!

Marc
Addendum: now you can re-release it with v1.1.1, just like the very version of punBB that is suposed to work with wink

Go to forum: PunBB 1.2 modifications, plugins and integrations

123 Reply by MarcB

(33 replies, posted in PunBB 1.2 modifications, plugins and integrations)

When the Guest user tries to access a restricted forum, I get this message:

Warning: Wrong datatype for first argument in call to array_key_exists in /web/foros/viewforum.php on line 69

That happens only with the guest account. Unauthorised accounts display the proper message, and authorized display the forum :-).

Marc

Go to forum: PunBB 1.2 modifications, plugins and integrations