I have to ask. What is the fuss about modding and personalising a software installation. For goodness sakes, with most *nix admins it's second nature. A pre-compiled with everything version of a programme is practically a living hell. Starting with minimal solutions and adapting has always been the best and most secure policy.
1,827 2007-05-21 15:42
Re: Questions regarding why choices were made in the development in PunBB. (3 replies, posted in PunBB 1.2 discussion)
Personally, (I wouldn't presume to say this is how the PunBB Dev's think), the .tpl files, (which is an abbreviation for template), presents a standardised layout, whilst making parts, like messages, configureable. With the exit calls, they are placed within a script to prevent it from carrying on any further. This is usually to define what you want it to do before exiting, rather than what the script wants to do before exiting. 
I would presume, (and this is a personal presumption), that the exit is probably tied in to limit what debug info is outputted.
1,828 2007-05-21 05:51
Re: Vulnerable to spambots (89 replies, posted in PunBB 1.2 discussion)
MadHatter wrote:
smartys wrote:MadHatter wrote:at the very least, adding logging to the forum for actions like registration, password, and email changing would help narrow down the point of attack, and would allow you to "fix" the area of exploitation.
What kind of logging would you propose adding and how would it help?
you're right...
there's no better way than whats been implemented.
nothing else anyone can do outside of whats been done.
if you want your official punbb forum, you just have to deal with the spam.glad I finally figured that out. I'm a bit slow so you'll have to forgive me (us) for thinking all this massive spam is a problem.
please continue (not) developing the next version.
That was a really useful response, wasn't it. What type of logging? How can you log an exploit that isn't an exploit?
1,829 2007-05-21 04:07
Re: Vulnerable to spambots (89 replies, posted in PunBB 1.2 discussion)
If you modded your installation to use that method, it probably would kill your spam off either completely or to a negligible level. However, was not the point of this thread with regards to including standard spam prevention techniques within PunBB? If, for example, that mod was incorporated within 1.3 when it finally leaves R.C status, the thing would be cracked within a week. It is then not a deviant technology, but a core mainstream one. The fiscal benefit for the bot scripters would mean that it was viable to concentrate on it once that occured.
1,830 2007-05-21 01:47
Re: Vulnerable to spambots (89 replies, posted in PunBB 1.2 discussion)
No matter what technology, if any, is implemented, the bot scripters will adapt their software. This has happened in all areas where restrictions are applied. I'll make an example of SMTP servers. You look through any mailing list archives around eighteen months ago regarding smtp transaction rejection messages and e-mail addresses contained therein, and the emphatic answer would have been that bots do not parse those messages. Nowadays, they do. One has to remember that some of these bots are not merely some bored teenager writing a bot after they get home from school, just as an exercise in coding. Some of these things are written by people who are making a small fortune from the spam they propogate, and will not let some minor attempt at thwarting it stop them. Whatever you can throw at them to block it, they will find a multitude of ways to circumvent it.
1,831 2007-05-20 23:46
Re: Sub Forum Mod 1.0 (128 replies, posted in PunBB 1.2 modifications, plugins and integrations)
I'm beginning to make a bad habit of answering my own questions. To remove the parent forum table/post settings, the following is needed in viewforum.php. The parent forum then acts as a container for the sub-forums with no visible posting abilities or topic/thread table of it's own.
Around line 93:
if($db->num_rows($subforum_result))
{
After add:
$substatus = '0';
Around line 222:
<div id="vf" class="blocktable">
Before add:
<?php
if ($substatus != '0') {
?>
Around line 390:
$forum_id = $id;
$footer_style = 'viewforum';
require PUN_ROOT.'footer.php';
Before add:
}
1,832 2007-05-20 22:47
Re: Sub Forum Mod 1.0 (128 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Quick question. Is there a way to stop the parent forum headers/table showing below the sub-forums when it contains sub-forums? I.e:
--------------------------------------------
Parent forum name
--------------------------------------------
Topic Replies Views Last post
--------------------------------------------
Forum is empty.
--------------------------------------------
So that the parent forum is acting only as a container.
Cheers.
Matt
1,833 2007-05-20 20:24
Re: Gus v2.0 (7 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Just a quick note. Found out that I've left a couple of settings in the gus_gallery.php and gus_listview.php scripts from when I was testing them. All they are are the slots and upload allow settings for those two pages, so nothing detrimental to stability or suchlike. They will, however, override the config file settings, so delete the following two lines from the above named scripts:
$gvupload_allow = 'yes';
$gvupload_slots = '2';
In gus_gallery.php they are lines 66 & 67. In gus_listview.php they are lines 75 & 76. Apologies for the minor oversight.
1,834 2007-05-20 01:57
Re: HOW TO: When new member registers, they recieve an auto PM? (6 replies, posted in PunBB 1.2 modifications, plugins and integrations)
p0Wer wrote:
MattF wrote:Look through the thread for the PM mod. It's in there.
I searched the whole thread... It's not there
The thread on PunRes?
1,835 2007-05-20 00:45
Re: HOW TO: When new member registers, they recieve an auto PM? (6 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Look through the thread for the PM mod. It's in there.
1,836 2007-05-20 00:34
Re: Single post topic forum (13 replies, posted in Programming)
Smartys wrote:
You're right, I could have sworn that it wasn't in the query though
With the length of that query it's devilishly easy to miss. I needed a judicious dose of grep and reading it several times to find it. Thanks ever so much for all your help and advice, btw. 
Matt
1,837 2007-05-20 00:25
Re: Single post topic forum (13 replies, posted in Programming)
Sorted that last bit. The query is already there, so starting at line 58:
if (($pun_user['g_delete_posts'] == '0' ||
($pun_user['g_delete_topics'] == '0' && $is_topic_post) ||
$cur_post['poster_id'] != $pun_user['id'] ||
$cur_post['closed'] == '1') &&
!$is_admmod)
message($lang_common['No permission']);That block above needs the following line adding: $cur_post['post_replies'] != '' ||
so that it looks like the following:
if (($pun_user['g_delete_posts'] == '0' ||
($pun_user['g_delete_topics'] == '0' && $is_topic_post) ||
$cur_post['poster_id'] != $pun_user['id'] ||
$cur_post['post_replies'] != '' ||
$cur_post['closed'] == '1') &&
!$is_admmod)
message($lang_common['No permission']);Thanks again for the advice.
Matt
1,838 2007-05-19 22:40
Re: Single post topic forum (13 replies, posted in Programming)
Smartys wrote:
You need to edit the initial query for $cur_post to grab the post_replies column
Just been having a look at the delete.php db query, and it looks as if the post_replies is already in the lookup? This line:
$result = $db->query('SELECT f.id AS fid, f.forum_name, f.moderators, f.redirect_url, fp.post_replies, fp.post_topics, t.id AS tid, t.subject, t.posted, t.closed, p.poster, p.poster_id, p.message, p.hide_smilies FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.id='.$id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());Is that the right one, the fp.post_replies? If so, would I just use $cur_post['post_replies'] instead of the $cur_topic['post_replies'] var?
Thanks once again.
Matt
1,839 2007-05-19 21:06
Re: Single post topic forum (13 replies, posted in Programming)
Smartys wrote:
Well, it won't be disabled, the link is just hidden. You would need to make a similar edit in delete.php
Is that $cur_topic['post_replies'] variable/element already available in delete.php, or will it need to be introduced?
1,840 2007-05-19 19:10
Re: Single post topic forum (13 replies, posted in Programming)
Sorted that little quibble. Like a muppet, I didn't twig that the edit time only refers to the subject, so that one is an irrelevant point. The delete bit can be sorted by changing, in viewtopic.php around line 320:
$post_actions[] = '<li class="postdelete"><a href="delete.php?id='.$cur_post['id'].'">'.$lang_topic['Delete'].'</a>';To:
if ($cur_topic['post_replies'] == '') {
$post_actions[] = '<li class="postdelete"><a href="delete.php?id='.$cur_post['id'].'">'.$lang_topic['Delete'].'</a>';
}Deletion will then be disabled for single topic forums. Cheers for the advice and help.
Matt
1,841 2007-05-19 17:39
Re: Single post topic forum (13 replies, posted in Programming)
Right. Almost there. That works a treat. Only two deviations I need are that I want to differ the delete and edit settings from the global ones for forums that are post topic only, so that delete is disabled but edits are allowed indefinitely. So, would I need to adjust viewforum.php and viewtopic.php for this? Would it suffice to, if post_replies = 0, to set the following two within the script as below to allow the above?
g_delete_posts = 0
g_edit_subjects_interval = 0
Thanks again,
Matt
Edit: Just been delving, and it appears that it's viewtopic.php and edit.php tht will need some slight alteration?
1,842 2007-05-19 16:30
Re: Single post topic forum (13 replies, posted in Programming)
Smartys wrote:
Unless I'm wrong, that's easily possible
Create a forum, edit its permissions in admin_forums.php. Make sure that people can only post topics, not replies. Then make sure people can edit their own posts. Tada!
Ooh, if that's the case, I'll be well chuffed. I'm gonna' have a diddle now. Thanks ever so much for that pointer.
1,843 2007-05-19 16:28
Re: Single post topic forum (13 replies, posted in Programming)
hcgtv wrote:
Hi Matt,
DokuWiki is very easy to install and is in the same spirit of Pun, very light.
It also has backend authenticattion for Wiki users against the Forum database:
http://wiki.splitbrain.org/wiki:auth:punbb?s=punbbI use Doku cause there are times when it's better to use a hammer than the handle of a screwdriver.
That was the one which looked most promising, but had various problems. Firstly, the PunBB authentication is for mysql only, and secondly, I couldn't get to grips with it's use within the first hour. I work on the motto that if I cannot figure it out within the hour, the less technical ones have no chance. Ease of use is the primary concern, and the forum usage is now second nature to them.
1,844 2007-05-19 15:14
Topic: Single post topic forum (13 replies, posted in Programming)
Firstly, apologies if I've put this in the wrong forum. Couldn't quite decide where it should go.
What areas would one need to concentrate on to create a forum where it is possible for any user to create a topic/thread, but once created, that topic/thread can only be edited by the user who created it, and they are only able to edit the original post, not add further posts to the topic/thread? It will in essence be a single post topic that can only be updated/edited by it's creator.
Simple idea for this one is something akin to an incorporated write-up/wiki section using the forums abilities, rather than utilising an external programme. Have been looking at wiki's and such over the last several weeks, and they all have problems or lack required elements, or are simply devilishly hard to use. The forum itself is a familiar interface for the users, however, and has all the pre-requisites, so I've decided to go down the route of modifying the forum itself rather than trying to tie in an external programme to achieve the required purpose.
Cheers,
Matt
1,845 2007-05-18 03:32
Re: Notify user (6 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Why? If they haven't come back to check, it would appear they don't care if there are any replies or not.
1,846 2007-05-15 05:38
Re: Online Status (6 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Burnsy86 wrote:
That is exactly what I am asking, how do you do that?
1,847 2007-05-15 00:39
Re: Online Status (6 replies, posted in PunBB 1.2 modifications, plugins and integrations)
'modifictions' That really is a classic mistype.
Why not just make a hidden admin account if you want to be online without user visible admin status?
1,848 2007-05-15 00:30
Re: Vulnerable to spambots (89 replies, posted in PunBB 1.2 discussion)
sirena wrote:
I knew it was a mistake to use a MS example around here
But a dislike of MS shouldn't cloud the argument. It was just meant to illustrate a point about application hardening. One valid approach can involve reducing the 'surface area' an application exposes to attack 'out-of-the-box'. That's all. It's a very *nix-like perspective.
Progressive strengthening of the defences by all web apps is an inevitable trend. You can see it everywhere. And the forums you will see around in several years time will be much tighter than the ones you see today, that seems an absolute given.
This doesn't necessarily need to get in the way of the spirit of open source, *nix, the web and other goodness. It's a matter of survival.
Judging by how many of the mods for PunBB are written with M$ editors, I think most on here are appear to be running that OS. The means for hooking in external measures is a method I would agree with. The base system should always be as small as possible, in my personal opinion, though. I can't disagree with the need for security measures. I just personally prefer them to be separate entities.
1,849 2007-05-14 22:21
Re: Vulnerable to spambots (89 replies, posted in PunBB 1.2 discussion)
sirena wrote:
Look at the MS experience and the new security model in Vista and successive generations of for example their server product lines. You start with a secure configuration, and users then have to explicitly *choose* less secure options. Is good.
You are incorrect. That is not good. That is merely taking a broken system and trying to prevent it from becoming broken even further quickly. What's even worse is that it has a highly detrimental effect on legitimate use.
Adding any type of spam protection has problems. For one, I believe it deviates from PunBB's basic design philosophy? Secondly, whatever system one chooses will become only partially effective within time, leading to requests for further additions. Where does one stop? Three, one solution will never be okay for all.
At the end of the day, PunBB appears to have more of a *nix based philosophy than a M$ one, which is to provide a secure base system without needless bells and whistles that can be altered precisely to meet ones needs. It does not start off as a bloated system with countless needless parts which impact reliability, configurabilty, security and speed.
For goodness sakes, it can be adapted with several hours work. A modded version of your own can then be used to create all your own installs. You only need to do the job once.
1,850 2007-05-14 13:40
Re: Gus v2.0 (7 replies, posted in PunBB 1.2 modifications, plugins and integrations)
I've uploaded a minor update on the Punres site to address a couple of problems.