You are not logged in. Please login or register.
PunBB Forums → PunBB 1.3 troubleshooting → feeds to all forum content
In version 1.2 only public areas of the site have feeds.
I know most of the feed readers do not support cookies, but some do.
I use sage, which being a firefox extension, inherits its cookies.
It would be really cool to be able to subscribe feeds of a topic i of any topic/forum/category, regardless if it's in a public area or not.
Is this a feature of punbb1.3?
It's a feature we're currently putting off until 1.4.
http://dev.punbb.org/ticket/60
The reason, as the ticket states, is that we need a secure way to allow people to pass their information. Some feed readers support HTTP authentication via including the username and password in the URI, for example: we don't want people accidentally disclosing their username/password by copy/pasting a link.
pedrotuga: That concept has always struck me as being one that has issues. At least with your browser, you still require the login also. Working off of cookie info alone would most probably be best in some form of extension, if anyone likes the prospect.
1.4 ... what is going on ... i thought we are on 1.3 ... why guys dont you guys put the things of 1.4 in 1.3 ... why just wait for another thing ... this is alittle annoying
1.4 ... what is going on ... i thought we are on 1.3 ... why guys dont you guys put the things of 1.4 in 1.3 ... why just wait for another thing ... this is alittle annoying
Stop being a drama queen. Something like the aforementioned setup has the ability to bollocks your restrictions the first time some muppet puts their feed link on a public system, and they will, without fail.
SuperMAG wrote:1.4 ... what is going on ... i thought we are on 1.3 ... why guys dont you guys put the things of 1.4 in 1.3 ... why just wait for another thing ... this is alittle annoying
Stop being a drama queen. Something like the aforementioned setup has the ability to bollocks your restrictions the first time some muppet puts their feed link on a public system, and they will, without fail.
what drama crap ...
what ever ..... i didnt even understand the feed stuff that the member asked ... i just wanted to say why dont they apply features in 1.3 rather to apply it in 1.4 ........ if you have future plans ...
its not good when you ask for a feature you say it will be in 1.3 ... and after that you will say it will be in 1.4 ... you guys know that upgrading from one version to another is pain in the brain ...
i just wanted to say why dont they apply features in 1.3 rather to apply it in 1.4 ........ if you have future plans ...
If they did that, 1.3, nor any other release, would ever get released. Plus, one can but hope that something like that *never* makes it into core.
SuperMAG wrote:i just wanted to say why dont they apply features in 1.3 rather to apply it in 1.4 ........ if you have future plans ...
If they did that, 1.3, nor any other release, would ever get released. Plus, one can but hope that something like that *never* makes it into core.
i am not saying about that idea in particulare .... i am saying that they should put all thier ideas for 1.4 in 1.3 ... final version is bitter then every new version per year ... afcource they will be updating but not full upgrading ...
i am not saying about that idea in particulare .... i am saying that they should put all thier ideas for 1.4 in 1.3 ... final version is bitter then every new version per year ... afcource they will be updating but not full upgrading ...
Do you have any idea of how many possible bugs or unexpected consequences a single item can have? That's the point of new releases. To incorporate new features when, AND ONLY WHEN, they have been fully designed, implemented and tested.
SuperMAG, I think you haven't realized that you (nor anybody) are not entitled to make demands on the dev team. The closer thing you can do is suggestions.
And please, don't hijack this topic you guys 
Smartys, i think you got me wrong, i was probably not so clear in the details.
I suggested that the feeds would have no more authentication than any other forum page. Basically only browser based feed readers would catch those feeds.
Like, when you show a viewtopic, I guess punbb uses php's session system to check user's permission, as far as I know sessions rely on cookies.
The only thing i suggested is to extend the user authentication check to the feed generator script. That should not be a lot of work and it would be very practical for some people, like me.
The only thing i suggested is to extend the user authentication check to the feed generator script. That should not be a lot of work and it would be very practical for some people, like me.
And it would also be the absolute worst nightmare of a Drac admin, if it was part of the core system, especially with such weak checks as those.
pedrotuga wrote:The only thing i suggested is to extend the user authentication check to the feed generator script. That should not be a lot of work and it would be very practical for some people, like me.
And it would also be the absolute worst nightmare of a Drac admin, if it was part of the core system, especially with such weak checks as those.
???
I don't understand what you mean, at all.
What does this have to do with Drac? BTW, i didn't even know what drac was until i googled it just now.
I am talking about the XML feeds generated by punbb. What does this have to do with email?
Dokuwiki for example has this feature. You request a feed. If you don't have the authentication cookie you just don't get it in the HTTP reply. Simple as that, I don't see how this affects other forum features nor how it adds new authentication issues.
No new system needs to be implemented.
It'd be a few lines of code anyway. Change the few lines of code that say
fp.group_id='.PUN_GUESTto
fp.group_id='.$pun_user['g_id']And solved. Common.php is included anyway.
In which line and file is that?
Is that punbb 1.3 or 1.2?
I believe that somewhere in extern.php in the sql query... right?
Any chances this be default in punbb 1.3?
Those are from 1.3's extern.php.
pedrotuga: It can be an extension. If we're going to implement a system, it will be a more robust one, one that can be used without needing browser / RSS reader integration. 
MattF: I don't see what's so bad about the change, other than that the need to login is non-obvious.
SuperMAG: If you don't understand why major versions exist and why we don't have an endless development cycle for 1.3 (although it may seem that way it times ), which seems to be the case, please just accept what you have been told in this topic and stop asking about it.
What does this have to do with Drac? BTW, i didn't even know what drac was until i googled it just now.
Not that Drac. 
Apologies. I was skimping on the typing. Draconian.
MattF: I don't see what's so bad about the change, other than that the need to login is non-obvious.
But he's referring to a system where it is reliant upon a cookie only. What if two people share a machine? A login has to be cracked, somehow. A cookie is stored for all and sundry with access to that machine to see, for starters. Having good security is pretty pointless if you're going to allow cookie authentication for feeds.
As opposed to cookie authentication for logins, which is what we use?
The idea is simply to use the login cookie as the authentication mechanism. That means nothing changes for regular RSS readers, but those which are integrated with a browser can view the RSS feed with the permission of the logged in user. It's not a bad idea and it might be worth implementing, except for the fact that we want to do better. We want to provide users with a secure way to view their RSS feeds, one that does not require that the user disclose their username/password in the query string.
You could generate a unique token that can be changed and they have to pass in the URL?
SuperMAG wrote:i am not saying about that idea in particulare .... i am saying that they should put all thier ideas for 1.4 in 1.3 ... final version is bitter then every new version per year ... afcource they will be updating but not full upgrading ...
Do you have any idea of how many possible bugs or unexpected consequences a single item can have? That's the point of new releases. To incorporate new features when, AND ONLY WHEN, they have been fully designed, implemented and tested.
i know still they can test it in 1.3 ... no much need for big version like 1.4 ... i mean look at the difference between 1.2 and 1.3 ...
SuperMAG, I think you haven't realized that you (nor anybody) are not entitled to make demands on the dev team. The closer thing you can do is suggestions.
And please, don't hijack this topic you guysSmartys, i think you got me wrong, i was probably not so clear in the details.
I suggested that the feeds would have no more authentication than any other forum page. Basically only browser based feed readers would catch those feeds.
Like, when you show a viewtopic, I guess punbb uses php's session system to check user's permission, as far as I know sessions rely on cookies.
The only thing i suggested is to extend the user authentication check to the feed generator script. That should not be a lot of work and it would be very practical for some people, like me.
i am not making any demands ... they are free on what ever they do ... all the posts i do in these cases are suggestions ... and i dont know what you mean by hijacking etc. ...
pedrotuga: It can be an extension. If we're going to implement a system, it will be a more robust one, one that can be used without needing browser / RSS reader integration.
MattF: I don't see what's so bad about the change, other than that the need to login is non-obvious.
SuperMAG: If you don't understand why major versions exist and why we don't have an endless development cycle for 1.3 (although it may seem that way it times
what ever
SuperMAG: It will not be the only feature in 1.4. There is no roadmap at this point for what will be in 1.4, just a few ideas that we've pushed there. When it is released, it will be just as big a change as 1.3: hence bumping to 1.4 instead of 1.3.1.
Ok, i already now what will be my first punbb 1.3 extension.
Would it be ok to ask for you guys to make sure there hooks in extern.php in the right spot to achieve this?
I just glanced through and it shouldn't be an issue: all the queries are done via the query builder and are properly hooked. However, you should be the one looking, since you're the only one who knows what hooks you need.
feeds as in rss feeds?
Q
As opposed to cookie authentication for logins, which is what we use?
The idea is simply to use the login cookie as the authentication mechanism. That means nothing changes for regular RSS readers, but those which are integrated with a browser can view the RSS feed with the permission of the logged in user.
That cookie authentication part is a bit of a misnomer though. The cookie, in essence, doesn't mean diddley when the user isn't logged in. Plus, what's the point of a feed that you can only access once you're logged in? And if the auth mechanism contains some form of system whereby you don't have to be logged in to view it, then again, that comes back around to my original point. Security.
I'm quite willing to be corrected on my viewpoint if I've grabbed the totally wrong end of the cluestick, btw.
PunBB Forums → PunBB 1.3 troubleshooting → feeds to all forum content
Powered by PunBB, supported by Informer Technologies, Inc.