Re: shoutbox_pun - a punbb shoutbox
We will watch your development, helliax 
.
101 2013-05-03 20:12
- Trace
- PunBB senior member
- Offline
102 2013-05-09 07:57
Re: shoutbox_pun - a punbb shoutbox
helliax wrote:
I've managed to implement username links, but I'm trying to figure out the best way to go about tying it to an option, so it can be turned on and off through the forum settings.
Right now, the link is generated in the javascript. Specifically, the getHTMLFromMessage() function in shoutbox-pun.js. So in other words, I can't access the PHP config values directly. One way I figure I can do it, is to create a hidden <input /> that has the value, and grab that value from javascript. But that seems really hackish. Does anyone have any suggestions, or just other mods to check out, to see how they did it?
I forked andrew's project so I can work on it without messing up his project, so you can look at the code I have now: https://github.com/helliax/shoutbox_pun. Preferably, all my major changes will get turned into options, so we end up with one mod instead of two with just minor differences.
Why not add the option in the XML output in data.php? getShouts could have an additional <options> bit.
Please feel free to submit a pull request once the changes are done
103 2013-05-10 02:21
Re: shoutbox_pun - a punbb shoutbox
Brilliant Kushi!
104 2013-05-10 11:54
- Trace
- PunBB senior member
- Offline
Re: shoutbox_pun - a punbb shoutbox
What Kushi has done?
105 2013-05-14 17:09
Re: shoutbox_pun - a punbb shoutbox
ams wrote:
helliax wrote:I've managed to implement username links, but I'm trying to figure out the best way to go about tying it to an option, so it can be turned on and off through the forum settings.
Right now, the link is generated in the javascript. Specifically, the getHTMLFromMessage() function in shoutbox-pun.js. So in other words, I can't access the PHP config values directly. One way I figure I can do it, is to create a hidden <input /> that has the value, and grab that value from javascript. But that seems really hackish. Does anyone have any suggestions, or just other mods to check out, to see how they did it?
I forked andrew's project so I can work on it without messing up his project, so you can look at the code I have now: https://github.com/helliax/shoutbox_pun. Preferably, all my major changes will get turned into options, so we end up with one mod instead of two with just minor differences.
Why not add the option in the XML output in data.php? getShouts could have an additional <options> bit.
Please feel free to submit a pull request once the changes are done
This is sort of so obvious now I don't know why I didn't think of it immediately at the time. Thanks!
106 2013-05-16 21:58 (edited by helliax 2013-05-16 22:01)
Re: shoutbox_pun - a punbb shoutbox
Question regarding csrf token (this sounds related to Francisco FR's problem)
Right now, when you leave the shoutbox open long enough, it'll eventually "crash" and stop working, due to a CSRF token mismatch. The reason this is happening is because a static CSRF token is being compared to one that gets generated on each poll and each new message (so basically, every 1.6 seconds). In simpler terms, each time it checks for new shouts or adds a new one, it'll check these two tokens, and eventually the static one will lag behind, and mismatch.
The comparison's in data.php on line 26:
$_GET['csrf_token'] != generate_form_token('./extensions/shoutbox_pun/data.php')I understand that the reason for this is to help prevent cross-site attacks, and in this specific case, prevent bad people from posting shouts to your shoutbox without your permission. Does anyone have any idea on how to get around this? It looks like one solution is to regenerate the static token before it expires, but the token is generated via php code, and only gets called on page refresh. The alternative is to remove the check.
This problem also occurs with base PunBB functions, like modifying settings in the admin panel. The site gets around it by prompting you to confirm your action. I haven't looked at the code, but I imagine during this time, they regenerate the token, and then the action passes the check and goes through. But we can't do that with shouts, unless we force a page refresh every ~30 minutes.
Would be totally grateful for any help on this. Thanks!
107 2013-06-13 08:22
Re: shoutbox_pun - a punbb shoutbox
Yes, I've noticed this. Part of me thinks it perhaps should be tied in with some better handling and a 'timeout' - I don't like the idea of people hitting the server forever just from leaving the browser window open.
I think a fix would be to pass back a new CSRF token in the XML, perhaps each time, and update this with javascript in the DOM. This should solve the problem.
I'm not sure what your plan/workflow is but it'd be really useful for the project for you to pass these fixes you're making back as pull requests on github
Thanks
Andy
108 2013-07-03 23:17
Re: shoutbox_pun - a punbb shoutbox
Not work
109 2014-09-14 11:05 (edited by ams 2014-09-14 11:05)
Re: shoutbox_pun - a punbb shoutbox
There's an update with fixes to a few bugs and a few minor improvements
There's 1 security fix and 1 breaking change (previous shouted links will look funny)
110 2015-10-12 08:32
Re: shoutbox_pun - a punbb shoutbox
It would be nice if you can hook it up somewhere after the announcement div. I could not find an appropriate one. People might get lazy scrolling down to the bottom to see the shoutbox, not to mention if the site has too many subs.
111 2015-12-22 17:21
Re: shoutbox_pun - a punbb shoutbox
There's an option in settings to put it at the top of the board