MOD requests are common with each version of phpBB. Every user wants something different to make their board unique. The problem, however, is that there are more users than MOD Authors. However, with an understanding of PHP and phpBB, you can create your own!
Blog
Archive for the ‘Modifications’ Category
What do you want to see on this blog?
I touched on this in an article at my own site last month, but it is worth mentioning here as well.
This blog currently covers a wide range of topics relating to how to run your forum (How many forums should I create?, How Many Moderators Do You Really Need?, etc), to technical aspects about phpBB and MODs (Injection Vulnerabilities, Templating just got easier, etc) and even general posts about the phpBB project itself (Talkin bout Area51, Londonvasion Re-Cap – phpBB Ascraeus, etc). We would like some feedback from the community to get an idea about the sort of things you would like to read in the blog posts.
Our questions to you is: are there any topics in particular you would like to see posted in the blog? Are there other categories of articles (besides the ones mentioned above) which we need to focus on more?
Please give us your feedback by replying in the comments box below.
Thanks!
Tutorial: Injection Vulnerability Prevention
Notice
Some websites have claimed this article discloses an “injection vulnerability” in phpBB. It does not. What this post actually does is provide an overview of vulnerabilities commonly introduced by third-party modifications to phpBB and discusses what the authors of said modifications need to do to protect their code against attack.
Despite being among the easiest of vulnerabilities to understand, injection vulnerabilities are also among the most common. For most users, they will simply manifest themselves as an error when select characters are used, but a sufficiently adept user may be able to take that error and exploit it to their advantage.
To prevent this from happening, one needs to properly sanitize all user definable variables. Unfortunately, the way one properly sanitizes a variable depends on where it’s being used. In this post, we’ll discuss how to sanitize variables for use in SQL queries and in HTML, in general and in phpBB3, and we’ll discuss what can happen if proper sanitization isn’t used.
Fighting CSRF
Cross-Site-Request-Forgery, short CSRF, is a type of vulnerabilities that gets more and more attention. The concept can be translated as “tricking the browser into automatically performing some action using the user’s privileges”. Let’s see what phpBB does about it.
Advantages of session integration
As the world moves towards Web 2.0, it is becoming increasingly important to have a dynamic website – something which most people are using the PHP language to achieve. Unlike the use of HTML by itself to create a website, HTML and PHP together allow a website to be much more flexible, such as connecting to a database.
If you are running a bulletin board based on phpBB3, then it is worthwhile considering the benefits of integrating your main website into phpBB3.
The four basics of PHP
If you want to make a MOD and you just don’t know where to start, I think the best thing to do is to look at existing MODs to see how other MOD authors go about doing certain tasks. If looking at an existing .php file makes absolutely no sense, type a keyword of what you don’t understand into the search box on http://www.php.net – in many cases it will be a PHP function that will be well explained and documented.
For this blog post, I will address the four basics of PHP. Understanding these concepts will give you a kick start into the world of PHP and MODding.
Attachment Headaches with the Internet Explorer
Recently we got many bug reports about problems with the IE8 beta browsers. The problem is that we cannot accommodate beta browsers in our software – the next beta will break our adjustments. But why have we chosen to include some other IE8 features? The answer is simple: security
This post will give you insights into one of the more obscure security implications of file uploads.
The phpBB Code Wiki – How you can help
If you have not yet read the phpBB Wiki Announcement or have not followed the discussion topic. I would encourage you to do so and take a look at the new development wiki:
What is a Wiki and what can I do with it?
A Wiki is a type of website that allows the users and visitors to add, remove, and edit the available content. — Anyone who is interested in working with the phpBB Codebase, from website administrators who want to integrate phpBB into their site, or create a quick-script, to bridge or application developers to bridge phpBB with their application, to MOD Authors. The wiki is for those who want to learn more about the phpBB Codebase or simply have a question about how to do something or how something works within phpBB.
The wiki is also a great way to learn about how to begin programming in PHP/phpBB and developing a MOD.
CAPTCHAs in phpBB
This post no longer reflects the state of the art. See here .
CAPTCHAs – “Completely Automated Public Turing test to tell Computers and Humans Apart”s – are known as the foremost means to stop registrations by SPAM programs, so-called “Bots”. In phpBB, a visual confirmation CAPTCHA is used.
The key here is the “Completely Automated” part, meaning that the software – phpBB – creates the question and the correct answer without interaction by a user. This has the drawback that computers are usually able to find the answer as well, given time to adjust. This is an active field in research. In the end it is an arms race. A new CAPTCHA will usually buy a few months of peace, before the major Bot vendors adjust their products.
This article is about presenting some reasons behind our CAPTCHAs; it is not intended to be a case for or against CAPTCHAs in general or particular. It is not about other means to combat SPAM, but only about CAPTCHAs.
SEO Problems and Solutions to improve optimisation within phpBB3
Many people think that SEO is basically using or implementing Human Readable URLs. However, this is not encompassing of “SEO” at all, it is one small part of SEO, and is generally grossly misunderstood. Many people believe that Human Readable URLs are the only way that Search Engines can correctly index a site, or that it is the best method for spiders to index the site. Or that Dynamic URLs somehow hurt your Search Engine Ranking or performance within Search Engines. But this is not the case. Human Readable URLs mainly benefit Search Engines as added Keywords within the page, this only reinforces the keywords already set by the page and topic title, which Search Engines already use for the index.
Search Engines have just as easy of a time indexing dynamic URLs as they will with Human Readable static URLs. The benefit is minimal.
SEO is Dead! Long Live SEO!
There are others who believe that because the web has progressed so much over the years and the advancements in Search technologies, that search engines no longer require any optimisations to properly index your site. Or that you can not improve your search engine rankings or results by performing any sort of search engine optimisation on your site.
This post is meant to address both sides of the argument by giving people a better understanding of what SEO is and its place within phpBB3. It also includes problems identified within phpBB3 itself with regards to Search Engine performance and solutions to address these issues.