Vote For phpBB’s Next Codename

Posted by VSE in Development with the tags , , , , , on October 16th, 2016

At phpBB we love codenames as much as we love Bertie.

Previously we have travelled to Mars and Saturn to find the most prominent features to name our versions. Now it’s time to come up with another codename for the version of phpBB.

In line with having an open mind for new features, looks, and changes in phpBB’s next major version we’re also opening up the decision on the codename to the community.

The phpBB Team has already pre-selected four possibilities from a rather long list.

Now it’s time for you, the community, to have the final say:
[Vote] Codename of next phpBB version

The vote will end in two weeks on October 30th, 2016.

Happy voting!


phpBB not vulnerable to ImageMagick exploit

Posted by Marc Alexander in Development, Security, Support on May 5th, 2016

As some of you might have noticed, a security issue has recently been uncovered in ImageMagick, a widely used software suite for displaying and modifying images. You can read about the full details of the exploit on news outlets like Ars Technica (article on ImageMagick exploit) and the ImageMagick community forum.

It has come to our attention that admins are unsure whether this affects their phpBB installation and/or what they might have to do to secure their installation.
First and foremost let me make it clear that, based on the currently available information, phpBB is not vulnerable to the exploits.
phpBB already verifies the supplied image types and therefore already contains one of the described mitigations for the ImageMagick vulnerabilities.

phpBB supports using ImageMagick for creating thumbnails only. Other parts of phpBB, such as image or general attachment uploads, are not using ImageMagick at all. The described exploits rely on directly passing uploads to ImageMagick and/or passing “clear text” image formats such as SVG or MVG to it. phpBB itself does not support these image types for creating thumbnails and therefore will not pass them onto ImageMagick. Additionally, supported image types are checked for integrity before passing it onto ImageMagick for thumbnail creation. Passing malicious files as described and disguising them as other image types is therefore not possible.

We hope this will help with clearing up any confusion or uncertainty on this subject.

Extension Skeleton Development Tool

Posted by VSE in Extensions on March 29th, 2016

Hello extension writers!

At phpBB’s conference in Prague last year, nickvergessen created a tool that makes getting an extension project started super easy!

ToolKit phpBB Extension Skeleton

The Extension Skeleton is an extension that you install in your development phpBB board. Once installed, you can use it to generate the starter files and directories for your own extensions.

The Extension Skeleton will ask you for some basic information about the extension you want to create, such as the name, author information, requirements, and what type of components it will use (listeners, controllers, styles, template events, unit testing, etc.). It will then generate an extension package based on your needs. It will be a working “skeleton” of the simple Acme Demo extension, and will be ready for you to begin to edit and update with your own code.

It can be accessed via Graphic User Interface through a link in your forum’s navbar

Extension Skeleton Tool

It can also be accessed from the Command Line Interface with the command:

$ bin/phpbbcli.php extension:create

The Extension Skeleton is a great little tool that every extension developer should have in their toolkit. It simplifies and expedites the mundane task of starting a new extension, and ensures you have a correctly configured set of composer, PHP and style files with which to begin coding your extension.

Happy coding developers!

phpBB 3.2 Rhea is near – help us test it now!

Posted by naderman in Development with the tags , , on March 26th, 2016

On October 28th, 2014, we published phpBB 3.1 Ascraeus, the culmination of nearly 8 years of development since phpBB 3.0—an eternity when it comes to web development. We learned our lesson from trying to build a major feature release over a timespan that saw major changes in web technologies; while our roadmap had to change frequently, none of the progress was made available to you—our users. When we finally released phpBB 3.1, I announced that phpBB would from now on see feature releases on an annual basis.

It has now been one year and 6 months since I made this statement. Our most recent release has been phpBB 3.2 Rhea 3.2.0 Beta2, on March 7th 2016. So we missed our goal, but we’re well on the way to reaching a new stable feature release before summer this year. We’ve been making great progress with tweaking our workflows to more strictly adhere to the schedule in the future.

As the Development Team Leader, I updated you much too infrequently on development progress, partly due to having many other tasks to also focus on. Unless you follow our development forums at Area51, or our social media accounts on Facebook or Twitter, you are unlikely to have heard of our recent 3.2 Beta releases. As these responsibilities exceed what a single person can do well, Marc Alexander stepped up in February to take over the Development Team Lead position. From now on, I will be responsible for more frequently informing you of all developments regarding phpBB, as its new Product Manager.

We are looking forward to your feedback on the Beta releases and upcoming final release candidates of phpBB 3.2 Rhea.We cannot produce a stable final product without your testing and bug reporting. Download Beta packages from our archive at Please keep in mind that you should not run this version of phpBB on your live sites yet, and no support will be offered until the RC phase.

If you’d like to get involved with phpBB development to help us finish new features faster, check out the information available on Area51. And lastly, if you’d like to stay up to date on phpBB development progress, follow this blog!

The return of the database

Posted by Michael Cullum in Website on August 9th, 2015

Any of you who have tried to access phpBB over the past few days might have experienced a variety of different errors, most notably one about being unable to find the database `phpbb`. This is the full, slightly more technical post mortem of the issues highlighted in the announcement here.


Firstly, some background on our infrastructure. It is hosted very generously and free of charge by Oregon State University Open Source Lab [OSUOSL or OSL] which is funded by donations and grants from individuals and large organisations (such as Google). We run our systems across a number of virtual machines (VMs), some of which are hosted on our own dedicated machines. Others were moved onto the main OSL cluster back in January as our old dedicated machines became more unreliable and unstable. We also run a number of services on centralised and function dedicated machines by the OSL such as their database servers, mailing list instance etc. which are used by a number of projects. They also very generously manage many of our VMs (using Chef), something which we’d like to make a blog post about in the future.

We now host all our databases on OSL’s main database cluster of two virtual machines served by a virtual ip which will use server SQL1 when possible or failover to SQL2 if SQL1 is down (which has happened a few times). SQL1 is their master (read & write) and SQL2 is their slave (Read-only) and SQL1 replicated to SQL2.

Replication Errors

On July 15th a number of issues with replication from SQL1 to SQL2  were noticed with some session tables which caused replication to be paused and a large number of statements were skipped. OSL then restarted replication but on the 16th we began to experience even more issues in far greater numbers than on the previous day and on the 20th a decision was made to entirely reload SQL2. Anticipating the only effect would be a bit of a slowdown on SQL1 due to a large number of reads, they went to do the maintenance at 00:00 on the 31st of July. The standard procedure for that is break replication, delete the databases off SQL2 one-by-one, and resync from SQL1.

 SQL1 Issues

At 00:20 SQL1 started experiencing errors and investigations began immediately. Despite the fact that it was believed to be a master-slave configuration between the two servers, it was in fact a master-master replication meaning although SQL1->SQL2 replication had halted, SQL2->SQL1 had not and SQL2 replicated a lack of data back to SQL1 causing the dropping of databases to occur on both machines. Immediately database dropping was halted and therefore some other project databases were unaffected but phpBB databases had already been dropped. As we had no valid failover to a read-only server (Normally this would be SQL2), OSL were then left to restore backups. However, the backups server had quite slow I/O and there were a lot of databases to restore (Just one of our databases is ~33GB and we have a number of databases and there are a number of other projects on the cluster). The backup restoration finished at 10:49 on the 1st August and took such a long time due to the aforementioned reasons and issues with problematic database structures. Once the backup restoration was complete the binlogs (essentially a log of all sql queries executed) were replayed to catch the backups up to just before the maintenance. The binlog replaying finished at around 04:22 and production databases then began to be moved back into production. More details on the SQL1 and replication issues can be read about on OSL’s own postmortem.

Maintenance Page on .com

Unfortunately, throughout most of this time we were just displaying an error saying that the `phpbb` database did not exist. Due to the time of year most of our team who would normally work on putting up (and then taking down once things were fixed) a maintenance page were away on holiday or leave (without internet or without their login credentials that they’d need such as ssh keys or sudo logins or on restricted internet connections not allowing SSH) and team members who did have access to the internet didn’t have the necessary access to repositories or our servers. Therefore, only information available about the downtime was from our twitter account and facebook page. For this we do sincerely apologise as we are aware many of you were unaware of why our site was down.

Missing Data

On Wednesday we began to realise there was some data missing after we discovered some posts had disappeared. Replication from SQL1 to SQL2 broke on the 15th July and we take backups from SQL2. The backup OSL had restored therefore was the one from the 15th July. OSL found the binlogs (/var/lib/mysql) on SQL2 and then replayed those in order to bring the state of the database back to the present. Unfortunately the command used to replay the binlogs only replayed the sql commands from the 17th July and this gap was only realised after OSL had blown away /var/lib/mysql on SQL2 in order to restart replication from SQL1 to SQL2 once we were back up and in production.

This means all actions done between the 15th and 17th July on any * sites will have been lost.


Also due to some unusual behaviour, everyone’s notifications settings on have been reset to never send out emails for notifications. You can still change your settings here but in order to ensure people don’t miss notifications, we’ve set everyone’s settings to now email for the following but you can of course revert this change if you so wish:

  • Someone replies to a topic to which you are subscribed
  • Someone quotes you in a post
  • Someone creates a topic in a forum to which you are subscribed
  • Someone sends you a private message

Into the future

OSL are implementing a number of policy changes and changes to their backup procedures (Read more here) in order to prevent this sort of thing from happening again, as are we. We understand many of you depend on for support as well as the resources it provides (downloads, documentation etc.). We will be looking at provisions to ensure that our infrastructure is less interdependent and removing single points of failure. This has also highlighted some rare edge-case bugs in phpBB which we are looking to patch as a matter of priority. We’ll also look at how we can better communicate downtime in the future, make appropriate maintenance pages easier to display, and ensure we always have people around who can deal with such situations.

Often when these kinds of situations arise, we receive questions about how our community can help us. While we appreciate the gesture of making a donation to us, the phpBB project does not accept financial donations. If you would still like to make a financial gift, you can support us indirectly by donating to OSUOSL. You can also help us directly by being active in our support forums, IRC, or by submitting source code patches. We are only here because of the community behind us, so anything you do to help the rest of the community helps us.

We do apologise once again for any problems this might have caused you.

As a note, all times are UTC+1 (British Time).

Symfony Live London 2015 – Please vote for phpBB!

Posted by Michael Cullum in Events on August 3rd, 2015

Symfony Live London and the rest of the SymfonyLive/SymfonyCon conference series are amazing conferences that bring Symfony developers together from around the world into one place for a day (or multiple days) of talks on a huge variety of Symfony related topics. Over the past few years, since our integration of Symfony into phpBB core and, our relationship with the Symfony community has grown. Many developers from their community now contribute to phpBB itself, something we have reciprocated in addition to sending many of our team members to Symfony conferences and meetups.

This year Symfony Live London will have a number of community sponsors of whom they will provide a sponsor booth (and much more) in order to directly communicate with many of the Symfony Community. Those projects are decided upon after the results of a public vote.

These sorts of events allow us to spread the word about phpBB and help get more people interested in working on the project, allowing us to develop phpBB to a better quality and do so faster. We are asking you, our community, to reach out and support us by voting for phpBB in their poll.

You can vote by clicking here.

Voting finishes in just a couple of days so please don’t wait. Should you wish to help support us further by spreading the word and garner us even more support, please do retweet us and share our facebook post.


Edit: Thanks to all who voted, we are proud to announce we have been accepted as a community sponsor of Symfony Live London 2015! If you’re in attendance do come over and say hello.

phpBB Developer Documentation

Posted by nickvergessen in Development, Extensions with the tags , , , on July 5th, 2015

When the phpBB Team met in Prague last month for a short productivity meeting we achieved many things. We fixed bugs, worked on our bamboo infrastructure, reduced the size of the extension validation queue and worked on a new phpBB/Symfony Authentication bridge however one of the most significant things we did was start the base of our new developer documentation:

The plan with this documentation is to consolidate all core and extension development related information that is currently spread out on our wiki, Area51 (and a variety of other places) into one central location.

As a first step the “[HowTo] Convert a 3.0 modification into a 3.1 extension” tutorial was converted and is now available to view here.

Since then, we have ported over many many other Wiki pages and readmes to the new doc system including:

The documentation is written using rst and our documentation source can be found in the “development” folder of our pre-existing documentation repository:

We will be continuing to move existing documentation over the coming months and if you are familiar with rst and git(hub) and want to help, please do feel free to send pull requests. Whether it is with porting existing documentation over, fixing typos or even writing brand new pieces of documentation, every contribution is appreciated.

phpBB at Symfony Developers UK (London)

Posted by Michael Cullum in Events on May 25th, 2015

At a recent meeting of the Symfony Developers UK user group in London I gave a talk titled “How we Build phpBB: The Next Generation”.

Screenshot 2015-02-03 01.33.28

After a brief introduction to phpBB’s functionality the talk covers different aspects of phpBB’s development. It provides insight into phpBB’s history, in particular that of its versioning, and how this affects how we operate to this day – keep in mind that we published our new release policy after this talk was presented.

The talk follows the process a feature goes through from a phpBB user’s idea all the way to making it into a phpBB release. Along the way it covers the numerous different tools used to aid us in developing phpBB; such as the issue tracker, GitHub, Bamboo, Travis CI. These tools are vital in helping our quality assurance process preventing regressions and they make it easier to develop phpBB. The talk concludes with a summary of the Symfony components we have adopted in phpBB and how we use them. It further explains why we are using more external libraries and components instead of “reinventing the wheel” as the term goes.

The talk was well received by the audience and many members of the Symfony community were positively surprised by the amount of Symfony components we now use in phpBB, by the free code and security audits performed by the styles and extensions teams on submitted customisations in order to ensure a high level of quality, and the outstanding security record that phpBB 3.x has now gained.

A video of the full talk can be found on Youtube and the slides are available on Speaker Deck. Please note that the slides may not make sense without the context of the talk.

If you run a user group or conference and are interested in having this talk, or a similar one, presented at your event by myself or another phpBB team member, please contact me or a member of the management team.

[Poll] Community Choice: Next Official Extension

Posted by VSE in Extensions with the tags on May 13th, 2015

The Extensions Development Team would like to ask you (again) to vote for another official extension!

Our previous community choice resulted in our Auto Groups and Pages extensions. We have a few more ideas and would like the community to help us decide which of them would be the most popular:

  • Advertisement Management – Ability to add multiple advertisements and display in various locations (header, footer, specific forums, etc.)
  • Google’s new reCAPTCHA – spam countermeasure, more information
  • Paypal Donations – Add donations with option to add users to groups based on payment
  • Welcome PM – send new users a customised welcome private message

Vote Now to be heard (until May 19)!

OSCON 2014 Recap

Posted by darcie in Events with the tags on August 9th, 2014

Last week phpBB again attended OSCON, the O’Reilly Open Source Convention, in Portland, Oregon. Yuriy, Derk, and I had a great time chatting with those attending the conference as well as those exhibiting. We were provided booth space by Bluehost as part of their ongoing commitment to support open source projects. We had a great spot right at the front of the hall.

2014-07-23 10.07.24_1 2014-07-22 12.35.47

We arrived and set up Sunday in preparation for the Expo Hall opening Monday. Monday evening, the Expo Hall hosted a one hour first look at all the booths for conference attendees. The hour went by quickly, but after parties and further networking opportunities closed out the day. The “Elements” themed party the first night had us flying high and ready to conquer the week!

2014-07-21 17.36.02 2014-07-21 17.35.03

Tuesday started damp, as we would expect for Portland. This was the first full day with the exhibitors, with that night being booth crawl night when the convention center brought in food and drinks. Bluehost had Tim O’Reilly come play a game of ping-pong with them!

2014-07-22 18.40.26 2014-07-22 18.40.04

All week, we explored the hall and networked with other groups and attendees. We found our name on the Google Summer of Code board and chatted with the representatives of the program. We talked with someone in Community Development at O’Reilly Media about partnering with them on some interesting opportunities. And we left our mark on the giant chalkboard in the convention center hallway.

2014-07-22 11.20.55 2014-07-22 17.40.37_1

Bertie helped give away lots of gummy bears. We talked with many people about 3.1 and improvements due in the next version. We had a great response to the concept of extensions and responsive layouts. We met many conference attendees that mentioned they got their start in coding by having a phpBB forum as a teenager, which was very rewarding!

2014-07-22 21.02.09

Additional highlights of the conference are available at the OSCON 2014 site.