phpBB is continuing its process of opening up the development process. After an internal trial phase we have now opened up the Junior Developer Team to regular members of our community. An increasing amount of people involved in phpBB development should both speed up the development and improve quality.
Blog
Posts Tagged ‘phpBB’
phpBB 3.0.6 plans
Here we are. phpBB 3.0.5 got released and work on phpBB 3.0.6 began. Previously, we concentrated on fixing bugs and only introduced tiny new features. This time, phpBB 3.0.6 will be a “feature” release, packed with numerous new, cool, stunning, breath-taking… err, just new features.
We will now tell you which new features are planned for 3.0.6 and what style authors and modders need to take care of.
Talkin bout Area51
No! I’m not talking about military bases or U.S. conspiracy theories, but rather phpBB’s very own Area51 – http://area51.phpbb.com
Area51 is phpBB’s official testing ground, and as stated on the site it is the home of “bleeding edge developmental code”. The site was established in 2001 – the brainchild of psoTFX, the former leader of the development team, in order to have a local installation of phpBB that they could test in a real life situation. With the main phpBB.com forum obviously out of the question, Area51.phpbb.com can be used so that the developers can see how the latest code is holding up with many concurrent users online, without fear of users becoming annoyed if certain features aren’t working (which I will touch on in a minute).
Area51 boasts the unique feat of hardly changing at all and always changing at the same time.
Tutorial: Injection Vulnerability Prevention
Notice
Some websites have claimed this article discloses an “injection vulnerability” in phpBB. It does not. What this post actually does is provide an overview of vulnerabilities commonly introduced by third-party modifications to phpBB and discusses what the authors of said modifications need to do to protect their code against attack.
Despite being among the easiest of vulnerabilities to understand, injection vulnerabilities are also among the most common. For most users, they will simply manifest themselves as an error when select characters are used, but a sufficiently adept user may be able to take that error and exploit it to their advantage.
To prevent this from happening, one needs to properly sanitize all user definable variables. Unfortunately, the way one properly sanitizes a variable depends on where it’s being used. In this post, we’ll discuss how to sanitize variables for use in SQL queries and in HTML, in general and in phpBB3, and we’ll discuss what can happen if proper sanitization isn’t used.
The four basics of PHP
If you want to make a MOD and you just don’t know where to start, I think the best thing to do is to look at existing MODs to see how other MOD authors go about doing certain tasks. If looking at an existing .php file makes absolutely no sense, type a keyword of what you don’t understand into the search box on http://www.php.net – in many cases it will be a PHP function that will be well explained and documented.
For this blog post, I will address the four basics of PHP. Understanding these concepts will give you a kick start into the world of PHP and MODding.
The role of the administrator when opening a forum
The number one question most administrators ask is “how do I attract users to my website?”. Unfortunately, there is no magical answer which will apply to everyone, but there are things which you can do as an administrator to ensure visitors to your forum will stick around long enough to register.
Once you have chosen your niche and set up your forum, you have a blank canvas. As a site administrator you have two levels to work on:
- A technical level, and;
- A user level
On the technical level, you are the webmaster and the forum administrator.
