Search found 5677 matches

by igorw
Sun Nov 11, 2012 9:08 am
Forum: phpBB Discussion
Topic: phpBB + OOP
Replies: 7
Views: 842

Re: phpBB + OOP

For 3.1 most of the new code is using proper classes, interfaces and unit tests. It also uses the Symfony2 DI container and injects dependencies instead of using globals. Most of the legacy code is still spaghetti-driven though.
by igorw
Tue Sep 25, 2012 12:58 pm
Forum: phpBB Discussion
Topic: phpBB vs. vBulletin
Replies: 100
Views: 67020

Re: phpBB vs. vBulletin

The intl extension (which most PHP distributions do not ship with by default) has a Normalizer class. With phpBB 3.1 it will use the native one when available. Anyways, this is way OT.
by igorw
Sat Mar 17, 2012 1:32 pm
Forum: [3.0.x] MOD Writers Discussion
Topic: phpBB Standalone Template Engine
Replies: 110
Views: 32341

Re: phpBB Standalone Template Engine

I don't see how that changes anything. When a security issue is found, we make a new release.

A library is not a magic black box. It's a tool. It's some code that we can use. We can treat it as if it were part of phpBB. At least that's the way that I use libraries.
by igorw
Sat Mar 17, 2012 12:03 pm
Forum: [3.0.x] MOD Writers Discussion
Topic: phpBB Standalone Template Engine
Replies: 110
Views: 32341

Re: phpBB Standalone Template Engine

I'm no friend of relying on (heavy) external frameworks - flexibility always comes with performance loss and once phpBB chooses that direction it will be difficult or impossible to tune it for phpBB 's needs. So monolithic mashed together architecture is a good thing and small decoupled libraries a...
by igorw
Fri Mar 16, 2012 5:06 pm
Forum: [3.0.x] MOD Writers Discussion
Topic: phpBB Standalone Template Engine
Replies: 110
Views: 32341

Re: phpBB Standalone Template Engine

You could also use twig. Just sayin. ;-)
by igorw
Mon Feb 06, 2012 11:04 pm
Forum: [3.0.x] Support Forum
Topic: APC Cache / PhpBB3
Replies: 14
Views: 3555

Re: APC Cache / PhpBB3

Well that's entirely unrelated to phpBB's caching. APC provides two things. A opcode cache and an in-memory key-value store. The opcode cache is the "PHP acceleration" mechanism that caches the opcodes of PHP files. This is nothing specific to phpBB. It will basically make any PHP file faster becaus...
by igorw
Mon Feb 06, 2012 5:44 pm
Forum: [3.0.x] Support Forum
Topic: APC Cache / PhpBB3
Replies: 14
Views: 3555

Re: APC Cache / PhpBB3

Which files are being re-generated in /cache? Can you paste a full list? The thing is: template compilation does not use the cache driver, so it will always compile to disk. You may simply be seeing the template compilation in the cache directory.
by igorw
Sun Jan 08, 2012 12:14 am
Forum: [3.0.x] MOD Writers Discussion
Topic: Web Application Firewall
Replies: 4
Views: 613

Re: Web Application Firewall

The enctype application/x-www-form-urlencoded is a standard POST form, multipart/form-data is only used for file uploads. And I agree with Donut that you'd rather fix this in the firewall than within your app. Maybe you can get rid of the too restrictive rule that is causing this problem. Because it...
by igorw
Wed Jan 04, 2012 11:17 pm
Forum: phpBB Discussion
Topic: What is [ cron.php ]? *Not a support '?'*
Replies: 6
Views: 1473

Re: What is [ cron.php ]? *Not a support '?'*

Dog Cow wrote:It could also be used for visitor tracking. Count how many people load the cron.php file.
It is not included on every page load, only when there is work to be done.
by igorw
Fri Dec 23, 2011 10:34 am
Forum: phpBB Discussion
Topic: phpBB Falling Behind?
Replies: 459
Views: 74444

Re: phpBB Falling Behind?

Lumpy Burgertushie wrote:if one knows what they are doing, then phpbb2 is very secure.
Dogs and things wrote:As far as I know there's hasn´t been a case of a hacked phpBB2.0.23 board and phpBB2.0.24 seems to be as secure as it should be.
This is simply not true. phpBB2 has insufficient CSRF protection in so many places.
by igorw
Wed Nov 23, 2011 10:48 am
Forum: phpBB Discussion
Topic: Save All My Posts
Replies: 12
Views: 1408

Re: Save All My Posts

If you know how to write a scraper, it should be relatively easy to implement. Let me describe how one would do it. Make a request to http://www.phpbb.com/community/search.php?st=0&sk=t&sd=d&sr=posts&author=igorw&ch=0 (substitute "igorw" for your username) Adjust the "start" parameter to loop throug...
by igorw
Sun Nov 20, 2011 9:27 pm
Forum: [3.0.x] Support Forum
Topic: problems with phpbb3
Replies: 2
Views: 258

Re: problems with phpbb3

Their support is obviously misunderstanding the error message. The 8MB isn't the full amount of memory that is being allocated. It's only the amount that was being allocated, when it exceeded the limit. Either way, 128 seems like a pretty huge amount of memory being used, and that is being written t...
by igorw
Fri Nov 18, 2011 10:30 pm
Forum: phpBB Discussion
Topic: How to use phpBB password hashing on a different website?
Replies: 2
Views: 603

Re: How to use phpBB password hashing on a different website

Hi there, phpBB 3.x uses phpass for hashing. However, we (unfortunately) use a custom hash identifier, which means that once you find the download link on that page (yeah, it's hard to find), you'll have to modify PasswordHash.php as follows: In the `gensalt_private` method, change this line: $outpu...
by igorw
Fri Nov 18, 2011 7:29 pm
Forum: phpBB Discussion
Topic: Porting PhPBB to node.js
Replies: 3
Views: 1667

Re: Porting PhPBB to node.js

Switching to a different programming language / environment will not automagically solve all problems. Just because node.js is "hip" does not mean that is is better suited for implementing a forum. I agree with some of your points, I disagree with your way of solving them.
by igorw
Fri Sep 02, 2011 11:39 am
Forum: [3.0.x] Support Forum
Topic: Secury risk: Allow php in templates?
Replies: 7
Views: 1126

Re: Secury risk: Allow php in templates?

Yes.

You need to use the <!-- INCLUDEPHP yourfile.php --> and <!-- PHP --> /* your code */ <!-- ENDPHP --> tags.

Go to advanced search