Blog

February 2017 work summary

On: By: Mark

The business was slow during the first half of the month but then came pouring in with multiple requests all at once toward the end of the month, making it hard to keep up. It sure would be nice if requests came in in a more orderly fashion. Mostly I handle upgrades. Since phpBB 3.2 makes upgrading much easier I expect business to drop in general over time. We’ll see.

Anyhow, in February here’s a summary of my work for clients. As usual, all client information has been anonymized.

  • A client upgraded his forum from phpBB 3.0 to phpBB 3.2. Previously he had had my digests mod installed and wanted to keep its old functionality, but he was limited on what he could do in the Administration Control Panel. This is because upgrading does not removed dead module links from Administration Control Panel for phpBB 3.0 modifications. So I removed them manually for him. I had not released a Digests extension for phpBB 3.2 at the time I did the work so he had to wait on that. I installed the Pages and Board Announcements extensions. Some days later I created a website index page and dressed up its content to use the forum’s style. I made it HTML5 compliant too.
  • I assisted with troubleshooting HTTP 500 errors that occurred mostly with login attempts. The web server was listed as CGI/FastCGI instead of Apache, but it turned out to be really nginx masquerading as FastCGI. nginx was used by the host go gain more economy of scale. I tried changing some settings in the .htaccess file and changing PHP to version 5.6, but the same issues happened sporadically but frequently. Occasionally users could login. I suggested opening ticket with the web host (web.com), thinking it might be due to a timeout issue that cannot be changed by client. Client called web.com tech support, not their Level 1 support was useless. The suggested paid support. Paid support could not help him as the issue was due to the server configuration which they would not change. I recommended that the client move to a VPS solution but as he has a five year contract with his web host he opted not to do this and is using workarounds. The curious thing is that login generally failed when using the login link, but worked when the login form at the bottom of the index was used. This suggested that the problem was due to how nginx dealt with HTTP GET vs. HTTP POST requests.
  • Upgraded a forum to phpBB 3.2.0. I changed the style to Absolution and applied the existing logo to style. I installed the latest Tapatalk extension and the Board3 portal. I tweaked the Absolution style to make it look as similar as possible to what was used before. Ultimately though the Absolution style didn’t work out, so the client elected to use prosilver. I added a line to his .htaccess file to take users to the portal page by default. I changed his server settings to put https:// in the links and edited a line in his site’s .htaccess file to redirect forum traffic to use https.
  • I extended a client’s logical volume another 50GB, so it is now 50% full. I did additional research based on his email to see if I could fix his SMTP server. I declined the work as a bit outside my comfort range and suggested contracting with a Linux system administrator.
  • Problems with this client were somewhat similar to the second client. He was getting a “No input file specified” message when clicking on update tab when running the phpBB installer. It did not appear to be a phpBB issue as the message is not in phpBB’s language files. A web server of CGI/FastCGI was reported when I selected the PHP Information link. Some research suggested to me that he was really using nginx as the web server and a bad shared nginx configuration may be to blame. I turned on error logging and hope to see some clues when the log is available for download. Ultimately though the client ended up quite frustrated because his hosting (GoDaddy) seems to be unable to upgrade to phpBB 3.2 because the web server won’t integrate properly with it. So my help really did not solve his problem, which turned out to be outside the scope of what I can do, as I can’t fix GoDaddy’s hosting.
  • I upgraded forum from phpBB 3.0.10 to phpBB 3.2.0. I installed a proprietary Milk style for phpBB 3.2. I changed the color code of the style to orange to match the old style. I removed dead module links for an old Private Message spy mod that had been installed. When attaching images or files to a post or private message, after picking the file to attach the user did not get a dialog box asking for the attachment comment. This happened if certain attachment settings are set to zero (allow unlimited) in the Administration Control Panel. Changing a set of these values from 0 in ACP Attachment settings solved the issue. I created a phpBB bug on this issue.
  • I received a downpayment for an upgrade from phpBB 3.0.14 to 3.1.10 that is scheduled for March 6.
  • I converted a forum from phpBB 3.0.12 to phpBB 3.2.0. I picked one of the rotating images for the banner and tailored it to fit the space. I installed an unapproved Advanced BBCode extension. It seems to work properly with no issues. After moving files around installed phpBB Gallery, development version for 3.2 and it seems to be working as well with the exception of embedded images in posts. This can be fixed if Apache can be tuned to use modRewrite, but my attempts did not work. I could write a script to change the links in the posts’ text, but the client has not opted for this solution at this time. I ordered a security certificate from the web host so he can support https traffic.
  • A client had moved over his PunBB forum to phpBB as was having various issues. I tightened up the spambot countermeasures for the forum by installing the Stop Forum Spam extension. He encountered a predictable module access error trying to login to the Administration Control Panel. I copied over my user_permissions column for the administrator from my reference installation to the admin’s in the database and ACP login was possible. Later I added a forum link for his book and attached a forum image. I provided advice on resetting passwords, setting up moderation and handling notifications. I answered various questions and assisted in creating various moderator groups. Some username_clean values were not in lowercase, which meant these users could not be found in the ACP. This is likely a problem with PunBB conversion program. Using SQL I lowercased these values and solved that problem. The three new moderator groups were missing forum permissions, resulting in moderation requests when moderators posted in forums. I gave these moderators full access to all the forums to solve that problem.
  • Installed a spambot extension for a client’s WikiMedia wiki as it was attracting spam. Waiting on his web host to upgrade PHP so I can upgrade his forum.
  • I upgraded a forum from phpBB 3.0.11 to phpBB 3.2.0. I installed NavBar search extension for 3.2 to enable the logo to center. Installed Stop Forum Spam extension and enabled the Q&A spambot countermeasure.
  • I provided some advice to a client on upgrading his forum. It was having severe performance issues running on PHP 5.4. I was able to provide advice that allowed the upgrade to succeed.

Update on dealing with forum spam

On: By: Mark

Some time back I wrote about how to deal with spam forum registrations and spam posts. Since I wrote these posts, spammers have changed tactics and phpBB has a number of new solutions to help address these issues. So a brief update:

  • With the release of phpBB 3.2 Rhea, the phpBB group has integrated Google’s new reCAPTCHA. The old one had been thoroughly hacked. You may have seen this one already on other websites. It asks if you are a human and gives you a checkbox to click on. This is generally all you have to do to “solve” the CAPTCHA. So if you are running phpBB 3.2 you may want to use this Spambot countermeasure as it is simpler than the Question & Answer countermeasure, previously the best solution if it was done right. Since the old reCAPTCHA was eventually defeated by spammers, I suspect this new version will have limited shelf life too, so if you use it keep an eye on it and if it starts failing use something else.
  • Extension developer RMcGirr83 has released a Stop Forum Spam extension. It works on both phpBB 3.1 and 3.2. It works by querying the stopforumspam.com database. This should catch the vast majority of spammers, but it may let a few slip through. If you allow guest posting, it can also be configured to check guest posts.

The Cleantalk service remains an option. It costs $8/year for a website and requires the installation of an extension or modification (depending on your version of phpBB) as well as getting a key from the website to enable it. I have had one client with an issue with it falsely identifying a user as a spammer. I worked with them to address it. Otherwise, my clients have noted no issues and recommend it highly.

 

January 2017 work summary

On: By: Mark

With the release of phpBB 3.2 (Rhea) I got a number of upgrade requests this month. Some were premature. I do expect that upgrade requests will fall off, given that 3.2 makes updating much easier once you are on the 3.2 platform. Fortunately I also generate some income from teaching so that will keep me occupied when phpBB work does not.

Anyhow in January:

  • Moved a forum to new host and domain. Nine million rows in logs table made downloading full database backup impossible. I had to truncate the table to make a complete export. First moved the phpBB 3.0.8 forum as is, and then updated to 3.1.10. I installed the American English language pack. I changed the domain name in ACP.
  • A user’s update from phpBB 3.1 to 3.2.0 failed. Not sure why. The database update seemed to have succeeded. I uploaded reference files from 3.2.0 and cleared the cache and it came back up.
  • Siteground moved client to a different server, so the nameservers changed. Went into his domain registrar and pointed to the correct name servers.
  • A forum stopped working. I installed phpMyAdmin and discovered all the tables were emptied. Database needed to be recovered if possible. Looked in cPanel but could not find a backup. Unfortunately, he’s out of luck.
  • Updated forum from phpbB 3.1.4 to 3.1.10. Customer was not ready to move to 3.2 quite yet.
  • Updated forum from phpBB 3.1.8 to 3.2.0. I had to add a line to .htaccess file to say to use PHP 5.4 to run the database update.
  • Normally I keep my client information anonymous, but this client was kind enough to leave a comment praising my work. Here’s the moved forum. I moved forum off Aabaco web hosting running phpBB 3.1.10 and onto a new domain and a better quality host. Client had moved files and just needed the database moved. Some images were missing in the files and images folder, but client was able to get them off of old host. Aabaco Small Business is the worst host on the Internet IMHO.
  • Siteground reported alleged malware on a site with a forum. I went into the web host to investigate. The messages were not specific. I think it was triggered due to old phpBB files in the web root that pointed to nonexistent programs inside nonexistent folders. The real forum is in phpBB3 directory. I moved these files to a junk folder and took away public access. In case there were infected forum files, I deleted source code for the phpBB3 directory and uploaded from a reference. There were some files in there that belonged to earlier versions of phpBB that are no longer in the archive. Working with Siteground client was able to fix remaining issues.
  • I updated prosilver forum from phpBB 3.0.12 to 3.2.0. User had some ad serving script in header and footer which I replicated, after making it HTML 5 compliant. I hid the logo placement in the blue bar and changed the site name text there. I installed and enabled the Cleantalk extension, enabled the Q&A spambot countermeasure, and requested he get an account on cleantalk.org and enable Cleantalk by putting in the key in the ACP.
  • I updated a forum from phpBB 3.1.9 to 3.2.0. I replicated the picture of the day and header on the new version of prosilver. I also updated four extensions, but ShareOn is not yet compatible with 3.2 so interface does not work. Cleantalk, Board Announcements and Lightbox worked fine. I changed PHP to 7.0.2. Some months back I had written some custom code for the client so users could report and see events of interest. To support PHP 7, I had to modify the two programs I wrote to remove mysqli calls and use the PDO interface instead for queries and inserts into MySQL.
  • I updated a forum from phpBB 3.1.9 to 3.1.10. User wanted to upgrade to phpBB 3.2 but dozens of extensions were installed. Some are not updateable at present.
  • I updated a forum from phpBB 3.1.5 to 3.2.0 on small, vanilla forum.
  • Ordering of forums on the index page was garbled on a phpBB 3.1.9 forum running prosilver_se. Ran fixid.php which I found on phpbb.com to solve that problem. Then I updated the forum to 3.2.0. However, prosilver_se style didn’t look right, so I removed it and defaulted to prosilver.
  • I removed three ads from overall_header.html for a client and changed the URL linked to one of the images.
  • Continuing work for a client in December. For now the work is WordPress related, as client wanted to move content from Joomla into WordPress. I was able to resume and complete a successful import of Joomla content into WordPress. Client is working on updating the WordPress theme. When complete I will upgrade the forum.

Moving your bulletin board to https

On: By: Mark

Updated October 13, 2019 to add that cookie settings should be made secure and to use 443 for the server port.

Should your bulletin board transmit and receive data securely? Most boards don’t contain sensitive information, so you would think the answer would normally be “no”. A secure board encrypts all communications between server and client. This would be done by changing the URL of your board to use https (Secure HTTP) instead of http (insecure).

Once considered a nice-to-have feature, technology companies are nudging us content providers to use https. Google is primarily responsible for upping the ante. Back in 2014, Google announced that sites that send data securely would be ranked higher than those that did not, all things being equal. This is a pretty good incentive for site owners to respond, particularly if you are concerned about your site ranking. However, in 2014 moving to https was still a pain so lots of site owners decided to dodge the issue.

As with most things, going to https can be complicated and potentially expensive and/or time consuming. Fortunately, it’s less complicated than it was, and can even be free.

SSL vs. TLS encryption

To make https work, a digital certificate must be installed on your web server. Keys in the certificate are used to encrypt communications, by the server with a private key which is decrypted by the receiver with a public key provided when the connection is established. SSL (secure socket layer) or TLS (transport layer security) protocols are used to facilitate secure communications over HTTP. TLS is the newer technology and SSL is now seen less frequently because it is easier to hack. Whether using SSL or TLS though, it’s behind the scenes stuff. The user just sees https in the URL and assumes data going to and from your board will be transmitted securely.

Shared certificates

Hosts often provide a shared certificate you can use. As the name implies, the certificate is shared with others, generally all domains on the same server as the one that you are on. While this works, it is ugly. First, hosts will issue “self signed” certificates. Browsers will not trust self signed certificates and will ask users if they want to trust the certificate. You generally pick an “advanced” link in the browser and give your browser permission to trust the certificate. This obviously will not inspire confidence in users coming to your site. New users may simply opt out of coming to your board altogether, feeling it is untrustworthy.

Paid certificates

Web hosts will usually offer to sell you a certificate, generally for around $75/year. This is a convenient way to go if cost is not a concern. Some hosts will handle the logistics of integrating the certificate for you. Also, these certificates will be trusted by the browser, as they will come from a certificate authority the browser will recognize as trusted.

As you might expect there are various levels of certificates based on the level of trust you are willing to pay for. Higher class certificates require site owners to submit credentials to prove they own their domains and they are who they say they are. This is especially important in electronic commerce. Hence Amazon’s certificates will cost a lot more than any certificate you are likely to get. If you are doing electronic commerce on your site you might want to pay for a higher level certificate, which will require you providing credentials to the certificate authority. In most cases though boards simply need a low class certificate, enough so that the certificate is trusted by the browser by default.

Let’s Encrypt certificates

The hassle and cost of securing web traffic has become recognized as a general issue, leading to a project to make trusted certificates available for free. The Let’s Encrypt site will issue certificates for free that are recognized by all the major browsers. However, the certificates are only good for three months. Moreover, depending on your host, installing and renewing certificates can be a considerable hassle. For example, I use MediaTemple‘s Grid Service to host this site. It supports Let’s Encrypt, but it’s quite a pain to install and renew certificates. Other sites, like SiteGround, make it automatic. All things being equal, you might prefer a host that makes installing and renewing Let’s Encrypt certificates easy, especially if this is important to your site.

Configuring phpBB to use HTTPS

By default, phpBB assumes you will be using HTTP, not HTTPS. Once your certificate is installed and tested, it’s easy to change phpBB in the Administration Control Panel: ACP > General > Server configuration > Server settings. Then change server protocol from http:// to https:// and the server port from 80 to 443. What this does is change the links across the site.

Also, change your cookie settings to use a secure cookie: ACP  > General > Server configuration > Cookie settings.

Do you have a httpsdocs or ssl folder? You may want to move your web content into it.

It you normally place your web content into a httpdocs folder, check to see if there is also a httpsdocs folder. This is commonly set up for you if you use Plesk as a web host control panel. Content in the httpsdocs folder is served securely.

In some configurations, there is a public_html folder for web content and also a ssl folder for secure content. In this case you could move the content of the public_html folder into the ssl folder.

This is a one-time action. If you have lots of files, it may take a while to move all the content. If you have a file manager, this makes it easier, but be careful to get the paths just right! You might want to backup your site before attempting this.

Redirecting HTTP traffic to HTTPS

Even with a certificate installed it’s possible that you will get requests for board traffic using HTTP. You may want to make all HTTP traffic use HTTPS traffic instead. You can see what type of web server you are using the Administration Control Panel: ACP > General > Quick access > PHP Information. Scan for “Server API”.

These instructions will work if your web server is Apache. Edit your .htaccess file in your board (or to make it across the whole site, edit or create a .htaccess file in your web root) as follows. Place this code at or near the top of the file, changing mysite.com to your domain name:

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.mysite.com/$1 [R,L]

If you use nginx, use these instructions. If you use Microsoft’s IIS, use these.

Smartfeed 3.0.6 archive had unnecessary files in root folder

On: By: Mark

When I created the archive of Smartfeed 3.0.6, apparently some files that exist in folders were copied into the root folder. It didn’t hurt anything but it’s incorrect. I have republished the archive on this site. You might want to delete these files and reinstall it in /ext/phpbbservices/smartfeed.

Aside from this error there were no code changes.

It was always correct if you downloaded it from the GitHub Smartfeed page.

Removing and preventing spam posts

On: By: Mark

Note: updated January 23, 2023

Note: my spam remover extension is now an approved extension. You may have to pay a fee to Akismet to use it. It can be used to find old spam in your board and remove it. 

Note: this post was updated on February 10, 2019 to bring it up to date.

Note: this post was edited on February 3, 2018 to keep it up to date, due to its popularity.

Note: This post was edited on July 22, 2018 to discuss tools for removing spam posts.

Back in 2015 I promised a subsequent post on removing spam posts from phpBB forums. Before talking about how likely spam posts can be removed let’s first talk about how to prevent them in the first place.

Preventing spam posts

You may want to adopt one or more of these strategies:

  • In 2018, the phpBB group approved the release of the Akismet anti-spam extension. This service uses the popular Akismet service, which is essentially a huge database of IPs and domains that have been reported to have sent out spam. Akismet is primarily used for comments on WordPress blogs, but was tailored by the extension developer to also work with phpBB. While the Akismet service can be free to use, it is not necessarily free. It is free for personal sites and blogs. If your forum is on your personal, noncommercial website, then presumably you can use it for free, although you are encouraged to donate anyhow. The extension though is free to install and use, as is true of all phpBB extensions. When properly enabled, the service will check new registrations and posts and will disallow them if they meet the spam threshold. Note that as of this writing it has no tool to go through existing registrations and posts to find and remove spam.
  • Similar to Akismet is the Cleantalk service. It’s arguably more affordable than Akismet, at least if you don’t qualify for Akismet’s free tier. You pay $8USD a year to subscribe to the service. You will have to download the Cleantalk extension for phpBB. (At this time an extension for 3.1 and 3.2 is available. However I recommend getting the latest version from GitHub, as it has features that may not appear on phpbb.com for months.) Install it, then configure it to check all posts for spam before allowing the post to be posted. As a bonus, it can check for spam in the contact form if that is enabled. There is no CAPTCHA built into the contact form. This is probably the most effective solution currently available. Note: the newer versions of this plugin also have a neat feature called Spam Firewall that can be enabled. It basically keep spambots from hitting your forum in the first place, saving you bandwidth and server resources.
  • Do not allow guests to post. Fortunately, phpBB comes configured this way by default. If you actually want guests to post:
    1. ACP > Users and groups > Group forum permissions
    2. Select the forums that you want guests to post in and submit the forum.
    3. Select the role for guests for each forum. Probably you want Limited access but may prefer to be more expansive with guests and give Standard access. Then click Apply all permissions.
  • Use the phpBB stop forum spam extension. This will check the IP of the poster against a popular known spammer’s database, but only this one list. It’s not foolproof, but it’s probably a 95% solution. Note that this extension works only for guest posts, so a registered user’s IP won’t be checked to see if their post contains spam. One advantage over Akismet and Cleantalk is it never costs any money to use this database. However, the process of checking the database can be slow.
  • Use moderators. Find active and trusted users to help moderate your forums. You can make them global moderators or give them permissions to moderate specific forums only. Moderators also need to learn phpBB’s moderation procedures. In most cases it takes a human to truly identify a spam post.
  • Encourage users to report spam posts. You might want to create an announcement to draw people’s attention to this feature of phpBB. It’s easy not to see it. For every post in the top right corner of the post there is a small button with an exclamation point (!) on it. The user can identify the reason for reporting the post, which can be it is spam. This will flag it for moderators or the administrator to review.
  • By default newly registered users to have their first three posts go through the moderation process before they can post. If you do not have moderators set up, then you as the administrator will have to review and approve these posts. Follow phpBB’s moderation procedures.

Use better registration procedures

If your board is clean of spam, upping your spambot countermeasures can help ensure that no spambots register. A spambot that succeeds in registering can create spam posts.

  • With the release of phpBB 3.2, phpBB can be integrated with the second generation version of reCaptcha. With phpBB 3.3, reCaptcha V3 is supported and should be used instead of reCaptcha V2 if possible. You need to go to the reCaptcha site, select the version of reCaptcha you want with the checkbox Captcha and generate a set of private and public keys for your domain (if you don’t have them already). Then configure the plugin: ACP > General > Board configuration > Spambot countermeasures. Look under Available plugins for reCaptcha and press Configure. Once the keys are entered you have to enable the plugin, which is done on the same page.
  • If you are using phpBB 3.1, the best out-of-box solution is to use the Q&A countermeasure. Make sure the question is not easily retrieved with an “I feel lucky” Google search.

Removing spam posts

The latest version of the Cleantalk extension has tools that can help identify and remove spam users by checking the IP they use with their database. If it matches, you have the option to remove their accounts and with it all their posts. It is possible but unlikely that it will give some false positives, in which case using this approach may delete a lot of legitimate posts. It requires subscribing to their service, which costs $8/year as this is written. For more information, see this blog post. There are some caveats:

  • If you have lots of users, it is likely you will get a timeout. 
  • The IP address database of spammers changes over time. So if you are trying to remove old spam accounts, it may miss them because the IP will no longer be in their database.

Consequently, my spam remover extension is a better option as it uses Akismet’s database, which appears to be a somewhat better database because spam is judged on factors other than the poster’s IP address.

Here are some other much more laborious means of identifying and removing spam posts:

  • An administrator or a forum moderator can manually remove any post he or she judges to be spam. Click on the little X icon in the top right corner of the post. If there is not much spam on your forum, this is generally the quickest approach.
  • If you allow guest to posts, a list of forums, topics and posts that have guest posts is useful. Administrators or moderators could then review these posts and delete them as needed. If you have phpMyAdmin, you can use it to run the following SQL to identify guest posts. (Select the forum’s database and then select the SQL tab.) Make sure you change phpbb_ as the table prefix if your config.php shows you have a different table prefix. The post text may look a little weird, as it is typically stored as HTML (phpBB 3.2) or in BBCode (previous versions), but it can be read.
SELECT f.forum_name, t.topic_title, p.post_subject, p.post_text
 FROM phpbb_forums f, phpbb_topics t, phpbb_posts p, phpbb_users u
 WHERE t.topic_id = p.topic_id and f.forum_id = t.forum_id AND p.poster_id = u.user_id and user_id = 1
 ORDER BY left_id ASC, t.topic_id DESC, post_id ASC
  • If older guest posts were valid but you notice a rash of spam guest posts after a certain time, you can see a list of posts on or after this time. In this example, January 1, 2016 is used.
SELECT f.forum_name, t.topic_title, p.post_subject, p.post_text
 FROM phpbb_forums f, phpbb_topics t, phpbb_posts p, phpbb_users u
 WHERE t.topic_id = p.topic_id and f.forum_id = t.forum_id AND p.poster_id = u.user_id and user_id = 1 AND p.post_time >= unix_timestamp('2016-01-01 00:00:00')
 ORDER BY left_id ASC, t.topic_id DESC, post_id ASC

The query will identify the forum, topic, post subject and post’s text. This query is ordered to present these posts in a way that is ordered the same way it usually is on the forum.

  • phpMyAdmin, which is generally available in your web host control panel, has an export capability. You could, for example, export this list as a comma separated values (CSV) value, import it into a spreadsheet like Excel and pass it out in a more human readable format to moderators for review. They will have to find these posts and delete them manually in phpBB.

Do not delete these using SQL, as you will mess up the topic post counts and possibly the number of topics in a forum count. Manually delete them on the view topic screen instead.

phpBB 3.2 Rhea, third look

On: By: Mark

(Read part 1 and part 2 if you haven’t.)

Updating from 3.0 or 3.1

One thing that is unclear about phpBB 3.2 is how to update to it. The phpBB group itself may be contributing to the confusion. On the launch page they say:

With our brand new installer updating will be easier than ever in phpBB 3.2! Upload a single folder to your board and all your files will automatically be replaced.

This implies that it’s already there. But if you are upgrading from 3.1 no interface exists. Rather, you follow procedures similar to updating from 3.0 to 3.1, found here. The easier way of updating will apply to subsequent releases of phpBB 3.2. There is no 3.2.1 released yet, so you can use the new improved updater yet.

In addition, you used to run /install/database_update.php to update the database. Now you run /install/app.php/update instead and select Update database only. You can also run /install and select the update tab and do it that way.

Other things to note:

  • Quotes are improved. To quote someone you generally click the “Reply with quote” button on the post you want to quote. Doing this creates an enhanced BBCode quote tag with additional attributes that include the post_id, the post time and the user_id. When you submit your post, the quote now indicates the this information in the quote and via an up arrow link can take you to the referencing post.
  • The notifications system has been rewritten to be faster. Since notifications are created when posts are made, you should notice much less delay time between submitting the post and the topic refreshing.

Smartfeed 3.0.6 released

On: By: Mark

The extension has been submitted for phpBB extension team review. You can download it here.

Of note:

  • All corrections required by the extensions review team have been addressed. All code was reviewed in PhpStorm to fix problematic issues and remove unneeded variables.
  • Supports phpBB 3.1.9 through 3.2 (Rhea)
  • Fixed bug that did not provide the encryption key (e parameter) with the embedded IP in the Smartfeed URL if Require IP Authentication is turned on in the ACP, leading to an erroneous error message if the URL for the feed is used.
  • Ability to use the ACP interface now requires the acl_a_extensions permission instead of acl_a_board permission
  • Copyrights changed to 2017
  • Containers are used to fetch global variables
  • jQuery UI library added to support enhanced dialog boxes
  • Where appropriate Javascript events now written in jQuery
  • CDATA removed from templates, as they are not needed in HTML5
  • Javascript without template variables moved into .js files
  • Host URL updated to use www prefix
  • Some previously allowed tags in Safe HTML were removed as they are deprecated

phpBB 3.2 Rhea, second look

On: By: Mark

With phpBB 3.2.0 Rhea now officially released, I have some additional observations about this minor release of phpBB beyond my last post.

  • All libraries needed are part of the archive, so there is no reason to run Composer before installing. This is good and makes life easier but there are more files to upload and the archive is getting fatter: 7.5MB zipped, 33MB unzipped.
  • The installer’s progress bar is slow to give feedback, leading perhaps to the impression that it has stalled. Wait and your patience will be rewarded.
  • Upon successful installation there are two options/extensions enabled. The first allows you to send your statistics to phpbb.com to improve the product. This was there previously but now it’s a simple checkbox and it can be enabled or disabled later. It has its own item in the Administration Control Panel: ACP > General > Server Configuration > Help support phpBB. More unusual is a new phpBB Group developed extension that integrates with VigLink. If you enable this extension, it adds URL tracking information when you or a forum user shares a URL. It allows the phpBB Group to generate some small revenue when people click on these links and then click on a targeted ad. You can uncheck this but it is enabled by default. It too has an item in the ACP: ACP > General > Board configuration > VigLink settings.
  • When installing a new board, you get a default category, forum and post, but no search index is populated with the post. Instead, you are reminded to create a search index. This allows you to create a different search index type if you want, but it’s an extra and new step to the installation process.
  • If you edit a post, the edit window is smaller, in that it shows fewer lines. You can drag the window to make it bigger but some people will find this change a bit irritating.

I had done a smoke test with my Smartfeed and Digests extensions. I posted about Smartfeed here, and Digests here. Look for new releases of both in the coming weeks and months that will support phpBB 3.2.

With the release the phpBB Group has published a features page with the major new features.

I’ll post more observations as I use it more.