Blog

phpBB 3.2 Rhea, first look

On: By: Mark

I’ve been waiting for the dust to settle to study phpBB 3.2 (Rhea). It is scheduled for release on January 7, 2017. So I finally installed a prerelease version with presumably almost all the bugs fixed. Here’s my first look:

New features

There’s not much new or sexy about phpBB 3.2 compared with phpBB 3.1, but it depends on what you are looking for. New features include:

  • Support for emoji in posts. You can cut and paste or simply type your own emoji shortcuts into posts and the emoji will render. You can find a comprehensive list of emoji shortcuts here. For example, in a post you can enter :grinning: and a scalable grinning emoji should be rendered.
  • Supports PHP 7.1. PHP 7 is a quantum leap in speed for the PHP script processor. Most sites can expect a 100% improvement in how quickly PHP will parse and render code written in PHP.
  • Global announcements are no longer an administrator only privilege.
  • FontAwesome support. FontAwesome allows scalable vector fonts and icons, controlled by cascading stylesheets. For example, if you have a FontAwesome icon of an airplane, the icon will scale to size as you increase magnification on the page without losing detail. In addition, FontAwesome allows the size, color and shadow of the font to be changed on the fly using CSS … no jQuery magic required anymore.
  • New installer. This is backend stuff. Installing phpBB looks a bit different, and looks spiffier. Before I could it install, however, I first had to run PHP from the command line to kick off a run of PHP’s composer software. Composer is used to fetch the third party libraries that phpBB uses, presumably to get a current version of these libraries. Previously they were bundled into the phpBB archive you downloaded. It’s unclear to me if this is something you will have to do when phpBB 3.2 is released before it is installed. If so it will prove an obstacle to many casual forum administrators, since they may not be familiar with working from a command prompt and it may not be an option on shared hosting. The installer’s command line interface has also been reworked. I have not yet investigated what’s new here.

Other changes of note

  • The default prosilver style looks a little bit darker, and the icons have been reworked and look a bit different, and are seamlessly scalable because they will use FontAwesome.
  • No subsilver2 support. Someone developed a subsilver2 style for phpBB 3.1 but it was not responsive (scalable for mobile devices). With 3.2 only responsive styles are supported. subsilver2 uses HTML tables to layout content, which is not responsive, hence it is not supported.
  • The reCAPTCHA spambot countermeasure has been updated to use Google’s latest (presumably the checkbox where you assert you are a human). The old one had been hacked, so this is encouraging. Perhaps it will be useful as a spambot countermeasure again.
  • New events. This is only of interest to extension authors. They have more places in the code and in templates to hook in additional functionality.
  • BBCode overhaul. TextFormatter has been integrated into phpBB to render BBCode, making a lot of longstanding BBCode related bugs go away.

Some cautions

  • You should first upgrade phpBB from 3.1 to 3.2 before you change your web host control panel to use PHP 7. (Note: if you have other PHP applications installed, make sure they can handle PHP 7!)
  • You must run at least PHP 5.4 if you want to run phpBB 3.2, so this may require a web host control panel change. Make this change before upgrading phpBB.
  • While most 3.1 extensions will probably work fine in the 3.2 architecture, some will require changes if only to assert that they will work under 3.2. I have not tested my Digests and Smartfeed extensions with 3.2 yet, but I expect no issues. I will have to issue new versions since ext.php will have to allow phpBB 3.2 to be used.

phpBB 3.1 end of life support

  • The support forums on phpbb.com will provide support for phpBB 3.1 through the end of 2017.
  • New releases of phpBB 3.1 are expected as needed through July 2017. A phpBB 3.1.11 release is in the works.

Should you upgrade now?

In general it’s a bit dangerous to be first out of the gate when phpbb.com releases a new minor version of phpBB. Unless there is a compelling reason otherwise, I’d wait a few months before upgrading to 3.2 but if you use the prosilver style with no extensions it might be worth installing when available. Check your styles and extensions and make sure each supports 3.2 before upgrading, or be prepared to use a standard style and have incompatible extensions disabled.

If you would like me to upgrade you to 3.2 contact me. Most upgrades cost $30USD.

December 2016 work summary

On: By: Mark

December was a fairly slow month for incoming work. Likely the holidays had something to do with it. All client information has been anonymized. Among the work I did in December were these jobs:

  • I upgraded forum from phpBB 3.1.9 to 3.1.10. I also updated the forum’s English, Danish and German language packs. There were no phpBB 3.1.10 language pack updates for Swedish or Norwegian, which were also available as language options.
  • My digests mod (version 2.2.26) installed on a phpBB 3.0.14 forum, but digests did not appear to be going out. To troubleshoot, I sent output from the cron to my email address and it reported that digests were going out. Digest logging was turned off so there was no evidence that digests were going out. I turned on logging. I then upgraded digests to version 2.2.27. The client chose not to upgrade to 3.1 because the Boardwatch mod had not been converted to an extension.
  • I upgraded forum from phpBB 3.0.12 to 3.1.10. The default prosilver style was used. However, there were issues during upgrade. I had to add database columns to various profile tables and give some columns a default value so the database_update.php program could complete. I manually removed a number of dead module links, some via the database. I reapplied the logo. Then there were issues with too many redirects. Changing the redirect in cPanel to point to index.php worked and was acceptable to the client. Cleantalk extension installed and enabled.
  • No users were able to login to a forum. My investigation found that the forum had malware on it, and all .php files were affected. There were PHP eval() statements at the top of all the .php files. I spent much time working with the web host simply to get FTP access. Then I overwrote files with a 3.0.8 reference to remove the malware. However, lots of language packs were installed that were still infected with malware. I deleted all of the language packs except for British English, changed the database so all users and the board used British English and I was then able to login, with some errors due to PHP 5.4 on host. I was then able to upgrade forum to 3.1.10. I installed the prosilver instead of the previously used subsilver2. I reapplied the logo. File backup archives were left in forum root folder.
  • Client wanted to upgrade their forum but could not because Joomla was being used to serve most of the site’s content. Client is using an old version of Joomla but wants to move it to WordPress because a Joomla upgrade was problematic and the current version of Joomla would not work if PHP was upgraded. The existing phpBB forum is version 2.0.21 and the client wants to upgrade to the latest version: 3.1.10. Can’t upgrade to phpBB 3.1.10 as it requires PHP 5.3.3 or higher, so Joomla must move into WordPress first. I installed WordPress in a /wordpress directory. I found a plugin that will convert Joomla posts and images to Wordpress. I installed the WordPress Slovenian language pack. Client has friend that will take care of styling in WordPress. Tried various times to import the Joomla posts into WordPress with option to import media with duplicate names. It worked eventually with some back and forth with the WordPress plugin developer. This work is still ongoing.
  • I upgraded forum from phpBB 3.0.12 to 3.1.10 using the default prosilver style, no logo. I was careful not to delete some special images folders.
  • Finishing a project that went through a proof of concept phase in September. Work was to move the production forum to new host in the process moving from Windows hosting to Linux hosting. I moved folders for files, images, and store from phpBB 3.0 Windows production host, all other 3.1 files can from a test instance that was set up. I uploaded install folder to upgrade the database. I then ran database_update.php. However, there were issues. I had to add columns to two profile tables, create a login attempts table, and code around a migrator program so prune users would work successfully. I wasn’t able to login to new forum due to the proprietary CMS to check things out. Default prosilver style applied. The next day client redid the upgrade and it did not have the upgrade issues I had. Work seems to be done.
  • A client encountered a baffling white screen attempting to update forum to 3.1 on Windows hosting. Initial problem was I had to change database to use default prosilver style to make an error message go away. Then I discovered the cache folder was not writeable. Could not change file permissions in web host control panel. Error when trying to do so. The underlying problem is that Windows file permissions work differently than Unix file permissions, and the web host control panel would not allow them to be set the way phpBB requires them to be. I suggested moving to Linux hosting or I could file some support tickets. Likely an older version of PHP was being used on the Windows hosting, and that was causing the upgrade white screen since the older version does not support PHP namespaces, which would trigger an error during the upgrade. Client ordered Siteground hosting at my recommendation. I rehosted the forum, website and database once Siteground login issues were figured out. I then upgraded the forum from phpbb 3.0.12 to 3.1.10. I renamed index.php in web root folder so static page was served. Reapplied logo. Everything is predictable and faster and the client is glad to be off Windows hosting.

Malware issues with phpBB

On: By: Mark

As I do work for lots of different clients, I see patterns that others may not. Recently I’ve been seeing frequent malware issues on mostly older phpBB 3.0 forums. Since it’s malware, it’s often hard to know that you have malware. The malware may not be doing anything malicious to your web site, but it is trying to infect the computers of the users of your forum.

Do you have malware?

There is no way to really know if you have malware or not without comparing the version of phpBB you have installed with a reference version. If your forum seems to be operating normally, you will have no reason to check for malware. But if a forum that was recently running optimally now seems slower, particularly when loading pages, this might point to a malware problem. You or users accessing your forum might have antivirus tools installed that may detect malware.

Is phpBB software introducing your malware?

Almost certainly not. Rest assured that the phpBB Group spends considerable time and effort to check software it releases for security issues. In fact, it uses some of the best software available to find potential issues so they don’t occur. So it’s unclear to me how this malware is being introduced, but rest assured it’s not an issue with anything the phpBB group has done.

That said, the phpBB group has improved its security practices over time. One thing that has changed is it is judicious about using PHP eval() statements. They have not all been removed but where they are used they are marked as exceptions in the code. PHP eval() statements are dangerous because any code placed inside the parentheses is evaluated and executed. Since you don’t know what the code will be in advance, any use of eval() introduces a potential vulnerability to phpBB.

How is malware getting on a forum?

It’s hard to say definitively how this malware is getting introduced. Most likely it is being introduced by wrong permissions on phpBB folders and files. In phpBB only the files, images/avatars/upload and store folders should be publicly writable (0777 permissions). It’s critically important to make sure that your forum’s config.php file is not publicly writeable. You can use tools like your web host’s File Manager or an FTP program like Filezilla to check your folder and file permissions and correct as necessary.

Malware could also be introduced by sloppy server management by your web host.

Possible malware symptoms

If your forum comes to a halt rather unexpectedly, malware may be the cause. For example if you cannot login and you were previously able to login, this may be due to malware. What I often see are HTTP 500 (Application errors) reported. HTTP errors are usually written to a log. Sometimes you will find that your web server puts a file named error_log in your phpBB root folder, or in your web root folder. Examine the error log at the time the error occurred and see if there are any messages. In particular if there is an error message saying a PHP eval() statement failed, this may point to a malware issue.

How do I know if my forum’s files have malware?

As I mentioned, the only way to know for sure is to compare your forum’s files with a phpBB reference. I usually find malware at the top of certain or all .php files. You can use these procedures. This is obviously a lot of work. If you prefer, I can do this and fix most issues found for 1-2 hours of labor ($30 – $60). Contact me.

  1. Determine the version of phpBB you are using. If you can get into your Administration Control Panel, it will show the phpBB version on the main screen. If you can’t this SQL query using a tool like phpMyAdmin will tell you. You must be in the database containing your forum. If you are unsure what the name of the database is, you can see it in your config.php file. On the SQL tab execute paste the following SQL. (Change the table suffix if necessary to what you are using):
    select config_value from phpbb_config where config_name = ‘version’;
  2. Download a copy of the official version of phpBB that you have installed and expand the archive. All versions can be found here. For phpBB 3.0, you can also find it here.
  3. Install a tool that can compare files and directories. If you are using Windows, WinMerge is an obvious choice. For the Mac, if you know Unix there is the Unix diff command but it’s not easy to use. For Mac or Linux, I recommend kdiff3 which is also available for Windows and most Unix variants.
  4. Use FTP to download your phpBB forum files to your local computer. Keep it in its own directory. Note: this can be quite time consuming particularly if you allow users to upload files and images. You might want to skip downloading the files, images and cache folders.
  5. Compare your phpBB programs with the referenced version. If introduced, malware it is most likely in .php files, but could possible be in .html or .js files too. The tool will highlight files and folders with differences. Malware is most likely to be seen at the top of the file probably inside of a long PHP eval() statement. They should stick out like sore thumbs as the malware code will look odd and different. Note: some differences could be due to installing phpBB 3.0 modifications.  phpBB 3.0 modifications work by changing phpBB’s source files.
  6. Upload clean versions of uninfected files from your reference, Make sure you are replacing the old programs. Note: if there is malware in config.php remove it manually using the File Manager’s edit function. You want to preserve the lines that are critical to integration of the database.
  7. If most files are infected, you might want to replace all the files. If you do this:
    1. Backup your files and the database just in case.
    2. Do not replace the config.php file, but edit as in Step 6.
    3. If you see no malware in the style folder, don’t upload that as it’s unnecessary and you may overwrite changes made to your style for your logo, unique colors, etc. If you have to remove malware from a style folder, it’s best to do it carefully and edit out the malware on a file-by-file basis.
    4. Do not remove valid files such as uploaded images and documents in the files and images folders.
    5. If you are using phpBB 3.0 and have modifications installed, you will have to edit any files that the mod changes to regain the functionality of the mods. The install.xml file for the mod should detail all the file changes needed. You should also be able to see these changes using your file difference program.
  8. Run and test phpBB. Everything should behave normally.

Preventing malware

  1. Make sure your forum’s file and folder permissions are set correctly. See above.
  2. Upgrade or update your forum to the latest version of phpBB.
  3. Make a practice of updating your forum soon after new releases of phpBB are announced. Releases contain fixes for any security issues found.
  4. Many web hosts offer Apache ModSecurity that can be enabled in the web host control panel. Sometimes it is enabled by default. While enabling ModSecurity can prevent a lot of problems, my experience is that phpBB and ModSecurity don’t work well together. It may introduce its own HTTP 500 errors. You can try enabling it and see if it doesn’t cause issues. Disable it or add code to your forum’s .htaccess file to disable inside your forum if issues occur.

 

Setting up your forum, part four (picking, installing and enabling extensions)

On: By: Mark

(Read parts 1, 2 and 3.)

Once you have installed your phpBB forum, created the forums you need, installed and configured a style, and set up your user groups, generally the next thing to do is install any needed extensions.

What are extensions?

Extensions apply to phpBB 3.1 and higher. They are somewhat analogous to WordPress plugins and allow you to somewhat easily add additional functionality to phpBB beyond what comes “out of the box”. While not as numerous as the 44,000+ plugins available for WordPress, the number of extensions for phpBB grows regularly over time and should continue to do so. Note: phpBB 3.0 does not support extensions, but does support modifications.

Why are there so few extensions?

One reason there are fewer extensions for phpBB than there are plugins for WordPress is that extensions are a relatively new feature of phpBB. phpBB 3.1 was the first version to support extensions and it is about two years old. Another reason is that extensions are harder to write than WordPress plugins. I should know as I am the author of the Digests and Smartfeed extensions. As of this posting, only my Smartfeed extension has been approved. There is a lot to learn to write an extension and arguably it takes a senior PHP developer to write an extension, as it has a complex framework and a lot of onerous coding standards that must be adhered to. Only approved extensions are released in phpBB’s extension database. Just getting a review can take months, as I discovered.

Official extensions

Do you need to install extensions? If so, which ones? phpBB out of the box is quite feature rich. But there are common things that forum administrators want to do beyond what is available by default. Take for example some of the official phpBB extensions. These are so common that they are developed and maintained by the phpBB group. These include;

  • Pages – creates static pages that convey common information, such as a news page for your site
  • Board Rules – similar to pages, used to convey your policies for use of your forum
  • Auto groups – eases group management by setting up rules for putting people in and taking them out of groups
  • Board announcements – puts a “no way can you miss this” announcement at the top of every page viewed
  • Collapsible forum categories – allows users to collapse and minimise forum categories with a simple click, so they see only categories and forums that interest them
  • Google analytics – Provides a field for an administrator to enter their Google Analytics tracking code, so all web page usage is reported to Google Analytics. This way you can watch usage of your site, see popular pages and gain insight into how your forum is being used inside Google Analytics.

Finding extensions

phpBB’s extensions database contains a list of all approved extensions. Extensions are categorized and searchable but even so it can be hard to find an extension that meets your need. The extension you want may not exist. You can propose it and hope someone will take it up as a project. If someone does, don’t expect it to be something simple to do. At best it takes months to develop, test and get an extension approved.

Installing, updating and deleting extensions

Installing an extension is not as simple as installing a WordPress plugin, at least for phpBB 3.1. This is likely to be more intuitive in future releases of phpBB. Right now you must download the extension, unzip it then upload it to your forum’s ext directory. Here are the steps for installing, updating and removing extensions. An extension is actually a directory inside of another directory. The extensions architecture requires it be placed in a vendor directory. This allows one vendor to write multiple extensions but keep them separate. For example, for my two extensions, Digests is placed in ext/phpbbservices/digests and Smartfeed is placed in /ext/phpbbservices/smartfeed.

Recommended extensions

Let your requirements dictate which extensions you install. Don’t install extensions that you don’t plan to actively use.

Based on extensions I have installed for clients, these extensions tend to be particularly useful:

  • Google analytics (see above)
  • Pages (see above)
  • Share on – allows topics and posts to be easily shared on various popular social media platforms
  • PayPal Donation – allows you to ask for donations via PayPal
  • phpBB Gallery – allows users to have their own photo gallery inside of phpBB
  • Stop forum spam – checks the username, email address and IP of posters against blacklists, to reduce spam posts
  • AJAX shoutbox – Allows users to leave short tweet-like messages when they are on the forum, separate from phpBB’s forum and post system. Users on the forum at the same time can chat this way.
  • Copyright in footer – adds a copyright statement to the bottom of each page if you claim copyright on your forum’s content.
  • Board3 Portal – Provides a portal-like experience for phpBB, allowing sidebars for additional content to be seen on a portal page. With an additional change to your .htaccess file, you can redirect the forum to go to the portal page by default.
  • Sortables CAPTCHA – Provides a new spambot countermeasure where “correct” content must be dragged into an appropriate column. This can be used during registration to add greater assurance that a human is registering.
  • AdSense – Serves a horizontal Google Adsense ad immediately after the first post of a topic on a page. You have to get a Google Adsense account and set up the ads on that site first.
  • Recent topics – display topics with recent posts and replies on the index
  • Smartfeed – This is my extension. It makes your forum accessible to news readers. Since phpBB has an Atom feature built in for public forums, this extension is most useful if you want to support RSS feeds or for users that want to access protected forums securely using their newsreader using services like Feedly. This is done through creating an authentication key using the Smartfeed user interface.

New extensions are regularly added, so make sure to check the current extension database periodically. Many extensions are in development and when approved they will be added and widely used.

Extensions issues with upgrades to phpBB

When you move between one major version of phpBB and another (such as from 3.1 to 3.2) some of your extensions may not work. You can see the versions of phpBB that the extension supports in the Administration Control Panel: ACP > Customize > Extensions Management > Manage extensions. Click on the details link for the extension. If a given extension is critical to your forum, do not upgrade to a new major version until the extension is updated to work for the new major version.

November 2016 work summary

On: By: Mark

Here is some of the work I did for clients in November. I also released version 3.0.7 of my digests extension that involved a considerable amount of time and effort during November.

  • Some non-phpBB work. I worked on refining a WordPress widget to show a picture of current snow conditions for a client’s WordPress site. Since the client has a retinal device and found the picture uploaded a bit fuzzy, I found and installed a WordPress plugin that creates retinal images and intelligently serves them if it detects the device supports retinal images. I also edited the widget’s stylesheet to reduce the margins so it fits the sizing of other content. I also changed media library medium image setting to 332 pixels width to fit the image container optimally. I also provided instructions on how the client can do this himself in the future so images can be swapped in and out based on current conditions.
  • Digest troubleshooting. Digests stopped going out for a client that had version 3.0.6 of my digests extension installed. It appears this was due to incorrectly programming a system cron. After testing I used my “shared hosting” approach for doing a system cron which recognizes that on shared hosting where cron’s with multiple commands don’t work. This involved changing the cron to call curl instead and turning off the system cron capability inside phpBB. I filed a bug report on phpbb.com about what I think is insufficient explanation text for the system cron control in the ACP.
  • A client upgraded his forum to phpBB 3.1 but there were dead modules in the ACP. Installed us_en language pack to fix certain issues. I deleted bad module links for digests mod and the advanced block mod. I installed Digests 3.0.6 but had to manually change the database to get it to install on 3.1.10. I installed Cleantalk but waiting on activation key. I manually tested digests and it worked. Client chose to defer the cron installation until after rehosting. Days later I ended up redoing the work due to the client moving to a new host running Linux, not Windows. I upgraded forum from 3.0.12 to 3.1.10. I changed email settings to turn off SMTP since client is not on Windows anymore. To get the forum to come up I had to edit the config.php file and change the value of $dbms and $acm_type, which had namespace syntax in it that was triggering an error. I installed the American English language pack again. I installed the Cleantalk extension again. I installed and tested the digests extension. This took quite a bit of time because of known issues with the 3.1.10 migrator. I had to make a number of database changes manually. I then did a manual test of the mailer and it worked. I then created a cron job and verified that it sent digests. I found a peculiar quirk: clicking on the extensions tab generates a HTTP 500 error if debug is not turned on in the config.php file.
  • I programmed a scheduled cron for digests because users like to receive digests in hour requested. As with the other client, I ended up with a scheduled phpBB cron due to shared hosting issues not allowing multiple statement in a cron.
  • I replaced an ad at top of the page with one provided that had slightly different dimensions.
  • I moved a forum from ixwebhosting.com to siteground.com shared hosting. I upgraded the forum from 3.0.14 to 3.1.10. I installed Cleantalk. Later I patched a bug in 3.1.10 that didn’t allow custom profile fields or search engine settings to be changed.
  • I fixed a malware issue for a client. Most directories had a new .php file in it, consisting of six random letters, with an eval statement likely injecting malware. A routing error occurred when accessing the forum. I eventually figured out a bad .htaccess file was the reason the forum did not come up, so I copied in a standard .htaccess file. I then compared his software with 3.1.5 and saw the malware problem by comparing client’s files with a reference. I carefully removed all software files, uploaded a referenced version of these files and manually deleted malware files in some directories that should not be deleted. It solved the problem. I then upgraded the forum to 3.1.10.
  • Client attempted upgrade from 3.1.7-PL1 and it failed with a HTTP 500 error. I puzzled through it but eventually deleted all files but the files, images, store directories and config.php and uploaded 3.1.10. I then ran install/database_update.php and upgrade completed. I re-uploaded the backup I had of his black style and the forum came up. However, I couldn’t login with his old credentials. So I created my own account and gave myself founder permissions in the database. Client could not login either. I provided instructions to use the lost password link.
  • Client with my digest extension said it was sending out duplicate digests. I upgraded digests from 3.0.5 to 3.0.6 but that did not solve the problem. After some debugging I determined this was due to digest exception being thrown if there are no bookmarked topics. This stops remaining digests from going out for the hour and the hour will not mark as completed. I fixed this bug in version 3.0.7 and didn’t charge the client for my work.
  • Client was concerned that the public saw a “no forums” message. His new forum was created without using the copy permissions function. I added these permissions so public could see forums.
  • Issue with using advanced BBCode extension and creating and editing BBCodes so that tables, table rows and table columns could appear in a post. I fixed client’s BBCodes to substitute the correct HTML when creating tables, table rows, table columns and to properly align text.

Digests 3.0.7 (RC6) available for testing

On: By: Mark

You can get the archive of this new version on my digests page or download it from GitHub. Installation instructions are on the digests topic on phpbb.com.

It’s hard to describe the changes from 3.0.6-RC5 except there were many. In terms of new functionality, there is only one and somewhat obscure new feature. The ACP General setting page includes a new control: Maximum hours for mailer to process. It turns out that if things get fouled up so that the mailer stops that when it next runs the queue will be so large that the program will crash. Setting this control minimizes the likelihood of this happening on shared hosting.

There is one known bug in this release but it’s pretty obscure. It happens if you install the digests extension on phpBB 3.1.10 and the migrator finds in your database subscribers from an installation of the phpBB digests mod from phpBB 3.0. The migrator should handle this so you don’t lose any subscribers when you upgrade. The error does not occur if you use phpBB 3.1.9. For this reason this version of the extension supports phpBB 3.1.9 and higher. It’s likely that this problem is a result of changes to phpBB’s migrator introduced in phpBB 3.1.10. Hopefully when 3.1.11 is released this issue will go away.

I have gotten a lot of help with this release. VSE, an extension developer, substantially rewrote the migration programs so they would pass a review from the extensions review team.

In terms of backend stuff, some of the work includes moving most of the Javascript to use jQuery, which was quite a learning experience because the forms are very complex, particularly in Edit Subscribers. The digests cache area has been moved again. Files will appear in cache/phpbbservices/digests when you select this option with the manual mailer.

There has also been a lot of work to improve my coding techniques, principally to get away from use of global variables in the ACP and UCP modules and to use phpBB’s containers instead.

The one critical bug noted in this post has been fixed.

Overall, a lot of the code has been changed from the last version, but for the better. If you notice issues, post them to the digests topic on phpbb.com.

 

Digest extension bug that may cause duplicate digests

On: By: Mark

There is a bug in the digest extension’s mailer that could cause some subscribers to receive duplicate digests. It can happen if a user selects a digest containing bookmarked topics only, then removed all his bookmarked topics in phpBB. This triggers an exception. An appropriate error is written to the admin log to document this unusual behavior. However the exception is coded in such a way as to stop digests from processing. No subsequent hours are processed.

Since the hour is not marked as completed the next attempt to run the mailer will trigger the error again. Duplicates can occur if the user is not the first one scheduled to receive digests for that hour. So if this user is the 10th user to get a digest for that hour, users 1 through 9 will get duplicates.

In addition this bug will keep any subsequent hours from being processed, creating a queue.

There is a workaround. Assuming Digests 3.0.6 is installed (the bug exists in earlier versions) the bug can be fixed by editing /ext/phpbbservices/digests/cron/task/digests.php. Around line 1420 look for this line of code:

$this->digest_exception = true;

and simply comment it out:

 //$this->digest_exception = true;

This bug will be fixed in the next release.

Setting up your forum, part three (setting up groups)

On: By: Mark

(This post was updated September 21, 2019 to correct information on global moderators.)

After setting up a basic forum and installing a style and logo, the next thing to think about is what groups your forum needs. If your forum is designed to be open to everyone, this may not be much of a concern.

phpBB has an awesome group and permissions system. While it is awesomely powerful, it is also more than a bit obscure. In general permissions are oriented around groups. Permissions can also be oriented around individual users. It’s always better to use groups for managing all users, as it makes managing forums simpler in the long run.

Standard groups

phpBB comes with standard groups that meet the needs of many administrators. You can find these predefined groups in the Administration Control Panel. ACP > Users and groups > Manage groups. The standard groups include:

  • Administrators
  • Bots (i.e. robots, usually search engine agents)
  • Global Moderators
  • Guests
  • Newly registered users
  • Registered users
  • Registered COPPA users

There are permissions that can be fine-tuned for each of these groups, but the default permissions are a good place to start. In addition you can assign group forum permissions. For example, you could not show any forums to guests (the public) if you want your forum to be “members only”.

Administrators

You would think that individuals in the administrators group can do anything, but that’s not true. Only founders have complete control of the board, which means people you trust with the founder role have to be explicitly given this status. ACP > Users and groups > Manage users. Select the user and look for an option to make the user a founder.

There’s another quirk about administrators: they don’t necessarily have forum permissions. This can happen if later you set up new forums without copying permissions from another forum. However, since they are administrators they usually have the ability to give themselves these forum permissions, but the procedures for doing so are a bit obscure.

Bots

phpBB is configured to recognize 57 common robots and crawlers used by search engines to index content in your forums. You can use the bots group to selectively turn off and on which forums bots can see and index. However, there are many more bots out there than these 57. They can be added selectively if you want: ACP > System > General Tasks > Spiders/Robots. As a practical matter if you don’t want any of your forum content to be indexed, it’s much simpler to create a robots.txt file and place it in your forum’s root directory with deny all permissions. There is no guarantee that a bot will follow the policy in a robots.txt file, so the ultra paranoid administrator should set forum permissions for both the bots and guests group to see no more than the name of the forum: ACP > Users and groups > Group forum permissions.

Global moderators

Global moderators have full moderator permissions to moderate any forum you have given them access to. Starting out the administrator will usually moderate all posts. At some point as board traffic builds it becomes useful to delegate moderation to trusted users. You can add a global moderator using the members link on the Manage Groups page. ACP > Users and groups > Manage groups.

Forum-specific moderators

You can also create moderators whose privileges extend to moderating only specific forums. This is done by either creating a specific group or individually. Here you can give a moderator permissions to moderate a subset of your forums.

For a specific moderation group, the best-practices is to:

  1. Create the group and copy global moderator permissions. ACP > Users and groups > Manage groups. Next, place any members you want to be a forum-specific moderator into the group by clicking on the members link.

  2. Assign the new group to one or more forums. ACP > Permissions > Forum based permissions > Forum moderators. Select the forums wanted for these forum-specific moderators and press Submit. The under Add Groups select the group that you created and press Add Permissions. For the role, select the type of moderator role, such as Full Moderator and press Apply All Permissions. Note that you can assign different moderator roles for different forums for the same moderator. For example, the moderator can be a full moderator for one forum and a queue moderator for another forum.

Forum moderation can also be assigned individually. As a best practice it’s best to avoid assigning permissions outside of a group.

Guests

A guest is any human who has not yet registered with the forum. Consider carefully which forums you want guests to read and set permissions accordingly: ACP > Users and groups > Group forum permissions. If you turn off all forum permissions for guests, they will see a “This board has no forums” message, which is not correct. Rather, it has no publicly readable forums.

Guests can be given permission to post without registering. If you enable this it is recommended you use a strong CAPTCHA for use during posting. Otherwise you are likely to attract a lot of spam. Guests will create a posting username when they post to identify themselves. You should enable this for each forum you want guests to post in by setting the appropriate permission for the guests group. ACP > Users and groups > Group forum permissions.

Newly registered users

By default a newly registered user is on probation and their first three posts attempts will be placed into a moderation queue for approval. You can disable this by selecting ACP > General > Board configuration > User registration settings and then changing “New member post limit” to zero.

When a user registers they are automatically placed in the newly registered users group and, curiously, the registered users group. The default permissions for newly registered users are set so they trump other permissions for the user. When they meet the criteria for being a registered user (such as making three valid posts) they are removed from this group and their registered users group permissions are used.

Registered users

This group contains your standard members and should be everyone who is registered. Typically you don’t need to maintain this group as users are placed into it automatically.

Registered COPPA Users

This is a rarely used group that can be enabled if your forum is United States based and needs to allow minors to post. You must set up a process to get parental permission. You might want to set permissions for COPPA users to child-appropriate forums that are carefully moderated. You can enable COPPA as follows: ACP > General > Board configuration > User registration settings. Look for the block at the bottom of the page.

Roles

A fuller discussion of phpBB’s permission system is a topic for another post. But be aware that forum permissions can be assigned to groups or individual users. phpBB uses the notion of a role to assign common permissions to a group. Use of a role allows you to change the permissions of a role and to have it automatically trickle down to all groups using these roles. ACP > Permissions > Permission roles. Roles are also used for forum, administrator, user and moderator permissions.

Creating groups

In general see if you can use the built-in groups in phpBB for your needs. Create new groups only when needed. A reason to create a new group might be to allow access to a forum or category only to members of a group with a special purpose. For example, a forum for a school might have a “teachers” group that has permissions to see and post to forums for teachers only. Those not in the teachers group would not be allowed to read the forum. ACP > Users and groups > Manage groups.

Since groups have little meaning outside of forums, after creating a group you should assign forum permissions to the group. ACP > Users and groups > Group forum permissions.