You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 Re: Feature requests » Supporting Microsoft SQL Server » 2008-10-29 13:32:51
- MrMister
I would assume that adding a MSSQL abstraction layer wouldn't be that dificult if you see how other people did them and then integrating that into FluxBB's abstraction layer.
You can see phpBB's way here: http://code.phpbb.com/repositories/brow … ncludes/db
#2 Re: General discussion » Google announces own webbrowser "Chrome" » 2008-09-06 19:05:23
- MrMister
With pictures 
http://backrub.c63.be/May1998/hardware.htm
#3 Re: FluxBB discussion » Leaving » 2008-08-24 20:47:09
- MrMister
The guy probably wanted to have a personal life and the way FluxBB took up his time that wasn't possible so he had to choose.
Good for him that he chose to have a life and we can only be grateful for the patience and dedication he had in the past.
As far as I'm concerned, I don't see what the drama is. FluxBB is on a feature-freeze state so no added features, only bug solving.
For me it's usable right now, the only stuff we _really_ need is the markup and lang files, anything else can be done with extensions.
As long as one of the devs listens when someone explains why they need a hook, we're golden.
#4 Re: General support (1.2) » Enable Jquery "MarkItUp!" plugin » 2008-08-18 22:30:21
- MrMister
I realise that the extension probably isn't that hard to do (says the guy who has a dozen easy extensions to finish 
) but since you say it's working, it would be nice if you could share it with everyone.
#5 Re: General support (1.2) » Import problems with users table in FluxBB » 2008-08-18 22:20:09
- MrMister
That message probably indicates that you are trying to do a SQL command with too few columns.
Check the number of values on the INSERT and the number of columns on the users table (use PHPMyadmin if it's easier for you).
#6 Re: General discussion » VPS » 2008-08-16 18:57:43
- MrMister
I would sugest taking a bit of time and reading some of the posts on http://www.webhostingtalk.com/ so that you don't end up falling on some of the common mistakes most people do.
Always remember, caveat emptor or buyer beware. My advice? Before buying a full year's solution try the company out for one month, that way the risk is much smaller if there are any issues.
I still repeat what I said
Know what you need first of all.
Do you have the knowledge to setup, maintain and secure the VPS? If not, this means more money for a managed VPS.
Are you familiar with Linux or do you only know Windows? If you need a Windows VPS, this means you have to pay the "Windows tax".
Are you going to run a small site with not much server load? If it needs more memory to run, it means more money.
Not trying to scare you but that's what I mean by knowing what you need first. After you know this, go to webhostingtalk and read a bit on the VPS offers and VPS hosting reviews.
#7 Re: Modifications (1.2) » Icons beside forums' titles and beside main site's titles for FluxBB » 2008-08-16 08:27:19
- MrMister
Is there a mod to add icons beside forum's titles (without using PhpBB 3, of course...)?
I mean in this way.
I'm not aware of one right one but there should be later on since it's something useful and easy to do.
I'm also asking if is there a mod like the one which allowed this (little icons in PunBB main menu).
You want the "Navigation Icons" extension by Reines: http://fluxbb.org/forums/topic/336/exte … by-reines/
#8 Re: General discussion » VPS » 2008-08-15 14:47:48
- MrMister
I would sugest taking a bit of time and reading some of the posts on http://www.webhostingtalk.com/ so that you don't end up falling on some of the common mistakes most people do.
Always remember, caveat emptor or buyer beware. My advice? Before buying a full year's solution try the company out for one month, that way the risk is much smaller if there are any issues.
FWIW, I have a VPS with smokyhosts for over 7 months and they solved the 2 issues I had with them quickly. No relation to them, just a happy customer so far.
#9 Re: Feature requests » Links in New window/tab » 2008-08-15 14:39:36
- MrMister
i had a punbb mod that gave users a option to allow links not connected to the base_url to be opend in a new window. i could remake that as a flux extension.
Funny enough, I'm finishing a extension using part if your code . All I need to do is add a option on the administration and user profile to disable it.
#10 Re: General discussion » Consider the environment » 2008-08-10 21:11:47
- MrMister
MrMister wrote:Paul wrote:Excellent suggestion. Thats saved me two weeks work which allows me to turn off my PC thus saving electricity. Consider it done.
Oooh, goodie. Does that mean I can publish my language files and start doing styles?
Well if theres not going to be any CSS then you won't have to do any styles
No, if there's no CSS I can just make my own and not care if I'm following Paul's guidelines
#11 Re: General discussion » Consider the environment » 2008-08-10 20:37:43
- MrMister
MrMister, didn't you know that LCDs are somewhat from yesterday. Go and get you a new CRT, the real energy savers.
Herrrrr..... That was irony, right? Since I didn't see a smiley there I'm not sure.
Christian wrote:Oh, forgot to consider this. Maybe FluxBB should come without CSS at all.
Excellent suggestion. Thats saved me two weeks work which allows me to turn off my PC thus saving electricity. Consider it done.
Oooh, goodie. Does that mean I can publish my language files and start doing styles?
#12 Re: General discussion » Consider the environment » 2008-08-10 19:56:59
- MrMister
When FluxBB becomes as popular as google, the white background will in summary cost a lot of energy, so please change it to black.
This is a common mistake people make.
On a CRT monitor you spend more energy to show a white background but on a LCD monitor you spend more energy to display a black background.
#13 Re: FluxBB discussion » Reduce size of extension box » 2008-08-07 13:43:14
- MrMister
I'm sure I posted that the extensions pages hasn't been completed yet and I had simply done something temporary to make it functional.
Oh, sure, it wasn't a criticism, I didn't mean to imply that it was finished, that's why I opened the topic on discussion and not on core requests and said "Maybe Paul already has plans for this but.....".
I will most likely do the same whenever I see something I believe could be improved on but not sure if the devs will go along with it or not.
It's just a way of throwing the idea out there and see if there are any objections (there could be a conflict with future plans for the core and therefore not doable without an extension) or if the rest of the people and the devs agree it's the way to go.
I'm a very easy going guy, most people haven't seen a single post from me but I have if not THE most altered punbb based forum, at least one of the most altered ones since I had to merge the torrentbits source with punbb and get something usable
I haven't posted the code since it's a massive change and I didn't document the steps to do it.
I plan on doing it as an extension for fluxbb 1.3 though and will most likely release it then.
#14 FluxBB discussion » Reduce size of extension box » 2008-08-06 19:57:44
- MrMister
- Replies: 5
If you go to the extensions management page, you can see that the contents box for each extension take up a huge space, you can see at most 4 or 5 extensions if you are lucky.
Maybe Paul already has plans for this but IMO there's no need for such a huge box.
Why not remove the version line and add the version after the extension's name?
Before:
------------------------------------------------------------------------------------------------------------------------------
MySQL Fulltext Search
Created by FluxBB Development Team
Version v0.4
This extension replaces the default internal search engine with a fulltext based one.
Install extension
------------------------------------------------------------------------------------------------------------------------------
After:
------------------------------------------------------------------------------------------------------------------------------
MySQL Fulltext Search version 0.4
Created by FluxBB Development Team
This extension replaces the default internal search engine with a fulltext based one.
Install extension
------------------------------------------------------------------------------------------------------------------------------
You could even put the creator as a tooltip on the extension's name.
After:
------------------------------------------------------------------------------------------------------------------------------
MySQL Fulltext Search version 0.4 <- tooltip: Created by FluxBB Development Team
This extension replaces the default internal search engine with a fulltext based one.
Install extension
------------------------------------------------------------------------------------------------------------------------------
Not necessarily the best solution but this way you go from 7 lines to just 4.
EDIT:
I also like this one:
#15 Re: FluxBB discussion » Possible concern regarding avatars » 2008-08-03 21:45:39
- MrMister
Is it only avatars. What about styles that come with graphics. They get uploaded to the server too.
I would assume that whenever the admin adds something to a "closed solution" like fluxbb where you don't need anything else to make it work, the admin is the one responsible for it.
Styles use style.php to generate the style, if you dowload a new style what assurances do you have (if you don't open the .php of course) that newstyle.php isn't doing something nasty behind your back?
The issue here is that the admin can't manually check the avatar image before he uploads it to the server like he can with the style or any other file.
Anyway, I think we´re getting sidetracked here, I see that the devs are open to including a solution for this, be it in the core be it in an official extension. I say go with it and disable avatar upload if GD not enabled and do a admin alert with information on why it's disabled and how to enable it even if it's only a link to the wiki or a forum thread.
#16 Re: FluxBB discussion » Possible concern regarding avatars » 2008-08-03 21:25:04
- MrMister
The problem if we do it that way is that any setups without GD are still insecure.
True, but it wouldn't be a requirement but simply a recomendation with the reason why GD should be enabled clearly indicated.
If the only way to do it is via image manipulation, then we may have to add the GD library to the requirements.
To be honest I haven't seen that many web hosts since I've always administered either physical or virtual servers but the ones I've seen all had GD enabled.
Again, to me this is more a case of having the vulnerability covered in the core. If someone has issues because they didn't have GD, they only have themselves to blame if there is a recommendation on the docs that GD should be present to prevent "GIFAR" 0wnage.
I see no issues with the code, the added load is minimal (even on a forum with thousands of active users, how many avatars are going to be uploaded per day?), it degrades perfectly (don't have GD installed? not an issue, the code simply doesn't get executed and everything works like it does now) and can't be considered bloat since it _is_ a legitimate security issue.
I would compare this situation to running a server hooked up to the Internet where the OS maker recommends a firewall.
The OS will work perfectly without a firewall, but if your server suddenly turns into a bot, don't go crying to the OS maker.
It's physically possible, yes, but I don't think we want to do that in the core. When someone uploads an avatar, they want that image as their avatar, not a shrunken copy of it.
It's much better suited to an extension, where there could be some sort of manual resize/crop features for users to use.
This I agree with, why should the core be resizing the image when the user could do it?
Don't forget that you would have to take into account transparency, animation, etc... to do a perfect resize.
IMHO the best place for avatar resizing and avatar gallery and so on is an extension.
#17 Re: FluxBB discussion » Possible concern regarding avatars » 2008-08-03 15:51:41
- MrMister
I think you don't even need to copy the canvas.
This should also work.
if ($this->width > $this->max_width OR $this->height > $this->max_height) { $image_resized = imagecreatetruecolor($this->new_width, $this->new_height); imagecopyresampled($image_resized, $this->image, 0, 0, 0, 0, $this->new_width, $this->new_height, $this->width, $this->height); imagejpeg($image_resized,$this->path); } else { imagejpeg($this->image,$this->path); }
Could we check for the presence of GD and if present and enabled, use the code above?
That way it wouldn't be a requirement since the avatar upload would still work as it does now.
<?php
if (extension_loaded('gd') && function_exists('gd_info')) {
echo "It looks like GD is installed";
}
?>If it's necessary to confirm that a specific function is available, we can always query GD itself:
<?php
echo "<pre>"; var_dump(gd_info()); echo "</pre>";
?>I don't see the adition of this piece of code as bloating the core since it's a security mechanism that degrades with no issues, but if the devs think it shouldn't go on the core, we can always do an extension so it's not a big issue.
#18 FluxBB discussion » Possible concern regarding avatars » 2008-08-02 15:41:15
- MrMister
- Replies: 35
I just read this http://it.slashdot.org/it/08/08/01/184220.shtml and despite already knowing about the possibility of adding a gif or jpg to a zip or rar and letting Windows interpret the file based on the extension, never associated it with the possibility of automatic code execution.
I've tried it on the avatar upload and it accepts a file that is the result of a gif+zip as a valid gif.
Could this be a concern for fluxxbb (and any other app that allows uploads of graphics, of course) or should we just ignore it and let the web server and/or web client authors fix this?
#19 Re: Feature requests » HTTP Flood Protection » 2008-06-16 14:51:29
- MrMister
MrMister wrote:Actually, I'm doing something that might help in this regard.
I'm developing an extension that allows the admin to specify that if the load is too large, it blocks the request and sends a small apology page, this will avoid DB access and theoretically enable the server to recover after a while and start serving normally.
That might help for a very mild attack.
Oh, sure, this would be used for example where you have an annoying user that keeps refreshing a DB intensive page a couple times a second or when you have a momentary influx of users, not when you have a true DOS.
PS. Remember to make the apology page a html page to avoid the overhead of spawning a php process to handle it each time.
Yep, the page would be something very simple with no DB query's or complex code. Will probably even have the option to send back just a temporary redirect to someplace that can handle the load.
MrMister wrote:Another extension related to this that I'm developing is the ability to block a IP based on the number of connections per second.
The way it works is that I will have a counter with the number of connections made by a specific IP or user since a minute ago. If that number exceed a specific value I add the IP to the iptables firewall. Obviously this is useful only on a VPS or dedicated server, not on shared hosting where you can't add rules to the firewall.
Again, theoretically this should be able to keep the server alive and serving pages in case of a DOS attack since the only load will be on iptables rule matching. Haven't finished it yet, so no idea on the load when there are a few hundred or even thousand rules on the firewall....Blocking in iptables does work quite well for SYN floods, but I'm not sure that a script to detect and block ips should have anything to do with fluxbb. Also keep in mind you need sudo privileges to use iptables, which a lot of users won't have (plus apache obviously won't have either).
Correct, like I said this is useful only on a VPS or dedicated server, not on shared hosting where you can't add rules to the firewall. The privileges issue is easily worked around by using sudoers with a rule like "APACHE_USER ALL=NOPASSWD:/usr/sbin/iptables".
The point of the last extension is to make your life easier if you (like me) purchased a VPS just to run your forum. Also, since I have the 403 and 404 pages redirected to customized, I was thinking of using them to ban the IP when I have a vulnerabilities scan (you know the type, where they scan if you have certain versions of phpmyadmin and so on). If someone tries to access http://myforumaddress/phpMyAdmin-2.2.6 I know that he's trying to go someplace he shouldn't and therefore I can ban him with extreme prejudice
I understand that it will probably be used by very few people, maybe even only me.
#20 Re: Feature requests » HTTP Flood Protection » 2008-06-16 13:13:03
- MrMister
Actually, I'm doing something that might help in this regard.
I'm developing an extension that allows the admin to specify that if the load is too large, it blocks the request and sends a small apology page, this will avoid DB access and theoretically enable the server to recover after a while and start serving normally.
Another extension related to this that I'm developing is the ability to block a IP based on the number of connections per second.
The way it works is that I will have a counter with the number of connections made by a specific IP or user. If that number exceeds a specific value I add the IP to the iptables firewall. Obviously this is useful only on a VPS or dedicated server, not on shared hosting where you can't add rules to the firewall.
Again, theoretically this should be able to keep the server alive and serving pages in case of a DOS attack since the only load will be on iptables rule matching.
Haven't finished it yet, so no idea on the load when there are a few hundred or even thousand rules on the firewall. Could be that the load is so large that the server goes down because of the firewall
#21 Re: Feature requests » can we create a database which was not exist? » 2008-06-12 09:30:40
- MrMister
You can create a database if you connect to mySQL with a user that has permissions to create databases and do a sql query "create database DATABASE_NAME;"
For a bit more information see for example http://www.webdevelopersnotes.com/tutor … abase.php3 and http://www.php-mysql-tutorial.com/creat … th-php.php
#22 Re: FluxBB discussion » Languages » 2008-06-08 07:58:00
- MrMister
I'm already over half done with Iberian Portuguese.
Yes, I know that the files will change but nothing that a quick diff won't catch
#23 Re: General support (1.2) » Errors when sending the registration email » 2008-05-27 13:23:26
- MrMister
Unable to send e-mail. Please contact the forum administrator with the following error message reported by the SMTP server: "554 : Relay access denied ".
Since I don't know how much you know of SMTP and servers, I'll try to dumb it down a bit
Let us assume your SMTP server is responsible for the domain sourcedomain.com and that you want to send mail to the domain targetdomain.com.
Are you sure that you are using a address FROM someone@sourcedomain.com and TO someone@targetdomain.com?
The relay access denied is usually used when you try to send FROM a email address for which the SMTP server is NOT responsible.
You CAN'T send a email FROM someone@anotherdomain.com if the SMTP server is only responsible for sourcedomain.com.
Incidentally, I just discovered that I'm able to get Flux to send out the confirmation message if the user's email address is on the same server, but if the user is on a different domain, then I get the error.
Just read this. Yep, like I said above, if the server doesn't support "open relay" (HUGE mistake leaving it like that, a spammers dream) what you write is correct.
Pages: 1