Forums

Unfortunately no one can be told what FluxBB is - you have to see it for yourself.

You are not logged in.

#51 2010-07-30 17:27:05

adaur
Developer
From: France
Registered: 2010-01-07
Posts: 843
Website

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

Reines wrote:

Shouldn't it be using the new $db->create_table() stuff anyway?

Yes, it should be. I'm actually working on it, it's long wink.

How do you create an auto increment field, btw? Is this is correct?

$schema = array(
            'FIELDS'            => array(
                    'id'                => array(
                            'datatype'            => 'SERIAL',
                            'allow_null'        => false
                    ),

The install_mod will be correct for the next version, and the quick reply will be there tongue.

I think it will take 2/3 days.

mutsu wrote:

I'm like a french in japan who tried to make a complex discussion. It's not possible.

Impossible is not french, as Napoleon said ^^. And it's possible... you only have to speak english ;p.


FeatherBB - A simple and lightweight new generation forum system
Based on FluxBB, written in PHP, using Slim Framework for a proper OOP-MVC architecture.

Offline

#52 2010-07-30 17:49:56

mutsu
Member
Registered: 2010-07-30
Posts: 41

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

Yeah but not at the moment for me.


edit:

Thanks a lot Franz!

Last edited by mutsu (2010-07-30 19:38:54)

Offline

#53 2010-08-01 14:20:40

pelm
Member
From: Sweden
Registered: 2010-06-21
Posts: 67

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

Thanks for a very good improvement of the old PM-system! Is it possible to add encryption of message contents in the database as this? I don't want to see what users post to each other smile At least at my forum privacy is  important. Thank you again!


Sorry for my english, is from Sweden smile

Offline

#54 2010-08-01 15:58:13

adaur
Developer
From: France
Registered: 2010-01-07
Posts: 843
Website

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

Hi pelm

First, you're welcome wink.

Then, I don't think I'll add it (not by default anyway)... Many admins (not me =p) want to take a look to user's PM... I know some of them =/ and the Mime 64, as Koos said, is not strong at all. But maybe I'll create a new mod that will explain (if you want) how to modify your files to encrypt PMs, with this link.

---------------

Today, I released a new version (again tongue). What's new?

- A security issue similar at the old ones reported by Visman in pms_contacts
- The install_mod is now cleaner and ok with FluxBB 1.4
- The quickreply requested by daris is done!

Edit: not already reviewed =/

Last edited by adaur (2010-08-01 16:00:40)


FeatherBB - A simple and lightweight new generation forum system
Based on FluxBB, written in PHP, using Slim Framework for a proper OOP-MVC architecture.

Offline

#55 2010-08-01 16:03:11

Reines
Administrator
From: Scotland
Registered: 2008-05-11
Posts: 3,197
Website

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

Encryption is actually something I'm quite interested in for future - not just PMs but posts etc. too. The harder part is doing it in a way that is portable - since you cannot assume everyone will have the right PHP modules installed.

If you wanted it just for yourself, or as a mod (which would only work for people with mcrypt installed), look into using mcrypt.

Offline

#56 2010-08-01 16:09:05

Reines
Administrator
From: Scotland
Registered: 2008-05-11
Posts: 3,197
Website

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

Not too important, but in 1.2.2.3 you should clear the cache using:

    // Regenerate the config cache
    if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
        require PUN_ROOT.'include/cache.php';

    generate_config_cache();

Rather than manually deleting all cache files. Also you should clear the cache after uninstall, not just after install.

Offline

#57 2010-08-01 16:13:14

pelm
Member
From: Sweden
Registered: 2010-06-21
Posts: 67

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

adaur wrote:

Hi pelm

First, you're welcome wink.

smile Hi! Appreciate your work!

adaur wrote:

Then, I don't think I'll add it (not by default anyway)... Many admins (not me =p) want to take a look to user's PM... I know some of them =/ and the Mime 64, as Koos said, is not strong at all. But maybe I'll create a new mod that will explain (if you want) how to modify your files to encrypt PMs, with this link.

Yes, as you said, the Mime 64 is not strong but as Koos said when working with the database, one might 'happen' to see what the users writes and that is not what i want. smile This are hiding that from happen a bit but okey... it's not perfect smile
I would be very glad if you can explain a bit in a new mod what to do to modifying the files.

/pelm


Sorry for my english, is from Sweden smile

Offline

#58 2010-08-01 16:22:01

adaur
Developer
From: France
Registered: 2010-01-07
Posts: 843
Website

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

Reines wrote:

Not too important, but in 1.2.2.3 you should clear the cache using:

    // Regenerate the config cache
    if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
        require PUN_ROOT.'include/cache.php';

    generate_config_cache();

Rather than manually deleting all cache files. Also you should clear the cache after uninstall, not just after install.

Ok! It's done now.

Your release is not publicly visible until you take care of the following problems:

--------------------------------------------------------------------------------
NOTES:

There are errors. I will report shortly.

Quy
--------------------------------------------------------------------------------

I hope so, because as I said before, it fixes a security issue =/

@pelm : ok!

Last edited by adaur (2010-08-01 16:22:37)


FeatherBB - A simple and lightweight new generation forum system
Based on FluxBB, written in PHP, using Slim Framework for a proper OOP-MVC architecture.

Offline

#59 2010-08-02 00:00:01

bgiddins
Member
Registered: 2008-08-17
Posts: 54

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

adaur wrote:

Then, I don't think I'll add it (not by default anyway)... Many admins (not me =p) want to take a look to user's PM...

I think this is exactly why encryption of PMs should be enabled by default - users should have a reasonable expectation of privacy when using private messaging on a forum. Of course some simple PHP coding can decrypt and expose the messages, and they shouldn't be using a PM system to exchange information that must be secured, but the contents should at least be protected from casual snooping by a forum administrator.

I have a forum that deals in precious metals - the last thing my users want is a snoopy administrator poking around in their private dealings and transactions they're doing through the forum. I originally asked Koos on punres to provide encryption as I didn't even want to be accidentally exposed to the content of private messages which would be very easy when using phpmyadmin etc. Occasionally users ask for username changes etc, and this requires going into the PM table and executing SQL to update usernames - I don't want to see the contents of PMs when doing this sort of administration.

Offline

#60 2010-08-02 06:23:01

Smartys
Former Developer
Registered: 2008-04-27
Posts: 3,139
Website

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

I think this is exactly why encryption of PMs should be enabled by default - users should have a reasonable expectation of privacy when using private messaging on a forum.

And this is exactly why it shouldn't be the default. tongue
The goal is not to give users unreasonable expectations. base64 encoding content is not encryption by any stretch of the imagination: it also won't prevent administrators from reading the contents of their users messages if they want to. Short of private key cryptography where each users has a private/public key pair, there isn't a secure way for users to communicate.

See also: http://en.wikipedia.org/wiki/Security_theater

If an administrator chooses to enable such an option, that's their decision. I can see situations where an administrator might not want to accidentally see a user's private messages (ie: when editing the database directly). However, to say it should be enabled by default is silly: it makes the messages take up more room in the database and makes the modification more computationally intensive for little to no privacy gain.

Occasionally users ask for username changes etc, and this requires going into the PM table and executing SQL to update usernames - I don't want to see the contents of PMs when doing this sort of administration.

It shouldn't, at least theoretically: this should all be taken care of in profile.php when you change a user's name wink

Offline

#61 2010-08-02 17:31:49

adaur
Developer
From: France
Registered: 2010-01-07
Posts: 843
Website

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

Another PM System v1.2.2.3 is out!

Let's check what's new smile !

- Security issue fixed in pms_contacts.php
- install_mod.php cleaner and valid for FluxBB 1.4
- Quickreply added in pms_list.php
- Flood protection fixed
- Bug when deleting multiple messages fixed

Instructions to update : replace all your old pms_*.php files by the new ones.


Note: maybe you'll get an error with "hide_smilies" field. If yes, change the name of smilies' field by "hide_smilies".

If you're getting an error when you delete multiple messages (You do not have permission to access this page.), please let me know!

Last edited by adaur (2010-08-02 17:33:13)


FeatherBB - A simple and lightweight new generation forum system
Based on FluxBB, written in PHP, using Slim Framework for a proper OOP-MVC architecture.

Offline

#62 2010-08-02 18:35:27

pelm
Member
From: Sweden
Registered: 2010-06-21
Posts: 67

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

When trying to delete multiple messages as you said this message show: "You do not have permission to access this page."

/pelm


Sorry for my english, is from Sweden smile

Offline

#63 2010-08-02 18:50:12

adaur
Developer
From: France
Registered: 2010-01-07
Posts: 843
Website

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

pelm wrote:

When trying to delete multiple messages as you said this message show: "You do not have permission to access this page."

/pelm

This is so strange!

Quy had the same problem, not me. I'm using Wamp with PHP 5.3.0. What about you?

Anyway, the code who causes the issue doesn't look bad:

if (isset($_POST['delete_multiple_comply']))
        {
            
            $idlist = str_replace(',', '.', $_POST['messages']); // Replace , by . to check if the POST is good... or not =p
            
            if (is_numeric($idlist))
            {
                $db->query('DELETE FROM '.$db->prefix.'messages WHERE id IN ('.$_POST['messages'].') AND owner=\''.$pun_user['id'].'\'') or error('Unable to delete the messages', __FILE__, __LINE__, $db->error());
            
                switch ($db_type)
                {
                    case 'mysql':
                    case 'mysqli':
                        $db->query('OPTIMIZE TABLE '.$db->prefix.'messages') or error('Unable to optimize the database', __FILE__, __LINE__, $db->error());
                        break;
                
                    case 'pgsql':
                    case 'sqlite':
                        $db->query('VACUUM '.$db->prefix.'messages') or error('Unable to optimize the database', __FILE__, __LINE__, $db->error());
                        break;
                }
                
                redirect('pms_list.php?box='.$box, $lang_pms['Deleted redirect']);
            }
            else
            {
                message($lang_common['No permission']);
            }
            
        }

FeatherBB - A simple and lightweight new generation forum system
Based on FluxBB, written in PHP, using Slim Framework for a proper OOP-MVC architecture.

Offline

#64 2010-08-02 18:59:22

pelm
Member
From: Sweden
Registered: 2010-06-21
Posts: 67

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

LAMP with PHP 5.2.6. It's strange yes.


Sorry for my english, is from Sweden smile

Offline

#65 2010-08-02 19:16:22

pelm
Member
From: Sweden
Registered: 2010-06-21
Posts: 67

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

Deleting two messages work but not more than two at once.... tried with three and four smile I don't know smile


Sorry for my english, is from Sweden smile

Offline

#66 2010-08-02 19:19:15

adaur
Developer
From: France
Registered: 2010-01-07
Posts: 843
Website

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

OK!

I always tried with 2 messages, not 3.

Well, it stills strange. I'm going to search a fix ^^

Edit: I have found. Is_numeric allows only one dot (.). When there is 3 messages or more, there is more than one dot, so is_numeric returns false =/

Last edited by adaur (2010-08-02 19:28:29)


FeatherBB - A simple and lightweight new generation forum system
Based on FluxBB, written in PHP, using Slim Framework for a proper OOP-MVC architecture.

Offline

#67 2010-08-02 20:24:53

Reines
Administrator
From: Scotland
Registered: 2008-05-11
Posts: 3,197
Website

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

is_numeric is a rather weird way of checking it, you'd be better either imploding on , to form an array, then checking the same way as the other places, or using something like:

preg_match('%^[\d,]+$%', $_POST['message']))

Offline

#68 2010-08-03 10:30:49

adaur
Developer
From: France
Registered: 2010-01-07
Posts: 843
Website

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

You're right, preg_match is the best way to check the POST.

I'm searching a REGEX that works...


FeatherBB - A simple and lightweight new generation forum system
Based on FluxBB, written in PHP, using Slim Framework for a proper OOP-MVC architecture.

Offline

#69 2010-08-03 15:23:04

Smartys
Former Developer
Registered: 2008-04-27
Posts: 3,139
Website

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

"Some people, when confronted with a problem, think "I know, I'll use regular expressions." Now they have two problems."

http://www.codinghorror.com/blog/2008/0 … blems.html

What you want is an integer, followed by zero or more ",#". It's much easier and less computationally intensive to take the integers as an array, call array_map with intval as the callback, then implode: that way, your data is sanitized and in the right format.

Offline

#70 2010-08-03 17:18:14

adaur
Developer
From: France
Registered: 2010-01-07
Posts: 843
Website

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

This solution is the best, I know. But the problem is that the safe code is stored in an input... And this code has to be validated from this input. So we can't use array_map with intval, then implode... If you find an other solution, I would be glad to put it into the mod, but actually I don't see how to check this input =/


FeatherBB - A simple and lightweight new generation forum system
Based on FluxBB, written in PHP, using Slim Framework for a proper OOP-MVC architecture.

Offline

#71 2010-08-03 17:44:27

Reines
Administrator
From: Scotland
Registered: 2008-05-11
Posts: 3,197
Website

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

Why not? What's wrong with:

if (isset($_POST['delete_multiple_comply']))
{
    $idlist = explode(',', $_POST['messages']);
    $idlist = array_map('intval', $idlist);
    $idlist = implode(',', array_values($idlist));

    $db->query('DELETE FROM '.$db->prefix.'messages WHERE id IN ('.$idlist.') AND owner=\''.$pun_user['id'].'\'') or error('Unable to delete the messages', __FILE__, __LINE__, $db->error());

    switch ($db_type)
    {
        case 'mysql':
        case 'mysqli':
            $db->query('OPTIMIZE TABLE '.$db->prefix.'messages') or error('Unable to optimize the database', __FILE__, __LINE__, $db->error());
            break;

        case 'pgsql':
        case 'sqlite':
            $db->query('VACUUM '.$db->prefix.'messages') or error('Unable to optimize the database', __FILE__, __LINE__, $db->error());
            break;

    }

}

@Smartys: That is good advice in some situations, but just because regular expressions shouldn't be used for everything doesn't mean they shouldn't be used at all. They are, after all, designed for matching strings.

Offline

#72 2010-08-03 17:52:01

adaur
Developer
From: France
Registered: 2010-01-07
Posts: 843
Website

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

@Reines: it works yikes.

I didn't think this code could work... Because $_POST['messages']'s content is already "imploded"...

Thanks anyway!


FeatherBB - A simple and lightweight new generation forum system
Based on FluxBB, written in PHP, using Slim Framework for a proper OOP-MVC architecture.

Offline

#73 2010-08-03 23:46:29

Smartys
Former Developer
Registered: 2008-04-27
Posts: 3,139
Website

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

Reines: Exactly. That's what the post I linked to says. smile

Offline

#74 2010-08-08 19:33:00

pelm
Member
From: Sweden
Registered: 2010-06-21
Posts: 67

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

#adaur
Is it possible to have smileys as icons showing in messages? In my PM only the characters is showing up smile

/pelm

Last edited by pelm (2010-08-08 19:39:38)


Sorry for my english, is from Sweden smile

Offline

#75 2010-08-08 19:46:37

adaur
Developer
From: France
Registered: 2010-01-07
Posts: 843
Website

Re: [Mod] Another Private Messaging / Topic System - 3.0.8

pelm wrote:

#adaur
Is it possible to have smileys as icons showing in messages? In my PM only the characters is showing up smile

/pelm

Do you have the FluxToolbar installed?


FeatherBB - A simple and lightweight new generation forum system
Based on FluxBB, written in PHP, using Slim Framework for a proper OOP-MVC architecture.

Offline

Board footer

Powered by FluxBB