A very common question about phpBB is how to display recents posts or topics on a separate page, such as a website homepage. It can be very handy to do this, as it allows visitors to your website a chance to quickly see recent activity.

This blog post details how displaying a list of recent posts and topics externally can be done. There are a couple of different formats that are covered:

• The latest topics (including only from specified forums)
• The first post of the latest topics (including from specified forums)
• The latest posts from specified topics
• The latest posts from the entire forum

Everything displayed is subject to the users forum read permissions.

Read the rest of this entry »

As the title already says, this blog post will describe how the MOD Team validates modifications and what happens to them before they come out at the other end of the queue.

Read the rest of this entry »

As previously stated every team will announce in what way it will be affected by the significant phpBB development changes. This post will explain the effects on the modifications team.

Versioning scheme

Since phpBB will be using a new versioning scheme we will adopt this scheme for all of our tools (AutoMOD, UMIL, etc).

MOD authors will be encouraged to use this new versioning system too. We will however be less strict in enforcing it. In fact, we will allow any versioning that is compatible with version_compare, so versions such as 1.0.0.0 will be allowed. We will still require it to be stable though.

Additionally we will release a new version of MODX to support this and adapt our tools where needed.

phpBB 3.0

Because phpBB 3.0 is not going to change we don’t have to adopt any changes. This will just continue as it has been so far.

phpBB 3.x

Depending on what changes will be made to the modding API we will assist MOD authors in using it and provide documentation. All in all, it will highly depend on how many changes will be made to phpBB itself. There are a lots of improvements we can think of, and we will try and get them implemented where possible.

We will allow submission of modifications for new phpBB branches once they are released. We will support the branches that are supported globally.

phpBB 4.0

The release of phpBB 4.0 is way too far ahead for us to be able to say anything at all about it. It is a fresh start and will possibly bring many new possibilities. We can be pretty sure that the new architecture will have an impact on modding that will change it fundamentally. We will wait and see. And work together with the development team.

The future

We have some great plans waiting for the MOD writing community. These include building more advanced infrastructure and tools, as well as making alterations to the MODX standard. We will work on making the workflows of modification engineering more efficient. More information will follow in due time.

— The Modifications Team

Note: This post is targeted at MOD authors and contains many technical details.

Introduction

Amongst the great security features that phpBB 3.0 provides is the function used for processing user input, request_var.  This function was designed to make it easy to securely retrieve user inputted data.  It is one of the most important security functions in a system that retrieves external data as it can (with caveats that will be elaborated upon) single-handedly stop XSS and SQL injection attacks dead in their tracks

The reason we have created this blog post is to give more information to modification developers on how to properly explain how this works and why you should use it.

Read the rest of this entry »

You probably have already heard about it: the next release will include a host of new features. This post will present one of them in detail, showing the idea and the impact on users, style and MOD authors.

Most admins are experiencing problems with spam, which is taking away lots of energy that would be better spent on the enjoyable parts of administrating a community. We tried our best in the arms race against spambot programmers, but have to admit failure with our previous approach. Since 3.0.x became as popular as it is, any default visual confirmation gets broken almost instantly. After long discussion in and outside the teams, we came to the conclusion that diversity is the answer: every board admin should be able to use a non-default anti-bot measure without it being a pain. Read the rest of this entry »

MOD requests are common with each version of phpBB. Every user wants something different to make their board unique. The problem, however, is that there are more users than MOD Authors. However, with an understanding of PHP and phpBB, you can create your own!

Read the rest of this entry »

Cross-Site-Request-Forgery, short CSRF, is a type of vulnerabilities that gets more and more attention. The concept can be translated as “tricking the browser into automatically performing some action using the user’s privileges”. Let’s see what phpBB does about it.

Read the rest of this entry »

This post no longer reflects the state of the art. See here .

CAPTCHAs – “Completely Automated Public Turing test to tell Computers and Humans Apart”s – are known as the foremost means to stop registrations by SPAM programs, so-called “Bots”. In phpBB, a visual confirmation CAPTCHA is used.

The key here is the “Completely Automated” part, meaning that the software – phpBB – creates the question and the correct answer without interaction by a user. This has the drawback that computers are usually able to find the answer as well, given time to adjust. This is an active field in research. In the end it is an arms race. A new CAPTCHA will usually buy a few months of peace, before the major Bot vendors adjust their products.

This article is about presenting some reasons behind our CAPTCHAs; it is not intended to be a case for or against CAPTCHAs in general or particular. It is not about other means to combat SPAM, but only about CAPTCHAs.

Read the rest of this entry »

The MOD team always gets a lot of questions, feedback and more from MOD authors. This is mostly after a persons MOD was denied for a certain reason, we change something, or just about one of the policies we have.

We get a lot of questions from them if we do anything with the feedback, or if we actually listen to it, I want to explain here how we handle this kind of feedback.

Read the rest of this entry »