Register - Login
Views: 96262722
Main - Memberlist - Active users - Calendar - Wiki - IRC Chat - Online users
Ranks - Rules/FAQ - Stats - Latest Posts - Color Chart - Smilies
12-18-18 05:38:27 AM
0 users currently in Projects and Creations. | 2 guests

Jul - Projects and Creations - BoardC
  
Login Info: Username: Password:
Reply: Mood avatar list:

















 
Options: - -

Thread history
UserPost
Yushe
Posts: 10/18
Creating categories through admin-editforums.php doesn't work anymore.
Kak
Posts: 1581/1818
oopsies

1.0a should fix it (as well as a related issue caused by using a different regex check when editing an username and an unrelated broken query in online.php)
Kazinsal
Posts: 542/625
Really neat. Fiddling around with a quick 1.0 install. Found a bug though. The regex on line 130 of register.php has an unescaped forward slash, causing registrations to fail with "Your username contains invalid characters." even on valid usernames.
9:57 PM - Kazinsal: uh
9:57 PM - Kazinsal: the heck did you punch in
9:57 PM - Thexare: Thexare

If I had any motivation to try to run a community again I'd consider using BoardC. Modern board software really isn't my thing.
Kak
Posts: 1580/1818
It's a file that provides extra security and handles some extra features.

and no, it's not the one from Blargboard
phase
Posts: 4/4
Originally posted by Kak
there is also a thing about not giving the firewall in the github version


What did the Firewall do? Was it for blocking banned IPs?

Edit: Blargboard's doesn't contain anything interesting.
Kak
Posts: 1579/1818
Actually, I've been thinking to either remove or not update the repository for a while. I choose to remove it since it bugged me to leave it outdated.

I thought about this since I've realized some people were using an insanely buggy version despite warnings that it's a prerelease (and then others there complained about the bugs / incompleteness). For the longest time (read: slightly more than month), when a certain user said "using this software", I took that as "installed it on a test location" - when I realized it wasn't the case it hit motivation quite a bit for several reasons.

Maybe the github repository will come back in the future, maybe not (I'm still updating the local git in case it comes back). For now, a "solid" 1.0 release is (hopefully) coming soon, and bug reports (for now) go in this thread.

(there is also a thing about not giving the firewall in the github version - which broke several queries and required a bunch of messy checks. I'd have a "distributable" version without any of that mess, along with the removal of some other silly stuff that doesn't make sense to include in a non-internal version (hi $hacks['force-modern-web-design'];). I mean, I could have done a separate branch, but heh.
Xkeeper
Posts: 21857/24728
Worst case just do something ridiculous like a release branch with a single file added (that remains the only difference) and if the file is missing the software complains that it's a development version and you're on your own.

github is good
phase
Posts: 3/4
Originally posted by StapleButter
noobs don't read. don't forget.

If they start complaining their development build isn't production ready, give them a link to Webster's Dictionary (or a software equivalent).

I would still like to help with development, and I think GitHub is nice because I can make PRs whenever I want to.
StapleButter
Posts: 364/509
noobs don't read. don't forget.
phase
Posts: 2/4
Originally posted by Kak
EDIT: I have removed the repository of BoardC from Github. I prefer to give distributable versions in the thread (so that people won't try to use prerelease versions that are buggy).


I don't think that's a valid reason to remove it. Putting a disclaimer in the README would be fine. Redirect people to the releases page on GitHub.
Kak
Posts: 1573/1818
I finally got to release v0.30. That certainly took a while

Featuring:

- A lot of bugfixes
- A new installer
- RPG System lifted directly from AB 1.92 (which was a pretty painful experience due to code differences)
- Things that look more like what you'd see here.
- XSS Protection that isn't an absolute joke
- more misc stuff

If it weren't for the lack of certain details, I'd have considered this v1.0. It's getting closer though.
skyu
Posts: 29/90
a few other bugs I've come across;

-if you use The (Ban) Button™, it deletes all that user's posts, but the thread listing is still there and I haven't found a way to get rid of it, since if you click on it the page simply says it doesn't exist.

more bugs involving that function; it does delete the posts out of existence, but page numbers don't automatically update; meaning the last page may not contain any posts. it's fixable, but annoying.
StapleButter
Posts: 301/509
generating the token once per page load only (or storing it with user data, provided it can be regenerated) is enough, unless you want it to be specific to each action link
Kak
Posts: 1562/1818
Well, yeah that would also be a way to get around the 72 character limit from password_hash in blowfish.

Coming from someone who has 100 posts/page, using a slow algorithm probably wouldn't be a great idea.
StapleButter
Posts: 300/509
I just SHA256-hash a bunch of data that contains secrets and user-specific parts, and use it as a token.

Using password_hash can work too, but doesn't that take a 'long' time to generate hashes, by design?
Kak
Posts: 1561/1818
The first one was already fixed by moving around the post actions.

As for the second part... oh dear, I have forgotted about that.
In any case I'm experimenting with a token system using password_hash (currently only used when logging out for testing).
StapleButter
Posts: 297/509
An idea to prevent the "refreshing does action again" is to redirect to a non-action URL after the action is done.

Also, if you're going to have GET-triggered actions, look into protecting them from CSRF.
Kak
Posts: 1559/1818
The first bug is caused by me putting the thread ID instead of the post ID in the delete link, as actions are only applied on the posts shown in the page (the correct page is determined by the post id, while the thread ID puts you at page 1). I should probably change the way post actions are applied anyway as "fun" stuff happens if you refresh the page (ie: if you can undelete posts it will do so).

The second one is due to a query I had problems with in the index page. I tried to avoid subqueries and it seems it didn't work. Oh well.

EDIT: And there's a third bug about replying to PMs not working properly. It mistakenly took the user id as pm id so it wouldn't always quote.

Anyway, both those three bugs have been fixed in my local copy.
skyu
Posts: 13/90
oh yeah, there's a bug where you apparently can't delete a post if it's not on the first page.

as well as the most recect PM never changes from the first user who PMed you.
Kak
Posts: 1557/1818
"Finishing" the code for the RPG is pretty much one of the last things, along with GDImage stuff.

The reason: I'm keeping for last everything that requires me to directly copy/paste between codebases.

Now that I've finished the school exams, what I'm doing is fixing some bugs and replacing the unread post system with one that wastes less space in the db.
This is a long thread. Click here to view it.
Jul - Projects and Creations - BoardC



Rusted Logic

Acmlmboard - commit 6fc366a [2018-12-11]
©2000-2018 Acmlm, Xkeeper, Inuyasha, et al.

20 database queries.
Query execution time: 0.165695 seconds
Script execution time: 0.006806 seconds
Total render time: 0.172501 seconds