phpBB3: Open Source Forum Software Evolved

The 13th of December, 2007 marked the beginning of another chapter of the success story that is open source software, as phpBB version 3 was released. phpBB, an open source bulletin board system, was created by James Atkinson in 2000 as a forum solution for his wife. From its low-key beginnings, phpBB has gone from strength to strength, earning itself a reputation as one of the "killer apps" for the PHP scripting language.

The bulletin board concept dates back to the 1980s, when the earliest forms took shape as newsgroups and primitive dial-up message boards. With the introduction of the Web, bulletin boards, now commonly known as internet forums, have become incredibly user friendly and customisable, and have played a key role in the current social networking trend. It should therefore come as no surprise that on the Internet today there are many millions of active forums, a significant number of which are phpBB installations.

phpBB was first released in April 2002, and has enjoyed constant evolution by an active developer community. In May 2007, the first of eight release candidates was made available to the public. The release candidate stage was lengthy, but ensured that the official release, phpBB v3.0.0, was of a very high standard.

Changes Between phpBB2 and phpBB3

To many people, phpBB2 will be remembered for its revolutionary theme, subSilver, whose combination of simple and slick allowed for a very attractive default theme. Considering it’s now nearly five years old, the design of the subSilver theme still holds up pretty well.

phpBB3: Open Source Forum Software Evolved

Change is inevitable, though, and perhaps the most noticeable difference that a user sees when comparing a forum that uses phpBB2 to one that uses phpBB3 will be the front-end code used by the board — especially if you dive under the hood. While the colour schemes between the new proSilver theme and subSilver are quite similar, proSilver has quite noticeably distanced itself from a table-based layout. Many people will be pleased to know that the new style is CSS driven, and is XHTML 1.0 Strict compliant. Tables have only been used when appropriate, for instance, in the display of tabular data such as statistics and the member list.

phpBB3 (codenamed Olympus) also includes many features requested by the phpBB community. Features that were only available as modifications in phpBB2 are now available as standard functionality.

Some of the more popular additions include those relating to:

  • file attachments
  • user and moderator control panels
  • the ability to add unlimited layers of forums (subforums)

From an administrative perspective, the largest change comes in the permissions system. While the administration control panel has been completely revamped (it now uses a truly modular system), getting your head around the new permissions system is perhaps the most difficult part of upgrading. The new permission system allows for finer, more granular permission assignment, as well as many new permissions that administrators are able to assign. For easier management, permission roles are included, as is the ability to copy and transfer permissions from other forums. An in-depth overview of the new permissions system forms part of the phpBB documentation.

Notably absent from phpBB3 is an inbuilt modification (MOD) installer. However, as was the case with phpBB2, an official add-on will be published by the phpBB MOD Team for performing automatic MOD installations. Codenamed Blinky, the MOD installer is a modular addition to the administration control panel, which adds a new MODs tab to the administration navigation.

When installing a modification, the MOD installer will read and parse an XML file, storing information about the desired MOD to be installed. Various actions are performed on the basis of this XML file, such as adding, replacing, and removing code. This MOD installer is still under development, but the development team behind Blinky hopes to have something released soon.

The image below shows the details of the MOD installation, which only appear if enabled by the administrator, or if an error occurred.

phpBB3: Open Source Forum Software Evolved

Below, we see the flexibility in the MOD Manager. The code has three different methods to handle files, including FTP and the creation of a compressed archive.

phpBB3: Open Source Forum Software Evolved

Security

Security has always been phpBB’s number one priority. Many measures were taken during the development of phpBB3 to ensure that it was an extremely secure product from the outset. An external security audit was carried out by a team from http://www.sektioneins.de that included Stefan Esser, a PHP security expert and former PHP developer. The security audit revealed several issues with phpBB3 that were duly repaired, but it was a huge credit to the developers that no SQL injection or remote code injection vulnerabilities were found.

phpBB3 was completely rewritten, and strict new coding guidelines were put in place for the developers. In Esser’s own words, this "led to a better security architecture than phpBB2’s." phpBB3 handles all request parameters ($_POST, $_GET, etc.) through a single function, request_var, which sanitises the variable. In conjunction with a new database abstraction layer, including a new sql_build_array function that automatically handles the escaping of strings — something that used to be handled through basic str_replace calls — it’s now easy and secure to write database queries.

In phpBB2, a database query would have looked something like the following, with both the $email and $icq variables having been defined earlier from POST data:

$sql = "UPDATE " . USERS_TABLE . "         SET user_email = '" . str_replace("'", "''", $email) ."',         user_icq = '" . str_replace("'", "''", $icq) . "'        WHERE user_id = " . $userdata['user_id'];

Because of the new techniques employed in phpBB3, queries are much more structured. The new function, $db->sql_escape, replaces the older method of using str_replace to prepare strings:

$sql = 'UPDATE ' . USERS_TABLE . "        SET user_email = '" . $db->sql_escape($email) . "',        user_icq = '" . $db->sql_escape($icq) . "'        WHERE user_id = ' . $user->data['user_id'];

When there are a number of columns that need to be updated, the $db->sql_build_array function can be used. This function automatically escapes strings within the array. Larger queries may therefore look like this:

$sql_data = array('user_email' => request_var('email', ''),             'user_icq'   => request_var('icq', ''),         'user_yahoo' => request_var('yahoo', ''),         'user_msn'   => request_var('msn', ''),         );  

$sql = 'UPDATE ' . USERS_TABLE . '         SET ' . $db->sql_build_array('UPDATE', $sql_data) . '           WHERE user_id = ' . $user->data['user_id'];

The phpBB MOD Team shares the Development Team’s belief that security is paramount. As with phpBB2, the MOD Team plans on continuing to validate every MOD that’s submitted to the online database, ensuring that modifications adhere to the new coding guidelines as well as meeting security standards set by the team. After automated checks are made, MOD team members audit every submission line-by-line before testing the MOD to ensure that it functions correctly. The entire validation process takes time, but the result is that users have a quality assurance that’s unique to phpBB.com.

The Future: phpBB v3.2

The next major release of phpBB will be v3.2, codenamed "Ascraeus." The Development Team has set a total of six milestones for the development of v3.2, the first of which will consist of general changes to phpBB. Such changes will include dropping support for PHP 4.x and MySQL 3.x/4.0.x.

The BBCode parser will also be revamped. It will be separated entirely from the posting page, allowing BBCode to be used in any text area. A community-requested feature — the editing of existing BBCode functions — will also be implemented, essentially meaning that there will be no differentiation between the default BBCode functions and those added by the board administrator.

The second milestone focuses on the implementation of many exciting new features. The user session functions will be revisited, while the posting page and moderator control panel will be enhanced. phpBB will make use of Ajax where appropriate for the first time, although only in some situations. Additionally, the topic and forum listings will receive increased functionality, such as non-permanent or "soft" deleting of topics and some minor tweaks to the global announcement system.

Possibly the most anticipated new feature, however, will be the highly customizable events system, which will be a fantastic addition for both board administrators and phpBB MOD authors. In talking about the events system, Meik Sievertsen said, "The event system is a trigger-based system whereby admin-definable "actions" are fired upon specific conditions. Sample pre-defined triggers could be: "posting, replying, or registering". The condition applied to this trigger might be something like "having more than x posts" and the action might be "place this user into group Y"." As you can imagine, this functionality will automate many of the processes that are currently performed by board moderators and administrators.

Beyond v3.2, there will be phpBB v3.4. With the increased use of AJAX, an expanded events system, and additional database control for board administrators all on the cards, the future is looking very bright for phpBB.

Thanks to Meik Sievertsen ("Acyd Burn") and Josh Woody ("A_Jelly_Doughnut") for providing information about phpBB development, and the phpBB MOD installer, respectively.

Replay

Category: programming Time: 2008-01-23 Views: 1
Tags:

Related post

  • Any open source backup software with NDMP support? 2009-08-10

    Is there any open source backup software with NDMP support? I'm looking for open source software (or free software) for backing up a large NAS file server, which supports the NDMP protocol and uses the NDMP protocol for backup/restore. I was unable t

  • illegal to crawl open source forum and post the threads in my forum? 2010-02-19

    is it illegal to crawl open source forum and then post the threads i crawled in my own forum? if yes, what is not illegal to crawl? cause there are a lot of crawling tutorials and classes you can download to crawl. i want to know what they are good f

  • Which Open Source GIS Software is preferable either QGIS, mapWindow or gvSIG? 2012-06-28

    Which open source GIS software is preferable: QGIS, mapWindow or gvSIG. On the basis of: GIS analysis. Digitization. Quality checking.(Data correction). Store of data(i.e. storage in db as well as folder) Performance. Easy to learn. Which software sh

  • What is a free open source webmail software with pgp support? 2012-12-24

    I've a virtual server not a ksm but with lighttpd and mysql and postfix. Can I use it to replace my existing free webmail and what is a good software? I also want to use pgp if it's possible? --------------Solutions------------- Squirrelmail has ever

  • Open source CAD software 2013-03-07

    Does anyone know open source CAD software (like edit, update cad files and attach external information, create topology etc.) Researching on internet also (Going through Kosmo Desktop,DraftSight etc.) thanks in advance : ) --------------Solutions----

  • Open source GIS software to use for utility management? 2013-05-16

    I am looking for open source GIS software which can be used for utility management (like water, gas, electricity, road, etc.). I have done this in ArcMap 10.1 but am now looking for open source GIS software. Can anyone suggest to me any open source G

  • Which one is best open source GIS software where we can use Google/bing/yahoo maps as a basemap? 2013-08-31

    Which one is best open source GIS software where we can use Google/bing/yahoo maps as a basemap? i want to update my shp files using any of these basemap. --------------Solutions------------- Since it seems like you want to edit Shapefiles, I would r

  • 3D visualisation with open source GIS software 2013-12-16

    I'm searching for QGIS (or other open source GIS software) tools that can analyse XYZ data. Also I'm interested to hear about if anyone have migrated to non commercial software regarding geological 3D analysis and thereby what is your experience - do

  • Option for 360 degree movie embedded in Open Source GIS software? 2014-08-14

    Is there any Open Source GIS software available to embed 360 degree movies with the map? For a COTS example, there is the Active Link Vision (ALV) extension for ArcGIS from IWANE.

  • Best open source collab software 2014-09-08

    I want the best free open source collab software to run. I need email, calendar, and upload (file storage) mainly. Running without WebDav is preferred, as i don't really need the support. Running with mobile support is nice as well. Looking at Zimbra

  • Open Source payroll software with tax updates in the United States? 2015-09-25

    Is there an open source payroll software that includes tax updates for resident and non-resident taxes in the United States?

  • Open source logistics software 2015-12-25

    I'm looking for an open source logistics software for my company and after some searching I've come across 3 apparently viable softwares i.e. Overactive, OSLA and Venture Logistics. These softwares however don't have much written about them on the ne

  • Open source for software, copyrighting, etc? 2011-04-08

    This may be more of a legal question: Some guy claims to copyright his source code but he has several publicly exposed source code examples on his website but just puts a copyright notice at the bottom of the site. Is it automatically assumed he can

  • Ready to Open source the software, but want to make some money out of it 2011-06-27

    I'm an UG Student and an Entrepreneur. I have started a small company with which I'm trying to provide solutions, to various companies in my city, through my software. I put in 30-40 hours of coding and development. I've been a huge fan of Open Sourc

  • an Open Source graphic software like fireworks 2012-01-03

    Hi All and happy new year i'm wondering if there's any open source and free software to create designs, the way fireworks does, by allowing creation of slices (decoupes, HTML and images) thank you very much --------------Solutions------------- try ht

  • Is there a term for quasi-open source proprietary software? 2012-04-03

    Say a company wants to keep development of new features of a piece of software internal, but wants to make the source code for previous versions public, up to and including existing public features, so that other people can benefit from using and mod

  • Is there open source elearning software that works easily on Ubuntu? 2013-02-06

    I run Ubuntu 11.04 and am an elearning specialist. Many people use adobe elearning packages (articulate, storyline and captivate) to develop online learning programs. Is there an open source equivalent? Do these programs run on Ubuntu? I'm looking fo

  • Open source/free software for generating a 3D view of mapping? 2013-08-30

    Is there any software that will generate a 3D view given a DTM/height data and raster mapping, and output an image in a printable resolution? I am looking for something similar to what you'd find in a commercial hike planning application, but free or

  • "Open source" proprietary software licenses? 2013-09-13

    I am writing some software that (for once - usually I open source stuff on sourceforge/github/etc.) I plan on selling. To each source file, I want to attach a proprietary software license that doesn't allow anyone to use, modify, derive, etc. the sof

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development

search

Front-end development

Database

development tools

Open Platform

Javascript development

.NET development

cloud computing

server

Copyright (C) avrocks.com, All Rights Reserved.

processed in 0.706 (s). 13 q(s)