Nobody's forcing you to use the default theme... Using a forum system simply because you like the way it looks (regardless of the features or how secure it is) is a dumb idea, but if that's all that matters, then I would recommend checking out Unclassified News Board (http://newsboard.unclassified.de) as it has the best theme I've seen.

__________________
The Oldiesmann
SMF Webmaster
SMF+Gallery2 Integration Project - RC1 now available!

Actually your completely wrong. If you don't think security is the first thing the big 4 vendors are focused on then I've gone insane. You'd be a complete idiot to go for something that'll get you hacked in seconds. - phpBB, vB, MyBB, SMF, IPB, and all the rest release security patches almost instantly, and there aren't that many compared to what we're going to be seeing with BabbleBoard based on the amount of insecure programming I see in it. You might as well put a banner on top of your forum saying "PLEASE HACK ME" - or - you could save yourself the trouble and just hack yourself. That's about as secure as this board is.

Lol seriously you do realise this is only forums yeah? there is no need to try and put people down. You have your opinion i have mines...it doesnt matter its not real its only the internet!. I like the board thats enough for me if you dont great im glad you like the software you are using.

__________________
the12z.com Off topic forum!

Yeah and he was only pointing his view.

Anyway to carry on the debate (not fight) I have to say that you might like that board and it may be enough for you but Tikitiki is completely right, even if it automatically backs up then it still doesn't matter. Its hardly very economical to be hacked and then restore a backup every day.

I think its an ok forum script in its very very early roots but it needs to develop a lot more to be anywhere near competing with the big forum scripts.

BTW I am 99.999999999999999 % sure Tikitiki uses MyBB, unless hes not the Tikitiki who is the S Mod and helps develop (I think) MyBB.

__________________
Computer Forum
Calum
Football Forum

He is that Tiki, yes.

Chris

I don't think the security in BabbleBoard is that bad! Indeed, I'm sure flaws can be found in every script that exists on the internet just now. For a first generation bit of software, BB is doing not bad on the security side I think. Sure there is a lot that can be done, and as I'm continuously working on it I'll be forever trying to shore up the security to make it as good as I can. I'll repeat though, I don't think it's as bad as you make out. There are worse.

I seem to remember SMF didn't have an anti-spam field in a previous version, something that is now standard across almost everything that requires a login nowadays.

SMF, myBB, IPB etc have all kind of grown up with the internet. When new vulnerabilities are detected, it is easier to patch them one at a time than try and do it all in one go as newer software is trying to do. Doing it in this method, of course you're not going to fix everything, not straight away anyway.

calum - it is very early days yes. Of course, I may be a little bias and say that it's a very promising board for something that is quite new because I've worked on it pretty much everyday since March or so this year. A lot of effort has gone into it, and a lot more will in the future.

I've asked this before in another thread somewhere on here, but see when people are looking at forums or any other website, can you please just actually USE it and form an opinion on that, and THEN check under the hood and comment on that?

I take comments personally on here. People slagging off BabbleBoard is kind of like slagging off my work, and I take pride in what I do. I'd appreciate it if people took the time to check out how useable it is, how it feels. I'll be honest, it's quite sad if you form an opinion on something because it's not formatted properly or indented

In the future, please be more helpful when posting comments. I've read what's been posted on here since the thread was started and I haven't really read anything positive. Not that everything is 100% negative, but surely people like myself should be encouraged, not put down?

In response to an earlier post from oldiessman regarding a few things (I'm too lazy to quote the post )

1. Non descriptive variable names - 99% of these are actually just in SQL queries and are used only for that. Normally, the rest are as descriptive as needs be (my_id, theme, bb_name, bb_password etc.)

2. Missing single quotes around array indexes - that's fair enough. Was raised before (I actually forgot to sort that before 1.1). Can you do me a favour and explain why this is important? It's just that as the forum seems to work without problem, I've never seen a massively urgent need to sort this out.

3. Blindly accepting POST & GET with no sanitising - actually, a lot of it is sanitised using a function declared in the header script. Not every single page has this, but the public facing ones do (and by that I mean the admin area does not have all requests sanitised. Why not? If you can log into that area, you can do enough damage without having to use sql injections and so I feel it's not a major thing to do, but of course, it will get done)

4. No file security - this is something that has been sorted in 1.1.1. Every file accessed directly (apart from index.php, getfile.php and the upload.php file) now shows an unauthorised access error message.

5. Using relative paths for including files rather than full paths - why should we use full paths? Is there a significant difference in the two? I ask because when I search google to help me out, or even view php's documentation, more often than not, it is relative paths, and not full paths that are used in examples.

6. Deleting attachments and thumbnails depending on what glob finds - You'll need to explain the problem with this, as I don't know of any. I tried a simple unlink - my server didn't like it. I used glob, server liked it. I kept glob. Trial and error has made me come to including the glob function in my code (after once again consulting php's manual and googling for answers to my problems).

7. Very few comments in the code - I agree. Template files have SOME comments, but not enough for people to be fully confident in changing things. The actual core code has pretty much zero comments in them, but I'll get round to it (yes, the indenting too!)

So anyway, sorry for the long post, I felt I had some things I wanted to clear up, and in the process I've asked a few questions on things that I hope people can help me with.

Cheers guys.

Even so, it would be best to name the non-descriptive variables to something that actually describes what that query does.

Because the array index is a string. If someone defines a constant with the same name as an array index, PHP will replace whatever's in the brackets with the value of that constant. If you use single quotes (or double-quotes for that matter), this won't happen.


There's more involved with sanitizing than escaping quotes.

Glad to hear it - this is a major security improvement

It's mainly a matter of flexibility. If you use the full path, then you can (for example) put the includes directory outside the public_html directory so nobody could access it directly. It's not really a major issue, but it's a nice gesture for users who want to ensure things are as secure as possible.

The glob function simply finds all files matching a specific pattern. The unlink function is what actually deletes these files. Therefore, glob isn't needed because the forum should know the exact name(s) of the file(s) it wants to delete.

Also good to hear.

__________________
The Oldiesmann
SMF Webmaster
SMF+Gallery2 Integration Project - RC1 now available!

I agree on what Oldiesmann and Tikitiki said.

caleyjag, you always seem to follow the discussions about your package everywhere, every time experienced people are making remarks at the code and everytime you do a tough job at trying to respond.

However, (as far as I can remember) I have explained the array indices and undefined constants thing already in the past on another forum. Now you are again asking why you should change the code. I thus conclude you didn't attempt to read all our explanations and actually make the changes required to fix these issues. As long as you don't fix them, experienced people will continue to make remarks about them.

So, either you fix them or otherwise you may still be asking people why you should do x or y within a couple of years (if BabbleBoard still exists by then) when other people make the exact same remarks as we did the past months.

Problem is there isnt alot of nice skins for new forum software like these, thats what puts people off. And the people who make the forum software just tell you how to make the skins.

I wouldnt really consider using this.

__________________
Immortality will come to such as are fit for it

It's almost too basic to me. The new PHPBB blows out all the other free softwares IMO and is really easy to install mods and do just about everything. If I use a free software, it's going to be PhpBB or my own.

__________________



TheBiggestBoards - See where your forum ranks - Size Matters!