User Tools

Site Tools


Version History

1.2.14 (2006-10-15)

  • Fixed SQL injection in search due to zend_hash_del_key_or_index hole in PHP <4.4.3 and <5.1.4. Thanks Nms (
  • Fixed a local file inclusion vulnerability. Was fixed into profile.php some time ago, but for some reason, was left out of register.php. Thanks Nms ( and Smartys.
  • Fixed some admin only SQL injections. Thanks Smartys.
  • Implemented search performance tweak (removed unnecessary join with the posts table). Thanks Yann for reporting and whoever noticed the fault at for the patch.
  • Fixed admins being able to set default group to admin, moderator or guest with a custom request. Thanks Smartys.
  • Fixed being able to ban all guests. Thanks Smartys.
  • Fixed install on MySQL 5.0.25 and later.
  • Stylesheet fixes for IE7.

1.2.13 (2006-09-26)

  • Fixed avatars_dir NULL byte injection vulnerability (CVE-2006-4759).
  • Added support for HttpOnly cookies. Credits to Matt Mecham for pre-PHP5.2 hack.

1.2.12 (2006-05-20)

  • Fixed incorrect user count leading to empty last page of user list.
  • Fixed XSS vulnerability involving “redirect_url”.
  • Fixed XSS vulnerability involving URL BBCode (only affects Internet Explorer users).

1.2.11 (2006-02-28)

  • Added flood protection to registration process (to prevent DoS attacks).
  • Fixed XSS vulnerability in header.php.

1.2.10 (2005-11-01)

  • Added password field to require users to enter password when requesting a change of e-mail address.
  • Removed reliance on HTTP_X_FORWARDED_FOR to prevent IP spoofing.
  • Moved up execution of unregister_globals() before the inclusion of config.php to prevent information disclosure vulnerability.
  • Fixed periods at the end of words not being filtered out before insertion into the search index.
  • Force quoted text to be from the topic we're posting in.
  • Implemented workaround for the IE GIF bug. See

1.2.9 (2005-10-16)

  • Implemented Stefan Esser's unregister_globals(). What this does is reverse the effects of register_globals by unsetting any globals that were instantiated as a result of register_globals being enabled.
  • Fixed SQL injection vulnerability in search.php (only exploitable with register_globals enabled).

1.2.8 (2005-09-21)

  • Fixed a potential code inclusion vulnerability involving the user language selection.
  • Properly fixed the search.php SQL injection that was uneffectively dealt with in 1.2.7.
  • Fixed an XSS vulnerability involving the “forgotten e-mail” feature.
  • Fixed “bare linefeed” problem with external SMTP servers.

1.2.7 (2005-09-02)

  • Fixed post preview inconsistently preparsing BBCode (post.php and edit.php differed in the way they preparsed and displayed BBCode).
  • Fixed SQL injection vulnerabilities in the admin interface (only exploitable by admins and mods).
  • Fixed rare CGI error on admin index page.
  • Fixed XSS vulnerability involving URL BBCode (only affects Internet Explorer).
  • Fixed SQL injection vulnerability in search (only exploitable with register_globals enabled).
  • Fixed banned users still appearing in the online list.
  • Fixed updating certain admin options not always working properly.

1.2.6 (2005-07-07)

  • Fixed guest posts sometimes being displayed more than once in topic view.
  • Fixed BBCode validator not allowing certain code tag combinations.
  • Fixed install e-mail check in install script not corresponding to check in email.php.
  • Reworded database name description in install script.
  • Fixed error when supplying install script with non-existant database layer.
  • Fixed supplying post script with both a forum ID and a topic ID leading to the subject textbox being displayed even though it wasn't used.
  • Fixed users sometimes being assigned the wrong rank.
  • Fixed any directory in lang/ being considered a valid language pack.
  • Fixed username dupe check not working properly in PostgreSQL.
  • Added protection to prevent administrators from deleting or demoting all administrators of a board.
  • Fixed language and style drop-downs not always being sorted properly.
  • Fixed registered users being able to send “form e-mail” to the guest account.
  • Fixed profile showing the language for the current user when viewing the profile of another user.
  • Fixed username “Guest” or user ID 1 (via GET) being accepted when adding a ban.
  • Forced template includes into folder /include/user/ to prevent potential code inclusion vulnerability.
  • Prevented search from allowing particularly server intensive searches (misuse of wildcards).
  • Added direct execution prevention to quickjump cache.
  • Lowered PunBB's error reporting level to E_ALL ^ E_NOTICE to ease integration with applications that do not support E_ALL.
  • Fixed various SQL injection vulnerabilities in the admin interface (only exploitable by admins and mods).
  • Added HTML escaping of the redirect URL.
  • Added HTML escaping of the missing language pack error message.
  • Fixed extern.php not using cached config.
  • Fixed certain BBCode combinations resulting in garbled output.
  • Fixed words containing the characters of BBCode's not being properly added to the search index.
  • Removed remark in install script instructions regarding spaces after the closing PHP tag which didn't make sense since config.php does not contain a closing PHP tag.
  • Fixed SQL injection vulnerability in profile (only exploitable when register_globals is on).

1.2.5 (2005-04-07)

  • Fixed mass open/close topic not working.
  • Fixed incorrect users online count on admin index page.
  • Fixed login username being case sensitive in PostgreSQL and SQLite.
  • Fixed path disclosure bug in profile.
  • Fixed users with “exotic” usernames not being able to use form e-mail.
  • Fixed certain e-mail functions not working in forums with quotes in the title.
  • Fixed various markup quirks.
  • Fixed user group dupe check not working in PostgreSQL.
  • Fixed BBCode preparser not stripping out quotation marks surrounding URLs, e-mail addresses and colors.
  • Fixed BBCode validator allowing a new code start tag within a code block.
  • Fixed potential XSS vulnerability in Jabber field.
  • Fixed SQL injection vulnerability (admin/mod only).
  • Fixed SQL injection vulnerability in profile allowing privilege escalation.
  • Beefed up e-mail format validation.
  • Fixed certain uploads going through even though getimagesize() doesn't return anything useful.
  • Removed keyword DISTINCT from the main query in topic view to prevent creation of temporary table under MySQL.

1.2.4 (2005-03-18)

  • Fixed BBCode pre-parsing inadvertently stripping out whitespace in quotes.
  • Fixed XSS vulnerability in profile.php.
  • Fixed moving a topic when there is no forum to move to resulting in an undefined index error.
  • Fixed XHTML validation error on help page.
  • Fixed gethostbyaddr() outputting an error when the supplied IP address is invalid.
  • Fixed pun_trim() stripping out 0xCA which is a valid character in certain locales.
  • Added direct execution prevention to common_db.php.
  • Went back to mammoth e-mail validation regex.
  • Fixed move to forum drop-down containing forums that moderators should not be able to see.
  • Fixed group title dupe check not working.
  • Fixed phpinfo() in admin_index.php being available to moderators even though the link wasn't displayed.
  • Fixed possible password reset annoyance.

1.2.3 (2005-03-11)

  • Fixed potential e-mail header injection in e-mail form affecting installations running on PHP 4.2.2 or earlier.
  • Fixed various SQL injection vulnerabilities in admin scripts.
  • Fixed authentication bypass vulnerability in cookie password hash checking.
  • Fixed “Mark all topics as read” not showing up on some search pages.
  • Fixed unverified users not being displayed in user list.
  • Fixed subscriptions not being properly disabled when turned off in admin/options.
  • Fixed lazy referrer check in admin/options sometimes resulting in an undefined index notice.

1.2.2 (2005-02-25)

  • Fixed SQL injection vulnerabilities in profile.php, register.php and moderate.php.
  • Fixed file disclosure vulnerability in admin_loader.php.
  • Switched back to using a “manual” PHP version check in install script.
  • Fixed turn_off_maintenance_mode.php (hopefully for the last time).
  • Fixed template variable pun_include potentially resulting in an infinite loop.
  • Fixed rare SQL error involving PUN_QUIET_VISIT and last_visit.
  • Added check to make sure guest user exists.
  • Fixed moderators being able to edit user's titles regardless of group permission setting.
  • Added check to make sure that a forum being edited actually exists.
  • Fixed SQL error on some setups when submitting profile/essentials as an admin.
  • Added check to make sure that a group being edited actually exists.
  • Fixed plugins not working when/if REQUEST_URI isn't set.

1.2.1 (2005-02-02)


  • Tweaked style sheets to workaround various Gecko rendering quirks.
  • Added bottom breadcrumbs to viewtopic and viewforum.
  • Increased base font size to 11px and adjusted other font sizes.
  • Replaced image scrolling for used posted images with image scaling using the CSS property max-width. For MSIE support a modified version of minmax.js by Andrew Clover is used.
  • In viewtopic moved signature out of postmsg div.
  • Dispensed with classes showhot and showclosed.
  • Introduced class warningtext.
  • Added class isticky for sticky topics.
  • Moved topic type indicators from div to tr in index, viewforum, search and moderate.
  • Generally improved system for indicator icons.
  • Added ID's to the markup for navigation list items.
  • Added lists to welcome box where there is more than one item.
  • Prevented generation of unnecessary clearer div in board stats box on index.
  • Added background-color to Body tag.
  • Added class=“clearb” to paragraph following avatar to ensure large avatars do not overflow the fieldset.
  • Added missing <br /> tags to user search form. Change only visible in text only display.
  • Moved information text below inputs and removed clearer div in search, user list, profile (display/pagination) and upload avatar forms.
  • Prevented output of empty <p> tags in viewforum when there are no postlinks and/or moderators.
  • Removed colgroup and col tags in various scripts.
  • Removed central vertical alignment of smilies in Firefox.


  • Added doublequotes around forum title in e-mail From field. Suggested by cici.
  • Fixed various potential mysqli problems.
  • Fixed “Show results as posts” lacking forum read permission check. Reported by Miles.
  • Changed default search operator to AND (was OR). Suggested by mindplay.
  • Fixed affected_rows() not working properly for PostgreSQL and SQLite.
  • Fixed example plugin not quitting on direct access attempts.Reported by Dantes.
  • Added feature for adding an arbitrary number of items to the navigation menu via admin_options.php.
  • Fixed phpinfo() feature of admin_index.php not outputting anything when/if phpinfo() function is disabled on the system. Reported by Terrell Russell
  • Fixed BBCode in preview not working properly.
  • Fixed “Set moderator access” fieldset being available for unverified users.
  • Fixed quick post being available when it shouldn't.
  • Fixed logging out not updating last_visit.
  • Fixed search being case sensitive.
  • Fixed pun_trim() stripping out non-breaking spaces for no good reason.
  • Added handling of UPLOAD_ERR_NO_TMP_DIR to avatar upload code.
  • Fixed pun_trim() messing up UTF-8 and other multibyte character sets. Reported by vnpenguin.
  • Fixed “undefined offset” error in smiley display code in help.php. Thanks to cgo2 for report and fix.
  • Fixed BBCode parser acting up on some BBCode quote syntax. Reported by boneheade.
  • Fixed “undefined offset” error in admin_index.php when /proc/loadavg exists, but can't be loaded. Reported by schnetm.
  • Fixed unnecessary extraction of style element in profile. Reported by vnpenguin.
  • Fixed image example in help section pointing to a non-existing image. Reported by Rador8.
  • Fixed some HTTP header redirects failing when redirect time was set to 0. Reported by Rod. Thanks to cgo2 for tip.
  • Fixed undefined index error in header.php. Reported by myran-san.
  • Fixed error in extern.php due to extra tab in lang/English/common.php. Reported by Richard.

1.2 (2005-01-07)


  • Improved search indexing to properly deal with words containing dots (e.g file.php) and words containing hyphens (e.g. round-up).


  • Fixed footer.php outputting an error message when accessed directly. Reported by paul_w.


  • Added option “Report new registrations” that sets whether people on the admin mailing list are notified when a new user registers in the forums.


  • Environment and database statistics are now hidden from moderators in admin_index.php. Suggested by Madoor.
  • Increased max size of AIM and Yahoo Messenger field to 30 characters.
  • Fixed moderator column of forums not being updated when a moderator usernames changes. Reported by zargoth.


  • Added ability to exclude forums from extern.php output (e.g. a test forum).
  • Users can now delete their own avatar.
  • Moderators can now, if “Edit user profiles” is enabled in admin/permissions, delete user avatars.


  • Added FAQ entry “I've updated the database manually, but the changes have no effect. What's up?” that describes how to deal with manual database updates and the cache.


  • Fixed notification e-mails being sent out to users even though the topic had been moved to a forum that the subscribed user doesn't have read access in.
  • Added option that sets whether guests are required to enter an e-mail address or not when posting.


  • Replaced the new admin option “Image max width” with “Image max height”. Instead of limiting the maximum width of images, which is taken care of by scrollbars anyway, the new setting limits the height of images.


  • Added forum attribute “Sort topics by” that sets by which attribute topics are sorted in viewforum.php - last post (default) or topic start.
  • Replaced $pun_root with the constant PUN_ROOT. This change not only decreases the risk of potential security problems, but also removes the need to “globalize” the variable in every function it is used. Thanks to anythingwilldo for reporting a potential security problem in common.php that lead to this change.
  • Rewrote code for disallowing “shouting” in subjects, messages and signatures to prevent problems with certain locales.
  • Replaced username with user_id in the cookie. It's more efficient this way.


  • Implemented second iteration of Paul's new and improved markup and CSS.


  • Fixed various forms that allowed you to post what appeared to be empty messages with the help of non-printable characters.
  • Added function pun_trim(). The function replaces certain non-printable characters with regular spaces and trims the result.


  • Rewrote and optimized online list and visit management code. Instead of running one DELETE and one INSERT on the online table and one UPDATE on the users table, the forums now, on average, runs one SELECT and one UPDATE on the online table. The users last visit column is updated when the user is removed from the online list. Due to the rewrite, one query less is executed on basically all pages. The column “last_action” has been removed from the users table and a new column “idle” has been added to the online table. If idle=0, the user is online. If idle=1, the user is considered to be offline, but he/she won't be removed until “Timeout visit” seconds have passed since the last action.
  • PunBB no longer sets a new cookie for every page view. Since PunBB doesn't store last visit/last action data in the cookie anymore (since 1.1), there is no need to set a new cookie with username and password hash on every page view. This means a few bytes less traffic between the webserver and the client. The downside of this is that users will have to re-login when the cookie expires after a year. Not a big deal though.


  • Simplified database adapter (especially for PostgreSQL) classes a bit. Running PunBB with PostgreSQL now requires PHP 4.3.0 or later.
  • Added support for MySQL 4.1 and later via the MySQL Improved extension (mysqli). As a result of this, a new database adapter class has been added.


  • Fixed registration welcome mails and subscription notifications mails not being sent out when the board title contains a colon.


  • Added Jabber field to the user profile.


  • Moved the commonly accessed links “Show new posts since last visit” and “Mark all topics as read” from the footer to the header.
  • Added search link “Show your subscribed topics” to the footer. The search shows all topics to which the currently logged in user is subscribed to.
  • Fixed redirect page being sent to the client unnessecarily when the redirect delay, for some reason, is set to 0 seconds.


  • Implemented a user group system that replaces the old static guest/user/moderator/admin system. PunBB now comes with four preset user groups: Administrators, Moderators, Guests and Members. These four groups can be edited, but not removed. On top of the four preset groups, administrators can add any number of their own user groups. The user groups have a set of global permissions and options such as whether members of a group are allowed to post new topics and if they are allowed to use the search feature. Some of these global permission settings can then be overridden by forum specific settings. As a result of the new user group system, basically all scripts have been updated and two new tables have been introduced into the database. A new admin page, “Groups”, has been added and the admin page “Forums” has been restructured to allow editing of forum specific group permissions. A number of user and forum properties are obsolete and have been removed. The user property “status” has been replaced by a group ID and in forums, the properties “admin/moderator only” and “closed” have been removed. A bunch of the old options and permission settings in the admin interface have also been removed.
  • Added global moderator permission settings to admin/permissions. It is now possible to allow/disallow moderators from editing user profiles, renaming users, changing user passwords and using the ban system.
  • Moderators can no longer edit the profiles of other moderators and administrators.
  • Removed the function is_admmod() from functions.php as it is no longer useful.
  • Added setting “Image max width” to admin/options. The setting controls the maximum width of images in posts and signatures. If set to anything but 0 (the default), images will take up, at most, that much horizontal space.


  • Fixed (hopefully) cookies being rejected by IE6 in forums that reside in “domain redirect frames”. Thanks to rewozz for helping me test it.


  • Fixed search not stripping out short keywords (<3) and therefore always resulting in “Your search returned no hits.” when used with AND. Reported by Frank H.


  • Reworded board statistics and put them all in lists. /Paul
  • Removed permissions from the board index. They won't make much sense when the user groups system is in place. /Paul


  • Fixed Internet protocol names containing digits (e.g. ed2k) being prepended with http://.


  • Added menu navigation to profile similar to the admin interface. The profile is no longer one very long page, but instead devided into sub-pages.


  • Added admin plugin support. Adding third party admin interface functionality should now be much easier.
  • Merged admin_menu() and moderator_menu() into generate_admin_menu().


  • The display of the forum rules is now displayed properly instead of in a message() box with the header “Info”.


  • Switched admin interface navigation from horizontal to vertical layout.
  • Incorporated new admin interface markup/CSS by Paul Sullivan. The admin interface now has the same look and feel as the rest of the pages.


  • E-mail addresses are now, regardless of the user e-mail privacy setting in the profile, never displayed for guests. This will prevent e-mail harvesters from picking up addresses from PunBB boards.
  • Added meta tag to prevent search engine indexing of pages such as post.php, delete.php etc. Not all robots support the meta tag (the important ones do), but it's less hassle than teaching people how to use robots.txt.


  • Added function pun_setcookie() to functions.php. All calls to PHP's setcookie() are now done here.
  • Added a cookie seed to improve cookie security. Each PunBB installation now has a unique seed that is prepended the password hash and hashed once more (md5) before being stored in the cookie. This not only makes it a lot harder to “crack” a cookie hash, but also makes sure cookies hashes are board specific. Thanks to zaher for the suggestion.
  • Fixed ban messages being a bit odd when the expiry date was “Today”. Reported by Chacmool.


  • Added search link “Show todays posts” to the footer of the index page. The search shows the last 24 hours' active topics.


  • Added post preview and post error messages similar to edit.php (see 2004-09-10 below).


  • Changed the defaults to allow subjects, posts and signatures to contain all caps characters.
  • Added language selection in the register and profile forms. If more than one language pack is installed, it is now possible to select one of them while registering or in the profile.
  • Added default language option to admin/options.
  • Updated the language pack code a bit. Instead of being called e.g. “en” or “se”, the packs are now named “English” and “Swedish”. I removed the unnessecary prefix to the language pack filenames as well.


  • Post errors (such as missing subject, flood protection, invalid BBCode etc.) are now displayed above the post new message form instead of on it's own page. This prevents the old “go back and notice the 10K post you just wrote is gone problem”. Reported by CodeDuck and Andy.


  • Added post preview.


  • Removed the generic JavaScript that disables submit buttons upon form submittal. The code is now placed directly in the onsubmit event handler of the affected forms. Should shave off a few bytes in quite a few files.
  • Prettied up the code for form field auto focus and required form field validation.
  • Fixed subscriptions not being removed when deleting topics. Reported by paolo.
  • Rewrote topic reply counting code to be less error prone. The reply count for a topic is now re-calculated whenever a post is added or removed.


  • Added checkbox to delete user confirmation form that sets whether all posts made by the user should be deleted as well.
  • Created functions delete_post() and delete_topic() in functions.php. The functionality was taken from delete.php which after this change is much smaller. The new functions will also be used in profile.php when deleting all posts by a user.


  • Added check to install.php that makes sure the cache directory is writable.


  • Added table collision check to install.php. Thanks to Smartys for suggestion.


  • Fixed closed topics not being properly marked in search results.
  • Replaced all occurances of three dots (…) with the HTML entity &hellip;.


  • Rewrote e-mail address validation pattern to be less restrictive. Reported by Elrond.
  • Fixed missing call to pun_htmlspecialchars() in profile.php when confirming user delete. Reported by Smartys.
  • Fixed missing calls to pun_htmlspecialchars() in admin_options.php. Reported by Smartys.
  • Fixed incorrect display of “Zapped by” when the user was deleted. Reported by Smartys.


  • Fixed two typos in the english language pack for moderate.php. Reported by Smartys.
  • Fixed missing pun_htmlspecialchars() call for ranks in admin_ranks.php. Reported by Smartys.
  • Tweaked the search indexing a bit. It now inteprets e.g. Swedish characters correctly even if the locale is non-Swedish.
  • Fixed a paging bug in paginate(). Fix provided by Chacmool. Reported by Jansson.
  • Added missing $pun_root for stopwords file() command in search_idx.php.
  • Fixed missing pun_htmlspecialchars() call for user title in profile.php. Reported by Smartys.
  • Replaced smiley icon set with icons supplied by Rasmus Schultz of
  • Fixed “Change password” link in profiles always being visible for moderators even though they sometimes don't have permission to change passwords. Reported by Smartys.


  • Added check to post.php to prevent people posting to redirect forums. Reported by Smartys.
  • Fixed an XSS vulnerability in post.php. Reported by ra from Belarus.


  • Fixed admin/bans incorrectly reformatting ban expire dates when using a date format other than Y-m-d. Reported by Falconey.
  • Fixed $tpl_main not being accessible in the message() function. Reported by jacobswell.
  • Added the ability to show a full list of users online via extern.php.
  • Fixed user remaining in the online list even though he/she was just deleted. Reported by Smartys.
  • Added user id to the log out link to prevent malicious users linking directly to login.php?action=out and thereby logging out users.


  • Added help.php entry that explains how to use color names (blue, red, green …) with the color tag. Suggested by Razmooze.
  • Fixed a bug where img tags could point to files that aren't images. E.g. links to login.php?action=out that would log out any user that views the page. Reported by XuMiX and Bizzy_D.
  • Rewrote parts of the user authorisation code. The two user data arrays $cookie and $cur_user have now been merged into one array, $pun_user. Having all user data in one place not only makes the code a bit prettier at places, but also eases integration with other applications and makes things a little less confusing.


  • Fixed missing $pun_root for style dir command in admin_options.php. Reported by Jansson.
  • Fixed “Show avatars” option being visible regardless of global avatar setting. Reported by Rasmus Schultz.
  • Fixed user list paging bug. Reported by cmatner.


  • Added admin option to show/hide user information and contact links in the topic view.
  • Added FAQ entry for presumably common question about PHP not having write access to the cache directory.
  • Added admin option to show/hide version number in the footer. The default is to hide the version number.


  • Added template for help page.
  • Removed all remnants of the profile option “Open links in new windows”.


  • All markup and CSS completely redone by Paul Sullivan. One line in the changelog doesn't quite do this update justice. Suffice to say, the changes affect pretty much every line of markup in the forums. PunBB now outputs semantically correct XHTML 1.0 Strict markup. Due to the much greater use of CSS, it is possible to radically alter the appearance of PunBB without touching a line of PHP code.


  • Paul added a bunch of more “exotic” timezones such as -3.5 and +13.


  • Fixed various typos in the Swedish language pack. Reported by Razmooze.


  • Fixed a small typo in admin/permissions. Reported by ataylor.


  • Added redirect forums.


  • Fixed error messages in the database abstraction layer classes displaying file name instead of line number and vice versa. Reported by jacobswell.


  • Removed the stopwords “and” and “not” from the english stopwords list. They are treated separately anyway and having them in the list just takes up space and slows things down. Thanks to Adam Jankowski for alerting me to this.


  • The IP address used when registering is now saved and displayed for admins and moderators in the user profile. The IP address appears after the registration date.


  • Fixed search in admin_users.php being case sensitive in PostgreSQL.
  • Rearranged things in the user list so that it looks more like search now.
  • Added username search (with wildcards) to userlist.php.


  • Added stopwords doesnt, now, well, ive, really, thats, think and ill to the english stopwords list.
  • Added breadcrumbs to edit and delete pages.
  • Merged two queries in delete.php.
  • Merged four queries into two in edit.php
  • Added tongue smiley :P.
  • Added index to the moved_to column of the topics table. This speeds up a few queries.


  • Rewrote parts of the avatar upload code to support uploads when open_basedir restrictions are in effect. The new code actually turned out a lot prettier.
  • Added profile option “Show images in signatures”. The option is the equivalent of “Show images in posts”, but for signatures (duh!).
  • Replaced profile option “Show images” with “Show images in posts”. The new setting applies only to posts and user posted images (via the [img] tag).


  • Replaced profile option “Convert smilies to images by default” with the new option “Show smilies as icons”. The new options sets whether smilies are displayed at all regardless of any other settings.
  • Applied patch from Rasmus Schultz that hides the style selection box if there is only one style to choose from.


  • Renamed the username field to just “Name” in the post form for guests. Thanks to sleddog for suggestion.
  • Fixed moderators and admins not being removed from the forum moderator lists when being degraded to regular users. Reported by Mike and ConnyT.


  • Fixed empty alt text for new post indicator images. Reported by Gribber.


  • Fixed missing translation of topic stick/unstick redirect message. Reported by Jansson.


  • Merged the language files for post.php and edit.php as most of the strings are identical.
  • The HTTP_REFERER check now strips out “www.” before performing the check. This way, having a HTTP_REFERER that differs from base_url only by the www part will not lead to an error. Thanks to ssb for the suggestion.


  • Improved get_remote_address() to disregard obviously local IP addresses.


  • Multiple forum IDs (comma-separated) can now be passed to extern.php.


  • Made search automatically redirect the user to the cached result page. This prevents the forum from doing a new search every time you go back to the results page from one of the result topics. Thanks to ssb for the suggestion.


  • Turned up the error reporting level to E_ALL. At this level, all usage of uninitialized variables is reported, so basically all scripts have had minor changes to initialize all variables before they are accessed.


  • Changed linebreaks from LF to CRLF in all outgoing e-mails (the RFC says so and a few SMTP servers require it).


  • Moved the separator text for links in the navigation bar and in viewtopic (website, e-mail, edit etc.) into the lang packs. Changing the separator is now only a matter of editing the language file. Thanks to Paul for suggestion.


  • Rewrote IP stats feature in admin/users. It is now 10 to 100 times faster depending on number of posts.
  • Merged two queries in viewtopic.php when displaying “the dot”. This change involved adding a multi-column index to the posts table, but also the removal of another index.


  • Changed a number of calls to the query function to utilize the new argument mentioned below. This will increase performance and decrease memory consumption to some degree.
  • Added a second optional argument to the query function in the DB class. This arguments sets whether the query should be buffered or unbuffered. The argument doesn't apply to PostgreSQL since PHP has no function pgsql_unbuffered_query().
  • Removed a number of superfluous else statements to increase consistency in the scripts.


  • Added caching of bans. This removes one query per page.
  • Added caching of ranks. This removes one query in viewtopic.php.


  • Added a similar cache for the quick jump drop-down menu. This change removes one query from a couple of pages.
  • Implemented simple file-based caching of the config variables. Instead of fetching the variables from the database every page view, a PHP script is included that defines the $pun_config array. If the file is deleted or if any of the config variables are altered in the admin interface, the cached script is updated. This enhancement removes one query from all pages.


  • Added SQLite support.
  • Merged two queries in viewtopic.php.
  • Added an index to the column user_id in the online table.
  • Renamed table search_results to search_cache. It's just a more suitable name for that table.


  • Added <pun_footer> replacement variable to the redirect template to be able to show executed queries in case PUN_SHOW_QUERIES is enabled.
  • Increased speed of all pages when running on PostgreSQL by wrapping all queries in one transaction to avoid auto commit.
  • Rewrote query, transaction and error handling in DB layer.
  • Removed function fetch_array() from DB layer since it is never used. I have yet to discover a situation where you would want an associative array with both numeric and string indexes for the same elements.


  • Moved function escape() into the DB layer. To call the function, use $db→escape(). The move of the function to the DB layer is required because different databases use different escaping mechanisms. E.g. just using addslashes() doesn't work for SQLite.
  • Removed the function unescape(). The superglobal arrays $_GET, $_POST and $_COOKIE are now stripped of any extra slashes (added by magic_quotes) in common.php.
  • Switched from using fopen()/fread()/fclose() to the faster and leaner file_get_contents() when loading template files. An implementation of file_get_contents() has been added to functions.php for systems running a PHP version prior to 4.3.0.


  • Changed the column type for word id in the search index from INT to MEDIUMINT. The maximum value for an unsigned MEDIUMINT is 16777215 and that is well enough. This change should shave save a few percent space. It only applies to MySQL though.


  • Removed keyword OUTER from all left joins.


  • Cleaned up some of the BBCode parsing code. Renamed function truncate_url() to handle_url_tag() and added function handle_img_tag().


  • Implemented pre-parsing of BBCodes during posting. This pre-parsing attempts to clean up the BBCode in the message. It strips out excessive whitespace before and after some BBCode tags and convert all tags to lower case. The forum now makes sure that all BBCode is nice and tidy.


  • Converted all other scripts to XHTML 1.0 Transitional.


  • All output is now valid XHTML 1.0 Transitional thanks to patch supplied by Eelco Lempsink. Thank you very much!

1.1.5 (2004-07-15)


  • Fixed a code injection vulnerability in common.php and header.php. The issue is exploitable on servers with register_globals and allow_url_fopen enabled. Reported by Radek Hulán.


  • Fixed a cross site scripting issue concerning url and quote tags. Reported by s0da.


  • Fixed search dropdown list showing admin/mod only forums to all users. Reported by Madoor.


  • Fixed “autolinks” beginning with ftp: not working correctly. Reported by ConnyT. ===== 1.1.4 (2004-04-25) ===== 2004-04-25 * Fixed not being able to ban users with a quote in their username. Reported by Simple Exploding Man. * Fixed e-mail validation not allowing only uppercase letters for user and host. Reported by Alrescha. * Added question “How can I use smilies of different sizes than 15×15 pixels?” to faq.html. Thanks to Yann for suggestion. 2004-04-24 * Fixed possible cross site scripting issue in profile.php. Reported by Mediator. 2004-04-18 * Removed one of the Cache-Control headers to prevent browsers from fetching a new page when using the back/forward buttons. Thanks to sleddog for suggestion. * Fixed members with username containing quotes and singlequotes not always being able to post messages. Reported by Yann. Thanks to Simple Exploding Man for testing. * Fixed missing username max length check to register.php and profile.php. Reported by Mediator. ===== 1.1.3 (2004-04-01) ===== 2004-03-30 * Removed BBCode tags from stopwords list. * Fixed BBCode tags being indexed in search_idx.php. * Fixed a small language inconsistency between lang_post and lang_edit. Reported by Fluffy. 2004-03-15 * Fixed url tags not working without leading http://. 2004-03-09 * Fixed three dots (…) missing from search results when displayed as posts. Reported by ssb. 2004-03-08 * Fixed moving topics with redirect not always working. 2004-03-01 * Fixed usernames starting with the digit 1 followed by whitespace being reported as banned. Reported by 1 Joe. 2004-02-24 * Fixed redeclaration of split_words() error in admin/prune. * Added missing global $pun_root to function prune() in common_admin.php. 2004-02-23 * Fixed admin/options and admin/permissions allowing NULL for columns that require integer values. Reported by Sander D. * Fixed boolean operators not working in search. Reported by ssb. * Fixed missing text “Signature” in profile.php. 2004-02-20 * Added an element to lang_common for instructing search whether the current language is a multibyte language or not. ===== 1.1.2 (2004-02-15) ===== 2004-02-13 * Fixed stopwords not being excluded in search. They were being excluded from the search index, but not from the keywords when searching. * Removed unused variable “prefix” from userlist multipage URLs. * Fixed a number of variables being used without first being initialized. * Fixed missing “Leave blank to use forum default” from profile.php. * Fixed a hard to exploit, but still possible XSS vulnerability in install.php. Thanks to Isothop for reporting it. 2004-02-10 * Fixed the SMTP username and password fields being a bit too short. Reported by Goransson. 2004-02-03 * Changed the default value of $p_connect in config.php to false. * Fixed username search in admin/bans sometimes not working with PostgreSQL. 2004-02-01 * Added missing call to set_time_limit() in search index rebuild script. * Fixed incorrect display of number of topics to prune in admin/prune. 2004-01-31 * Fixed typo in english language pack. “KB” was incorrectly abbreviated “Kb”. Reported by Bat21. 2004-01-25 * Fixed incorrect redirect after posting form e-mail. Reported by JohnS. 2004-01-24 * Fixed last visit date showing up as 1970 for the admin user directly after registration. Reported by mICKE and TooCool. 2004-01-21 * Removed attempt to disable register_globals from common.php (ini_set). It isn't even possible to change in runtime, so don't ask me what it was doing there in the first place. * Added missing pun_htmlspecialchars() for forum name in admin/prune confirmation message. 2004-01-16 * Fixed clicking the “[ New posts ]”-link leading to double increment of topic views counter. Reported by Chacmool. ===== 1.1.1 (2004-01-13) ===== 2004-01-14 * Added FAQ entry for question about multiple Base URLs. * Added script syncronize_board.php to the help/tool scripts. The script updates the last post, last poster and nbr. of replies columns in all topics and forums in case they are out of sync. * Fixed warning message when attempting to fetch UNIX load averages with PHP safe mode enabled. Reported by mICKE. * Removed call to set_time_limit() in post BBCode syntax check function that was left over from the debugging stage. Reported by mICKE. 2004-01-11 * Fixed typo in english activate_email.tpl. Reported by lukepuuk. 2004-01-10 * Fixed autoparsing of hyperlinks just before the [/quote] tag not working. 2004-01-08 * Fixed “Move topic” showing the moderator forum view instead of the forum selector. 2004-01-07 * The BBCodes [b] and [i] now create more semantically correct <em> and <strong> tags. Thanks to CSpotkill for suggestion! * Fixed missing error message for the view IP function in moderate.php. Reported by Chacmool. * Fixed message text in topic review being malformatted. * Fixed an issue where variable names in the BBCode URL tag were parsed by PHP. Switched from double quote to single quote in the replacement parameter of preg_replace(). * Fixed $pun_root missing from path to style directory in profile.php. Reported by Cactuz. 2004-01-05 * Fixed user post count not being displayed for admins/mods in topic view. Reported by CSpotkill. 2004-01-04 * Added missing MSN Messenger field to search form in Admin/Users. Reported by CSpotkill. * Fixed a bug involving the quote tag and usernames starting and ending with single or double quotes. 2004-01-03 * Removed “(Do not reply to this message)” in the form e-mail template. Reported by TwaN. * Fixed incorrent query error message in admin_maintenance. * Fixed insufficient guest username validation. * Fixed missing translated word “wrote” when quoting with BBCode disabled. ===== 1.1 (2004-01-03) ===== 2003-12-31 * Renamed a few scripts for consistency. For example, commonadmin.php is now called common_admin.php. * Added PostgreSQL version check to install script to avoid serial column duplicate index problem for versions 7.2 and earlier. * Increased PostgreSQL speed a little by not running a preg_replace() in the DB class unless necessary. 2003-12-30 * Added detection of MMCache and PHPA in admin_index.php. * Added ability to show phpinfo() output in admin_index.php. * Switched back to using echo instead of print as it's apparently echo that is a little bit faster and not the other way around. 2003-12-29 * Added a new CSS class, punspacer. It is used for all spacer tables. Thanks skynet and ps21 for the suggestion. * Rewrote the board config handling. The two database tables options and permissions and their respective PHP arrays have been replaced by one table (config) and one array ($pun_config). In the database, config items are stored as individual rows (conf_name & conf_value) instead of one row in a big table with lots of columns (which is really stupid). In the $pun_config array, option variables are prefixed with o_ and permission variables with p_. Storing config data this way greatly simplifies adding, removing and editing config items. * Added a new script called extern.php. The script is used to include information about a board from pages outside the forums and to syndicate news about recent discussions via RSS. The script can display a list of recent discussions (sorted by post time or last post time), a list of active users or a collection of general board statistics. The script can be called directly via an URL (for RSS), from a PHP include command or through the use of Server Side Includes (SSI). Instructions on how to use the script can be found at the top of the script source. 2003-12-26 * Added the name of the category to the confirmation message that is displayed when deleting a category. Thanks to sphr for the suggestion. * Did the same as above for forums and users. * Rewrote parts of header.php to better accommodate the below improvement. * Translated the element names in JavaScript alert messages that appear when all required elements in a form are not filled out. Pages with forms that have required elements now contain a few more lines of JavaScript. A big thanks goes out to Cactuz for suggesting a solution to the problem. 2003-12-23 * Implemented a simple announcement feature. Admins can enter an announcement message that will be displayed on all pages. * Added function pun_linebreaks() to functions.php. This function converts DOS/Windows style (\r\n) and MacOS style (\r) linebreaks to UNIX style (\n) linebreaks. * Implemented caching of parsed signatures in viewtopic.php which improved performance a bit. The performance gains are most noticeable in topics with many posts and topics in which few users have posted. 2003-12-22 * Added feature “Go to first new post”. The subject line of topics that have new posts since the last visit is followed by a direct link to the first new (unread) post in that topic. * Replaced the strings “First page” and “Last page” with actual page numbers in links to multipage scripts. 2003-12-21 * Renamed the column “position” in tables forums and categories. It turns out position is a reserved word in the SQL92 standard. It was causing some install problems with a certain PostgreSQL version. The column is now called disp_position. 2003-12-20 * Implemented the use of SHA-1 hashes in favor of MD5 hashes. SHA-1 hashes are more difficult to brute force and PHP has native support for them in 4.3.0 and later (or through the Mhash library). Since there is no way to “convert” an MD5 hash into an SHA-1 hash, the switch will be gradual. Whenever a users logs in through the login page or changes his/hers password, an SHA-1 hash will replace the old MD5 hash in the database and in the users' cookie. Only systems running a version of PHP higher than 4.3.0 or systems with the Mhash library installed are affected. * Fixed banned users receiving new reply notifications. * Renamed the function un_escape(). It's now called unescape(). It was bothering me :) * Fixed register script not converting multiple whitespace characters in username into one space. 2003-12-19 * Rewrote the subscription system from the ground up. Topic subscriptions are now stored in a separate table. The new subscription system only sends out one e-mail regardless of the number of new replies and users can select choose whether they want a plain text version of the reply to be included in the notification e-mail or not. * Added an error message if the forum is unable to open the language pack specified in $language from config.php. 2003-12-14 * Added an optional forth parameter $from to pun_mail(). * Increased the length of the username and topic fields to circumvent the issue with registering and posting topics in a multibyte character language in a non multibyte language forum. * Added pun_strlen() to facilitate the above. The function is identical to strlen() but detects HTML entities and counts them as one character. 2003-12-13 * Implemented an e-mail form. It is now possible to send e-mail to users through a form in the forums. The old checkbox “Hide e-mail address from other users” is gone and users can now select whether they want their e-mail address publicly viewable or not and if they want other users to be able to send them e-mail via the forum. * Administrators can now delete user avatars through their profile. 2003-12-10 * Changed the type of the avatars_size column in the options table from smallint to mediumint to accommodate avatar file sizes larger than 65535. 2003-11-19 * Changed the way quoting works. The user being quoted is now included in the tag itself (e.g. [quote=username]text[/quote]). The regular [quote] syntax remains as an alternative. * As a result of the above, usernames may no longer contain all the characters ', “ and [ or ] at once. * Updated help.php to reflect the new quote syntax. * Added “Mailer” to the language files and updated the e-mail templates and pun_mail() to reflect the changes. 2003-11-14 * Moved the location of the “Show posts by this user” search link in the profile page. Thanks to Nidhogg for the suggestion. 2003-11-12 * Added the ability to use a custom port number for external SMTP servers. Thanks to thornc for the suggestion. * Changed “Validate registration” into “Verify registration”. * Merged two queries in viewtopic.php. * Renamed PUN_DONT_UPDATE_COOKIE to PUN_QUIET_VISIT since it no longer involves the cookie. * Rewrote the visit management code again. All the data is now stored in the database. Thus, the cookie only contains the username and the password checksum. 2003-11-10 * Rewrote parts of the cookie and visit management code. The last visit timestamp is now stored in the users table in the database. The last action timestamp however, is still stored in the cookie and the database is only updated when a user times out. UPDATE: This is no longer valid. See above. 2003-11-07 * Changed the CGI submission method in the search form from POST to GET. Using GET prevents having to re-submit when going back to the search results page after having looked at a topic or post from the result. Another advantage is that you can now build search URL's that may contain all possible search variables (i.e. sort_by, show_as etc.). Thanks to pettan for the suggestion. 2003-11-06 * PHP scripts can now be included from the templates using the pun_include tag. E.g. <pun_include “somefile.php”> to include the file somefile.php from the forum root directory. Special attention should be put into making sure no variable name collisions occur when including a foreign script into PunBB. * Added switch “Show avatars” to user profiles. This checkbox sets whether avatars will be displayed in posts or not. 2003-11-05 * Added ability to mass move/delete/open/close topics and mass delete posts. 2003-10-27 * Removed the admin/mod only attribute from categories since it was more or less useless. A category containing only admin/mod only forums will not be displayed for a user without privileges. * Fixed IP ban check. Thanks to henning for the elegant solution. Reported by KOJV. 2003-10-24 * Fixed the infamous “Unable to delete search results” bug. Thanks to gduncan and Tuna for helping me track this down! 2003-10-11 * Added ?> to the end of the auto generated config.php in the install script. PHP doesn't require it, but some people have been asking about it. 2003-09-26 * Fixed ranks being used regardless of setting in admin/options. Reported by sphr. * Added links to multiple pages in search when displaying a multipage topic (like in viewforum.php). 2003-09-21 * Added a check for upgrade feature to admin_index.php. It reads a file on using fopen() and thus requires allow_url_fopen to be enabled. * Rewrote userlist.php and removed the alphabet quick links as they were causing problems with certain languages. Replaced the quick links with viewing options (user group, sort by and sort direction). * Removed the PHP Accelerator info in footer.php when debug was enabled. * Fixed report handling in admin interface showing nothing when the forum, topic, post, reporter or zapper was deleted. * When quoting a message img-tags are automatically converted to regular links. This prevents topics being flooded with multiple displays of the same image. Thanks to Mental for the suggestion! 2003-09-20 * Added a new debug level called PUN_SHOW_QUERIES. When enabled, PunBB will display all queries executed in the script. PUN_SHOW_QUERIES should never be enabled in a production environment, but it's good tool for developers. 2003-09-15 * Fixed signature BBCode not being “lowercased” in profile.php. * Fixed moderator username not being removed from the forum moderator list when he/she is deleted. 2003-09-08 * Fixed admin_forums.php not using pun_htmlspecialchars(). 2003-09-07 * Fixed not being logged out correctly when wrong username and/or password in cookie. 2003-09-01 * Moved “Edited by” text into the message table cell. Added .punedited to the CSS files. * Fixed a problem with timezones. Sometimes the date would incorrectly say “Yesterday” when it should be “Today”. Reported by fly. * Added .puntitle to the CSS files. The class is used for the forum title. Thanks ps21 for the suggestion! * Fixed missing translation for BBCode, [img] tag and Smilies. Reported by Farch. * Made the admin index page first attempt to fetch UNIX load averages directly from /proc/loadavg instead of through the uptime program. 2003-08-29 * Made it possible to add administrators to the moderator list for forums. 2003-08-26 * Added sorting options to user list. * Fixed the tabindex order in admin/forums. Reported by RNilsson. 2003-08-25 * Changed the markers for template substitution variables from { and } to < and >. This way, if a variable is not substituted, it will simply be ignored. * Remove the option to enable/disable HTML in posts and signatures. All content the PunBB outputs is now HTML encoded. * Added MSN Messenger to user profiles. 2003-08-24 * Upgraded the admin interface for bans. It's a lot more flexible now. * Added “ban message”. Administrators and moderators can now enter a message that will be displayed to the banned user. * “One ban” can now include several IP addresses (or partial addresses). * Fixed quickpost not showing up for admins and moderators when “Users may post replies” was disabled. * Fixed a few small quirks and typos. Reported by Psionicist. 2003-08-23 * Admins can no longer be banned. If an admin, for some reason, wants to ban another admin, he/she must first demote that admin to moderator or user. * Replaced calls to strcmp() with the faster standard operator ==. * Removed all calls to ereg() so that PunBB now only uses PCRE regular expressions. * Defined constants for the commonly used user status levels and edited all scripts that rely on them. The defines are PUN_INACTIVE = -1, PUN_USER = 0, PUN_MOD = 1 and PUN_ADMIN = 2. 2003-08-22 * Fixed maxlength for category name form element being set too low. Reported by Psionicist. * Added chmod code (supplied by Gribber) to the avatar uploading section of profile.php. PunBB now attempts to chmod uploaded avatars to 644. 2003-08-21 * Fixed last post not being set for the first user when installing. Reported by Gribber. * Split up common.php into two scripts - common.php and functions.php. 2003-08-20 * Removed unused javascript from viewtopic when browsing as guest with quickpost enabled. * Fixed usernames starting with a lowercase letter not showing up in userlist when using PostgreSQL. 2003-08-19 * Added LOW_PRIORITY to the SQL update query for incrementing topic views at the end of viewtopic.php. The change only affects MySQL. 2003-08-17 * The help script now automatically generates the listing of the currently installed smilies. 2003-08-12 * Created templates for all e-mails that are sent to users by the forum. Translating these template files will be much easier than messing with the language files. Several lines have been removed from the language files because of this. * Fixed some e-mail header problems with SMTP servers not following RFC. 2003-08-10 * Doodled with the language packs a bit and was able to remove three rows from the common language file. 2003-08-09 * Added $pun_root to all scripts. $pun_root is the path to the forum root directory. It is used in all calls to require, fopen(), file_exists() etc. Using this path everywhere greatly simplifies incorporating PunBB into a website. It's just a matter of defining the root path and then including $pun_root.'include/common.php'. * The file config.php is now included from common.php instead of in every single script. ===== 1.0.1 (2003-08-19) ===== 2003-08-19 * Fixed a possible cross site scripting issue involving the img tag and client side scripting. The vulnerability was discovered by frog-m@n from Thank you very much! * Fixed moderator username not being updated in the forum moderator list when he/she changes his/hers username (thanks Magoo!). * Replaced all calls to htmlspecialchars() with pun_htmlspecialchars(). The function is identical to the PHP version but doesn't translate &#xxxx style entities. This way a lot of non ISO-8859-1 charsets will still be viewable regardless of the Content-Type meta tag. * Implemented workaround for searching in multibyte character text. I'm not 100% sure it works, but it should at least work better than before. * Added operating system to the admin index page statistics. 2003-08-17 * Added named anchors to the different help sections in help.php. Links to the help document from other scripts now point directly to the section of interest. Thanks to Frank H for the suggestion! 2003-08-13 * Removed the language choice from the install script. PunBB will be distributed with the english language pack only. Other languages will have to be downloaded from the website. 2003-08-10 * Fixed typo in swedish language file for delete.php (thanks Grillcliff!). 2003-08-07 * Fixed error on admin index page when using “exotic” characters in the database name. ===== 1.0 (2003-08-07) ===== 2003-08-05 * Added text encoding and LTR/RTL-orientation to the language packs in preparation for supporting more languages. The template files have been updated slightly because of this. * Changed a few things in commondb.php and the two DBLayer classes. PunBB now prints out a little more info when a connection to MySQL fails for some reason. 2003-08-04 * Removed classes A:link.ul and TD.punheadright from the styles. They were unused. 2003-08-03 * Made a HTML page out of include/INSTALL. * Fixed logout and “Mark all forums as read” not working in Opera. 2003-07-31 * Fixed “Rebuild search index” not indexing topic subjects. 2003-07-30 * Changed the behaviour of “Show new posts since last visit”, “Show unanswered posts” and “Show posts by this user”. These searches are now sorted by last post and not the topic creation time. * Re-added timezone to the register form. 2003-07-28 * Fixed typo in common.php (thanks Frank H!). * Added categories to the forum listing in profile.php when adding a user to the moderator list of a forum (thanks Cactuz!). 2003-07-16 * Updated install script to work with PostgreSQL 7.3. * Fixed a broken link in moderate.php when editing subscribers for a topic (thanks Frank H!). * Fixed a bug with singlequotes in hyperlink descriptions when using [url=link]description[/url] (thanks Frank H!). 2003-06-29 * Added a language selection box to the install script (thanks Cactuz!). 2003-06-20 * Fixed rules display bug in register.php (thanks Nidhogg!). 2003-06-19 * When logging out, users are now redirected to index.php regardless of the referring page (thanks majk!). * Moved some code around in admin/users to avoid problems when using “home made” code in header.php (thanks pettan!). * Fixed a bug which made it impossible to request a new password when guests aren't allowed to read the forum. 2003-06-17 * Prettied up some code in index.php a bit. 2003-06-14 * Removed the underscore character from all CSS identifiers in the styles. It's a long story :) 2003-06-11 * Fixed users being assigned the style Oxygen regardless of the default style set in admin/options. * Changed the behaviour of “Show images”. Avatars are now displayed even if the option is disabled. * Moved around some stuff in the language files for profile.php and register.php. * Entering a DB username and password when installing is no longer required. * Added the ability to search in “Topic subject only”. Thanks to xeN for suggestion! 2003-05-25 * Fixed typo in admin_bans.php (thanks Bengt!). 2003-05-19 * Fixed typo in swedish language file for register.php (thanks Piggymon!). * Fixed a few CSS errors. Removed style=“width: *” in a few tags and added escape character in front of underscore in all the css files. 2003-05-17 * Added an option to not update a visitors cookie in check_cookie(). Just define PUN_DONT_UPDATE_COOKIE before including common.php if you don't want PunBB to update the cookie. This can be practical if you want to fetch information about the current visitor ($cookie and $cur_user) but you don't want to affect his/hers new post indicators in the forums. 2003-05-13 * Fixed typo in admin/ranks (thanks xeN!). 2003-05-08 * Fixed subject in report e-mails. 2003-05-04 * Removed redundant call to srand() in function random_pass(). Seeding the random number generator is no longer necessary (since PHP 4.2.0). 2003-04-29 * Fixed forums and categories being incorrectly grouped (in various places) when the same position was set for multiple forums and/or categories (thanks Dhanjel!). 2003-04-23 * Fixed admin/mod only forums showing up the “Jump to” drop list in the footer of viewtopic.php (thanks Gardell!). 2003-04-21 * Fixed typo in help.php. It said :roll: and not :rolleyes: (thanks rontaronny!). 2003-04-10 * Moderators are no longer allowed to change the password for other moderators and administrators (thanks majk!). ===== 1.0 rc2 (2003-04-08) ===== 2003-04-08 * Added much better error checking in avatar upload. The forum now produces more informative error messages when an upload failes. * “Use avatar” is now enabled when uploading an avatar. 2003-04-07 * Added two new styles (Lithium and Sulfur). * Changed the naming scheme for the styles. Instead of 'Light and Blue', 'Dark and Yellow' etc, they are now named after the natural elements (from the periodic table). Oxygen is the new default style (used to be 'Light and Blue'). * Changed the look of quote and code boxes a little. They now have dashed borders which help set them apart from other tables in the layout. I think it looks really neat. 2003-04-05 * Clarified the error message 'Bad referer' a bit since a lot of people were having problems with the new referer check. The error message now proposes a solution to the problem. 2003-04-02 * Fixed report e-mails not being sent out (thanks Hellsis!). 2003-03-28 * Fixed Javascript error in admin/bans (thanks Markus Ålind!). 2003-03-20 * Removed automatic conversion of \n to <br> in rules. 2003-03-19 * Removed redundant array element in cookie set by “mark all as read”. 2003-03-18 * Fixed sort by posts not working in admin/users (thanks Theo Wribe!). * Fixed go back link in “Forget password” when entering an incorrect e-mail address. 2003-03-14 * Fixed “jump to” not working when just clicking on go button without changing forum. * Fixed first available rank being displayed regardless of post count. 2003-03-13 * Made turn_off_maintenance_mode.php actually turn off maintenance mode. ===== 1.0 rc1 (2003-03-10) ===== 2003-03-09 * Fixed a sorting/grouping bug in search. The results were presented wrong when sorting/grouping by author. * Added a hidden username field to message posting forms. It's another XSS precaution. 2003-03-08 * Added referer check to all admin/moderator functions. “Fooling” an admin/moderator into performing a specific action using XSS should now be much more difficult (if not impossible). Thanks to Samuel Lidén Borell for reporting this. 2003-03-07 * Added note to the change e-mail message that you have to be logged in in order for the activation link to work (thanks CodeDuck!). 2003-03-05 * Fixed typo in english help language file (thanks Denniz Pop!). 2003-02-27 * Added missing htmlspecialchars() to website display in viewtopic and profile (thanks max_w!). 2003-02-24 * Fixed not being able to move forums to empty categories (thanks Sim!). 2003-02-17 * Implemented a post report handling system. This system is meant to ease the rather tedious task of processing post reports. There is a new option in admin/options that sets how reports should be distributed: 1. Through the new report system. 2. By e-mail to the admin mailing list. 3. Both. * The report system has replaced what was once “alerts”. Alerts are instead e-mailed to the recipients on the admin mailing list. 2003-02-15 * Added webmaster_email. This address is the “From: address” in all e-mails that are sent from the forum. The default value for this field is the value of admin_email. * Replaced all occurrences of echo with print. print is simpler and should be a tiny bit faster. 2003-02-12 * Changed the text representation of the rolleyes smiley from :roll: to :rolleyes: 2003-02-11 * Added a second paramater to message() to supress the “back link”. This is useful sometimes (thanks max_w!). * Rewrote some of the admin scripts. Some of the code in there was just plain ugly! * Changed the way moderators are handled in light of the changelog entry below. Adding a moderator to a forum is now done in the user administration controls in the moderators profile. The way in which this information is stored in the database has also changed. * Closed a potential security hole where a moderator, under special circumstances, can gain moderator access to forums in which he/she isn't a moderator. Please note that the user must have moderator status to do this. Credits go out to _3fps for locating this bug. 2003-02-09 * Extended the template support a bit. There are now three different templates located in include/template/. The old “template.pun” has changed into “main.tpl” and now has a few more variables for improved visual configurability. “maintenance.tpl” is the template for the maintenance message page and “redirect.tpl” is the template for redirect pages. 2003-02-08 * Finished a massive code run-through. The indent style has changed from my own (old) style into the well-known “Allman style” (a.k.a. BSD-style). The function and variable naming schema has also changed to fit the standards of PHP more closely. A few small bugs and inconsistencies were fixed during this run-through. I'm beginning to feel more comfortable with the code base now. 2003-02-05 * Removed “phone home” feature from the install script. * “Show unanswered posts”, “Show your posts” and “Mark all forums as read” are now displayed instead of the “forum jump” on search result pages. * Fixed file uploads in PHP 4.3.0. The problem was that $_REQUEST no longer contains the elements in $_FILES. Don't ask me why I relied on $_REQUEST in the first place. Thanks Muggen for helping me track this down! 2003-02-04 * Fixed users being unsubscribed from a topic when subscribing multiple times. 2003-02-03 * <img> tags for smilies now have the alt attribute set to the smiley in question. 2003-02-02 * Changed index.php so that it doesn't convert \n to <br> in forum descriptions. 2003-01-31 * Added missing links to help.php in edit dialog (thanks Gardell!). 2003-01-27 * Fixed bug in admin/categories which caused forums to be “left over” in the database when a category was deleted (thanks _3fps!). 2003-01-23 * Fixed admin/categories so that only the controls for adding a new category are displayed if there are no categories to edit/delete. 2003-01-21 * Changed the password text box for “SMTP password” back to a regular plaintext box as it was causing some odd behaviour with certain browsers “remember password feature”. 2003-01-18 * Fixed install.php so that it looks like the rest of Pun. 2003-01-17 * Moved loading of DB abstraction layer and connect stuff into it's own file include/dblayer/commondb.php. * PunTags are from now on called BBCode for reasons I would rather not discuss here :-) * Cache-Control, Expires and Last-Modified headers are now sent for every page (header.php). This should fix most (if not all) caching problems with Opera. 2003-01-13 * Fixed typo in se_topic.php (thanks Henke!). 2003-01-12 * Removed the very thourough “consistency check” on GIF-files in profile.php. Width and height of avatars are now fetched with getimagesize() and the HTML properties for <img> are set whenever an avatar is displayed. Opera still screws up the layout with “hacked GIF's”, but I guess you can't win 'em all! * Fixed problem with file_exists() in index.php (thanks Cactuz!). * Fixed typo in admin_titles.php (thanks Henke!). 2003-01-11 * Changed so that the forum title is a link in search.php. 2003-01-10 * Fixed submit buttons beeing disabled when going back to a page with a form that was just submitted. This only affected Opera and it is avoided by simply checking the user agent string for 'Opera' and if so, don't disable any submit buttons. Crude, but probably rather effective. 2003-01-06 * Simplified the registration form a lot. A user now fills in username, password and e-mail (depending on validate registrations setting). There are also two checkboxes (hide e-mail and save username and password). * Moved buildCensorWords() into censorWords(). Similar to what was done to ranks and banlist yesterday. It's prettier. * Made validation of guest username more robust. It now checks for censor words as well. * Removed some left over entries in the post language file. 2003-01-05 * Added admin note and title to the search fields in admin_users.php. * Removed functions buildBannedusers() and buildTitles(). See below. * Improved getTitle() a lot. The functionality of buildBannedusers() and buildTitles() is now built into getTitle(). This makes the code much prettier. This inadvertently fixed a bug later reported by kotten (thanks!) where a user would be displayed as Administrator even though he/she is a Moderator. * Added user editable titles. The administrator can set whether users should be allowed to edit their titles or not (admin/permissions). If a user has a title that title will be displayed instead of any rank or “default title” such as Member or Banned. * What was once called “Titles” is now called “Ranks”. See above :-) * Fixed typo in admin_users.php. * Merged the four fields for password and e-mail activation in the users table into two fields. * Moved language entry 'Username censor' from the langprofreg language file into the register language file (it's not used in profile.php). * Removed entries 'Pass key expired' and 'E-mail key expired' from language files. 2003-01-03 * Fixed typo in swedish translation (thanks kotten!). ===== 1.0 beta 3 (2003-01-03) ===== 2003-01-02 * Fixed online list looking ugly when there are many users online. 2003-01-01 * Moved version number from config.php into the database. * Finished the new search code. Pun no longer relies on fulltext indexing support in the database. The search code is heavily inspired by the search code in phpBB2 ( 2002-12-29 * Finished update script from Beta 2 to Beta 3. * Fixed tabbing order in post.php. 2002-12-28 * Changed the plaintext box for “SMTP password” to a password text box (thanks grunkan!). 2002-12-20 * Fixed admin/mod-only forums being visible for regular users. * Added some nice defines to a few of the include files. These defines are used in some parts of the code to check whether the file has been included or not. 2002-12-15 * Improved PunTags parsing code. If the quote depth level is too high in a message, Pun will automatically strip out the inner most quote(s). * Moved code for determining user title into a function (common.php). Not validated users are now displayed as regular users since this seems to be common practice in other forums. 2002-12-14 * Fixed username not being updated in posts, topics and forums if an admin changed the username and only changed the capitalization. 2002-12-13 * Improved PunTags parser a bit. There should be a small speed improvement. * Long URL's are now truncated to avoid messing up page layout. 2002-12-12 * Improved layout and performance of parser.php a bit. * Fixed page title when viewing profile. * Added user group to search parameters in Admin/Users. * Added expire date to bans. If set, a ban will automatically expire at the specified date. 2002-12-09 * Database size in Admin/Index is now displayed in megabytes if size is one megabyte or more. 2002-12-06 * Fixed quote link being visible for guests in closed forums (thanks louie!). 2002-12-04 * Fixed new message indicators appearing as broken images when the current users style has been deleted (thanks doffen!). 2002-11-25 * Fixed Mozilla nowrap “issue” in viewtopic.php (thanks KD!). 2002-11-18 * Added a check in install.php to see if the default avatar directory is writable by PHP. If not, a warning message is displayed. * Finished a rewrite of much of the HTML generated by Pun. CSS is used more extensively and therefore the style format has changed a bit. * Increased the size of the title and description fields. It is now possible to use HTML to display an image instead of the title or description text. 2002-11-08 * The table “online” is now a HEAP-table (only in MySQL). This should improve the performance of the online list a little. * Added word 'Never' to language files (thanks tuna!). 2002-11-06 * Fixed register.php not working when magic_quotes_gpc was turned off in php.ini (thanks Virrdo!). 2002-11-05 * Added censoring to signature preview in profile.php. * Fixed moderators not being able to post, edit or delete posts in admin/moderator only forums (thanks Cod!). If you want a moderator to be allowed to edit and delete other peoples posts in admin/mod only forums you still have to add them to the moderators column in admin/forums. I kept it this way because sometimes you may not want moderators editing and deleting each others posts in a admin/mod only forum. 2002-11-04 * Fixed avatar size setting having no effect when uploading. * Moved calls to mail() and smtpMail() to a generic method punMail(). * Added help.php (and appropriate links to it from other scripts) which contains information about PunTags and smilies (thanks Denniz PoP for help with some writing!). 2002-11-02 * Added a rolleyes smiley. The text representation is :roll: * Cleaned up the smilies code a bit. Adding new smilies is now much easier for someone not familiar with regular expressions. 2002-10-30 * Added option to show/hide post counts from regular users. * Fixed SQL error in userlist.php when using PostgreSQL. * Changed POST validation and database insertion code in admin_options.php and admin_permissions.php. It's much prettier now. * Added a PHP version check to install.php (4.1.0+ required). * Added a PHP replacement for array_chunk() that first appeared in PHP 4.2.0. * Fixed users not being validated directly after being logged in automatically (only when validate registrations is off). This caused some odd side-effects like the newly registered user appering as an administrator in viewtopic.php even though he/she didn't have admin access. 2002-10-28 * Fixed delete.php not deleting all posts in a topic when the topic itself is deleted. 2002-10-27 * Tuned PostgreSQL support a bit by disabling autocommit. Pun now executes BEGIN/COMMIT/ROLLBACK manually for some operations (i.e. posting, deleting, pruning etc). 2002-10-26 * Optimized viewforum.php. The number of queries when “userhaspostedearlier” is enabled is now around 10 instead of 9+topic count. The script should be much faster (especially on servers with high database connection overhead). 2002-10-24 * Added initial PostgreSQL support. 2002-10-22 * Fixed swedish spelling of User list. 2002-10-20 * Fixed page titles in admin (thanks Denniz PoP). 2002-10-18 * Made some minor adjustments to the database structure (mostly changed the size of some integers). * Replaced all enum('yes','no') with tinyint in preparation for PostgreSQL. * Created an update script for updating from beta 1a to beta 2. 2002-10-14 * Fixed smilies in signatures appearing as disabled regardless of the actual setting (thanks Denniz PoP). * Fixed user post count resetting when a moderator updates a profile (thanks Denniz PoP and other users reporting this). 2002-10-13 * Fixed guests post not being visible. * Fixed guests not being able to post. ===== 1.0 beta 2 (2002-10-13) ===== 2002-10-12 * Lowered the number of queries executed on every page. * Added a simple template that makes it possible to embed Pun in any website design. The template is located in the include subdirectory. 2002-10-10 * Finished a massive rewrite of all scripts. Topics and posts are now stored in separate tables. * Added language files. Translating Pun should now be very easy. 2002-09-23 * Fixed a bug where the links “Post reply” and “Post new topic” could be visible even though the current user didn't have permission. * Admins and mods can now post with subjects and messages in all caps regardless of the settings for “All caps message” and “All caps subject”. 2002-09-22 * Rewrote the PunTag parsing code more or less from the ground up. Text is now checked for correct PunTag syntax much more thouroughly. Also, text within code tags is not touched, so users can type just about anything in code tags and the forum will not mess with the formatting. The parsing code is a bit faster now as well. 2002-09-18 * Made a function for generating titles and banned usernames arrays. 2002-09-17 * Changed syntax for all table inserts into categories, forums, topics, posts and users to explicitly specify columns for insertion. This way admins can add their own columns to these tables without getting SQL errors when Pun inserts rows. * Made userlist.php multipage and added “All users” as a search criteria. * Created a function called paginate() that creates the numbered links at the bottom of multipage scripts. It's much prettier this way. 2002-09-14 * If a date is today or yesterday it will be displayed as Today or Yesterday. 2002-09-11 * Added a link to “Show more users for this IP” to the host name lookup function in moderate.php. * Removed the options to show/hide signature on a post per post basis. 2002-07-20 * Added “User has posted earlier” and “User titels” to admin_options. 2002-07-19 * Changing a username now updates all posts by that user to reflect the change (the column poster in the table posts). * Removed a lot of queries in viewtopic.php. In beta 1 the forum ran one query per post to get the user data. Now the user data is retrieved in a join. * Merged two queries in index.php to speed things up a bit. 2002-07-18 * Renamed viewthread.php to viewtopic.php. * Added IP search to admin_users. * Fixed a possible harmless exploit where a malicious user could change the subject of a topic. * The subject of ghost topics is now updated as well when an admin or moderator changes the subject of a moved topic. 2002-07-17 * Added the columns topics and posts to the forums table. This way index.php is way much faster since I won't have to fetch the topic/post count for every forum. * Started adding support for different databases by encapsulating all db functionality in classes. For now it only works with MySQL, but PostgreSQL support shouldn't be to far away now. * Finished a quite tiresome run-through of the code. The code should be more uniform now. I fixed a number of small bugs as well. * Fixed delete.php decrementing post count for topic by two (thanks TwaN). 2002-07-12 * Made sure parser.php and email.php are included when needed only. * The links that appear below the navigator in the admin interface are now generated in separate functions (adminMenu and moderatorMenu) in a new script called include/commonadmin.php. * Did a code run-through of the admin scripts and made some minor changes. I was, for instance, running the exact same query four (!) times in admin_forums (duh!). * The title of banned users is now “Banned”. 2002-07-11 * Added “Update all” to admin_forums (thanks Menion). * Fixed typo in admin_permissions (thanks TwaN). 2002-07-08 * Generation time and some other debug info in the footer is only displayed when DEBUG is defined. * Improved the error() function to report more sane error messages. It's output depends on wheter DEBUG is defined or not. * Replaced a lot of string comparisons using == with the binary safe functions strcmp() and strcasecmp(). * Fixed delete.php not decrementing reply count in thread (thanks TwaN). * Fixed search.php displaying ghost threads. * Redirect ghost threads are no longer tagged as containing new messages. * Fixed guests not being able to post (thanks damme). * Fixed the annoying grammatical errors (i.e. “1 guests”) in the statistics in index.php. 2002-07-06 * Added option to allow install.php to send hostname/pun version to Thanks to tunah of sublime for the log daemon! * Fixed a stylesheet issue in install.php due to the addition of default style. * Moved the call to ob_start() to include/common.php. * Added check to make sure the zlib extension is loaded before calling ob_start( 'ob_gzhandler' ). * Fixed not entering a position value in admin_options giving an error (thanks caps). * Fixed “Show new posts since last visit” och “Mark all forums as read” not pointing to / (thanks caps). * The link to Pun in footer.php no longer points to # (thanks Psionicist). 2002-07-05 * Added “default style”. * Fixed javascript error and bad query in admin_titles.php (thanks caps). ===== 1.0 beta 1a (2002-07-05) ===== 2002-07-04 * The installation script now adds the default titles 'New member' and 'Member'. * Fixed broken link to new message icon in search.php. * Logging out when in the admin interface now redirects to index.php (thanks gribber). * Fixed thread report (thanks cykze). * Changed the default install to have validate registrations and subscriptions disabled. * Fixed not being able to register with “Open links in new window” disabled. * Fixed “Table 'pun.forums' doesn't exist” in message() (thanks cykze and gribber). * Changed the error reporting level to not report undefined variables. * Removed queries with OPTIMIZE TABLE in some of the admin scripts. It was taking frikken forever. * Fixed “Edit subscribers” (thanks thrawn). * Fixed a bunch of broken links in post.php, edit.php, misc.php and moderate.php (thanks Thomas). * Fixed a bunch of broken links in all the admin files (thanks thrawn). * Fixed profile.php not displaying the correct max width, height and size when uploading files (thanks Thomas). * Fixed a typo in admin_options (thanks cykze). ===== 1.0 beta 1 (2002-07-04) ===== 2002-07-03 * Added copyright notice and GPL copying permission statement to all files. * Converted all images from gif to png. * Created the install script. Preparing for first public beta release. * Added the option pconnect (true/false) to config.php. This option sets whether Pun should connects to MySQL through persistent connections or not. See for more information on persistent database connections. * When “show images” is turned off avatars now appear as a link to the image. 2002-07-02 * Added option “show images” to profile. When this options is disabled the forum will not display any images at all (avatars, smilies, img-tag etc). * Added option “show signatures” to profile. * Admins and moderators can now change usernames. 2002-07-01 * A small point/dot now appears in front of a topic if the currently logged in user has made any posts in that thread. * Added “The newest registered user” to index.php. 2002-06-29 * Updated the GIF size check again! 2002-06-28 * Updated the GIF size check (thanks again cykze). * Fixed the cookie code at last. I truly believe it should be working correctly now. 2002-06-25 * Added a link to the last post in index.php and viewforum.php. * Removed the “post icons” all together. A specific icon will instead be displayed in the old post icons place whenever a thread contains new posts since the last visit (similar to index.php). * Decreased the maximum subject size from 100 to 70 characters. 2002-06-23 * Changed a lot of if-else's to use the ternary operator instead. * Moved some commonly performed operations (like getting current user info and updating the online list) into common.php. 2002-06-22 * Split up common.php into three files. It was growing out of control so I moved it to a new directory called include and split it up into three different files. This was less code is parsed in scripts that don't need all the functions that were defined i common.php. * Fixed a bug where the forum would sometimes attempt to send a subscription e-mail even though there weren't any subscribed users. * Moved some stuff from options to permissions. * Added the ability to use an external SMTP server instead of the local mail program. 2002-06-21 * Added two new permission parameters: userpostreply and userposttopic. 2002-06-20 * Added the function unEscape() to complement escape(). It does the “opposite” of what escape() does - it strips slashes from a string if magic_quotes_gpc is enabled. * Added a prefix to table names. This will allow an administrator to run multiple copies of Pun in one database. It's configurable in config.php. * Changed the name of the table 'messages' to 'posts'. * “Title / Forum / Subject” is now displayed in post.php as well. If it's a new topic Subject will not be displayed. * Added a new section to index.php that displays permission info. It looks a lot better now. * Fixed a serious diplay bug appearing in some messages due to some stupid regex. 2002-06-19 * Added two new options to the admin interface: “Allow banned e-mail addresses” and “Allow duplicate e-mail addresses”. If these are disabled alerts will be posted when a users registers with/changes to an e-mail that is eighter banned or “already taken”. * Implemented a more thorough check of uploaded gif files. Thanks to cykze for the validation function! * Made some changes to search.php which not only makes the code a little prettier but should also speed up the search feature to some degree. * The website URL displayed in viewthread.php and profile.php now opens in a new window (thanks DjDuck). * Changed the look of the administration features of profile.php a bit. The admin controls are now in a separate table. * Added a javascript that disables the submit button so that users can't click the submit button like crazy and spam/send multiple forms. 2002-06-18 * Removed “Reset form” in post.php and profile.php. Nobody uses it anyway. * Simplified the report thread URL a bit. * Switched the order of the Quote/Edit/Delete/Report links in viewthread.php. Some users were reporting instead of quoting (thanks Timpa). * Users Online is now alphabetically ordered when displayed in index.php. * Fixed a bug in profile.php where it was impossible to change password (thanks GrillCliff). * Added “Find more users for this IP” in admin_users.php. * Added a link to the admin e-mail in the “You are banned” message. * Fixed a bug in profile.php where a malicious user could change his post count by submitting it through POST. * Removed some unused classes from the style sheets. 2002-06-17 * Made a function for validating e-mail addresses. It was a very common check. * Added a “Jump to” drop down box to the footer. 2002-06-16 * Switched to relative URL's in every hyperlink and form. * Fixed a bug in userlist.php and admin_user.php where a username containing html entities would be displayed incorrectly (thanks CodeDuck). * Made massive changes to every script so that Pun now works with register_globals turned off. During this rewrite I believe I fixed quite a few possible security holes and some minor bugs. Only time will tell! Pun now requires the existence of the new always global arrays $_GET, $_POST, $_COOKIE and $_REQUEST introduced in PHP 4.1.0. This effectively breakes Pun on any PHP version prior to that. It's a sacrifice I felt I had to make as I was gazing through the ~340 KB's of source code that I was about to tackle. 2002-06-13 * Fixed a bug when searching for a post/thread that was moved. 2002-06-08 * Added avatar support. * Subscription e-mails now contain a link to the new post directly and not just to the thread. * Fixed a bunch of bugs that appeared when magic_quotes_gpc was disabled in php.ini. * Used mysql_fetch_assoc() instead of mysql_fetch_array() in a lot of places. mysql_fetch_array() by default returns an array with both associative indices and number indices. * Changed a lot of array iterations to use the each() construct instead of foreach(). each() does not operate on a copy of the array and should therefore be a little bit faster. * Added administrator editable user titles. 2002-06-07 * Added “Show all messages posted by this user”. * Added “Show new posts since last visit”. * Fixed a display bug in viewthread.php. 2002-06-05 * Moved a few functions from misc.php to moderate.php and vice versa. * Fixed a bug in register.php (thanks CCWarlock). 2002-06-04 * Users now have a 30 character field called admin note which is only visible and changeable by moderators and admins. * Fixed a bug in viewthread.php when linking directly to posts with pid. * Added IP statistics for specific users in admin. Shows a list of all known IP addresses for a user with times found and last used for each separate address. * Added a whole new section to the administration interface where admins and moderators can search the user database (with wildcards) in all user profile fields. 2002-06-03 * The forum no longer displays the misleading 1970-01-01 01:00:00 in NULL date and time columns. 2002-06-02 * Added option to not prune sticky threads in admin/prune. * Added check to see if a new username contains any PunTags. This is not allowed. * Added censoring to lots of other stuff (usernames, topics etc.) * Users can now change their e-mail address directly in the profile if validateregs is disabled. 2002-05-29 * Added censor words with wildcards. * Removed autolinks. * Fixed a number of stupid regex patterns. * Usernames may now contain the characters [ and ]. * Added “option style” syntax for the email PunTag. It now works just like the URL PunTag. * Removed the automatic creation of clickable links for e-mail addresses. 2002-05-28 * Removed the center PunTag. It's just plain ugly. * Direct links to specific posts can now be created by adding pid=postid#postid to the end of viewthread.php. * Thread reports are now sent out the addresses in the mailing list mentioned below. Alerts are no longer added for thread reports. * Added a mailing list to the administration interface. Addresses in this list will recieve thread reports and other e-mails sent out by other moderators and administrators sent from the admin interface. * Finally added validation of new e-mail addresses. When a user wants to change his/her e-mail address a message is sent to the new address with an activation link that the user must click to update his profile. This way using a fake e-mail addresses is virtually impossible. * Subscription e-mails now contain the correct unsubscription URL (thanks sphr). 2002-05-04 * Fixed a PunTags parsing bug. * Added “Mark all forums as read”. 2002-04-25 * Fixed a bug where moderators weren't able to read threads in admin/moderators only forums. * Removed a possible security threat (thanks Bengt). * Removed “hot threads”. It's a useless feature. 2002-04-21 * Fixed more bugs with escaped characters in forms. 2002-04-14 * Fixed a bug where the “Use smilies by default”-setting would be ignored if the message was posted through quickpost. * The report thread link is now visible to all logged in users (including admins and moderators). Perhaps a moderator wants to report a thread to get the attention of the other moderators. * Fixed a few bugs with escaped characters in forms. * Streamlined the database structure a bit. I was using unnecessarily large integer columns in a few places. 2002-04-13 * Added reverse DNS lookup of IP addresses as a feature for admins and moderators in misc.php. The IP shown in messages is now a link to show the hostname. * Added global or forum specific pruning. It was only global before. * Fixed a bug in profile.php when logging in directly after activating a new password. 2002-04-10 * “Orphaned ghost threads” left behind after a thread has been moved to a different forum are now deleted when deleting a complete forum or category. * Replaced all short-form PHP tags <? with long style tags <?php. 2002-04-09 * Forum can now be set to not accept new registrations. * Admins and moderators can now view/edit thread subscribers. * Users now have to enter a reason when reporting threads/messages. * Added a link to the rules in the navigator (if rules are enabled). * Users can now set whether they want to use smilies or not by default. * Fixed a bug where the lastpost and lastposter would be incorrectly updated for a forum when deleting a post (thanks gribber). 2002-04-08 * Implemented “sticky” threads. * Fixed a bug where PunTags in signatures weren't being parsed for validity. * Added “Forgotten your password?”. 2002-04-06 * Quickpost is now available to admins and moderators in closed threads. 2002-04-05 * Fixed the search feature so that it no longer returns duplicate threads when a searchword is found in both the topic message and in one or more of it's replies. 2002-03-05 * Fixed a cookie bug when changing password in profile.php. 2002-03-02 * Rewrote large parts of edit.php and delete.php to ensure better security. 2002-03-01 * Replaced all doublequotes in arrays with singlequotes in the code. This was just something I wanted to do to make the code look better and more uniform. * Fixed a small cookie bug. * Changed functions.php to common.php and moved some operations that were being executed at the top of every file to common.php. This file is included in all other files. * Deleting a user now requires confirmation. * Fixed a few possible security issues in profile.php. 2002-02-28 * Administrators and moderators can't administrate themselves anymore. I realized this was a good idea after deleting myself several times by mistake. * After posting or editing a message users are now forwarded directly to the post and not just the first page of the thread. * Changed the way message reporting works. Now users report individual messages instead of threads. In admin_alert.php there will be a direct link to the post. * Added a check when posting so a messages doesn't have a closing quote, code or color tag before the opening tag. * Removed the ability to include JavaScript and about-links in messages. 2002-02-27 * Fixed a bug where an autolink could mess up an e-mail address. * If more than one e-mail address duplicate is found during registration the alert now shows all addresses. * Fixed a number of display errors in Opera. 2002-02-26 * Implemented a theme system. It's purely style sheet based. Therefore it should be very easy to create new themes. 2002-02-25 * Changed the way the message is displayed when board is in maintenance mode. * Fixed a stupid bug in post.php where users would be subscribed to the thread whether they wanted to or not. * Implemented a rather simple search engine. It doesn't handle wildcard searches and boolean operators. It uses the MySQL freetext index which requires MySQL 3.23.23 or later. * Refined multiple page handling in viewforum.php. It now works (and looks) the same as in viewthread.php. 2002-02-24 * Made “There are unread alerts” a direct link to the alerts page in admin. * Added forum rules. Administrators can enable rules that users have to read and agree to in order to register. * Finally added the thread subscription features. Users can now subscribe and, of course, unsubscribe from threads. Subscribing can be done during posting or directly from the thread view. 2002-02-23 * Fixed a bug when admins/moderators change passwords for other users. * Fixed a bug where a new thread could be posted without a subject by disabling Javascript in the browser. * Added a “special” script to prune any unvalidated users in the database. These are usually users that attempt to register with an invalid e-mail address. * Added registration validation. If enabled users will be e-mailed a random password with which they must log in with to validate their account. 2002-02-22 * Added Javascript validation to a number of forms in the admin area. * Added some Javascript that autofocuses certain form elements such as the Username element on the login page. 2002-02-21 * Merged the two different header files into one. * Merged the three different footer files into one. 2002-02-20 * I'm not sure, but I think I actually fixed the new message indicators once and for all. 2002-02-19 * Fixed a series of small “quirks” when validating GET/POST data. * Fixed a possible security issue. * Added AOL Instant Messenger handle and Yahoo! Messenger handle to user information. * Fixed a bug where valid e-mail addresses could be rejected. * Added quick post. * The user time zone now defaults to the server time zone in register.php. * Added autolinks. 2002-02-18 * Admins can now disable the automatic generation of clickable hyperlinks in messages and signatures. * The syntax of PunTags are now checked when posting so errors won't occur as often. Some errors can still occur with very “stupid” PunTag syntax. I will refine the code only if necessary. * Increased the speed of viewthread.php a little more (about 15%). * “functionalized” some common routines. * Added some real time statistics to the admin index page (load averages, database size and number of records). ===== 1.0 alpha ===== * Changed how thread review works and could therefore remove a row from the options table. * Added a “special” script to turn off maintenance mode if the admin logged out while the board was in maintenance mode. * Admins can now enter a message that is displayed when the forum is in maintenance mode. * Fixed a bug when moving a thread back to a forum from which it was once moved. * Refined the prune function (requires confirmation, update forums after prune). * Because of the above I had to change the way users change their password. * Passwords are now encrypted (md5) everywhere. * Admins can now disable “smilies”. * Admins can now disable the users online tracking to improve performance. * Improved the speed of viewthread.php by almost 50% by changing from POSIX style regex to Perl style regex. * New quote and code (looks a lot nicer now and is “smarter”). * Admins/moderators can now move threads to a different forum. * Admins/moderators can now open/close threads. * Added the ability to report threads. * Fixed a bug where the username sometimes could be written out in the wrong case in users online. * Admins can now set the maximum number of lines signatures may contain. * Fixed a plethora of small bugs. * Admins can now set the board in maintenance mode. * Fixed the “new message indicators” (i hope). * Added a userlist (alphabetical). * Added administrative features in profile.php (ban for moderators, ban/delete/switch status for admins). * Admins can now prune old messages. * Fixed a stupid bug (thanks phreak).
txpun/forum/history.txt · Last modified: 2008/12/06 13:55 (external edit)