Archive for the ‘MyBB’ Category

« Older Entries

MyBB – Database Import

Wednesday, August 6th, 2008

Ever since MyBB had a facility to create database backups, we have had questions on why there wasn’t a similar facility to import backups.  The following reasons were taken into account while designing this feature:
1) Security: Reason: If a user somehow managed to get into an administrative account with the correct permissions, they could potentially revert your forum to an earlier state, or run arbitrary SQL queries on your database. The Alternative: The use of an externally-installed database administration application reduces the chances that a malicious user can perform these actions on your database through MyBB.
2) Focus: Reason: We are developing a bulletin board system. We are focused on bringing you the features that will help run your bulletin board. Although database backup and restore are important tools, they are not used on a day-to-day basis in your forum’s administration. The backup function has more frequent use than the restore anyway. Our development resources are limited and we do not have the capacity to develop a fully-featured database administration program into the bulletin board software. The Alternative: Third-party database administration programs are specifically developed for the purpose of managing your database. Their features are more robust than what we can provide. Just like how we concentrate on BBS features, their development teams concentrate on what their product is: database administration.
3) Weight: Reason: In order to keep the MyBB package a reasonable size, we have to be conscious of what features are implemented. It is a waste of both physical and human resources to have a large package (clunky to install and update) with a steep learning curve (difficulty of usage). The Alternative: Dedicated database administration solutions have the ability to incorporate more useful administrative features because that is their focus.
4) Reliability: Reason: In the hypothetical case where an import facility is indeed incorporated into MyBB, the requirement of using it is a working version of MyBB. Let’s say you just upgraded to MyBB 1.4, but you do not like it. Your database backup is 30MB. You start restoring it via the MyBB 1.4 Admin CP, but the restore times out part way. Your database is now half MyBB 1.2.x and half MyBB 1.4.x and neither version will operate correctly. You will need to resort to a third-party database administration program anyway to complete the process of reverting. A doctor can’t heal himself if he is unconscious. The Alternative: A third-party database administration program does not depend on anything you are operating on. Even if an operation times out, this does not affect the program, you will be able to use the same program to correct the problem.

I hope this sheds some light on the rationale behind not including a database import feature.

Posted in MyBB, Programming | 1 Comment »

MyBB 1.4 Released

Sunday, August 3rd, 2008

We released MyBB 1.4 to the masses this weekend.  I wouldn’t say it’s “overdue” but it’s about time we had this release out the door.  We still haven’t managed to get the “self-fix” module working for MyBB to fix itself, so as usual support threads are pouring into the MyBB Community Forums.  Unfortunately I was caught up in school and work to do as much development as I wanted to for 1.4, but the other developers did a great job recoding the entire Admin CP, and all the other things.

Hope you enjoy MyBB 1.4.

Posted in MyBB, Programming | 1 Comment »

Where’s Dennis?

Thursday, May 17th, 2007

Followers of the MyBB Community Forums will have noted that my presence on the forums has been limited in the past two weeks. Readers of my blog will also note that I haven’t posted here in a very very very long time, and since I am on vacation I have a bit of time to leave a note here :) .

Where am I? Hint: I am plotting evil strategies for MyBB to take over the world with Peter. (Just kidding, but I am relatively near where Peter’s studying)

When? Now!

Who? Me!

Why? Err…to have fun?

What am I doing? Visiting family, doing normal vacation stuff.

Unfortunately I don’t have a steady internet connection over here. This vacation coupled with my study in the past few months means I haven’t been able to work on MyBB much. But fortunately Chris, Tikitiki, Justin and the other staff have been working hard on maintaining the MyBB 1.2.x series and also developing 1.4.0 (I can’t wait to see all the features they have added in the past 20 days; too bad I can’t show you everything we’ve got so far, but some of the major new features have been blogged already :P ). After the 20th I’ll be back at home and I’ll be working on MyBB once again, but I need to get up to speed to what the team’s been doing for the past few months since so much has changed in MyBB since the 1.2.x series. I’m happy to see that many suggestions from the community (and also some of mine yay!) have been implemented already. This reinforces one of our goals which is to make the software something that the community wants to use, not just for our own benefit.

Anyway that’s all from here.  My next blog post will probably from home sweet home :)

Posted in Life, MyBB | 2 Comments »

Removing the MyBB Copyright Illegally is a Bad Idea

Saturday, March 17th, 2007

All administrators of MyBB probably know of the MyBB License one way or another. However, it has come to my attention that there are some people who just can’t get their head around one statement in the license. It happens to be this one:

The MyBB Group has several copyright notices and “powered by” lines embedded within the product. You must not remove, alter or hinder the visibility of any of these statements (including but not limited to the copyright notice at the top of files and the copyright/powered by lines found in publicly visible “templates”).

Is the text too difficult to understand? Personally I think we have made this as clear and as inambiguous as possible. Would you not agree? To me, it is quite easy to understand from this quotation that I am not allowed to remove any copyright notice and “powered by” statements which have been already written into the files distributed in the MyBB package. I don’t see any other way of interpreting it.

Is the license too difficult to find? The license is distributed in the Documentation folder of the full MyBB package. It is also displayed when the forum is installed. By installing a forum, the administrator has to at least see one, if not both instances where the license is displayed during the installation of a forum.

Are you that ashamed of running MyBB? I have seen MyBB forums changing the “powered by” line to other software such as vBulletin. I mean, if you like vBulletin, or IPB, or the other software that much, why not use that instead? Why mask MyBB as another software? Is there something wrong with using MyBB? If so, I’d suggest you voice your feedback on the MyBB Community Forums. We respect all feedback, and we take in your suggestions when we’re developing the next version of MyBB. We want to make MyBB something that you and your users want to use. This isn’t just for our own benefit.

I spent an hour tonight surfing the web looking for violators, and with a simple web search, I was able to find around 40 within the time I spent. And that was only for one search. I’m sure there are hundreds of forums out there who have removed the MyBB copyright and/or “powered by” lines.

To the MyBB forum owners who have removed the copyright and/or “powered by” lines, it isn’t a matter of if your forum will be found, it’s when. We enforce our License to the fullest extent possible, including legal action if required. How would it feel if you spent hours working on something to have it taken by another person who claims it is theirs? Not too happy I’d assume. We aren’t either.

Support us, and we will support you. It’s only two lines with links to the official MyBB homepage at the bottom of your forum. Is that too much to ask really?

If you really despise the copyright lines that much, please consider purchasing the privilege of removing the copyright on one board with a small payment to Chris Boulton. Please contact him for more details about this.

PS: Thanks to everybody (the majority of MyBB administrators) who is adhering to the License and thus supporting us :)

Posted in MyBB | 40 Comments »

MyBB 1.2 Beta: Usergroup Admin Permissions

Thursday, July 13th, 2006

Although this feature may not be used by many, it is now possible to give usergroups permissions in the Admin CP (only if the usergroup has “Can Access Admin CP” permission).

MyBB 1.2 Beta: Admin Permissions

When you edit the permissions, the permissions listed are the same as the ones found in the existing individual user admin permissions.

How do these affect my admins, you ask? Well now let’s say you want your moderators to access the Admin CP to moderate posts and attachments, but you don’t want to set the individual yes/no permissions for all 20 of them. Now you can set the usergroup permissions to all ‘no’ except for the Moderate Posts/Threads/Attachments permission, and all the users in that usergroup will have those permissions.

Basically, if a user’s individual admin permissions are set, those will be used. If they are not set, then if the user’s usergroup has admin permission set, those will be used. In turn, if they are not set, then the user will use the default admin permissions.

Hopefully it’s not confusing for everyone.

Posted in MyBB | 1 Comment »

MyBB 1.2 Beta: Translation Manager

Saturday, July 8th, 2006

Another of my Admin CP addons: The Translation Manager. This is also known as the “Language Packs” section, “Language Editor”, and other variations). It allows administrators with the new permission “Can Manage Languages” to edit each individual language variable in each language file, and also the properties of the language. Below is a screenshot of the main page:

MyBB 1.2 Language Editor: Main Screen

There are two menus for each language. One menu allows you to choose the method of editing the language variables. The other menu allows you to perform operations on the language pack as a whole. Currently the only operation is editing the properties of the language pack, as shown below:

MyBB 1.2 Language Editor: Edit Language Properties

However, the editing of language variables is the best part of this utility. You can either edit languages by itself, or “with another language.” This allows translators (and anyone else) to compare two language packs, for example, the English translation with the translator’s language pack. First, a file must be chosen to be edited:

MyBB 1.2 Language Editor: Choose File

Below are two screenshots of the editor itself: one in single-mode, and one in dual-mode (comparing English to my test language pack).

MyBB 1.2 Language Editor: Edit Language File Dual-mode MyBB 1.2 Language Editor: Edit Language File Single-mode

I hope this feature will benefit both translators and administrators when editing language files. This makes it easy for any administrator to change the format of the emails, the registration agreement, and any other text in MyBB. Very flexible eh?

A technical note: The language folders and files must be CHMODed so that the web-server can write to it. If the files are not editable, a notice will be shown and administrators will not be able to save their changes.

Posted in MyBB | 1 Comment »

MyBB 1.2 Beta: Custom Moderation

Sunday, July 2nd, 2006

Custom Moderator Tools are one of the new sections in the Admin Control Panel in MyBB 1.2. Also known as ‘multi-moderation’, this feature allows you to add ‘tools’ to the standard moderator options that allow you to do many moderator actions at the same time. For example, for our beta boards, we have a tool to mark fixed bug threads with a [F] and move it into the appropriate “Fixed Bugs” forum, and also add a reply stating that the bug was fixed. The tools allow moderators to do many actions in one, saving time and effort.

In the Admin CP, administrators can either add a “Post” tool or a “Thread” tool. As you may be able to guess, the Post tool is shown in the Inline Post Moderation options at the bottom of each thread. The “Thread” tools are shown at the bottom of the Inline Thread Moderation options at the bottom of each forum, and also at the bottom of each thread in the Moderation Options menu. As you can see from the screenshots below, there are many options that you may choose to include for each type of tool.

Custom Moderator Tools - Adding a Post Tool Custom Moderator Tools - Adding a Thread Tool

And the custom tools are displayed in an option-group clearly separated at the bottom of the moderator menus:

Custom Moderator Tools - Forum Display Inline Custom Moderator Tools - Thread Display Inline Custom Moderator Tools - Thread Display Options

And yes this feature was the guess-the-feature in one of my previous blog posts.

It took me a while to convert all the moderator actions into a class first so that the custom moderation tools could easily execute them, but I think the work is worth it in the long run, as we can now mark bug threads and suggestion threads on the Community Boards with ease :) and I’m sure many administrators and moderators out there will find it quite useful on their board as well.

Posted in MyBB | 1 Comment »

MyBB 1.2 Beta: Multi-quoting

Friday, June 30th, 2006

I’m going to be posting this series of screenshots in new posts now, as requested by Chris Boulton, a RSS subscriber of mine.

One of the new features of MyBB 1.2 is multiquoting. This function allows you to select as many posts as you want, from a one or more threads, and have them all ‘pre-quoted’ in the message box when creating a new thread or reply.

The following screenshot shows the postbit. The multi-quote button is the one to the right of the “Reply” button (which was “Quote” before 1.2). (The postbit display of the new reputation system is also shown here)
Seleting messages for Multi-quoting
The screenshot below shows the new reply page with the selected quotations pre-quoted.

Multi-quote New Reply Screen

Posted in MyBB, Web | 3 Comments »

MyBB 1.2 Beta

Monday, June 26th, 2006

Every few days I will post a screenshot of the MyBB 1.2 Beta for those of you who didn’t get invited into the beta group (or beta-testers who are still interested in looking at these screenshots). In case you miss one, they will be archived on my Flickr gallery.

June 28, 2006

A view of one of the new sections of the Admin CP. You can now add in your own custom MyCode (using Regex expressions) without having to use plugins.

Add MyCode

June 27, 2006

With the new reputation system, the reputation is user-based instead of post based. Now you can view a lot more detail about the reputations you and anyone else gets:

Reputation Report

June 26, 2006

The beta-testing will start in a few hours, so here’s a sneak peek of the new reputation system.
The User CP Homepage Adding a reputation

Posted in MyBB, Web | 8 Comments »

MyBB Security

Friday, June 23rd, 2006

These are just my thoughts about MyBB security updates.  I’m not a security expert of any sort, but I just offer my opinion based on the knowledge I have.
Over the last few weeks there have been two releases to MyBB to patch potential security vulnerabilities that have been discovered by various parties. I have seen some people who have found these seemingly miniscule updates too trivial to apply to their own boards, despite the fact that I and various other members of the MyBB staff have recommended these updates.

These people seem to believe that just because no harm has been done by people attempting to exploit the vulnerability, or just because no harm has been done when they try the exploit script by themselves, that the upgrade is not required. Personally I find this absurd.

First of all, I’d like to point out that not all proof-of-concept scripts are harmful; as their name suggests, these scripts prove the concept, but may not actually compromise the system. Wikipedia says: “In both computer security and encryption, proof of concept refers to a demonstration that in principle shows how a system may be protected or compromized, without the necessity of building a complete working vehicle for that purpose.”

Just because a board administrator cannot find a way to exploit the vulnerability, doesn’t mean that another malacious user won’t find a way. Just because nothing has been “done” to the board when an attempt has been made, doesn’t mean that eventually someone else won’t find a way to compromise the board. For example, the 1.1.3 release patched a serious security vulnerability where a malacious user could execute arbitrary PHP code at their own heart’s content (with a malaciously-formed username). As an administrator, you may not even detect any problems on the surface if you tried the proof-of-concept script, or seen usernames that have registered on your board, but nothing harmful has happened. In fact, much more serious and critical information may have been available to the hands of malacious users, if they indeed have compromised the board in this manner, and the patch released was not applied.

As well, once the security vulnerability has been patched, anyone with a malacious intent would be able to figure out how to exploit it, and may be able to compromise boards which have not patched the vulnerability.

Okay, so I may not be a security expert, however, I do use my common sense (and I do hope that you use yours). When a security vulnerability has been found, and has been identified to affect the particular version of MyBB (or any other software), we do not just release these patches to annoy our users with little upgrades every few weeks. No, we actually do want to improve our software by patching these holes and keeping our users safe. If a vulnerability has been reported, it is most likely that something harmful can be done to your board, and if a board administrator wishes to take that risk and not upgrade, it is his or her decision, and I cannot force anyone to apply the patch.
Obviously it is possible that sometimes the malacious users will compromise boards before we can find the vulnerability and release the patch, but I assure you that security is at the highest priority with the MyBB Group, and we strive to keep our customers safe from these exploits in as a timely manner as possible.

However, once we have released a patch, it is up to each and every individual board administrator to update their board to keep them and their board safe from the exploit. Each security patch, no matter how small, should be considered as significant. I hope that you all take this into mind the next time you ponder whether or not to update your board.

After writing all this about security, I hope I won’t get hit on my behind by something that I have just fervently preached. :)

Posted in MyBB, Web | 6 Comments »

« Older Entries