XMB Forum Software

Continued Development

LordOfSpoon - 11-8-2019 at 04:40 AM

Hello All!

As I have made a previous post here explaining I would like to continue development on XMB. After some serious life changes I was unfortunately unable to even work on my own projects. As you can see, I have not forgotten about this community.

I have to say...I'm blown away that there are still some people stalking around here. Which, makes me feel pretty inspired.

If anyone on here would me out. I may not have a lot of time for development, however, I can pitch in time for webmaster services, design, and organization services. I can purchase domains, hosting, etc.

All I would ask in return is some help from dedicated people...

Although, there would need to be some changes. The forum would need to be 're-branded'. The reason being, this domain is toxic. Just by reading some former posts, there is too much confusion with domains and such.

I'm willing to give this a shot if other people are will to pitch in. I can begin setting up a Trello Board to organize the development and GitHub to code share.

Why do I want to do this? Honestly, I love forums and the people around them. Forums are dying because of large sites like Reddit and Facebook. But that doesn't mean there isn't room for a small market which XMB could fill.

If know-one here would like to see this through, I understand.

What do you say?...

xmb-fan - 11-9-2019 at 12:11 AM

Quote: Originally posted by LordOfSpoon  
Hello All!

As I have made a previous post here explaining I would like to continue development on XMB. After some serious life changes I was unfortunately unable to even work on my own projects. As you can see, I have not forgotten about this community.

I have to say...I'm blown away that there are still some people stalking around here. Which, makes me feel pretty inspired.

If anyone on here would me out. I may not have a lot of time for development, however, I can pitch in time for webmaster services, design, and organization services. I can purchase domains, hosting, etc.

All I would ask in return is some help from dedicated people...

Although, there would need to be some changes. The forum would need to be 're-branded'. The reason being, this domain is toxic. Just by reading some former posts, there is too much confusion with domains and such.

I'm willing to give this a shot if other people are will to pitch in. I can begin setting up a Trello Board to organize the development and GitHub to code share.

Why do I want to do this? Honestly, I love forums and the people around them. Forums are dying because of large sites like Reddit and Facebook. But that doesn't mean there isn't room for a small market which XMB could fill.

If know-one here would like to see this through, I understand.

What do you say?...


Toxic? nope, that's called history. I'm not keen on rebranding as it's an insult to everyone that has helped xmb in the past and currently.

To be honest - anyone can provide webmaster services, design, and organization services along with purchasing of domains, hosting, etc. What xmb does need in my opinion, is people with php experience and time, so there is more than one dev/support.

Good luck though with whatever you decide to do, whether that is here, other forums, creating your own or walking away.


LordOfSpoon - 11-9-2019 at 01:38 AM

Quote: Originally posted by xmb-fan  


Toxic? nope, that's called history. I'm not keen on rebranding as it's an insult to everyone that has helped xmb in the past and currently.

To be honest - anyone can provide webmaster services, design, and organization services along with purchasing of domains, hosting, etc. What xmb does need in my opinion, is people with php experience and time, so there is more than one dev/support.

Good luck though with whatever you decide to do, whether that is here, other forums, creating your own or walking away.



History is just that... History. We as webmasters remember those great days of a certain website which we had a deep attachment too. Regardless of those emotions, some things just need to be let go for progress to continue.

I can understand how rebranding would feel like an insult. However, from legal complications, DMCA issues, no staff, and many more issues, the truth is that this site remains on the hope that this software will remain relevant and will be remade someday. Which is awesome, don't get me wrong. I applaud the people who have come this far with it. If everyone really cares about this community and this software, it's time to hit the ground running and organize some support.

And you're right... Anyone can provide these services. The fact is, I don't see a lot of people around saying they are (apart from lottos, and other people keeping this site going) offering such services.

Yes, developers are an integral part of the operation. I have many years in the forum 'world' and strong organizational skills. I also have ties to a lot locals colleges and schools in my area. There is much that can be done, even without those handy coding skills.

I very much appreciate your post, xmb-fan. I can see a good future in this software if everyone is willing to pitch in, make hard decisions, and move forward. If thats the case, I will stay around as long as possible. I have no interest in working with another forum software again, unless it's XMB.

The fact that you have registered an account to simply reply to this post, speaks volumes about this software... :thumbup:

kuba1 - 11-9-2019 at 02:41 AM

Not much for me to say .... miqrogroove is the man for these questions.

LordOfSpoon - 11-9-2019 at 05:44 AM

Quote: Originally posted by kuba1  
Not much for me to say .... miqrogroove is the man for these questions.


Nice to see my u2u worked lol

miqrogroove - 11-9-2019 at 12:44 PM

Branding has never been the issue. My personal goal was to stabilize the old code just so that it was still workable. During that effort, there was a consensus reached that the old code would be of no value to a new major version. It would have to be a total re-write. So the brand was something that could stay or go without much consequence to a new project. And it was never my intention to re-invent this wheel.

LordOfSpoon - 11-9-2019 at 08:24 PM

Quote: Originally posted by miqrogroove  
Branding has never been the issue. My personal goal was to stabilize the old code just so that it was still workable. During that effort, there was a consensus reached that the old code would be of no value to a new major version. It would have to be a total re-write. So the brand was something that could stay or go without much consequence to a new project. And it was never my intention to re-invent this wheel.


Well suppose we build a team for a new project? I miss working in these areas and want to get back in the game. Even the lead of Flarum left to build his own premium forum software.

I have many great ideas and the motivation. Just need the right people.

lottos - 11-11-2019 at 07:15 AM

Been down this path a few times with people coming in and making a level of excitement, eg sliq and eman86, then to never see them again, so I'm not holding my breath. I think over the years, there has been a consolidation of forum providers, with some dropping off the radar and a few new ones emerging as the new front runners.

LordOfSpoon - 11-11-2019 at 10:18 PM

Quote: Originally posted by lottos  
Been down this path a few times with people coming in and making a level of excitement, eg sliq and eman86, then to never see them again, so I'm not holding my breath. I think over the years, there has been a consolidation of forum providers, with some dropping off the radar and a few new ones emerging as the new front runners.


Well, Iím here everyday now. Scanning this topic for replies lol Iím willing to give something an actual shot if others are.

Jenny Lee - 11-24-2019 at 01:44 AM

It really depends on how you intend to do it. Writing everything from a scratch is a quite ambitious and very unlikely....
The xmb as it is right now is very messy to extend. You would need to write a framework or use an existing one that would have great extendibility.
I think porting xmb as a full forum module on some existing cms is your best best.:P

bfgadmin - 5-7-2020 at 01:06 PM

Running 2 forums on the XMB software. Won't plug the links out of respect for the site owner, however they're available upon request (for viewing what we've done with it).

Its extremely customized, and we added features like file upload, store (to buy forum features/profile customization/increased storage space/custom status lines/etc), added all sorts of staff functions, gave super moderators the ability to post ban (spammer problems), "portalized" our forum index, tagging feature + search by tag, stars on posts, points, rep, and all kinds of "jazz."

Would love some of you to look at my code, as an extra pair of eyes is always good. Plus who knows maybe it'd be useful for XMB hacks.

Also, turned several things into the windows equivalent of crontabs. Who's online, today's posts, and a number of other obscure features. Part of that was because of the web application firewall, which NAT'd every user to the firewall's optional interface address necessitating a bypass to properly display guests (namely, parsing the firewall logs and piping it into a csv every 5 minutes).

If any verified users want to hop on SSH and have a look I'd gladly accommodate.

vanderaj - 6-9-2020 at 11:44 PM

Quote: Originally posted by lottos  
Been down this path a few times with people coming in and making a level of excitement, eg sliq and eman86, then to never see them again, so I'm not holding my breath. I think over the years, there has been a consolidation of forum providers, with some dropping off the radar and a few new ones emerging as the new front runners.


100% agree. I've just spent a few days making GaiaBB (nee UltimaBB, which John and I worked on after XMB), PHP 7.4, mysqli, and MariaDB compatible. I think at this point, it might be worthwhile to bring those things together so there can be one code base for those who have historic XMB, XMB 2, UltimaBB, and GaiaBB forums.

gaiabb.PNG - 19kB

lottos - 6-10-2020 at 02:41 AM

Quote: Originally posted by vanderaj  
Quote: Originally posted by lottos  
Been down this path a few times with people coming in and making a level of excitement, eg sliq and eman86, then to never see them again, so I'm not holding my breath. I think over the years, there has been a consolidation of forum providers, with some dropping off the radar and a few new ones emerging as the new front runners.


100% agree. I've just spent a few days making GaiaBB (nee UltimaBB, which John and I worked on after XMB), PHP 7.4, mysqli, and MariaDB compatible. I think at this point, it might be worthwhile to bring those things together so there can be one code base for those who have historic XMB, XMB 2, UltimaBB, and GaiaBB forums.



I've done some preliminary testing of xmb with php7.4, warning messages [added to bug tracker]:

PHP Deprecated: Function get_magic_quotes_runtime() is deprecated in /include/global.inc.php on line 34
PHP Deprecated: Function get_magic_quotes_gpc() is deprecated in /include/validate.inc.php on line 82

vanderaj - 6-10-2020 at 12:28 PM

It's not just get magic quotes - something I got rid of in UltimaBB and still come across odd issues here and there in GaiaBB, it's the way that MariaDB (the most common version of MySQL found in today's distros) is a bit more strict about the schema. Without end to end testing, you're going to miss something, and things silently stop working. In GaiaBB's case, it's PMs between members - it just silently fails. There's some many gotchyas like this.

That's why I think it might be time to bring the two softwares back together, picking and choosing the features that should survive and those that shouldn't change. There's a bit of divergence in the code, but the reality is that I re-borrowed the postify() and bbcode support from XMB yesterday to fix problems with PHP 7.4's deprecation of ereg and various modes of preg_replace / match, and for the most part it was a cut and paste job. I'll have to do more testing, but I think the code is close enough to consider a merge.

lottos - 6-10-2020 at 01:09 PM

Noticed your forum footer links to a gaiabb domain that must have expired as it's definitely not to your code. I'd link it to your github [or back here ;) ].

Grabbed your image dimension code in functions.inc.php for another xmb forum user.

Look forward to your further testing results.






vanderaj - 6-10-2020 at 02:22 PM

I just checked in a bunch of code that includes the XMB postify() and a bunch of other fixes. I'm still working on issues relating to PHP 7.4. I keep on getting surprised at what actually works (terrible code), and what doesn't (clean but ... wrong ... code).

I ported the Davis theme to GaiaBB. It showed that there are issues with importing XMB themes, and also found a bug in header links area that's probably been there for over a decade. I'll get the rest working first before revisiting XMB theme support.

Edit: Yeah, I let that domain expire, so I had thought I had updated all the links in the code to GitHub. There should be no more links to the domain at all.

bfgadmin - 6-19-2020 at 07:09 PM

Quote: Originally posted by vanderaj  
I just checked in a bunch of code that includes the XMB postify() and a bunch of other fixes. I'm still working on issues relating to PHP 7.4. I keep on getting surprised at what actually works (terrible code), and what doesn't (clean but ... wrong ... code).

I ported the Davis theme to GaiaBB. It showed that there are issues with importing XMB themes, and also found a bug in header links area that's probably been there for over a decade. I'll get the rest working first before revisiting XMB theme support.

Edit: Yeah, I let that domain expire, so I had thought I had updated all the links in the code to GitHub. There should be no more links to the domain at all.


Great! Interested on collaborating with this?

miqrogroove - 8-18-2020 at 10:46 PM

There's an interesting bug report now encouraging an overhaul of the XMB session handler. Basically, why does XMB allow weak password resets and why is there no rate checking of failed login attempts, etc. Obviously, XMB has always been weak in these areas.

The minimal amount of work to fix this would be a re-write of the session system (no reason to keep the old code), upgrade of the database schema requiring use of the (new) XMB upgrade script, and increasing the minimum PHP support level to 7-ish.

So I'm looking for second opinions.

Does the community need this, and when?

Will it break anything?

Is it worth the effort anymore?

lottos - 8-19-2020 at 02:50 AM

Quote: Originally posted by miqrogroove  
There's an interesting bug report now encouraging an overhaul of the XMB session handler. Basically, why does XMB allow weak password resets and why is there no rate checking of failed login attempts, etc. Obviously, XMB has always been weak in these areas.

The minimal amount of work to fix this would be a re-write of the session system (no reason to keep the old code), upgrade of the database schema requiring use of the (new) XMB upgrade script, and increasing the minimum PHP support level to 7-ish.

So I'm looking for second opinions.

Does the community need this, and when?

Will it break anything?

Is it worth the effort anymore?


I think you know my opinion: yes to questions 1 and 3!

XMB misc.php allows one password reset request per 24 hours, date and time of last request in members table, column pwdate.

miqrogroove - 8-19-2020 at 05:28 PM

Quote: Originally posted by lottos  

XMB misc.php allows one password reset request per 24 hours, date and time of last request in members table, column pwdate.


This part is fine. The report shows we have less than 3 bytes of useful entropy and even less with stronger hacks. Without any rate limits or extra tokens it is possible to brute force account access.

bfgadmin - 8-20-2020 at 07:09 PM

A few quick notes on this, on our XMB forum we changed the hashing algorithm to SHA256 (I believe), and of course had to rehash existing passwords (via mandatory password reset).

We also added a database table to track failed logins, and even an anti-spam system to track known behavior (ie: proceding to the User CP within a minute of registration, attempts to insert URLs into bio/signature fields, etc)

If anybody is interested in collaborating on this, let me know! I also run a forum in a non-production environment that we can nuke the crap out of in the name of development/progress :lol:

Can I just add how exciting it is to see interest in XMB?

bfgadmin - 8-20-2020 at 07:20 PM

Quote: Originally posted by miqrogroove  
Quote: Originally posted by lottos  

XMB misc.php allows one password reset request per 24 hours, date and time of last request in members table, column pwdate.


This part is fine. The report shows we have less than 3 bytes of useful entropy and even less with stronger hacks. Without any rate limits or extra tokens it is possible to brute force account access.


Oh yes, we danced with this for quite awhile. Our site owner was dead set on VB initially, but I managed to talk him into going with XMB so this issue in particular was in the forefront.

Other than account lockout timers (similar to the Windows domain feature) and implementing a more secure hashing algorithm (SHA256) we never did find a neat & tidy solution. I proposed everything from password complexity requirements and PIN codes to multifactor authentication. Our Sophos UTM security appliance with WAF adds another layer of intrusion prevention, exploit mitigation and session hardening, but of course this isn't bulletproof either.

For us, a key security measure is frequent backups. Every time we move code into the production environment, we take a full backup. Backups are also conducted three times per day, using Windows scheduled tasks and saved to a shared network location. This location is backed up once daily to physical disk.

Fortunately I have physical server access which makes this process much easier. On that same note, we have plenty of extra space on the server and gigabit bandwidth if anybody needs a place to host an XMB instance! Also can accommodate your own domain provided you can point them at our nameservers. :thumbup:

miqrogroove - 8-20-2020 at 10:01 PM

What would be an appropriate version number for the next patch then? If it requires a schema upgrade and PHP upgrade, would it become 1.9.12?

bfgadmin - 8-20-2020 at 11:10 PM

Quote: Originally posted by miqrogroove  
What would be an appropriate version number for the next patch then? If it requires a schema upgrade and PHP upgrade, would it become 1.9.12?


Sounds right to me!

Exciting times :singing:

So whats the plan Micro?

miqrogroove - 8-21-2020 at 12:27 AM

I'm just thinking big picture. If I overhaul the session handler and bump the PHP requirement to 7+ then we can also unfreeze features and text. But I don't think it will be anything more than bug fixes.

miqrogroove - 8-25-2020 at 12:14 PM

Are there any existing hacks that should get baked into 1.9.12?

I was thinking our new user moderation system has become such a vital anti-spam tool that it would have even more value as an integrated feature set.

https://sourceforge.net/p/xmb-forum/code/HEAD/tree/hacks/tru...

The code has been stable for years, and just needs some refinement to make it look more official.

lottos - 8-26-2020 at 07:52 AM

Quote: Originally posted by miqrogroove  
Are there any existing hacks that should get baked into 1.9.12?

I was thinking our new user moderation system has become such a vital anti-spam tool that it would have even more value as an integrated feature set.

https://sourceforge.net/p/xmb-forum/code/HEAD/tree/hacks/tru...

The code has been stable for years, and just needs some refinement to make it look more official.


After reviewing the list of existing hacks, I think the moderation system is a great and most appropriate candidate to be baked in.

miqrogroove - 8-26-2020 at 06:01 PM

Agreed then. I'm open to more suggestions. Even if new-user moderation is the only major new feature, I think it's a realistic and understandable roadmap.

I've got about 400 lines of the new session handler written so far here at home. I'm trying to make the impact on existing files as little as possible. I committed one significant change to the functions.inc.php because we will soon need a function to go between the session handler and the IP banning logic. Having that part separated out now should help keep that part stable when I start tearing out the old cookie commands.

lottos - 8-27-2020 at 12:03 AM

I'm assuming you mean existing hacks such as those listed here:
https://www.xmbforum2.com/modifications/
which has these two, not sure of the difference between them
google-rdf-breadcrumbs.zip
rdfa-breadcrumbs.zip

Maybe a contender?

If you also mean possible new hacks, tagging members in a post eg. @miqrogroove would be cool, with a u2u notification to the tagged member with u2u message linking to the relevant post.
[edit: ignore the paragraph above as I reread your first post that does say existing.]

Would it worthwhile for the 1.9.12 alpha version you have on the SVN to be implemented on this forum for testing before making the new session handler?

miqrogroove - 8-27-2020 at 12:45 AM

Yes those hacks. Should be the same ones as in SVN.

The breadcrumbs hacks are obsolete AFAIK. I wrote one of them based on the standard that was current at the time, and I believe that language is no longer supported by Google.

I added a subdomain alpha dot. I'm using it for syntax checks and dev testing only. You can try it but it's only 1.9.11 with a bunch of minor bug patches so far.

We can eventually upgrade the production site when the first beta is released. I think that's how we've done it in the past.

lottos - 8-27-2020 at 11:31 AM

Not existing hacks but perhaps the last post date and time could be a link to the actual last post? Could be more intuitive for some ?

delete.png - 5kB

[edit: saw a nifty implementation of something similar from forum provider microcosm where they have for example:
@Ken replied 3 hours ago

Broken down:
'@Ken' is hyperlink to member profile
'replied' is the hyperlink to the last post
'3 hours ago' is clickable and changes to the date and time posted]

miqrogroove - 8-28-2020 at 03:59 PM

I would think bigger. Maybe the entire table cell in each Forum / Subject / Last Post column could be clickable. Would you care to add that as a feature request in the bug tracker?

Today I'm trying to work out the details of automatic session token regeneration. It adds a lot of complexity to the new session handler. I'll try to make it possible to switch that off or remove it in case we find problems in testing.

miqrogroove - 9-26-2020 at 01:14 PM

Quote: Originally posted by lottos  

google-rdf-breadcrumbs.zip
rdfa-breadcrumbs.zip

Maybe a contender?


Going to take a second look at this.

Beta 2 is up.

lottos - 9-30-2020 at 11:20 AM

Question re Quarantine - is there a log of deleted users/ip's?

miqrogroove - 9-30-2020 at 12:16 PM

The quarantine panel allows an Admin to ban. It will delete posts, not users. So the original registration IP stays in the user record. Currently it does not create any extra logs.

lottos - 10-1-2020 at 01:39 AM

Thanks. That way admins can see if there are repeat offenders for those that don't mask their ip.

lottos - 10-6-2020 at 02:12 AM

Wondering how difficult it would be to alter search.php to allow multiple user names in the user name field, perhaps in same format as sending multiple u2us, ie: user1, user2, user3

miqrogroove - 10-14-2020 at 02:21 PM

Quote: Originally posted by lottos  
Wondering how difficult it would be to alter search.php to allow multiple user names in the user name field, perhaps in same format as sending multiple u2us, ie: user1, user2, user3


Sounds like an interesting feature or modification.

Seems like beta testing is wrapped up. I don't know how much serious testing happened, but it's what we got. I'll try to package up the 1.9.12 release today or tomorrow.

lottos - 10-14-2020 at 11:08 PM

Quote: Originally posted by miqrogroove  
Seems like beta testing is wrapped up. I don't know how much serious testing happened, but it's what we got. I'll try to package up the 1.9.12 release today or tomorrow.


I did as much as possible, topicadmin was an area I spent some time on and with the admin rights I have, all seemed to function as expected.

Awesome work miqrogroove, I've peeked at much of the code and the effort you have put into this is commendable.

p.s. Don't forget to update https://www.xmbforum2.com/ after the release :)

miqrogroove - 10-17-2020 at 12:27 PM

Found too many bugs this week. I will try again next week. If any lurkers here are willing to install the beta or even the trunk version and report bugs, it will help immensely to prepare the release version 1.9.12.

lottos - 10-18-2020 at 09:49 PM

Hey miqrogroove,

how difficult would it be to implement a new [tel] BBCode to enable
Code:
<a href="tel:123456789">+ 123456789</a>


As far as I can see, no forum has implemented this yet.

miqrogroove - 10-19-2020 at 04:23 PM

It would be slightly easier than the YouTube bbcode. The overall complexity would depend on the design of the new bbcode syntax.