miniBB ® 

miniBB

®
Support Forums
  
 | Start | Register | Search | Statistics | File Bank | Manual |
Tidings miniBB Support Forums / Tidings /   
 

miniBB acquires OpenSourceForum.com

 
Author Paul
Lead Developer
#1 | Posted: 6 Sep 2020 17:09 | Edited: Paul 
In result of conversations with Uniregistry, the domain OpenSourceForum.com is finally acquired by miniBB.

By now, it's still a far-reaching plan of developing the "full package" of miniBB, which is a constant request from customers for years. But you could already access miniBB website entering this domain. I wrote some tiny paragraphs regarding what we have in mind for this project.

By now, miniBB project continues its development; I've started the work-out of the new release in September. The primary change will be in the logins / auth method. Straight MD5-based cookies should be avoided. I'm still considering various ways of implementation, and hopefully we will see results this autumn.

Stay tuned!

Author tom322
Active Member
#2 | Posted: 6 Sep 2020 22:52 
That's an excellent domain name for the project (I remember using these three keywords in the past when doing a search, congratulations : ) I also hope you'll add some good comments (as always you do) to change the login/auth so it's easier to follow what to change in case of customized versions, thank you.

Author kuopassa
Partaker
#3 | Posted: 7 Sep 2020 10:44 | Edited: kuopassa 
Automatic upgrades could be a really useful feature. Saves time and lowers the learning curve. :-)

Author Paul
Lead Developer
#4 | Posted: 7 Sep 2020 19:52 
tom322
Thank you for the note :-)

The only problem about upgrading to the new auth system is that all users should be forced to manually update their password information. But something similar already was implemented for switching existing logins to SH1, this is the only way of upgrading. And I also hope, since the new logins system is implemented, there would be no need in customized login versions anymore.

kuopassa:
Automatic upgrades could be a really useful feature. Saves time and lowers the learning curve. :-)

You are right, but it also means you have less space in customizing your forum. Despite it is open source, an automatic update will simply overwrite all files and it's impossible to program to follow all customizations made and upgrade them, too. The software with such a system supposes you are not modifying manually a piece of code.

Author tom322
Active Member
#5 | Posted: 7 Sep 2020 20:06 
Maybe it would be best to notify users to copy their passwords first.. or some other note. Still, for guest posters the cookie should stay I think to remember username at least. As I see, the bb_func_login.php can be extended to add the session_start() / session_unset() functions and should be simple to change, I hope.

Author Paul
Lead Developer
#6 | Posted: 8 Sep 2020 19:42 
tom322:
Maybe it would be best to notify users to copy their passwords first.. or some other note.

It's up only to the forum owner :) The script will include dynamic suggestions of an immediate password change, if a user logs in with the old password. So for some time, the logging with the old password will work — but won't pass the user further unless the password is updated.

tom322:
As I see, the bb_func_login.php can be extended to add the session_start() / session_unset() functions and should be simple to change, I hope.

I'm still considering if either we should use PHP sessions, or my own.

The sad fact about PHP sessions is that they are kept until the browser is opened. As soon as you leave the browser, the session is destroyed, and you should re-login. For many years I was keeping the old auth mechanism in miniBB exactly because of its long-term nature — the login is kept for some longer time, and even if you re-open the browser, it could be still kept if there was no log-out.

With PHP sessions, this approach won't work... and this eliminates the comfort of usability.

Author tom322
Active Member
#7 | Posted: 8 Sep 2020 23:39 | Edited: tom322 
I think PHP sessions will be best after all. Now it's as easy to SAVE username / password in a browser (browsers ask if you want to save your username/password after you login) and that only adds one click to login. In long term, that should be the best solution for both mobile and desktop.. in additions, I expect in the near future all web browsers will require a login to keep all the history and make it more secure, so that means all sites you logged in could be saved under one master password anyway.

Author Paul
Lead Developer
#8 | Posted: 9 Sep 2020 19:18 
tom322:
Now it's as easy to SAVE username / password in a browser (browsers ask if you want to save your username/password after you login) and that only adds one click to login.

It's the feature I personally never use :-) however it's worth considering, thanks! I'm still considering all variations of implementation.

Author tom322
Active Member
#9 | Posted: 9 Sep 2020 20:21 
Paul:
It's the feature I personally never use :-)

I use it together with a browser "Master Password" (without entering the master password nobody can login or submit a POST form to any site, even if the username/password is saved in the browser).

Author A Forum Owner
Guest
#10 | Posted: 9 Sep 2020 22:47 
Saving a session in minibb must have! Please do not remove it! It so differs minibb from other programs :(
(Or make it optional...)

Author Paul
Lead Developer
#11 | Posted: 10 Sep 2020 19:14 
A Forum Owner:
(Or make it optional...)

Making it all optional is a good idea, and I already thought about it :-) thanks.

There are too many existing users with their own preferences... I must also think of how to make an integration bridge — got a few requests about websites using the current miniBB auth system as their own... coding the new system, I must keep in mind of how to easy adopt it to any website...

Tidings miniBB Support Forums / Tidings /
 miniBB acquires OpenSourceForum.com
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


 ?
Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.


Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.

 

 
miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Check out the Captcha add-on: protect your miniBB-forums from the automated spam and flood.
 ⇑