PunBB Resource

Your ultimate PunBB resource!

Keywords:

    (Extended)

You are not logged in.

#126 2009-07-07 22:23:04

Koos
Administrator
Registered: 2007-01-14
Posts: 525
Website

Re: Private Messaging System 1.2.x 1.2.3

Thanks for letting me know about this. I've released a new version that fixes this.

Offline

 

#127 2009-07-14 14:50:09

bgiddins
Member
Registered: 2009-07-06
Posts: 11

Re: Private Messaging System 1.2.x 1.2.3

Just thinking about the notifications... how difficult would it be to add a query that gets executed on each page, checking for new messages, and changing the "Messages" tab to "Messages (2)" if two new messages were found for example? Overall it would mean more queries hitting the DB, but greatly add to the private messaging functionality...

Offline

 

#128 2009-07-15 10:26:35

StevenBullen
Moderator
Registered: 2005-09-13
Posts: 300
Website

Re: Private Messaging System 1.2.x 1.2.3

bgiddins wrote:

Just thinking about the notifications... how difficult would it be to add a query that gets executed on each page, checking for new messages, and changing the "Messages" tab to "Messages (2)" if two new messages were found for example? Overall it would mean more queries hitting the DB, but greatly add to the private messaging functionality...

Check out http://www.punres.net/viewtopic.php?pid=4734#p4734


Blog - Follow Me and FluxBB on Twitter

Offline

 

#129 2009-07-15 12:01:33

bgiddins
Member
Registered: 2009-07-06
Posts: 11

Re: Private Messaging System 1.2.x 1.2.3

Sweet - thanks.

Offline

 

#130 2009-07-19 20:24:18

Koos
Administrator
Registered: 2007-01-14
Posts: 525
Website

Re: Private Messaging System 1.2.x 1.2.3

bgiddins wrote:

One of my forums is a discussion site for precious metals - some of the users won't be interested in using the PM system for discussing buy/sell trades because of the lack of perceived privacy - if message contents were encrypted in the database it would add a little overhead at save & read time, but at least they wouldn't be exposed to me as an administrator inadvertantly seeing message contents while doing database backups etc.

I've put together a little add-on that will encrypt all the private messages in the database. It encrypts the messages with MIME base64. It's not  a strong encryption at all, and easy to decrypt using the 'base64_decode' php function, but at least it will prevent you from being exposed to messages content while working with the database.

Download Private Message Encryption v1.0.1

Note:

1. The install_mod.php script contained in this download will encrypt all the existing messages for you, so you won't loose any messages when applying this encryption add-on.
2. I've built in protection into the install_mod.php script that prevents double encryption, or applying the decrypt function to messages that are not encrypted.

Last edited by Koos (2009-08-01 14:30:25)

Offline

 

#131 2009-07-23 05:52:58

bgiddins
Member
Registered: 2009-07-06
Posts: 11

Re: Private Messaging System 1.2.x 1.2.3

Thanks! Unfortunately the link is broken for me, but looks like a connection issue rather than a missing file. Will try again shortly in case it's just a temporary issue.

Without being able to download & review the code, what happens to existing messages? I just did a rowcount and there's a couple of hundred messages already between users - do they lose those?

Probably not a big issue, and I can notify them in advance that old PMs will be lost on a scheduled date if it's the case. Encryption strength isn't an issue for me, as long as the strings in the db aren't human readable in an export.

Very much appreciate this mod.

edit - have been able to download. Will test the impact on existing messages and report in a few days - I would imagine enabling encryption in the mod may mean all saved messages are attempted to be decoded, and be garbled as a result.

Last edited by bgiddins (2009-07-23 06:03:42)

Offline

 

#132 2009-07-23 21:33:28

Koos
Administrator
Registered: 2007-01-14
Posts: 525
Website

Re: Private Messaging System 1.2.x 1.2.3

bgiddins wrote:

Without being able to download & review the code, what happens to existing messages? I just did a rowcount and there's a couple of hundred messages already between users - do they lose those?

The install_mod.php script will encrypt all the existing messages for you, so you won't loose any messages when applying the encryption add-on.

Offline

 

#133 2009-07-29 22:51:29

bgiddins
Member
Registered: 2009-07-06
Posts: 11

Re: Private Messaging System 1.2.x 1.2.3

I've applied the encryption mod - the only bug I could find is when deleting a message, the encrypted version of the message is shown in the delete confirmation window. This appears to fix it:

Code:

#
#---------[ 14. OPEN ]---------------------------------------------------------
#

message_delete.php

#
#---------[ 15. FIND ]---------------------------------------------
#

    $cur_post['message'] = parse_message($cur_post['message'], (!$cur_post['smileys']));

#
#---------[ 16. BEFORE, ADD ]---------------------------------------------------
#

    // Decode message
    $cur_post['message'] = base64_decode($cur_post['message']);

Otherwise, fantastic mod! Don't have to be so paranoid about privacy violations now.

Last edited by bgiddins (2009-07-29 22:52:56)

Offline

 

#134 2009-07-30 01:08:11

bgiddins
Member
Registered: 2009-07-06
Posts: 11

Re: Private Messaging System 1.2.x 1.2.3

Another bug - private message subjects in notification emails are also encrypted - haven't looked at fixing this yet. Moving messages also displays a garbled message.

Fix for moving messages:

Code:

#
#---------[ 17. OPEN ]---------------------------------------------------------
#

message_move.php

#
#---------[ 18. FIND ]---------------------------------------------
#

    $cur_post['message'] = parse_message($cur_post['message'], (!$cur_post['smileys']));

#
#---------[ 19. BEFORE, ADD ]---------------------------------------------------
#

    // Decode message
    $cur_post['message'] = base64_decode($cur_post['message']);

I also fixed the email issue, the fix below is assuming that you've already installed the mod as delivered:

Code:

#
#---------[ 20. OPEN ]---------------------------------------------------------
#

message_send.php

#
#---------[ 21. FIND ]---------------------------------------------
#

    $subject = base64_encode($subject);
    $message = base64_encode($message);

#
#---------[ 22. BEFORE, ADD ]---------------------------------------------------
#

    $plain_subject = $subject;

#
#---------[ 23. FIND ]---------------------------------------------------
#

    $mail_message = str_replace('<pm_title>', $subject, $mail_message);

#
#---------[ 24. REPLACE WITH ]---------------------------------------------------
#

    $mail_message = str_replace('<pm_title>', $plain_subject, $mail_message);

Hopefully these changes can be rolled into a new release of the mod - I've never released a mod before so I'm not sure about updating it.

Works excellent now!

Last edited by bgiddins (2009-07-30 01:25:48)

Offline

 

#135 2009-08-01 14:31:12

Koos
Administrator
Registered: 2007-01-14
Posts: 525
Website

Re: Private Messaging System 1.2.x 1.2.3

Thanks bgiddins for your fixes! I've updated the Private Message Encryption add-on above to v1.0.1.

Offline

 

#136 2009-08-05 15:04:14

bgiddins
Member
Registered: 2009-07-06
Posts: 11

Re: Private Messaging System 1.2.x 1.2.3

Thanks for the mod smile I just did a rowcount - members have sent 420 messages using it since it went in - obviously the general population is pretty happy with the feature smile

Offline

 

#137 2010-02-23 08:06:03

daris
Member
From: Poland
Registered: 2008-01-20
Posts: 70

Re: Private Messaging System 1.2.x 1.2.3

Private_Message_Mod-1.2.4c updated for FluxBB 1.4 (svn) is here:
http://trac6.assembla.com/fluxbb-pl/cha … format=zip


Sorry for my English wink

Offline

 

#138 2010-05-08 15:09:26

doki
Member
Registered: 2007-04-30
Posts: 225

Re: Private Messaging System 1.2.x 1.2.3

Thanks daris for updating this mod for fluxbb 1.4.

Hi Koos,

I hope you can update Private Messaging mod folders add-on to adapt on fluxbb 1.4rc3.

http://www.punres.net/viewtopic.php?id=5273

thanks

Offline

 

#139 2010-08-02 01:05:54

bgiddins
Member
Registered: 2009-07-06
Posts: 11

Re: Private Messaging System 1.2.x 1.2.3

Has any further work been done (or planned) for bringing this module up to speed with FluxBB 1.4 now that it's been officially released? I have a forum with almost 10,000 PMs in the database, and I would like to be able to upgrade to 1.4 while keeping the users historical messages.

I'm using the following:

Private Messaging System
Private Messaging Folders (no-one uses this though)
Private Messaging Encryption

Last edited by bgiddins (2010-08-02 01:06:25)

Offline

 

#140 2010-08-13 11:08:38

adaur
New member
Registered: 2009-06-26
Posts: 6

Re: Private Messaging System 1.2.x 1.2.3

bgiddins wrote:

Has any further work been done (or planned) for bringing this module up to speed with FluxBB 1.4 now that it's been officially released? I have a forum with almost 10,000 PMs in the database, and I would like to be able to upgrade to 1.4 while keeping the users historical messages.

I'm using the following:

Private Messaging System
Private Messaging Folders (no-one uses this though)
Private Messaging Encryption

Hi!

My mod (Another PM System) should work. It uses the same database, but different files (it's a sort a "fork" by a ex-admin of french community). It adds the contact's gestion. But it doesn't have folders, and no encryption. So if you want to update, I think you'll have to decrypt the messages, and delete the folders.

http://fluxbb.org/resources/mods/anothe … s/1.2.2.4/

Cheers

adaur

Last edited by adaur31 (2010-08-13 11:08:51)

Offline

 

#141 2012-10-17 22:17:35

Kan75
Member
Registered: 2010-05-19
Posts: 20

Re: Private Messaging System 1.2.x 1.2.3

Greetings,

Undiging...

Running PunBB 1.2.10 and PMS 1.2.2

The Mod is running well on my forum
I have setup v1.2.2
I can't see the multi-delete select boxes and delete button

I just migrate my forum to PHP 5.3 and it might be the cause ?

Here is my message_list.php code regarding the delete function ;

Code:

// Delete multiple messages
if (isset($_POST['delete_messages']) || isset($_POST['delete_messages_comply']))
{
    if (isset($_POST['delete_messages_comply']))
    {
        // Check this is legit
        if ($pun_user['g_id'] < PUN_GUEST)
            confirm_referrer('message_list.php');

        if (@preg_match('/[^0-9,]/', $_POST['messages']))
            message($lang_common['Bad request']);

        // Delete messages
        $db->query('DELETE FROM '.$db->prefix.'messages WHERE id IN('.$_POST['messages'].') AND owner='.$pun_user['id']) or error('Unable to delete messages.', __FILE__, __LINE__, $db->error());

        redirect('message_list.php?box='.intval($_POST['box']), $lang_pms['Deleted redirect']);
    }
    else
    {
        $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_pms['Multidelete'];
        $idlist = is_array($_POST['delete_messages']) ? array_map("intval", $_POST['delete_messages']) : array();
        require PUN_ROOT.'header.php';
?>
<div class="blockform">
    <h2><span><?php echo $lang_pms['Multidelete'] ?></span></h2>
    <div class="box">
        <form method="post" action="message_list.php">
            <div class="inform">
                <input type="hidden" name="messages" value="<?php echo implode(',', array_values($idlist)) ?>" />
                <input type="hidden" name="box" value="<?php echo intval($_POST['box']) ?>" />
                <fieldset>
                    <div class="infldset">
                        <p class="warntext"><strong><?php echo $lang_pms['Delete messages comply'] ?></strong></p>
                    </div>
                </fieldset>
            </div>
            <p><input type="submit" name="delete_messages_comply" value="<?php echo $lang_pms['Delete'] ?>" /><a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>
        </form>
    </div>
</div>

Regards,

Nicolas

Last edited by Kan75 (2012-10-18 22:46:49)


Kankan
First ASUS Laptop french forum
http://www.forum-des-portables-asus.fr/index.php

Offline

 

#142 2012-10-18 21:50:46

Koos
Administrator
Registered: 2007-01-14
Posts: 525
Website

Re: Private Messaging System 1.2.x 1.2.3

You should seriously consider upgrading your forum software to the latest version. There were numerous XSS and injection vulnerabilities fixed since PunBB 1.2.10. Same with the PM mod - many security fixes were made.

Regarding the code you posted: the "if (isset($_POST['delete_messages']) ||..." block appears twice. Maybe there is your problem.

Offline

 

#143 2012-10-18 22:48:51

Kan75
Member
Registered: 2010-05-19
Posts: 20

Re: Private Messaging System 1.2.x 1.2.3

Hi Koos,

yes i thought about migrating big time to a newer version smile
In fact, i worked a lot on skinning, modding on this version that i am a bit  lazy to redo the work smile

NB : i edited my message, the ""if (isset($_POST['delete_messages'])" appears once in my message_list.php. The error should be elsewhere

regards,


Kankan
First ASUS Laptop french forum
http://www.forum-des-portables-asus.fr/index.php

Offline

 

#144 2012-11-15 22:31:28

Koos
Administrator
Registered: 2007-01-14
Posts: 525
Website

Re: Private Messaging System 1.2.x 1.2.3

Hi Kan75, have you managed to sort this error out?

Offline

 

#145 2012-11-15 23:09:49

Kan75
Member
Registered: 2010-05-19
Posts: 20

Re: Private Messaging System 1.2.x 1.2.3

Hi Koos,

Not yet. In facts, i am working on the forum migration.
Huge work smile

Regards


Kankan
First ASUS Laptop french forum
http://www.forum-des-portables-asus.fr/index.php

Offline

 

#146 2012-11-15 23:19:45

Koos
Administrator
Registered: 2007-01-14
Posts: 525
Website

Re: Private Messaging System 1.2.x 1.2.3

If you are upgrading from PunBB 1.2.10 to the latest version, this might be of help: punbb-1.2.10 to 1.2.23 patch. Also remember to run the db update script once you are done.

Offline

 

Board footer

Based on PunBB
© Copyright 2002–2005 Rickard Andersson

© Copyright 2004–2006 Kristoffer Jansson

User contributed files are property of their respective owners.