Hello,
I am currently admining a phpBB board and have started to look at other forum options. SMF seems like a good fit but I am hoping I can get a few concerns out of the way.
1. During the login process is there an option to prevent the users password from being emailed to them in plain text? This seems unnecessary and insecure, nothing like opening an email and having your password exposed to the world.
2. Are passwords stored in the database as a hash or are they encrypted. What algorithm is used?
3. I see that bots are also a problem in SMF. Since easy patching is core feature I want to keep I do not want to install any mods. I see there is a captcha mod that improves the login process, is there any planse to put such a system in the main release?
4. I also saw a post about search bots creating errors.. How well to they crawl the forums? The one forum I admin gets alot of google traffic which is a good thing.
1. Don't remember having this option but it can be done easily ,I think, by modifing SMF a little bit.
2. They are hased using sha1(from rc1) and md5 before rc1.
4. There is no problem with the bots crawling a simple machines forum.
Lainaus käyttäjältä: Remaker - toukokuu 08, 2006, 10:03:15 AP
2. They are hased using sha1(from rc1) and md5 before rc1.
Ok, will this create an issue when importing a phpBB board as I believe it still uses md5?
I was planning on starting with a clean rc2 install before importing.
No... There is absolutely no problem importing from your phpbb. ;)
Lainaa1. During the login process is there an option to prevent the users password from being emailed to them in plain text? This seems unnecessary and insecure, nothing like opening an email and having your password exposed to the world.
Passwords can be removed from e-mails by editing the activation string in the language file
Lainaa2. Are passwords stored in the database as a hash or are they encrypted. What algorithm is used?
I believe it is SHA1 and possibly something else. A forum search should reveal the answer
Lainaa
3. I see that bots are also a problem in SMF. Since easy patching is core feature I want to keep I do not want to install any mods. I see there is a captcha mod that improves the login process, is there any planse to put such a system in the main release?
Although bots aren't much of a problem there is a captcha mod. Captcha will also be in the final version of SMF 1.1 which should be released soon
Lainaa
4. I also saw a post about search bots creating errors.. How well to they crawl the forums? The one forum I admin gets alot of google traffic which is a good thing.
A lot of SEO enthusiasts have been posting recently and are being very picky about the way SMF works. It works fine IMO.
LainaaOk, will this create an issue when importing a phpBB board as I believe it still uses md5?
The converter will store their current password in md5. When the user signs into SMF for the first time they will be asked to type in their password again so it can be converted to SHA1
Lainaus käyttäjältä: huwnet - toukokuu 08, 2006, 11:29:35 AP
Lainaa
3. I see that bots are also a problem in SMF. Since easy patching is core feature I want to keep I do not want to install any mods. I see there is a captcha mod that improves the login process, is there any planse to put such a system in the main release?
Although bots aren't much of a problem there is a captcha mod. Captcha will also be in the final version of SMF 1.1 which should be released soon
Great, as I stated I am not interested in installing mods and breaking the patching process. Mods where nessary in making phpBB do many common things and created a nightmare when it came to patching. SMF seems to have all the features I need in its core featureset so I look forward to easier patching.
I have one more question: Are themes more system independant than in phpBB? For example as new versions come out and patches are released will I have to do a bunch of hand edits to any extra themes I install or will they gracfully be missing features or show the default style for new features?
I can imagine SMF themes go pretty good along, I installed a new theme that was only for 1.1 onto a 1.0 - it worked fully in the frontend and user area and only think that did not work was it showed some blank fields for a 1.1 funcionality settings in the admin module that of course was not in my 1.0. So i think themes go pretty independent from the forum and moreover you recognize what changed on the display errors. You can use 1.1 there with 1.0 without a problem i think. ;D
LainaaGreat, as I stated I am not interested in installing mods and breaking the patching process. Mods where nessary in making phpBB do many common things and created a nightmare when it came to patching. SMF seems to have all the features I need in its core featureset so I look forward to easier patching.
SMF mods are installed via the package manager. Therefore you can easily uninstall the mod before you upgrade.
Lainaa
I have one more question: Are themes more system independant than in phpBB? For example as new versions come out and patches are released will I have to do a bunch of hand edits to any extra themes I install or will they gracfully be missing features or show the default style for new features?
Theme updates usually only happen between major versions (e.g 1.0 and 1.1, not 1.0.7 and 1.0.8).
When you decide to upgrade to the next major version a guide will be written detailing any changes that need to be made.
Note that there isn't yet a guide for converting themes from 1.0 to 1.1 as 1.1 is not yet a stable release
Lainaus käyttäjältä: huwnet - toukokuu 12, 2006, 12:11:11 IP
SMF mods are installed via the package manager. Therefore you can easily uninstall the mod before you upgrade.
I assume that uninstalling a mod would also remove changes to the database, and then all mod related data world be lost, correct? This would make for a fair bit of extra setup between versions.
Lainaa
I assume that uninstalling a mod would also remove changes to the database, and then all mod related data world be lost, correct? This would make for a fair bit of extra setup between versions.
True although I don't believe the captcha mod uses the database.
If it does removing its settings won't matter as it will be included soon in the standard install
What happens on uninstall is up to the mod author. Personally all my mods do not undo database changes on uninstall as otherwise you risk having a lot of annoyed people when they find their data gone.
Lainaus käyttäjältä: Grudge - toukokuu 12, 2006, 12:55:00 IP
What happens on uninstall is up to the mod author. Personally all my mods do not undo database changes on uninstall as otherwise you risk having a lot of annoyed people when they find their data gone.
Again another strike against useing mods, if there is no standard behaviour this could be ugly.
Lets say I install a mod, I run the forum for a long time and have made use of the mod settings on many things. A new version comes out, I need to upgrade because of security issues. I uninstall the mod, I assume I needed to make manual skin changes for the mod so they remain, uninstalling kills the tables and I loose the data. I run th upgrade, my forum now has skin issues both from the upgrade and from the mod, o and the feature set changed so the mods features are redundant or incompatible..
Worst case, but I think I will stay away from mods.