Resurrecting a forum to or three releases back

[Just Another Member]

The code already uses chmod where it can to change permissions. exec is very insecure and I wouldn't like to use it unless I had to. It's almost as bad as eval. Although you can escapeshellargs to negate most of the problems. It also has a relatively high overhead for what it is. Especially when php has built in functions to change file permissions if it can.

Well that was just idea #1. My mods rarely end the way they start. Yeah, use PHP not shell out. I doubt the overhead would matter.

That idea of using FTP, you're telling me that isn't HIGH overhead? And that FTP is secure??? If your FTP account has enough authority to change file permissions then how is that secure? Sorry, not buying that. In my opinion there is no place on a dedicated server for FTP into secure areas, although perhaps accounts restricted into play pens may be okay. Like to a file upload section... but definitely a heavily pruned FTP with limited command set. No way on allowing it to make files executable. I make the files write only, no read, no execute. That limits somebody to uploading a file to a restricted area, period.

This has been a good read, I had thought about resurrecting and old forum and this gave me some food for thought.
// OFF TOPIC //
36 . I have clothes older then 36. Awe if I knew then what I knew now.

Thank again for the read, good topic.

Well don't feel smug, smarty! I too have clothes older than 36. You ever her of us girls wearing antique stuff? I bet I have jewelry older than you too!!!

SRSLY, I'll follow any rules about off topic but once the staff starts it I figure I can give as good as I can get. And I don't mind MY topics going off topic as long as the OT is entertaining!

[Just Another Member]

And seriously although not on topic don't you think using FTP to change file permissions is a bit arcane?

I used to have trouble with that even when I was on a shared host and had no choice to not have FTP.

Not that I expect to be listened to, but the Package Manager should have the code built in to handle any permissions it needs to change while installing packages. That FTP thing is just nuts!


Back on topic, which do you think I should do, and why?

1.) Upload all my mod packages to get the Package Manager to show an up to date mod package status?

2.) Just truncate log_packages?

3.) Run the damned script.

Please justify your choice.

[Aleksi "Lex" Kilpinen]

You do understand that it is there as one option among others? It is not relying on FTP but can function with FTP if it is available. Since there are like 101 different setups out there, not any one solution would work for everybody.

And, run the script. You are on virgin files already, play safe and start fresh with modding too.

[Arantor]

Eh, if only that were how it worked.

It uses PHP's own chmod (rather than exec) because there's a reasonable chance it might work on shared hosting (unlike exec which so rarely works). And using FTP if chmod doesn't work is a logical progression for shared hosting in a way that exec isn't.

[Just Another Member]

Well that's funny because my first mod wouldn't install until I went via SSH and changed the file permissions. I kept hitting the button to complete the mod installation and it kept saying that the file permissions were not correct. I didn't bother filling any FTP parameters because I set-up the server myself from nothing more than Debian Jessie + SSH. I secured my SSH via RSA public/private keys then used WinSCP for any file transfers necessary. Built-in editor speeds up things like adding repositories. What I mean to say is that I am my own ISP and I know every thing installed on my dedicated server.

I'm at a loss as to why it wouldn't install if it doesn't need FTP as I had assumed. This will bear looking into because I don't want to play with SSH every time I install a mod. I'm going to have to have a look at the Package Manager code and dope it out until I understand how it handles file permissions. (Homework assignment #1.)

And then homework assignment #2 is to read and understand every line of the "fix it" file we have been discussing until I completely understand what it is doing.

Once I understand the file then I'll run it!

I hope everybody will understand that this girl is not looking for a quick fix. I don't like blindly doing things I don't understand. I learn nothing that way. I didn't learn to build a server by ticking off somebody's check list. I had to research everything that went into that server from securing my SSH to installing MySQL, PHP, nginx, proxying my fast CGI, installing email service, the whole shebang. Now I know everything that ticks under the hood of my dedicated server because the only part I didn't install myself was Debian. (I hit the button that imaged Debian Jessie 64-bit onto my raw server.)

I understand that you are into getting beginners up and running as quickly as possible, and that's good because most forum operators could care less how it works as long as their forum is up. As far as they are concerned it's FM to them. (Magic.) I'm different. I write my own code. I want to know exactly how things work so I can modify them to work my way. I'm just not the typical beginner. I'm a doer.

So I'll read the code and then I'll look at what it does. And then I'll report back and tell y'all how it worked!

I really appreciate your help and advice and I hope you don't mind when you run across somebody who wants to know why it works, not just get a quick fix. Maybe I'm the next generation of Simple Machines. I'm not stubborn, I'm inquisitive. I want to learn.

So thanks again, I know what to do now, and I'll let you know how it worked out. I should end up with a clean code base and a database that has all my posts and users but minus any mod packages. I do have mod package settings in my database, but I want them there because when I start reinstalling my mods they will already be configured.

Once I get to that point I'll do a full file backup and database backup and I'll have all the data I need to start out fresh if ever again I find myself in the fix I was in when I posted the OP.

Thank you all again!

[Arantor]

Because however you set it up, SMF couldn't write to the files which you have. This is normal in Jessie because I'd expect PHP to be running as the Apache user, and your files to be owned by your regular user account which wouldn't be in any of the groups that would normally have write access.

[Illori]

That's good because most forum operators could care less how it works as long as their forum is up. As far as they are concerned it's FM to them. (Magic.) I'm different. I write my own code. I want to know exactly how things work so I can modify them to work my way. I'm just not the typical beginner. I'm a doer.

you need to remember that we dont all know the code of SMF forward and backward. we are here to provide answers to users that dont know anything about php. some of the users here dont even know what php is, just that their forum either works or does not work. we get them up and running and they are happy. if you want to know the why to everything then read the source code the find your own answers.

[Arantor]

I don't think reading the source code is often that helpful either. There's a lot of missing context as to why things are done the way they're done - but there's maybe 3 or 4 people that tell you why things are so for any given piece of code.

[tinoest]

If it couldn't change the permissions then you didn't have it set up to the correct user. You need to chown the files recursively to www-data:www-data from the forum root directory.

[Just Another Member]

Because however you set it up, SMF couldn't write to the files which you have. This is normal in Jessie because I'd expect PHP to be running as the Apache user, and your files to be owned by your regular user account which wouldn't be in any of the groups that would normally have write access.

There is no Apache. It's nginx. Suzy doesn't do Apache. nginx is better. C4K etc. I had Apache at my shared hosting (1&1) and I write .htaccess just fine, but I like nginx better. I can set up new sites more quickly and IMO nginx is more efficient. But nobody will ever agree on that and I'm sure you could trot out all the reasons why Apache is better. I'll concede that nginx is more difficult to set up.

Yeah I'd expect it to be chowned by some sort of www-data:www-data but it's chowned by root:root and works fine. It was the permissions I changed that allowed my mod package to install. I'll look at the Package Installer code and see what it's doing, maybe set up a test SMF and put some debug statements in it to figure out what it's problemo is.

you need to remember that we dont all know the code of SMF forward and backward. we are here to provide answers to users that dont know anything about php. some of the users here dont even know what php is, just that their forum either works or does not work. we get them up and running and they are happy. if you want to know the why to everything then read the source code the find your own answers.

Sure, I understand that. I was a member a few years ago and spent some time on the support team myself (unofficially) and in essence did the same thing you are doing. I forgot my username and probably changed ISPs anyway so no way to recover the pass even if I could remember the username. That was back before I began writing mod packages and had to understand the workings inside. (Actually it's full of worms. Please don't tell anybody. It gives a bad impression when you tell newbs the truth!)

These days I know the code forwards and backwards, and on my back too, but have yet to learn it sideways. Alright I'm exaggerating or I would know the Package Manager code. Who ever mods that???

If you want some amusement go look up what PHP stands for. LOLOL! Once you have the answer you can join my department of repetitious redundancy department.

By the way, did you know that http://example.com is a real domain? LMFAO!!! And no, it's IP address is not 192.168.1.1.

I don't think reading the source code is often that helpful either. There's a lot of missing context as to why things are done the way they're done - but there's maybe 3 or 4 people that tell you why things are so for any given piece of code.

I remember when you had to know all the funny comments to find out where you'd hook your mods before we added the integration hooks. And the $context[] is just fine, it's not missing!

I can tell you why things are for tons and tons of SMF code. It's how I learned to code. I had only one class in college that was computer science. I majored in Lit and Psych, and minored in Art. I'm self taught and rewriting SMF had a big part of my learning PHP, SQL, Javascript, AJAX. Remember, the Internet is self documenting. Everything you need to know about PHP is on PHP.net. And there's those code help sites for coding and the W4C sites for HTML, CSS, etc. It's not rocket science. You just need a good memory for details. Code is all details, all details!

I'm pretty sure I've modded well over half of the files in Sources and half of the templates in the Themes curve section. It is a lot easier now that we have integration hooks.

If it couldn't change the permissions then you didn't have it set up to the correct user. You need to chown the files recursively to www-data:www-data from the forum root directory.

Correction: You need to do that if you are running Apache. You don't need to do that if you're running nginx.

Or if you do somebody forgot to tell that to my now functioning forum.

I could change a few config blocks and make nginx work that way (www-data) if I wanted it to. In fact I think I remember the exact file and line to change. This is the third time I've set up a server for nginx in about 5 years.

Wait, I just re-read that. If you are messing with chowning then I'll have to track that down and change either my server or SMF's code. However my custom CDS uses root:root so probably easier to just mod the Package Manager if it's messing with chownership. 'Nother piece of code I'll have to look at. Only thing is, my forum was running fine before I dropped the forum and let the server rental expire. I'm running exactly the same server config I used when this forum was active. At this point I'm not willing to claim I'm right, and not willing to accuse you of being wrong. It's a situation I'll have to investigate.

In case you're wondering why I'm typing instead of fixing, women have a minimum daily requirement for a healthful amount of shopping. I spent some time at Bed, Bath and Beyond but didn't get enough so I decided to take a break before I head over to Amazon. I probably won't get back to fixing until tomorrow. I need to break up my day into things other than code. But I enjoy taking about it when I'm not doing it.

I might even go help a few newbs by getting back into helping on this board. I always liked doing forum help as a form of Jeopardy. I'll pick off some easy questions and leave you ppl to answer the difficult ones.

[tinoest]

If it couldn't change the permissions then you didn't have it set up to the correct user. You need to chown the files recursively to www-data:www-data from the forum root directory.

Correction: You need to do that if you are running Apache. You don't need to do that if you're running nginx.

Or if you do somebody forgot to tell that to my now functioning forum.

I could change a few config blocks and make nginx work that way if I wanted it to.

It will Work without them but you'll have to manually change permissions. If you do change it then you shouldn't need to log on via ssh to change permissions.

So correction you don't need to do that on apache either if you're happy to log on to change them yourself.

[Arantor]

I can tell you why things are for tons and tons of SMF code. It's how I learned to code. I had only one class in college that was computer science. I majored in Lit and Psych, and minored in Art. I'm self taught and rewriting SMF had a big part of my learning PHP, SQL, Javascript, AJAX. Remember, the Internet is self documenting. Everything you need to know about PHP is on PHP.net. And there's those code help sites for coding and the W4C sites for HTML, CSS, etc. It's not rocket science. You just need a good memory for details. Code is all details, all details!

There are multiple members of the SMF dev team, past and present, in this topic

[Just Another Member]

There are multiple members of the SMF dev team, past and present, in this topic

That's great! I hope they like a girl with a high voltage sense of humor and probably deficient in any form of modesty!

Maybe I'll come write your code for you people when you get too old for coding.

No, seriously, you should be proud of me because I learned most of my coding from YOU and from reading your code. I wrote my own general purpose CDS using methods I learned in understanding and modifying your code when I wanted my forum to be different than the mainstream SMF code. In a way you can think of it as that you got forked by Suzy!

I hope it was as good for you as it has been for me. Now that we're here in one topic I can express my appreciation for the things that I learned from you! All at the same time! Woo hoo!

I particularly like your idea which I have called "sentinels" where you define('WHATEVER', true); and then in each included file you if (!defined('WHATEVER')) die();. Since that define is only in my index file it's impossible to execute other files unless a hacker can place files on your site. No way to communicate a DEFINE by any external means. You know what they say, if I can put a file on your site I own your site. Nobody can read my files or your files unless they come in by the front door! I too rewrite all accesses that every access goes through the index. My index does three things: that DEFINE(), it defines the 4 parameters necessary to login to a database, and then it includes my main.php where the real code starts. (Oh it includes declaration of $context[] plus capturing initial UNIX time and stuff like $context['page_loads'] (so I can have an optional footer including all pages loaded and all SQL queries). The important part is that I can have 1, 2 or a dozen websites running the same code.

I'm using your concept of one file does all the calculations and then includes a template that translates the data into HTML etc. I'm not using the language files because my sites are all English but I'd use your technique for multilingual if I wanted. Actually my language files are separate but I have only $txt[] for English. I could expand to multilingual if I wanted to.

I remember the funny lines where you used to search to insert your mod's hook into the code before you went to integration hooks, all the funny sayings made me laugh!

I remember that Sleepy is one of the nicest guys here and rarely has a disparaging word, Kindred cuts both ways but is usually nice. Arantor had a different name, I forgot what it was, but he like fine wine he has improved with age and he's much nicer now. I'm sorry to remember that some of your staff are on power trips. I fire power trippers from my team but I just deal with them on other sites like yours. (It's hard to hire free labor.) I'm never the one to be first to go off topic but when a staffer goes off topic I figure the topic is game.

You developers here, you taught me how to code! I learned your methods, I never copied any lines of your code (okay I have the same variable $context[] but it has my stuff not yours). I put all the debugging tools in my code too, and if I turn it on I can see all the page accesses, SQL queries, timing data on all. Except for one stupid comp sci class in college I learned everything I know about coding starting with learning SMF's code base.

I write my own mods when I can't find mods you have that do the job for me. My mod squad has just one person and my mods are always approved! I'm thinking of submitting just one mod and get it on your chart just so you know I'm not FOS.

I'm a girl who loves her fun, I enjoy writing code — particularly in a world where most code is written by men — I hold my own at my contract IT job even if it's only part time and only a few other grrls on the team. Corporate apps are boring. A few more years and I'll have my own IT business.

And I owe it to you all. So no, I don't mind if there are devs in my topic. I'm glad you are here so I can personally thank you! When you get tired of writing code maybe I'll join your team along with the others of my generation and take SMF to ever greater success.

So Arantor, I'm not bothered by devs or SMF management reading my posts, and I'm glad that you are a better man than you used to be the last time I was on the site some years ago. You're a likeable guy now and I'll be happy to be friends with you if you wanna be friends with me. Just call me Suzy!

[Irisado]

Random chit chat has been moved somewhere more suitable: https://www.simplemachines.org/community/index.php?topic=557966.0.  Let's keep this topic for support issues only please.  In addition, Susan, please avoid making three or four consecutive posts from now on and use the insert quote option instead.  I've merged a whole bunch of sequential posts to clean this topic up somewhat.

[Just Another Member]

I'm pleased to see this topic cleaned up today, I was going to request that somebody please delete the off topic stuff. Delete, move, makes no difference. The off-topic discussion had come to a conclusion and I had no further comments to add.

I'm sorry but I am unaware of any insert quote function. Is that something new since 2.0.12? Is there a topic that explains how to use it? I had been looking for a multi-quote feature but found none.


I ended up restoring my mod packages to the Packages directory and backed up my log_packages table for safe keeping. Then to get a list of active packages I discovered the easiest way was to search for member_removed = 0. I download that and pasted it into a spreadsheet to get a list of my previously active packages. Unfortunately the mod packages showed in the Browse Packages list but not in the Installed Packages list. I had wanted to do a screen capture on the Installed Packages list to get an idea what order to reinstall my mods in.

A little bit of sleuthing Packages.php and Subs-Package.php showed me that when installed.list is empty SMF marks ALL packages as install_state = 0 (not installed). The Package Manager writes the UNIX date in that file whenever it performs an action and mine was empty.

I ran a quick query:

Code Select Expand

UPDATE `smf_log_packages` SET `install_state` = '1' WHERE `id_member_removed` = '0';

This resulted in the display that I wanted to shoot, to give me some sort of clue which order the packages had been most recently installed in. When I am ready to start reinstallation of packages I prefer to install the most stable ones first, and any that may be subject to further tweaking last, to avoid interactions with earlier packages which on occasion occur.

So at the present time I have all my mod packages uploaded and ready to install when the time is right, and as much documentation as can be extracted from the old database regarding the most recent mod package configuration.

I began reading fix_packages.php but had so little sleep that the lines were blurring and I decided to report in then take a break. I installed a test forum and a few packages on it and tried fix_packages.php but didn't get much of a feel what it actually does. I see that it removes hooks but I've already done that and in fact ran the same query as in the code. I'm having difficulty understanding what additional functionality it adds or has to offer in my situation. I'l read the code again after a rest and maybe it will be clearer. Is there any write-up available describing what it does?

I'm still deciding whether to run fix_packages.php or just truncate the log_packages table and be done with it. (My integration hooks are long gone.) If anybody has any suggestions I where can find more about fix_packages.php I'll appreciate a link.

So I'm going to take a break and return to this after I'm rested. I still know what more there is to accomplish since I already removed all the integration hooks. The log_packages table has no further significance in the new installation and I can see no reason to not just truncate it and then start installing my mod packages.

I'll return to the topic after I've rested and then studied fix_packages.php a bit more. Perhaps there will be further replies in this help topic. Thanks again everybody who has been helping!

[Arantor]

The quote feature is where you press the quote button either to the quick reply box or from the full reply box and it inserts the quote for you. It's been there since 1.1 or possibly 1.0, I don't remember any more.

[Just Another Member]

I hadn't realized that. My forum has been down for several months and have been on only vBulletin and XenForo forums, plus one that is either modified vB or custom. It's just another thing I forgot while I wasn't interested in operating forums. Luckily I've remembered the admin panel just fine.

Thank you for the explanation and I'll use it in the future. In a way SMF's method makes a lot more sense than muti-post buttons.

[Just Another Member]

I'm trying to figure out just exactly what the goal is here. I was up most of the night and did a bunch on my forum, now I'm just numb and doubt I'll get any more done today. It always helps me when I am stuck to restate the problem so here it is.

I'm restoring a forum with just the database, SMF 2.0.12 files lost, currently using fresh, unmodified 2.0.15 files. I have uploaded all my latest mod packages into the Packages directory, and have edited my log_packages to indicate all the mods that were installed when I took my forum down early April.

I think to myself just what is a mod package, in terms of what it does.

1. It alters your database, usually by adding settings and data
2. It alters your code base modifying files and adding other files
3. Newer mods install integration hooks and add files, and modify files when necessary
4. Important to note that not only are there default DB settings but also my old configurations

Now the problem is that while I have all the mod packages and 100% certain I have the right ones, I have a virgin 2.0.15 code base. (I found some avatars and attachment but not any of my modified old code.)

So right off I know the code base is virgin and pure. It's just an unzip of a fresh install except install.php gone and I copied my old Settings. php, configured my database for the new server.

I don't see any point in doing anything at all to the existing code base. For all intents and purposes it's just a plain 2.0.15 installation with no mods.

I deleted the integration hooks yesterday so SMF is not calling the mod files that aren't there. Any files my mods changed are not changed. Any files my mods add haven't been added because I haven't installed any mods.

Let's consider the database changes my mods made. There were default settings I added, and there were settings that I populated while adding my mods. One example, a post tagging mod where each forum section has a tag on each line in the topic list. If I deleted them I'd have to re-enter them. I have plenty of other mods that are configurable and my database has the configuration I wanted. I can't think of one single reason to change the database. It's now configured for my new domain, the file permissions are all right.

What else is there to change? It seems to me that all I really need to do is backup the code base and backup the database, just so I can get back to this state if I want to. It is now the closest I can get to the old forum as I am able.

Once I've backed up a baseline, just what else is there to do except install the mod packages?k

It looks to me line all I need to do is truncate the log_packages table, backup the current configuration, install the mods, and start getting ready to re-launch my forum.


This is my question for the nice people who have been helping me. Why do I need to run fix_packages.php? What exactly will it help me with or protect me from other than what I have already done? It's supposed to make sure that ... what?

If I left anything out except just getting on with developing my site, please tell me what it is. Thanks!

I would be happy to close this topic as solved if only I could get a few opinions on my post immediately preceding this one.

I hate to move on and just do what I described above (back it up and install my mods and move on) but I know that I should not ignore advice to the contrary without fully understanding the reasons for the folks who recommended "just run the script" had. In fact at this point running the script might be harmful.

I just can't understand what I would have to gain at this point by running the script, as opposed to just truncating the log_packages, backup and move on. I'm anxious in wanting to settle the issue and move on.

Posts merged.  Please wait at least 24 hours before bumping support topics - Iris.