Categories
Security & Updates

miniBB Update 3.0.3 released

miniBB forum 3.0.3 important for those who tired of massive spam registrations, which can’t be avoided even if Captcha module is installed.

Despite these URLs are active only for logged members, and inactive for guests and search engines, this version of miniBB provides a solution to avoid this behavior.

We still support the Website field, considering it is important for “normal” posters who will get some “profit” from their useful postings; but the solution doesn’t allow to fill this field in, until a member has been made more than ‘$allowHyperlinksProfile’ posts on forum. ‘$allowHyperlinksProfile’ can be defined differently, or it is equal to ‘$allowHyperlinks’ value by default.

The approach works that way:

1) when registering an account, it’s not possible to provide Website field’s value; and if it has been provided, the script will not allow to register an account;

2) when editing the Profile, it will be possible to provide the value for the Website field only having at least ‘$allowHyperlinksProfile’ total posts made on forum;

3) if member’s topic or message has been deleted, and now this member has less than ‘$allowHyperlinksProfile’ of total posts, the Website field will be nulled automatically (so the spammer has no chances to keep this link after his bulk postings were deleted);

4) There is a basic function coded to protect other text-type fields of the Profile to not have possible to insert ‘http’, ‘www’ or 2-4 letter char followed after dot (single domain).

This solution came from the suggestional thread of one of our members: and it has been proved to work on miniBB forums for about two weeks – now it seems I’m truly happy with it, because it also stopped bulk registrations for miniBB forum.

Changes Details

1) MANDATORY core files changes – backup, then overwrite the following core files (near each filename there are more detailed changes mentioned):

  • bb_codes.php – deCodeBB function’s update for ‘nourl’ tag: the URL definition should not contain space i.e. `([^<>\n\r]+?)` comp. to the older format `([^<> \n\r]+?)` (useful for long URLs which can’t be broken then)
  • bb_func_checkusr.php – not possible to provide Website value on registration or having too less posts; added functionality (verifyForLinks() func.+verification algo) to avoid insertion of hyperlink-related values in the other default text fields of miniBB member’s profile
  • bb_func_deltopic.php – $poster_id added to the $pUsers array – to fix the case of updating the account of the topic’s author, if the first message of this topic has been moved to another thread. There is a new code for that: `if(!in_array($poster_id, $pUsers) and $poster_id!=0) $pUsers[]=$poster_id;`
  • bb_func_editmsg.php – bugfix: moderators should not be allowed to edit messages from the forbidden forums; as reported in http://www.minibb.com/forums/3_5924_1.html
  • bb_func_editprf.php – it will remove the WEBSITE field from the form, if user_num_posts < allowHyperlinksProfile
  • bb_func_regusr.php – it will remove the WEBSITE field from the form when completing a new registration
  • bb_func_stats.php: – `$tuW=(isset($statsDefField)?$statsDefField:’topic_last_post_time’);` instead of just `$tuW=’topic_last_post_time’;` – this will allow to customize the ordering of stats records, it could be defined to `topic_time` to have different results displayed for fresh topics, not the most answered topics
  • bb_functions.php: version update; update of pageNav function – for mobiles, now it’s possible to insert customized prev/next links; comma eliminated from Today/Yesterday statements (possible to put into translation anyway)
  • index.php: ‘unset’ vars extended to new values; `allowHyperlinksProfile` code added
  • setup_mysql.php – db_calcTotalUserAmount() function updated: Users having less than allowHyperlinksProfile posts made, will have not be allowed to keep the hyperlink in the profile under the user_website field, it will be removed automatically as soon as the system detects this, when posting or deleting a message. Doesn’t affect admins.
  • templates/user_dataform.html: WEBSITE flag – put in your template following the package’s example, to protect the profile from spam registrations

2) Some non-mandatory changes were applied to the default miniBB release only. You don’t need to upgrade your version if you feel everything is fine on your end:

  • lang/eng.php – updates regarding l_userErrors related messages

More Information

  • Try Online Demo:
    miniBB (Official Website external link)

    miniBB changelog (miniBB Official Website external link)

  • Start miniBB:
    In order to use miniBB you need a domain name (ex. yoursite.com) and web hosting service.
    If you don’t have a domain name Register a Domain Name.
    To install miniBB choose one of our hosting plans. (all our packages includes Softaculous).
  • Hosted miniBB
    Contact us if you don’t need a domain or hosting service, and want to use miniBB anyway.
[otw_is sidebar=otw-sidebar-7]

[otw_is sidebar=otw-sidebar-8]

Blog: News & Updates

[otw_is sidebar=otw-sidebar-5] [otw_is sidebar=otw-sidebar-6]
[otw_is sidebar=otw-sidebar-9]