A new version of FUDforum is in the works, 2.6.14. This release is intended to introduce some new functionality as well as address any existing bugs. Some additional work has been done to enable future PDO support. At this time I already have a "beta" PDO driver that works with PostgreSQL, MySQL and partially supports SQLite. I hope to have it in CVS within a release or two. This version can be downloaded at: http://fudforum.org/download.php [b]New Features:[/b] Added Brazilian Portuguese translation. Allow resizing of the textarea for message posting. Added ability to set temporary bans. Added admin control panel to view all banned users. Improved performance of threaded topic view list rendering. Improved png hack for IE, it is now done by PHP. Better caption for template set on theme editor. Added unread message indicator for collapsed forums. Some changes to allow support of PDO database interface. Added view support to upgrade script. Improved message storage algorithm [b]...

Up until a few days there was no way to tell PHP from which IP address to submit requests when making connections on a multi-ip server. PHP would automatically pick the 1st external IP and use it deliver external data. To address this limitation, I've added a context option that allows to you to bind an IP from the available local IPs and use it, rather then the default to initiate the connection. [php] $conn = stream_context_create(array('socket'=>array('bindto' => "1.2.3.4:0"))); file_get_contents("http://url", NULL, $conn); [/php] The "socket" wrapper option "bindto" takes a ipv4 or ipv6 address as well as a port, binds the connection to it. Using the port is not necessary in most cases, if you simply wish to bind to a certain IP, specify it followed by ":0" as shown in the example.

Today is the eve of PHP's 10 anniversary, could anyone had guessed that what started as a little Perl script would evolve into a scripting languages powering millions of sites all over the globe. My 1st experience with PHP came around 1998, when the ISP I was using at the time was quite mortified by the load my Perl (CGI) scripts were causing on the server. Their suggestion was to switch to PHP, which supposedly offered performance and would help me not kill server, this was back in the day when PHP 3.0.X was king. As a programmer coming from a C background, PHP was a welcome break from Perl, a language seemingly designed for obfuscation. The thing that impressed me the most about PHP was the online manual, which rivaled many books in clarity and ease of use and a thriving community of users willing to share the knowledge about the language. It was another 2 years before I made my 1st contribution to PHP in a form of the shmop extension that provided quick & simple interface to shared memory for PHP....

A few months ago I proposed a patch that would permit stopping the Zend Parser at a certain point in the script and not having it try to examine any subsequent content. The logic behind this feature was to simplify the process of creating single-script installers, such as the one used by FUDforum. The installer is a single script that at the end of it contains a code archive of the application being installed, which the installation process places into the set locations. The problem with implementing such installer at this point was that the data must be made PHP safe, so no

A few days ago a friend of mine sent me a URL to an online store with a product he found interesting. When I went to the site, aside from the aforementioned product I saw a nice "Hacker Safe" logo, with the date (current date) which was supposed to assure me as a consumer that this site is "safe". Clicking on this logo took me to a page of a security company specializing in "helping sites protect you (the customer) from identity theft and credit card fraud", sounds good, I feel much safer already. Curios about the truth of the site's hacker-safe claims, I decided to do a very basic test for Cross Site Scripting (XSS) by adding a small HTML string in the place of one of the parameter values in the get query. Imagine my surprise when rather then rejecting the clearly bogus value (number was expected, but non-numeric string was supplied), my input and the HTML tags found within were displayed verbatim. This little oversight would allow anyone to inject arbitrary content to be displayed as part of the store’s f...