phpBB Forum Software

Hello,Today we begin a new chapter in the history of phpBB. After five years, over 200,000 lines of new and altered code, and many a long night phpBB Group is very proud to announce the release of phpBB3 "Olympus".phpBB has changed considerably since ... [More] work on its second major release began. People have come and gone but this day would not have been reached without the hard work and dedication of all our group members, past and present. The phpBB community, all of you, also deserve a large pat on the back for continuing to support this project. Whether it be through writing mods, creating new themes, spreading the word or simply using phpBB to build new communities, our thanks to you too.So again we say with great pride and many thanks to all those who've helped us reach this point - enjoy phpBB3.Thank you.For discussions about this announcement, please refer to: Discuss: phpBB3 Gold Released [Less]

7 years ago phpBB 1.0 was released to the community. Since then, phpBB evolved and grew over the years, now with a strong and healthy community and teams making sure everything runs smooth.Everyone raise a glass to phpBB's 7th release birthday. As a ... [More] little present to you, the community, we are now announcing the official release date of phpBB3 Gold:13th December 2007 - 17:00 GMTBe sure to be around for the release party - we want to celebrate the birth of the new generation Open Source forum software solution with you.Yours, phpBB Teams. [Less]

7 years ago phpBB 1.0 was released to the community. Since then, phpBB evolved and grew over the years, now with a strong and healthy community and teams making sure everything runs smooth.Everyone raise a glass to phpBB's 7th release birthday. As a ... [More] little present to you, the community, we are now announcing the official release date of phpBB3 Gold:13th December 2007 - 17:00 GMTBe sure to be around for the release party - we want to celebrate the birth of the new generation Open Source forum software solution with you.Yours, phpBB Teams. [Less]

Hello,We are very pleased to announce the availability of the phpBB3 RC8 package. This package fixes some critical bugs.Please note that we urge you to update - we only support the latest version here.RC8 has seen some improvements as well as fixing ... [More] some critical bugs. Some important fixes are for example:[Fix] Fixed MSSQL related bug in the update system[Fix] Mitigating different realpath() handling between PHP versions (fixing confirm box redirects)[Fix] Fix signature editing - ability to remove signature (Bug #14820)[Fix] Send correct activation key by forcing reactivation for inactive user (Bug #14819)[Fix] Open private message notification (Bug #14773)[Fix] Fixing false new private message indicator (Bug #14627)[Fix] Let newly activated passwords work if users were converted (Bug #14787)[Fix] Allow alternative text for styled buttons if images turned off, but CSS staying on[Change] Do not assign converted votes to the first option in a vote.[Fix] Use correct RFC 2822 date format in emails (Bug #15042)[Fix] Require founder status for some actions on founder-only groups (Bug #15119)[Change] Some improvements to the caching of avatars[Change] Set template recompilation to be disabled by default. All mod and style authors and all those who want to modify their styles should enabled it after installation.[Change] Disable debug mode. All mod and style authors should enable DEBUG and DEBUG_EXTRA.[Fix] Check error reporting level for all error level. This fixes a problem for hosts having manipulated the error handler. (Bug #14831)[Feature] Constant PHPBB_DB_NEW_LINK introduced which can be used to force phpBB to create a new database connection instead of reusing an existing one if the dbms supports it (Bug #14927)[Fix] Automatic URL parsing no longer allows dots in the schema but can parse URLs starting after a dot (Bug #15110)[Fix] Recache Moderators when copying permissions. (Bug #15384)[Change] Do not allow size=0 bbcodes (font-size of 0)Please refer to the changelog for a complete list of fixes since RC7:http://www.phpbb.com/support/documents. ... &version=3A short explanation of how to do a conversion, installation or update is included within the provided INSTALL.html file, please be sure to read it.Minimum RequirementsphpBB3 has a few requirements which must be met before you are able to install and use it.A webserver or web hosting account running on any major Operating System with support for PHPA SQL database system, one of:MySQL 3.23 or above (MySQLi supported)PostgreSQL 7.3 SQLite 2.8.2 Firebird 2.0 MS SQL Server 2000 or above (directly or via ODBC)OraclePHP 4.3.3 (>=4.3.3, >4.4.x, >5.x.x, >6.0-dev (compatible)) with support for the database you intend to use.getimagesize() function need to be enabledThese optional presence of the following modules within PHP will provide access to additional features, but they are not required.zlib Compression supportRemote FTP supportXML supportImagemagick supportGD SupportThe presence of each of these optional modules will be checked during the installation process.SecuritySecurity issues found should be reported to our security tracker in the usual way.Available packagesIf you experience problems with the automatic update (white screens, timeouts, etc.) we recommend using the "changed files only" or "patch" method for updating.With this release, there are four packages available.Full PackageContains entire phpBB3 source and english language files.Changed Files OnlyContains only those files changed from previous versions of phpBB3. Please note this archive contains changed files for each previous release.Patch FilesContains patch compatible patches from previous versions of phpBB3.Automatic Update PackageUpdate package for the automatic updater, containing the changes from previous release to this release.Select whichever package is most suitable for you.Please ensure you read the INSTALL and README documents in docs/ before proceeding with installation, updates or conversions!.Download/DocumentationphpBB DownloadsphpBB3 development sectionphpBB3 DocumentationphpBB3 support forumphpBB3 bug trackerphpBB3 Coding GuidelinesphpBB3 Sourcecode DocumentationHave fun with the release,the phpBB Group. [Less]

Hello,We are very pleased to announce the availability of the phpBB3 RC7 package, the "We are sorry and love our support team" edition. This release fixes some critical issues which arised with the recently released Release Candidate 6, basically ... [More] fixing some bbcode problems as well as missing form tokens. On the downloads page we provide two update packages this time, one for going from RC5 to RC7 and one for going from RC6 to RC7.This release is mostly the outcome of an external security audit performed by SektionEins. All items tagged as [Sec] were found by the company doing the audit and revealed some fundamental problems we were able to fix. We are proud that the audit revealed no sql injection vulnerability or critical command execution vulnerabilities.For release candidates full support is given, allowing language packs as well as modifications and styles. We only give support to those having a clean RC installation or updates from previous release candidates. Previous conversions or updates from betas will not be supported here. We encourage only those running the release candidates wanting to test out the new version, it is still recommended to wait for the full release; after all this is a release candidate.Please also note that we urge you to update - we only support the latest version. Bug reports submitted for previous releases will be closed as well as only the latest version being supported here.RC6/RC7 has seen some improvements as well as fixing some security issues. Some important fixes are:[Fix] Further fixing user profile view (please do not forget to update/refresh your template and style) (Bug #14230)[Fix] Adjust google adsense bot information (Bug #14296)[Fix] Fix horizontal scrollbar problem in IE6 (Bug #14228) - fix provided by Danny-dev[Fix] Correctly set user style for guest user (able to be changed within user management)[Change] Moved note about dns_get_record function for using GTalk (Jabber) from Jabber log to Jabber ACP panel[Fix] Do not use register_shutdown_function within cron.php if handling the queue and the mail function being used (Bug #14321)[Fix] Fixing private message on-hold code if moving messages into folder based on rules (Bug #14309)[Fix] Allow the merge selection screen to work (Bug #14363)[Change] Require additional permissions for copying permission when editing forums[Fix] Local magic URLs no longer get an additional trailing slash (Bug #14362)[Fix] Do not let the cron script stale for one hour if register_shutdown_function is not able to be called (Bug #14436)[Feature] Added /includes/db/db_tools.php file, which includes tools for handling cross-db actions such as altering columns, etc.[Fix] Fixed token handling in jabber class for extremely spec-compliant XMPP server (Bug #14445)[Change] Listing the board url within the email text instead of appending it to the subject (Bug #14378)[Fix] Use correct dimension (width x height) in ACP (Bug #14452)[Feature] Added completely new hook system to allow better application/mod integration - see docs/hook_system.html[Fix] Fixing google cache display problems with Firefox (Bug #14472) - patch provided by Raimon[Change] Allow years in future be selected for date custom profile field (Bug #14519)[Feature] Added an option to enforce that users spend a configurable amount of time on the terms page during registration[Sec] Fixing possible XSS through compromised WHOIS server (#i63, #i64)[Sec] Missing access control on whois in viewonline.php (#i51)[Sec] Encoding some variables within user::page array correctly (to cope with browser not doing it correctly) to prevent XSS through functions re-using them (#i61)[Sec] Fixed XSS through memberlist search feature (#i62)[Sec] Fixed XSS through colour swatch (#i65)[Sec] Fixed insecure attachment deletion (#i53)[Sec] Only allow whitelisted protocols in meta_redirect/redirect (#i66)[Sec] Check file names to be written in language management panel (#i52)[Sec] Deregister globals if ini_get has been disabled (#i112)[Sec] Added form tokens to most forms to enforce a lighter variant of CSRF protection (#i91 - #i96)[Sec] Use new password hash method for forum passwords (#i43)[Sec] Changed download file location to prevent flash crossdomain policies taking effect (#i8)[Sec] Do not allow autocompletion for password on admin re-authentication (#i41)[Sec] Made sure users are not completely locked out if they have a GLOBALS cookie (#i101)[Sec] Use the secure hash to generate BBCODE_UIDs (#i71)[Sec] Increase the length of BBCODE_UIDs (#i72)[Sec] New password hashing mechanism for storing passwords (#i42)Please refer to the changelog for a complete list of fixes since RC5:http://www.phpbb.com/support/documents. ... &version=3A short explanation of how to do a conversion, installation or update is included within the provided INSTALL.html file, please be sure to read it. If you want to be on the safe side we suggest still waiting for later releases before you fully convert your 2.0.x installation.ImportantDue to the password storage mechanism changed, you will not be able to log in to your board if you try to use the updated database with files prior to RC6.Minimum RequirementsphpBB3 has a few requirements which must be met before you are able to install and use it.A webserver or web hosting account running on any major Operating System with support for PHPA SQL database system, one of:MySQL 3.23 or above (MySQLi supported)PostgreSQL 7.3 SQLite 2.8.2 Firebird 2.0 MS SQL Server 2000 or above (directly or via ODBC)OraclePHP 4.3.3 (>=4.3.3, >4.4.x, >5.x.x, >6.0-dev (compatible)) with support for the database you intend to use.getimagesize() function need to be enabledThese optional presence of the following modules within PHP will provide access to additional features, but they are not required.zlib Compression supportRemote FTP supportXML supportImagemagick supportGD SupportThe presence of each of these optional modules will be checked during the installation process.SecuritySecurity issues found should be reported to our security tracker in the usual way.Available packagesIf you experience problems with the automatic update (white screens, timeouts, etc.) we recommend using the "changed files only" or "patch" method for updating.With this release, there are four packages available.Full PackageContains entire phpBB3 source and english language files.Changed Files OnlyContains only those files changed from previous versions of phpBB3. Please note this archive contains changed files for each previous release.Patch FilesContains patch compatible patches from previous versions of phpBB3.Automatic Update PackageUpdate package for the automatic updater, containing the changes from previous release to this release.Select whichever package is most suitable for you.Please ensure you read the INSTALL and README documents in docs/ before proceeding with installation, updates or conversions!.The automatic update package does not include the file includes/utf/data/recode_cjk.php. If you use a SJIS encoding or a variant you should replace this file manually with the version included within the full package.Download/DocumentationphpBB DownloadsphpBB3 development sectionphpBB3 DocumentationphpBB3 support forumphpBB3 bug trackerphpBB3 Coding GuidelinesphpBB3 Sourcecode DocumentationHave fun with the release,the phpBB Team [Less]

Hello,We are very pleased to announce the availability of the phpBB3 RC6 package. This is the sixth (and hopefully last) release candidate which is meant to become the Gold release if no more critical problems arise.This release is mostly the outcome ... [More] of an external security audit performed by SektionEins. All items tagged as [Sec] were found by the company doing the audit and revealed some fundamental problems we were able to fix. We are proud that the audit revealed no sql injection vulnerability or critical command execution vulnerabilities.For release candidates full support is given, allowing language packs as well as modifications and styles. We only give support to those having a clean RC installation or updates from previous release candidates. Previous conversions or updates from betas will not be supported here. We encourage only those running the release candidates wanting to test out the new version, it is still recommended to wait for the full release; after all this is a release candidate.Please also note that we urge you to update - we only support the latest version. Bug reports submitted for previous releases will be closed as well as only the latest version being supported here.RC6 has seen some improvements as well as fixing some security issues. Some important fixes are:[Fix] Further fixing user profile view (please do not forget to update/refresh your template and style) (Bug #14230)[Fix] Adjust google adsense bot information (Bug #14296)[Fix] Fix horizontal scrollbar problem in IE6 (Bug #14228) - fix provided by Danny-dev[Fix] Correctly set user style for guest user (able to be changed within user management)[Change] Moved note about dns_get_record function for using GTalk (Jabber) from Jabber log to Jabber ACP panel[Fix] Do not use register_shutdown_function within cron.php if handling the queue and the mail function being used (Bug #14321)[Fix] Fixing private message on-hold code if moving messages into folder based on rules (Bug #14309)[Fix] Allow the merge selection screen to work (Bug #14363)[Change] Require additional permissions for copying permission when editing forums[Fix] Local magic URLs no longer get an additional trailing slash (Bug #14362)[Fix] Do not let the cron script stale for one hour if register_shutdown_function is not able to be called (Bug #14436)[Feature] Added /includes/db/db_tools.php file, which includes tools for handling cross-db actions such as altering columns, etc.[Fix] Fixed token handling in jabber class for extremely spec-compilant XMPP server (Bug #14445)[Change] Listing the board url within the email text instead of appending it to the subject (Bug #14378)[Fix] Use correct dimension (width x height) in ACP (Bug #14452)[Feature] Added completely new hook system to allow better application/mod integration - see docs/hook_system.html[Fix] Fixing google cache display problems with Firefox (Bug #14472) - patch provided by Raimon[Change] Allow years in future be selected for date custom profile field (Bug #14519)[Feature] Added an option to enforce that users spend a configurable amount of time on the terms page during registration[Sec] Fixing possible XSS through compromised WHOIS server (#i63, #i64)[Sec] Missing access control on whois in viewonline.php (#i51)[Sec] Encoding some variables within user::page array correctly (to cope with browser not doing it correctly) to prevent XSS through functions re-using them (#i61)[Sec] Fixed XSS through memberlist search feature (#i62)[Sec] Fixed XSS through colour swatch (#i65)[Sec] Fixed insecure attachment deletion (#i53)[Sec] Only allow whitelisted protocols in meta_redirect/redirect (#i66)[Sec] Check file names to be written in language management panel (#i52)[Sec] Deregister globals if ini_get has been disabled (#i112)[Sec] Added form tokens to most forms to enforce a lighter variant of CSRF protection (#i91 - #i96)[Sec] Use new password hash method for forum passwords (#i43)[Sec] Changed download file location to prevent flash crossdomain policies taking effect (#i8)[Sec] Do not allow autocompletion for password on admin re-authentication (#i41)[Sec] Made sure users are not completely locked out if they have a GLOBALS cookie (#i101)[Sec] Use the secure hash to generate BBCODE_UIDs (#i71)[Sec] Increase the length of BBCODE_UIDs (#i72)[Sec] New password hashing mechanism for storing passwords (#i42)Please refer to the changelog for a complete list of fixes since RC5:http://www.phpbb.com/support/documents. ... &version=3A short explanation of how to do a conversion, installation or update is included within the provided INSTALL.html file, please be sure to read it. If you want to be on the safe side we suggest still waiting for later releases before you fully convert your 2.0.x installation.ImportantDue to the password storage mechanism changed, you will not be able to log in to your board if you try to use the updated database with files prior to RC6.Minimum RequirementsphpBB3 has a few requirements which must be met before you are able to install and use it.A webserver or web hosting account running on any major Operating System with support for PHPA SQL database system, one of:MySQL 3.23 or above (MySQLi supported)PostgreSQL 7.3 SQLite 2.8.2 Firebird 2.0 MS SQL Server 2000 or above (directly or via ODBC)OraclePHP 4.3.3 (>=4.3.3, >4.4.x, >5.x.x, >6.0-dev (compatible)) with support for the database you intend to use.getimagesize() function need to be enabledThese optional presence of the following modules within PHP will provide access to additional features, but they are not required.zlib Compression supportRemote FTP supportXML supportImagemagick supportGD SupportThe presence of each of these optional modules will be checked during the installation process.SecuritySecurity issues found should be reported to our security tracker in the usual way.Available packagesIf you experience problems with the automatic update (white screens, timeouts, etc.) we recommend using the "changed files only" or "patch" method for updating.With this release, there are four packages available.Full PackageContains entire phpBB3 source and english language files.Changed Files OnlyContains only those files changed from previous versions of phpBB3. Please note this archive contains changed files for each previous release.Patch FilesContains patch compatible patches from previous versions of phpBB3.Automatic Update PackageUpdate package for the automatic updater, containing the changes from previous release to this release.Select whichever package is most suitable for you.Please ensure you read the INSTALL and README documents in docs/ before proceeding with installation, updates or conversions!.The automatic update package does not include the file includes/utf/data/recode_cjk.php. If you use a SJIS encoding or a variant you should replace this file manually with the version included within the full package.Download/DocumentationphpBB DownloadsphpBB3 development sectionphpBB3 DocumentationphpBB3 support forumphpBB3 bug trackerphpBB3 Coding GuidelinesphpBB3 Sourcecode DocumentationHave fun with the release,the phpBB Team [Less]

Unfortunately phpBB.com experienced unexpected downtime which led to the maintenance that many of you noticed.The cause of this downtime is injected code pointing to a malicious website, that would cause users to download malware. A secondary ... [More] incident was also discovered during the course of the investigation that showed that phishing and spam related files were uploaded to the server at one point, and were active.This injected code contained no fewer than 5 different exploits to serve up malware for both Internet Explorer and Firefox/Netscape. While this did not appear to actually infect people, we highly recommend users run anti-virus software as a precaution. The downside to this is that the malware is poorly detected by anti-virus products, so be sure to update your anti-virus definitions prior to running the scan on your computer. The exploits span 3-4 years of vulnerabilities, so if you have not already, we encourage you to run updates on your operating system. If you wish to be sure that you were not affected by this malware, you can easily check manually. A list of files involved with this malware (though not a complete list) are below:C:\popupkiller\popupKiller.exeC:\WINDOWS\system32\winavxx.exeSymptoms of an infection with this malware will include being unable to launch task manager, modified Internet Explorer security settings, modified homepage on Internet Explorer, and unable to launch control panel. These are not the only symptoms, but do give a guide to go by. If you are infected, we recommend finding a computer repair shop. This is most unfortunate, but again, we do not know of any infections as a result of this compromise.We also encourage users to change their passwords, because of the potential for compromised passwords in incidents like these, or any incident.We cannot impress on the community enough that this does not appear to be fault of the phpBB software in any way, shape, or form. With thanks to those involved in the incident investigation process, the entry point appears to be due to a third-party product. We are taking steps to ensure this does not happen again, and we thank the community for being understanding during this unexpected outage.the phpBB Team [Less]

MOD Database Clean-up Operation 2007The MOD database is now over 800 MODs in size spanning over three years worth of MODs. Thus, it is time that we have a spring clean of the MODs database (even though it is autumn here for me). This is the first ... [More] time in over three years that we have done a clean-up.This is how it is going to work; in sixty (60) days, we will remove from public download & support topic for all MODs released for a version of phpBB more than 24 months old (2 years). Effectively this means that all MODs released for 2.0.16 and below will be removed from the MODs database. It has been almost two years since we last changed the MOD Template for 2.0.17. We believe that by cleaning out the MODDB before this point will improve the quality of the offerings the MOD Database has.We strongly encourage any MOD authors with older MODs to submit an updated version. phpBB2.0 and the MOD Template have changed significantly in this time, as well as our validation practices that help to ensure recent MODs are of the highest quality possible.What will happen to older MODs?To assist authors in updating their MODs, we will set-up a public archive as a sub-forum in the MOD Writers Discussion forum for a period of 6 months. After this period, all MODs will be permanently removed from phpBB.com.My MOD still works with the latest phpBB2We do know that there are a number of MODs from 2004 that still work with the latest phpBB2. Unfortunately, it is time for the original MOD authors to update the MODs to current MOD template standards. Most are easy, take less than 10 minutes to install, and should take less than half an hour to update to the latest standards.Can I update MODs that aren't mine?Yes. You can update MODs that it appears the original MOD author isn't going to update. We would prefer that the original authors update their MODs but if this isn't the case we will gladly accept updates from people that wish to take over the MOD. [Less]

It is with a sad but humble heart that I am announcing my resignation as Support Team Leader. Much has come up in my personal life that unfortunately is taking my attention away from phpBB.com. That's not fair to the staff here, nor is it fair to my ... [More] responsibilities to you, the community. My plans are to continue as a Support Team Member as much as possible, but I am simply unable to dedicate the time necessary to fulfill the role of Support Team Leader. Because of that, I have asked NeoThermic to take my place.NeoThermic has graciously accepted and has already taken my place as we've served side-by-side the past few days. I fully expect NeoThermic to take phpBB Support and continue to improve it, and I know that will happen.For those listening in on the podcast, don't worry, I still plan on lending my voice to the show. For those not listening to the podcast, why aren't you? So please help me in wishing NeoThermic the best of luck in this new role. And with that, I say thank you for letting me serve you as Support Team Leader.With gratitude,Techie-MichealMicheal Cottingham(Former) Support Team Leader [Less]

I'm sure many of you have heard about the podcast by now. This podcast is experimental. Depending on community participation, it may or may not be continued, so if you wish this podcast to continue, we want to know about it! Please participate in the ... [More] topic asking for feedback. This podcast is for you, the community. You'll find the podcast information and episodes at phpBB.com's Podcast site. [Less]