Home

Your premium source for custom modification services for phpBB

  logo

HomeForumsBlogMOD ManagerFAQSearchRegisterLogin

Comments August 4, 2008

Smackdown Round I – phpBB3 versus phpBB-Dave

Filed under: phpBB, phpBB3 — Dave Rathbun @ 9:53 am CommentsComments (13) 

As a brief recap from the introduction post for this series… the goal for this series of posts will be to sit back and try to take an objective look at the feature comparison list posted at phpbb.com and determine the following:

  • Do I have that feature already as a MOD?
  • If so, does it meet or exceed what is provided by phpBB3?
  • If not, do I have a compelling need for this feature, enough that I would either consider writing it as a MOD or upgrading?

I plan to go through the feature chart section by section, and at the end of each section I will assign a point value of +1, 0, or -1 based on where I think I am. By the end of the analysis I expect to have a much better idea of where I stand with my own code, or just how important the things are that I am missing.

As a disclaimer: this post is not intended to be a criticism of phpBB3 in any way. It is simply a way for me to formally review the features provided by the latest version as compared to what I am currently using, and help evaluate whether I should prioritize an upgrade or remain happy with what I have.


General

The first category is titled “General” and really holds no surprises.

General
Feature phpBB2 phpBB3 phpBB-Dave
License: GPL GPL GPL
License Price: Free Free Not offered for distribution
Programming Language: PHP PHP PHP
Latest Version: 2.0.23 3.0.2 2.0.Dave :)
Release Date: 17 Feb, 2008 10 Jul, 2008 30 Mar, 2008

Nothing much to talk about here so I’ll move on to the next category.

Basic Features

Basic Features
Feature phpBB2 phpBB3 phpBB-Dave
UTF-8 Support: No Yes No, but I don’t need it as my board is only English.
User Preferences: Yes User PreferencesPage: Preferences, Avatar, and Signature Yes User Preferences Complete Modularised Control Panel I didn’t create a user control panel, but I have added many custom profile fields
Moderation: Yes Moderation Simple Moderator Controls Yes Moderation Complete Modularised Control Panel No control panel, but I have added quite a few custom features that will be detailed later
Administration: Yes Administration Frameset-style Control Panel Yes Administration Complete Modularised Control Panel Didn’t do much, as I’m okay with the way the panel works
Search Engine spider Handling: No Yes Search Engine spider Handling Editable Spider/Crawler/Bot List and Management I have removed the “Who’s Online” list anyway for performance reasons, so this is a non-issue
Unread message tracking: Yes Unread message tracking Session based read/unread tracking Yes Unread message tracking Full Persistent read/unread tracking — Not limited by per-visit sessions I have partially added this, based on a code snipped posted by Acyd Burn a while back. It does unread tracking while you’re online, but drops the information when you log out.
Private Message System: Yes Yes I’ve removed this so it’s not an issue. :)
Statistics: Yes Yes Yes, I have added extensive statistics to my board.

UTF-8 Support
I can understand why UTF-8 support is important for phpBB3 to have as they’re one of the widest used bulletin board packages on the planet. :) But since my board is specifically English I am not sure what else I might be missing by not having this.

Search Engine Spider Handling
I removed the queries that show who’s online for the index as well as for viewforum for performance reasons. In my opinion there is little or no value in knowing this information, and if someone really wants to see who is online they can click the “Who’s Online” page instead.

I have also had a “guest” profile that removes many of the links and other distractions for quite some time now. Google has done a good job with indexing the content of my board and ignoring the extra stuff like user profiles and the memberlist and so on. I’m quite happy with where I am from a search engine handling department.

Unread Messages
Ah, read tracking… yes, that’s a nice feature. It’s my favorite feature, actually, and it was often requested in the early days of the board. For some reason, it’s not requested so much anymore and I’m not sure why. What I did do was fix one annoying issue based on a code segment Acyd Burn (the current developer team lead) posted a long time ago. It changes the behavior of the “Newest Post” link so that it works the way it should. Suppose there is a topic with 10 new posts since I last logged in. If I read those 10 posts, they’re marked. Then if a new post is made (number 11) while I am still logged in the “newest post” indicator is shown once again. Under a standard phpBB2 install if I clicked that icon I would be taking to the first new post since I logged in, not the first new post since I read the topic. Acyd’s code changes that behavior, and I like it. Full read tracking for my board will either have to wait until I upgrade, or until I decide how to write it for phpBB2.

After reviewing the Basic Features list I score this as a win (+1) for phpBB3 based on my lack of a full read tracking feature. I have quite a few additional features, but so does phpBB3, and the read tracking tips the scales.

Security

Basic Features
Feature phpBB2 phpBB3 phpBB-Dave
Permanent Bans: Yes Yes Permanent Bans Including reason shown to user and Moderator comment See below for notes
Temporary Bans (Suspension): No Yes Temporary Bans (Suspension) Including Reason shown to user and Moderator comment See below for notes
Permissions: Yes Yes Permissions Advanced and Customisable Permissions System I’ve never needed anything more complicated than what phpBB2 offered
Paid Security Code Audit: No Yes Erm, no. I have not paid anyone to audit my code. :)
Form Handling: Yes Form Handling Session based forms Yes Form Handling User based forms Nothing to see here, move along
Type Aware Parameter Handling: No Yes Partial, see below for notes
Type Aware Database Layer: No Yes Partial, see below for notes
Password Hashing: Yes Password Hashing Method: MD5 Yes Password Hashing Method: Multiple Runs, Salted, and/or MD5 I have not changed the password handling for phpBB2

Banning
In six+ years of running this board the only bans I have ever put in place have been permanent bans for spammers and two specific users. The first user tried to register using an alias and stir up trouble during the initial stages of the Iraq situation. The second user registered with an alias (but forgot to change his IP address ;-) ) and started calling out the moderator team. In both cases the accounts were banned on a permanent basis. I have never needed temporary bans because of the type of person using this board. I can see the benefit (and have used this feature in my role as moderator at phpbb.com) but I can’t say that this would be a compelling reason for me to upgrade. Besides, if I needed it, this is a really simple MOD to write.

request_var()
As I mentioned above, I have created my own version of this function and have been using it in all of my new code. As I edit existing files I am also retrofitting it back into the core phpBB2 code. So while I don’t have everything fixed yet, I am working my way through the code.

I am also very thorough at typing and any inputs used in sql queries. Again, I have written a function call to do this so that all of the work is centralized and therefore easy to manage. I call my function secure_input_string() and it takes a string and does all of the stuff to clear out nasty-bad-things from form variables or URL parameters.

Conclusion

So far I have covered three of the categories from the feature comparison list at phpbb.com. Next time I will cover Anti-Spam, Data Management, and Registration. At this point the primary gap is the Unread Message Tracking and phpBB3 is a clear winner in that area. For everything else I believe it’s a toss-up, or in some cases based on extra features I have added, a slight advantage to my current configuration. So after day one the scrore is 1 – 0 in favor of phpBB3.

Related Links

13 Comments

  1. Dave,
    Full tracking is one my favorite features of phpBB3 as well. Do you have a link to that post from Acyd Burn? I’m interested in that “fix” and didn’t find it with a few phpbb.com searches.

    Comment by Everett — August 5, 2008 @ 11:11 am

  2. Everett, I have it saved as a bookmark on my home computer. I thought I had written a blog post about the change a while back, but if so, I can’t find it now. I’ll see what I can do in a few days. From what I remember it supplements the current “newest post” logic by checking your cookies and not just your last visit date/time. It’s a rather simple change which makes it quite attractive.

    I got a quick review of how the phpBB3 read-tracking feature works during a discussion with A_Jelly_Doughnut (currently a member of the MOD team at phpbb.com) at Londonvasion 2008. It’s not nearly as intense as I thought it might be, so it’s certainly possible to back-port the same ideas to phpBB2. But this change was even easier.

    Comment by Dave Rathbun — August 5, 2008 @ 12:34 pm

  3. I found it. :) I knew I had written it up somewhere, but forgot where. I have the initial work documented as a MOD in the MOD Manager database here. I give credit to the idea presented by Acyd Burn in the MOD description, but no link because it was found at a 3rd party site.

    Comment by Dave Rathbun — August 5, 2008 @ 12:48 pm

  4. Isn´t it so that the Keep_Unread_Flags MOD adds a perfect tracking function or am I missing out something?

    Comment by Dogs and things — August 5, 2008 @ 4:07 pm

  5. Thanks. I found the original too but i won’t post a link since you didn’t want to either.

    Comment by Everett — August 5, 2008 @ 6:20 pm

  6. @Dogs and things: Yes, I am aware of a couple of unread-tracking MODs but I don’t currently have one installed. Given the potential of inefficient code I wanted to be sure that I had the time to design something myself, or have the time to thoroughly review how the process works. I never got around to it. :) The way phpBB3 does it sounds quite good, and if I decide to write my own code that is the approach I will take. It won’t be until next year that I have the time to do that.

    @Everett: You’re welcome. :) It’s a quite simple fix that stops short of a full-blown read tracking system.

    Comment by Dave Rathbun — August 6, 2008 @ 9:40 pm

  7. Although I have no knowledge with which I can back up what I am going to say I am going to say it anyway. :) I believe the people that wrote Keep Unread Flags do know what good code is. The fact that that MOD is very widely used without problems and could be installed on my pretty heavily modded board without a problems indicate that op the a certain point you could include this MOD as well.

    I made a few slight modifications to the original MOD and now this MOD gives my users better control over the than the phpBB3 tracking functions does.

    As far as I am concerned I prefer my board’s tracking function over what phpBB3 offers.

    Well, that’s my two euro-cents here. :)

    Comment by Dogs and things — August 7, 2008 @ 12:09 pm

  8. I don’t mean any disrespect to the MOD authors. :) What I have found, though, is that many MODs which are fully functional are not optimal. I don’t know how busy your board is but mine is quite busy. The process of tracking the read topics would have to be very efficient to avoid dragging down the performance. How many users do you have? How much activity does your board see on a daily basis?

    I am averaging over 100K page views daily now, so performance is important. :)

    Comment by Dave Rathbun — August 7, 2008 @ 2:56 pm

  9. I hadn´t thought about performance.

    I have a quiet board with about 50 users visiting it and some 1000 page views per day so there’s not much I can say about performance except the fact that my board doesn´t have any issues in that respect.

    Comment by Dogs and things — August 8, 2008 @ 1:52 pm

  10. I’ve always tried to think about performance and how something will scale under load. Part of it relates to some code I found a while back that was killing my server. :shock: I don’t do anywhere near the load that phpbb.com does but I’ve had four-digit session counts at various times (meaning over one thousand guests + users browsing my board). And that’s just one of several phpBB boards that I host on the server.

    I should look at the MOD you mentioned and see how they do their tracking. The major requirement that I have for this feature is that it simply must use the database for tracking topics. Cookies are related to a specific machine, and I move from one machine to another throughout the course of a day. I have a desktop at home, my personal laptop, my company laptop, and on occasion a company desktop as well. I don’t want to lose my tracking status just because I move to a different computer. Because I insist on full database tracking I feel like there is a greater potential for server load issues, especially because of the wide variety of issues that have to be tracked. What if I read page two of a topic but not page three? What if I read page 2, page 3, skip page 4, and read page 5? Is that topic “fully read” or not? Do I have to track this at the post level, the topic level, the forum level? From what I understand, phpBB3 does a combination of all three of those.

    Anyway, it’s a much anticipated (and indeed my favorite) feature. For now we don’t have it. But that could change. :)

    Comment by Dave Rathbun — August 9, 2008 @ 12:01 am

  11. That’s quite a busy board you have there. :shock:

    This MOD does use database tracking, so no cookies there. The nicest thing about it is that you can mark a topic as unread after reading it. Which means that when you get back to the topic it will open at the first unread post in that topic. So it tracks at the topic level and/or the post level, depending on whether you already read part of the topic or not.

    If you find out performance isn´t negatively affected by it and have a good look through the release topic you´ll find some nice addons and tweaks for the standard MOD that can make it a perfect feature, as far as I can see.

    Greetings.

    Comment by Dogs and things — August 9, 2008 @ 1:20 am

  12. Bringing phpBB 3 to 2
    request_var, plus these three database methods are essential to copy from v3 and in fact I have done so myself: sql_escape(), sql_in_set() and sql_build_array()

    These three db methods when used with request_var() will make your forum nearly 100% impossible for SQL-injection. Yes, it is a _lot_ of work to go and change everything, but it is well worth it. Best part is that you can copy these functions/methods straight from the phpBB 3 files into phpBB 2 and they will work right like that.

    Using the phpBB 3 ACM methods is also highly recommended by myself since it requires the _minimum_ amount of changes to get working in v2 and is highly beneficial.

    Also, the cron.php system, is a good one to use from v3, but it needs a lot of working to do anything useful in v2. I ended up using the base frame-work then writing all my own cron functions to go inside.

    Comment by Dog Cow — August 9, 2008 @ 3:05 pm

  13. Tips for Speed-ups
    I had some notions these past few days about how inefficient the current phpBB 2 templating systems are– all of them! And then this morning I took a look at the phpBB 2 standard template to get a better idea of how it works.

    Now, when you are not caching the template, you are essentially running three big loops. For example, let’s look at viewing a topic. You are first looping through all the posts, then putting the variables into the template. So there’s one loop. Then when you run the pparse() method, there’s another loop that scans through _Every_ single line of the template file and looks for variables and switches, then it has too fill all those in with the variables which were assigned. That’s about 2 or 3 loops, depending on how you look at it. Plus there’s a bunch of other template variables and switches which need to go in.

    All of this translates to enormous echo() statements and if/else switches and is then eval()’d to get to the browser. When you assign a var like this: $template->assign_var(’USERNAME, $username); all that is done is to store that in RAM, then put out that raw $username var right on the template! When using a caching system, all these echo() statements and what-not are stored on disk so you save exactly one step, whereas there are about two others. Without caching, well, then you have the big job every time.

    Basically, it does a bunch of big loops plus stores at least one huge array in RAM, plus the entire contents of the template file are stored twice in RAM. All of those K’s add up.

    My thought is to get rid of all this stuff, and put the PHP code right in the template files. Thus, the templates are included and evaluated as PHP, similar to a cached template. There still would be some manner of template from code separation, but not so much as before.

    Variables like the Username would be go in like this: and loops would be like so:
    <?php for ($i=0;$i</span

    Basically, you would run the PHP inline with the HTML. Of course all the code in viewtopic.php and elsewhere would have to be adjusted, but I think even somewhat simple changes such as I have suggested would yield a big speed-up since there's no templating layer to have to muck through.

    Comment by Dog Cow — August 9, 2008 @ 3:15 pm

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress