Your premium source for custom modification services for phpBB


HomeForumsBlogMOD ManagerFAQSearchRegisterLogin

Comments August 11, 2008

Smackdown Round II – phpBB3 versus phpBB-Dave

Filed under: phpBB, phpBB3 — Dave Rathbun @ 7:07 am CommentsComments (3) 

In the previous post of this series I went through the first three categories of the feature list comparing phpBB2 with phpBB3. I added my own notes comparing that comparison (if you follow what I mean ;-) ) with the features I have in my own highly-customized implementation of phpBB2. This is the next post in that series and I will cover the Anti-Spam, Data Management, and Registration feature categories.

As a disclaimer: this post is not intended to be a criticism of phpBB3 in any way. It is simply a way for me to formally review the features provided by the latest version as compared to what I am currently using, and help evaluate whether I should prioritize an upgrade or remain happy with what I have.


Feature phpBB2 phpBB3 phpBB-Dave
CAPTCHA Visual Confirmation: Yes Yes CAPTCHA Visual Confirmation Customise Difficulty and CAPTCHA Noise Meh. I don’t like CAPTCHA features anyway so the improvements here are of no benefit to me
Flood Control: Yes Yes Yes, custom
Groups: Yes Yes No change
ACLs: Yes Yes No change
Blacklist: Yes Yes No change
Banning: Yes Yes Already discussed previously
Suspensions: No Yes Already discussed previously
Warnings: No Yes Already discussed previously
User Logging: No Yes Yes, custom
User Post IP Logging: Yes Yes Yes, custom
Report Posts: No Yes I wrote my own feature here that integrates with Post Notes and a number of other enhancements
Post Moderation: Yes Yes I have added a feature that removes the “edited by” message for admin posts, and I have added an entirely new sub-system called Post Notes that would fit into this area. More details below.

This is one area that will come as no surprise to regular readers of my blog. I have done quite a bit to combat spam on my various boards. I have an entire category of blog posts related to this subject. :lol: So as expected, I will have quite a bit of detail to provide here.

The phpBB2 CAPTCHA is worthless, and I think everyone knows that. To be honest, I don’t even like this concept. I think the work done for phpBB3 is admirable, but there are already reports that the basic version has been cracked. From what I can tell the developers anticipated that this would happen and have given board owners quite a few options to tweak the graphic, but I as I said already I don’t like this feature and would not use it. My Checkbox Challenge MOD has so far been quite successful at combatting spam and is not nearly as difficult to use.

Flood Control
At some point phpBB2 introduced the idea of a search flood control. I understand why they did it, but I also did not agree with the way it worked. So I wrote a MOD to make it work the way I wanted. I have not blogged about this MOD before but it boils down to this: keyword searches can hurt the server and should have flood control. Canned searches like “posts since last visit” do not hurt the server nearly as much, and should not have flood control. My MOD allows board owners to tweak the various search settings and activate / deactivate flood control for specific searches rather than treating all searches as having the same weight.

Posting flood controls remain in place except for moderators and administrators. They are immune from the posting flood control. I have also made a simple but important change to the post edit process which reduces the impact of editing large posts on the server.

I talked about banning in the first post in this series. I don’t have warnings or user notes at this time, and so far have not needed the feature. It would be easy to add to my current configuration if I decided I needed it.

User Logging
I’ve written and implemented a completely customizable user audit feature. It is one of the MODs I hope to release for other phpBB2 board owners at some point. There is an admin page that shows the structure of the phpbb_users table and lets me check which attributes I want to monitor. From that point forward, anytime a user changes one of the monitored attributes the “before” and “after” values are logged. This lets me confirm when someone has changed their email address, their web site, their username, and so on. I like the way it works quite a bit, and it’s very simple to install.

I also (via my Checkbox Challenge MOD) log IP addresses and other information during registration, which is something that phpBB3 does as well. I also record registration attempts (not just successful registrations) for further analysis.

Reported Posts
I reviewed the features provided by several existing MODs for phpBB2 for reporting posts, but I ended up writing my own because it integrated with my moderator action log and the post notes feature that I had put in place. Based on my experience with this feature in my role as a moderator on phpbb.com I will say that I prefer my own solution. In the standard feature I have to either close or delete a post report. In my version I accept or reject the report, take action accordingly, and close it. Nothing is ever deleted. This means that I can go back and remove the post report ability from any user who abuses the feature since I have a log of all of their rejected reports.

Post Moderation
Moderator actions also use the Post Notes feature (see below). Basically anything that touches a topic or a post is logged, which is not standard phpBB2 but was included in phpBB2-Dave since my last release.

I have a few blog posts with more details about my Post Notes MOD here and here.

At this point based on the number of extra features that I have written for myself and the fact that the more complex CAPTCHA is not something I would use, I am scoring this category as a solid win (+1 point) for phpBB-Dave. I prefer my report-a-post over that found in phpBB3, and my Post Notes MOD has added a new dimension to the way my board works.

Data Management

Whew! :) After that lengthy list it’s nice to see something short. This list is quite simple and therefore there won’t be many notes.

Data Management
Feature phpBB2 phpBB3 phpBB-Dave
MySQL: Yes Yes MySQLMySQL 3.23+, MySQLi I use MySQL
MSSQL Server: Yes Yes N/A
PostgreSQL: Yes Yes N/A
MS Access: Yes No N/A
Oracle: No Yes N/A
Firebird: No Yes N/A
SQLite: No Yes N/A
Database (DBMS) Backups: Yes (MySQL Only) Yes I use mysqldump and cron to manage my backups
Database (DBMS) Restore: Yes (MySQL Only) Yes I use mysqldump and cron to manage my backups
Post/Topic Pruning: Yes Yes No changes

Backup and Restore
The main thing here is that I have removed the phpBB2 database utilities code and template files from my board altogether. There are too many issues with the way it was implemented. It doesn’t handle custom tables very well, nor does it work well with large backup files. And since the board owner has to initiate the backup process it’s not likely to get done very often. I use mysqldump and a cron job to manage my database backups, and everything is automatic.

At 1am I run a backup script that extracts the data to a text file and then gzips the resulting output. At 2am a cron job on my home server kicks in and it connects via ftp to the production server and downloads all of the backup files. The files are stamped with the date and time and moved off to a RAID storage array. I probably have a better backup strategy than many data centers. :lol:

Suffice it to say that nothing in phpBB3 is going to improve on that process. I won’t really call this a “win” for phpBB-Dave however, as the feature is external to the code. It’s a process I put in place rather than a code modification.


Feature phpBB2 phpBB3 phpBB-Dave
COPPA Registrations: Yes Yes COPPA Registrations Toggle On/Off I don’t allow board members under 13 so this is moot
Limit Registration Attempts: Yes Yes Yes, custom
Set min/max Username Length: No Yes Yes, custom
Set min/max Password Length: No Yes Yes, custom
Limit username Chars: No Yes Yes, custom
Set Password Complexity Requirements: No Yes No
Force Password Change: No Yes No
Allow/Disallow e-mail Address Re-usage: No Allow/Disallow e-mail Address Re-usage Duplicate E-mails are always disallowed Yes Allow/Disallow e-mail Address Re-usage Allow or Disallow Duplicate E-Mail Addresses Works as phpBB2, no changes applied

My Checkbox Challenge MOD logs user registration attemps and temporarily blocks further attempts after a configurable number of failures. The time of the temporary ban is also a configurable options. I have code in place (hard-coded) to enforce a min / max username length and have it this for years. I don’t agree with the option to reuse an email address, so I have no interest in that feature or plans to add it to my board.

A basic summary is that I think I have the most important features already in place, and the information logged by my Checkbox Challenge MOD is very useful. I’m perfectly happy with where I am with regard to this category.


So far I have covered six of the categories from the feature comparison list at phpbb.com. From the last post: the General category was a toss-up so the score is 0-0. Basic Features was a win for phpBB3 based on the strength of the Unread Message tracking feature. With security also being a tie the first three feature categories end up with phpBB3 leading 1-0.

From this post: I feel like I win the anti-spam category as not only have I addressed features that are present in phpBB3 (and missing from phpBB2) but I have extended them in some cases and in others I have created something completely new. I’m going to score this as a point for me, bringing the score to 1-1. For Data Management I am going to award no points if only because I have created a true backup / restore process that is in no way impacted by whatever version of phpBB I run. Finally, the Registration category is also a tie since there is no real advantage to any version and I have already counted a point for Checkbox Challenge and won’t count it twice.

So that makes the score 1-1 (with four zero-point categories) after reviewing six categories. Next time I will cover Posting, Attachments, and Caching.

Related Links


  1. I really loved the insane captchas from the early phpBB 3 beta days, those giant ones where there were 4 different sets of chars next to a crazy symbol. You had to match the symbol to enter the correct set of chars.

    Tough as heck, but man, was it cool to look at! 8)

    Comment by Dog Cow — August 11, 2008 @ 2:50 pm

  2. Heh, I didn’t participate in that so I guess I don’t know what I’ve missed.

    Comment by Dave Rathbun — August 11, 2008 @ 3:45 pm

  3. I was involved with those VC’s (I can’t stand the word “CAPTCHA.” I didn’t code them, but I had my hands in a lot of things. :D They were definitely fun. :D

    Just a quick note. More nitpicking really. MySQLi isn’t a datatype, but rather a connection type. http://us.php.net/manual/en/intro.mysqli.php It offers various advantages over the standard connection type previously offered.

    Comment by Micheal — August 11, 2008 @ 8:55 pm

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress