In the previous post of this series I went through the first three categories of the feature list comparing phpBB2 with phpBB3. I added my own notes comparing that comparison (if you follow what I mean ) with the features I have in my own highly-customized implementation of phpBB2. This is the next post in that series and I will cover the Anti-Spam, Data Management, and Registration feature categories.
As a disclaimer: this post is not intended to be a criticism of phpBB3 in any way. It is simply a way for me to formally review the features provided by the latest version as compared to what I am currently using, and help evaluate whether I should prioritize an upgrade or remain happy with what I have.
|CAPTCHA Visual Confirmation:||Yes||Yes CAPTCHA Visual Confirmation Customise Difficulty and CAPTCHA Noise||Meh. I don’t like CAPTCHA features anyway so the improvements here are of no benefit to me|
|Flood Control:||Yes||Yes||Yes, custom|
|Banning:||Yes||Yes||Already discussed previously|
|Suspensions:||No||Yes||Already discussed previously|
|Warnings:||No||Yes||Already discussed previously|
|User Logging:||No||Yes||Yes, custom|
|User Post IP Logging:||Yes||Yes||Yes, custom|
|Report Posts:||No||Yes||I wrote my own feature here that integrates with Post Notes and a number of other enhancements|
|Post Moderation:||Yes||Yes||I have added a feature that removes the “edited by” message for admin posts, and I have added an entirely new sub-system called Post Notes that would fit into this area. More details below.|
This is one area that will come as no surprise to regular readers of my blog. I have done quite a bit to combat spam on my various boards. I have an entire category of blog posts related to this subject. So as expected, I will have quite a bit of detail to provide here.
The phpBB2 CAPTCHA is worthless, and I think everyone knows that. To be honest, I don’t even like this concept. I think the work done for phpBB3 is admirable, but there are already reports that the basic version has been cracked. From what I can tell the developers anticipated that this would happen and have given board owners quite a few options to tweak the graphic, but I as I said already I don’t like this feature and would not use it. My Checkbox Challenge MOD has so far been quite successful at combatting spam and is not nearly as difficult to use.
At some point phpBB2 introduced the idea of a search flood control. I understand why they did it, but I also did not agree with the way it worked. So I wrote a MOD to make it work the way I wanted. I have not blogged about this MOD before but it boils down to this: keyword searches can hurt the server and should have flood control. Canned searches like “posts since last visit” do not hurt the server nearly as much, and should not have flood control. My MOD allows board owners to tweak the various search settings and activate / deactivate flood control for specific searches rather than treating all searches as having the same weight.
Posting flood controls remain in place except for moderators and administrators. They are immune from the posting flood control. I have also made a simple but important change to the post edit process which reduces the impact of editing large posts on the server.
I talked about banning in the first post in this series. I don’t have warnings or user notes at this time, and so far have not needed the feature. It would be easy to add to my current configuration if I decided I needed it.
I’ve written and implemented a completely customizable user audit feature. It is one of the MODs I hope to release for other phpBB2 board owners at some point. There is an admin page that shows the structure of the phpbb_users table and lets me check which attributes I want to monitor. From that point forward, anytime a user changes one of the monitored attributes the “before” and “after” values are logged. This lets me confirm when someone has changed their email address, their web site, their username, and so on. I like the way it works quite a bit, and it’s very simple to install.
I also (via my Checkbox Challenge MOD) log IP addresses and other information during registration, which is something that phpBB3 does as well. I also record registration attempts (not just successful registrations) for further analysis.
I reviewed the features provided by several existing MODs for phpBB2 for reporting posts, but I ended up writing my own because it integrated with my moderator action log and the post notes feature that I had put in place. Based on my experience with this feature in my role as a moderator on phpbb.com I will say that I prefer my own solution. In the standard feature I have to either close or delete a post report. In my version I accept or reject the report, take action accordingly, and close it. Nothing is ever deleted. This means that I can go back and remove the post report ability from any user who abuses the feature since I have a log of all of their rejected reports.
Moderator actions also use the Post Notes feature (see below). Basically anything that touches a topic or a post is logged, which is not standard phpBB2 but was included in phpBB2-Dave since my last release.
At this point based on the number of extra features that I have written for myself and the fact that the more complex CAPTCHA is not something I would use, I am scoring this category as a solid win (+1 point) for phpBB-Dave. I prefer my report-a-post over that found in phpBB3, and my Post Notes MOD has added a new dimension to the way my board works.
Whew! After that lengthy list it’s nice to see something short. This list is quite simple and therefore there won’t be many notes.
|MySQL:||Yes||Yes MySQLMySQL 3.23+, MySQLi||I use MySQL|
|Database (DBMS) Backups:||Yes (MySQL Only)||Yes||I use mysqldump and cron to manage my backups|
|Database (DBMS) Restore:||Yes (MySQL Only)||Yes||I use mysqldump and cron to manage my backups|
|Post/Topic Pruning:||Yes||Yes||No changes|
Backup and Restore
The main thing here is that I have removed the phpBB2 database utilities code and template files from my board altogether. There are too many issues with the way it was implemented. It doesn’t handle custom tables very well, nor does it work well with large backup files. And since the board owner has to initiate the backup process it’s not likely to get done very often. I use mysqldump and a cron job to manage my database backups, and everything is automatic.
At 1am I run a backup script that extracts the data to a text file and then gzips the resulting output. At 2am a cron job on my home server kicks in and it connects via ftp to the production server and downloads all of the backup files. The files are stamped with the date and time and moved off to a RAID storage array. I probably have a better backup strategy than many data centers.
Suffice it to say that nothing in phpBB3 is going to improve on that process. I won’t really call this a “win” for phpBB-Dave however, as the feature is external to the code. It’s a process I put in place rather than a code modification.
|COPPA Registrations:||Yes||Yes COPPA Registrations Toggle On/Off||I don’t allow board members under 13 so this is moot|
|Limit Registration Attempts:||Yes||Yes||Yes, custom|
|Set min/max Username Length:||No||Yes||Yes, custom|
|Set min/max Password Length:||No||Yes||Yes, custom|
|Limit username Chars:||No||Yes||Yes, custom|
|Set Password Complexity Requirements:||No||Yes||No|
|Force Password Change:||No||Yes||No|
|Allow/Disallow e-mail Address Re-usage:||No Allow/Disallow e-mail Address Re-usage Duplicate E-mails are always disallowed||Yes Allow/Disallow e-mail Address Re-usage Allow or Disallow Duplicate E-Mail Addresses||Works as phpBB2, no changes applied|
My Checkbox Challenge MOD logs user registration attemps and temporarily blocks further attempts after a configurable number of failures. The time of the temporary ban is also a configurable options. I have code in place (hard-coded) to enforce a min / max username length and have it this for years. I don’t agree with the option to reuse an email address, so I have no interest in that feature or plans to add it to my board.
A basic summary is that I think I have the most important features already in place, and the information logged by my Checkbox Challenge MOD is very useful. I’m perfectly happy with where I am with regard to this category.
So far I have covered six of the categories from the feature comparison list at phpbb.com. From the last post: the General category was a toss-up so the score is 0-0. Basic Features was a win for phpBB3 based on the strength of the Unread Message tracking feature. With security also being a tie the first three feature categories end up with phpBB3 leading 1-0.
From this post: I feel like I win the anti-spam category as not only have I addressed features that are present in phpBB3 (and missing from phpBB2) but I have extended them in some cases and in others I have created something completely new. I’m going to score this as a point for me, bringing the score to 1-1. For Data Management I am going to award no points if only because I have created a true backup / restore process that is in no way impacted by whatever version of phpBB I run. Finally, the Registration category is also a tie since there is no real advantage to any version and I have already counted a point for Checkbox Challenge and won’t count it twice.
So that makes the score 1-1 (with four zero-point categories) after reviewing six categories. Next time I will cover Posting, Attachments, and Caching.