open source forum vs. own code forum

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

technics
Forum Newbie
Posts: 16
Joined: Sun Feb 13, 2005 6:50 pm

open source forum vs. own code forum

Post by technics »

as the subject line suggests I want to find out if me choosing to program my own forum for large volume purposes is better than using an open source forum e.g. phpBB?

the forum i want is very design specific - hence the reason for me wanting to write my own. But I am skeptical that my version of a forum will not be efficient as others...

In terms of how I store the threads/messages, how i retrieve etc etc ...

So what is the best advice?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

There's a lot of reasons to do both. However, because of "large volume purposes" I'd go with a properly modified open source forum. Honestly, if you didn't start with a system already built for high volume, it'd take quite a while for you to grow your knowledge and code to that point. Since you'd likely continue using the same code versus throwing a complete set away to rebuild from the ground up, the inherent issues you had initially, will most probably expand with age, instead of shrink.

my $0.02
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Post by infolock »

100% agree with feyd. The only other comment that is very much worth mentioning is one my brother in-law gives me : why re-event the wheel? phpBB (along with others) have already been all the hell you would actually be putting yourself through upon taking on this task (ie bugs, security issues, etc..). If you merely want to have your own distribution to say it's yours, I say go for it. Otherwise, if you are gonna use it for commercial or other such purposes, as feyd said, a pre-existing open source forum would be exactly what you need...
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

I have my own 'high-volume' forum. It wasn't that hard to do and it fits into my site much better. I can put it inside of a page (along with menus so users can still navigate the site). You can't do that with a preexisting forum such as PHPBB. The forums weren't THAT hard to do, although I had a couple questions along the way. I'd suggest making your own if you have the time.
technics
Forum Newbie
Posts: 16
Joined: Sun Feb 13, 2005 6:50 pm

Post by technics »

see this is my view of a forum:

FORUM
-members
-category sections
-threads
-actual messages

each contain their set of methods and attributes. Essentially all we are doing is storing content in a DB - which we also retreive to display message. Thats all.

What areas are hard to program?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

stability, security, and growth ability to name a few. You didn't even mention the adminstration and moderating areas, authorization controls, formatting functionality, email notification.. I could probably go on for a while, but I'll stop. :)
technics
Forum Newbie
Posts: 16
Joined: Sun Feb 13, 2005 6:50 pm

Post by technics »

stability: what is involved here?

security: logins - easily implemented right? user can only add modify his her own.

growth ability: how do you mean?

admin and moderating i know - just excluded it.

==========

feyd, see i dont see a forum being any different from a CMS ... enlighten me please...
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

The decision can break down into a set of questions you ask yourself:
  • What is the time table you have to get this up?
  • How much time do you personally have to devote to supporting the forum's codebase?
  • What features do you want versus need?
  • Where do you place the value of your time?
  • Is the forum for your own site, or will its code be shared among sites?
That's probably the simple list.. but it's a start.. In the end, there is no definitive answer either way, but those questions should help guide you to a decision. Since you seem to rather like the idea of building your own, go ahead. Do it. Have fun. :)
technics
Forum Newbie
Posts: 16
Joined: Sun Feb 13, 2005 6:50 pm

Post by technics »

cool thanks (are you at work too?)

I think i will build my own just for the hell of it, but i have just dl'd the source for phpbb ... hopefully it gives me some idea as to what constitutes to a well performing bb.
technics
Forum Newbie
Posts: 16
Joined: Sun Feb 13, 2005 6:50 pm

Post by technics »

i took a look at the source code for the phpbb, its not formatted.. notepad
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

phpbb was written in a semi-procedural manor. It grew from the original code in that way, as it was originally written. I don't believe anyone on their team has decided to throw away the bulk of it to start over, building on the knowledge they have grown with since then. You may have initial trouble figuring out how everything works in it. If you spend enough time looking at it, you'll either begin to understand or go stark raving mad. :)
technics
Forum Newbie
Posts: 16
Joined: Sun Feb 13, 2005 6:50 pm

Post by technics »

well my intentions were to build the entire site using OOP paradigm. infact i was not going to use any elements of procedural development techniques.

thinking about it, security and stability is no issue. security is only to keep users out of moderators; and visitors out of users.

furthermore, stability refers to how often the website is down than up - ideally i am going to make sure its up more often than not. and in terms of it being fast - well that would just be the employment of good sql statements and minimal processes (statements) to display/process data. All these concepts we keep mindful of when building websites anyway. I really dont see how forums will be different - except of course for the database design - ... but then again ... DB design can be helped as long as you know up to say 4NF. (or just 3NF).

What do you reckon?
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

technics wrote:thinking about it, security and stability is no issue
Completely disagree with this...there will always be someone "trying to get one over you" and if you dont take security seriously, you are gonna make it easy for them.

Even up to phpBB 2.0.12 (current version 2.0.13) there was an exploit that let you login as admin.
Last edited by JayBird on Fri Mar 11, 2005 10:49 am, edited 1 time in total.
technics
Forum Newbie
Posts: 16
Joined: Sun Feb 13, 2005 6:50 pm

Post by technics »

SQL injection is the security risk i have learned of ... anybody shed some light on this?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

But keep this in mind when thinking about security...
Experience coders that are constantly working on phpbb are still leaving major security holes even up to this version. I'm sure there are still some undiscovered, but I'm sure these people are far more experienced than you are and they seem to be missing out on some very important security issues.

You say security not a problem?
I say you are in for a bad experience.

As for enlightment of SQL injection, it is basically adding unwanting code through user inputs, such as text fields, that alter an SQL query to perform unwanted tasks.

For example.. I have

Code: Select all

$sql = &quote;DELETE * FROM `topics` WHERE `id` = '&quote;.$_POSTї'fieldname'].&quote;'&quote;;
This is obviously asking for trouble, considering the user input is not sanitized. Keep in mind that ANYTHING coming from the user should NOT be trusted and should be sanitized.

You are expecting a number? check if its a number, and only a number.

But how can we exploit this SQL query?

$_POST['fieldname'] = "1' OR `id` = '2";

the query now becomes

Code: Select all

$sql = &quote;DELETE * FROM `topics` WHERE `id` = '1' OR `id` = '2' &quote;;
This is obviously not the best example, but you get the point..
unwanted `topics` are going to be deleted..
Post Reply