Page 1 of 3

open source forum vs. own code forum

Posted: Mon Mar 07, 2005 12:05 am
by technics
as the subject line suggests I want to find out if me choosing to program my own forum for large volume purposes is better than using an open source forum e.g. phpBB?

the forum i want is very design specific - hence the reason for me wanting to write my own. But I am skeptical that my version of a forum will not be efficient as others...

In terms of how I store the threads/messages, how i retrieve etc etc ...

So what is the best advice?

Posted: Mon Mar 07, 2005 12:45 am
by feyd
There's a lot of reasons to do both. However, because of "large volume purposes" I'd go with a properly modified open source forum. Honestly, if you didn't start with a system already built for high volume, it'd take quite a while for you to grow your knowledge and code to that point. Since you'd likely continue using the same code versus throwing a complete set away to rebuild from the ground up, the inherent issues you had initially, will most probably expand with age, instead of shrink.

my $0.02

Posted: Mon Mar 07, 2005 1:10 am
by infolock
100% agree with feyd. The only other comment that is very much worth mentioning is one my brother in-law gives me : why re-event the wheel? phpBB (along with others) have already been all the hell you would actually be putting yourself through upon taking on this task (ie bugs, security issues, etc..). If you merely want to have your own distribution to say it's yours, I say go for it. Otherwise, if you are gonna use it for commercial or other such purposes, as feyd said, a pre-existing open source forum would be exactly what you need...

Posted: Mon Mar 07, 2005 1:40 am
by s.dot
I have my own 'high-volume' forum. It wasn't that hard to do and it fits into my site much better. I can put it inside of a page (along with menus so users can still navigate the site). You can't do that with a preexisting forum such as PHPBB. The forums weren't THAT hard to do, although I had a couple questions along the way. I'd suggest making your own if you have the time.

Posted: Mon Mar 07, 2005 9:33 pm
by technics
see this is my view of a forum:

FORUM
-members
-category sections
-threads
-actual messages

each contain their set of methods and attributes. Essentially all we are doing is storing content in a DB - which we also retreive to display message. Thats all.

What areas are hard to program?

Posted: Mon Mar 07, 2005 9:37 pm
by feyd
stability, security, and growth ability to name a few. You didn't even mention the adminstration and moderating areas, authorization controls, formatting functionality, email notification.. I could probably go on for a while, but I'll stop. :)

Posted: Mon Mar 07, 2005 10:02 pm
by technics
stability: what is involved here?

security: logins - easily implemented right? user can only add modify his her own.

growth ability: how do you mean?

admin and moderating i know - just excluded it.

==========

feyd, see i dont see a forum being any different from a CMS ... enlighten me please...

Posted: Mon Mar 07, 2005 10:13 pm
by feyd
The decision can break down into a set of questions you ask yourself:
  • What is the time table you have to get this up?
  • How much time do you personally have to devote to supporting the forum's codebase?
  • What features do you want versus need?
  • Where do you place the value of your time?
  • Is the forum for your own site, or will its code be shared among sites?
That's probably the simple list.. but it's a start.. In the end, there is no definitive answer either way, but those questions should help guide you to a decision. Since you seem to rather like the idea of building your own, go ahead. Do it. Have fun. :)

Posted: Mon Mar 07, 2005 10:27 pm
by technics
cool thanks (are you at work too?)

I think i will build my own just for the hell of it, but i have just dl'd the source for phpbb ... hopefully it gives me some idea as to what constitutes to a well performing bb.

Posted: Mon Mar 07, 2005 10:47 pm
by technics
i took a look at the source code for the phpbb, its not formatted.. notepad

Posted: Mon Mar 07, 2005 10:53 pm
by feyd
phpbb was written in a semi-procedural manor. It grew from the original code in that way, as it was originally written. I don't believe anyone on their team has decided to throw away the bulk of it to start over, building on the knowledge they have grown with since then. You may have initial trouble figuring out how everything works in it. If you spend enough time looking at it, you'll either begin to understand or go stark raving mad. :)

Posted: Mon Mar 07, 2005 11:14 pm
by technics
well my intentions were to build the entire site using OOP paradigm. infact i was not going to use any elements of procedural development techniques.

thinking about it, security and stability is no issue. security is only to keep users out of moderators; and visitors out of users.

furthermore, stability refers to how often the website is down than up - ideally i am going to make sure its up more often than not. and in terms of it being fast - well that would just be the employment of good sql statements and minimal processes (statements) to display/process data. All these concepts we keep mindful of when building websites anyway. I really dont see how forums will be different - except of course for the database design - ... but then again ... DB design can be helped as long as you know up to say 4NF. (or just 3NF).

What do you reckon?

Posted: Tue Mar 08, 2005 2:58 am
by JayBird
technics wrote:thinking about it, security and stability is no issue
Completely disagree with this...there will always be someone "trying to get one over you" and if you dont take security seriously, you are gonna make it easy for them.

Even up to phpBB 2.0.12 (current version 2.0.13) there was an exploit that let you login as admin.

Posted: Tue Mar 08, 2005 6:03 pm
by technics
SQL injection is the security risk i have learned of ... anybody shed some light on this?

Posted: Tue Mar 08, 2005 9:31 pm
by John Cartwright
But keep this in mind when thinking about security...
Experience coders that are constantly working on phpbb are still leaving major security holes even up to this version. I'm sure there are still some undiscovered, but I'm sure these people are far more experienced than you are and they seem to be missing out on some very important security issues.

You say security not a problem?
I say you are in for a bad experience.

As for enlightment of SQL injection, it is basically adding unwanting code through user inputs, such as text fields, that alter an SQL query to perform unwanted tasks.

For example.. I have

Code: Select all

$sql = &quote;DELETE * FROM `topics` WHERE `id` = '&quote;.$_POSTї'fieldname'].&quote;'&quote;;
This is obviously asking for trouble, considering the user input is not sanitized. Keep in mind that ANYTHING coming from the user should NOT be trusted and should be sanitized.

You are expecting a number? check if its a number, and only a number.

But how can we exploit this SQL query?

$_POST['fieldname'] = "1' OR `id` = '2";

the query now becomes

Code: Select all

$sql = &quote;DELETE * FROM `topics` WHERE `id` = '1' OR `id` = '2' &quote;;
This is obviously not the best example, but you get the point..
unwanted `topics` are going to be deleted..