# A simple PHP and MySQL based internet forum that displays the messages in classical threaded view (tree structure)

### Related tags

Database mylittleforum

# my little forum

my little forum is a simple PHP and MySQL based internet forum that displays the messages in classical threaded view (tree structure). It is Open Source licensed under the GNU General Public License. The main claim of this web forum is simplicity. Furthermore it should be easy to install and run on a standard server configuration with PHP and MySQL.

## System requirements

• Webserver with PHP >= 5.4 and MySQL >= 5.5.3

## Installation

1. Unzip the script package.
3. Depending on your server configuration the write permissions of the subdirectory templates_c (CHMOD 770, 775 or 777) and the file config/db_settings.php (CHMOD 666) might need to be changed in order that they are writable by the script.
• #### Make refresh-link behaving comprehensible

The use of the refresh link makes every entry unread and removes the info about new entries. Either the link has to act as "mark all unread" or as "mark all read" or it should load new content but leaves the read- and the new-content-status as it is.

The way it works now is unexpected ((not only) for me).

bug question
opened by auge8472 33
• #### Copy existing forum to a new domain

Hi all,

we would like to copy an existing mlf to a new domain for legal reasons. Backup exists, we would like to preserve internal links in the forum. Are there any how to papers or other checklists to pay attention to?

Best regards Lemmie17

bug question next major version dependency
opened by Lemmie17 19
• #### Installation error

Hi, Updated from 2.3.4 to 2.3.5, then from 2.3.5 to current version 2.4.8, When I want to update I get the error message: Database error in line 232: That's all. Any clue? Thx in advance

opened by KawaxJM 19
• #### CSRF token not present in delete posting request in admin panel | Manage posting

Application is vulnerable for CSRF as CSRF token is not sent when a delete posting request is triggered.

There are two scenarios which I have observed in this request.

1. Delete request is a simple GET request :-

GET /ASLI_mylittleforum/index.php?mode=posting&delete_posting=2&back=index&delete_posting_confirm=true HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost/ASLI_mylittleforum/index.php?mode=index DNT: 1 Connection: close Cookie: mlf2_last_visit=1557082267.1557090644; mlf2_usersettings=0.1.0.1.0; PHPSESSID=llq9hot05hudh5j0i255pk2k52 Upgrade-Insecure-Requests: 1

1. Delete request is a post request but without CSRF token.

POST /mylittleforum/index.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost/mylittleforum/index.php?mode=posting&delete_posting=5&back=entry Content-Type: application/x-www-form-urlencoded Content-Length: 87 Connection: close Cookie: mlf2_usersettings=0.1.1.1.0; mlf2_last_visit=1557079919.1557091419; PHPSESSID=gur1it6pciu091fs0s3bi3d36a Upgrade-Insecure-Requests: 1

mode=posting&delete_posting=5&back=entry&category=-1&delete_posting_confirm=OK+-+Delete

In both the cases application is vulnerable to CSRF, where attacker can trigger delete request when a victim clicks on a vulnerable link.

bug
opened by sagar2117 18
• #### Changing personal settings affects only the actual session

After installing a version 2.4.6 yesterday (2018-01-01) I logged in and changed several settings. Then I went to the personal settings and changed i.e. the language for my personal use. Today I became aware, that my personal settings was not the way I set them yesterday. They all are stuck to the general forum settings.

After changing them again, I get the forum in my selected language but the settings form states, that the general language setting is selected. After log out and log in again the forum is presented with the general language setting again.

I don't know, if this is an issue with my webspace and/or installation or a general issue. Will dig into it.

bug
opened by auge8472 16

The math-captcha is very easy to crack. An improvement is to replace the digits by the number words (e.g. replacing 2 by the word Two) and to use different arithmetic options (e.g. sum and subtract).

enhancement discussion
opened by loesler 14
• #### HTTP-Status 403 since 2017-12-26

@ilosuna: Since the afternoon of 2017-12-26 (CET) I get status 403 forbidden for requesting the forum (mylittleforum.net/forum).

edit One gets the 403-status on the whole domain, not only in the forum.

opened by auge8472 14
• #### link to apply the quote to the posting textarea disappears when posting page reloads

During some tests I came across a bug in the posting(.min).js. When I loaded the posting form page the link to quote the message came up but when I reloaded the form page, the link disappeared. The relevant code resides in posting.js, beginning with line 700. I suspect the check textarea.getQuote() != "" to fail but I am not sure about it.

Beside of that I have a few concerns about the way the function is designed.

1. Because the quote-message-function is pure JS that will work inside the page without the possibility of a reload, a button instead the link is the appropriate element.
2. The link (or the button) is an interactive element but the enclosing label is an interactive element in itself. Because of that, the link (or button) must not be a child of the label.

But that's another story.

discussion
opened by auge8472 12

## Preamble

As we (@Helmut01, @loesler and me) discussed it in #402 the introduction of lower time limits for sending a form is recommended. That way fast sending bots, which returns a form within milliseconds, should get sorted out.

## For which cases the feature should get implemented?

These are the cases I found.

• registrate an account
• create a posting (registered and unregistered)
• sending an e-mail

Anything I forgot?

## What should be the limit?

@Helmut01 recommended one second because his measurements states the bots to send the fields within milliseconds (bot < 1 sec. < human). I myself would set the limit to a higher value. IMHO noone (human) will send the fields within a few seconds. So I would recommend something between 2 and 10 seconds and maybe making it dependent from the case (posting, registration, contact form (e-mail)).

Further opinions?

## How to implement it?

We can use the session of the user to store a the information about the requested form (the CSRF-token), and the time of the request (a timestamp). Whit this information we should be able to check the next matching request for the time since the first request and to sort out to fast second requests.

Does anone have another idea?

enhancement question discussion
opened by auge8472 9
• #### further error in read-status-handling

An read posting is marked as read and not as new. This works in the main views (thread and table) but not in the thread tree below the message in the single posting view.

See also this and the following postings in the project forum (german language).

bug question
opened by auge8472 9
• #### Forum wide setting for the link target, server part

This is for use in case of running the forum script for example in an iframe, so links can break out of the frame. If activated, the setting must supersede possibly activated link-target-settings of some users.

• [x] provide the new setting link_open_target in the installation and update scripts
• [x] provide the user interface in the forums setting page
• [x] code for saving the setting
• [x] ~~code for reading the setting~~ all settings are read automatically
• [x] code for creating the setting in the JS array setting in includes/js_defaults.inc.php
• [x] logic to prioritise user setting over forum setting
enhancement feature
opened by auge8472 8
• #### Collection of fixes for the update script

Currently there are a few new threads with error reports about the update script in the project forum. We can identify three main issues.

• [ ] 1. A few users ran into a trap of an edge case. They had previously tested a development version of the 2.5-branch (2.4.99.x) and downgraded their forum to a stable version of the 2.4-branch again. Normally one would restore an database backup of the 2.4.x version that ran before and ignore the remaining tables of the 2.5-branch from the test. But this breaks the update script because we didn't take account of such a upgrad-downgrade game.
• [ ] 2. Issues with the order of SQL statements for altering the table stucture. Changing the charset to a value that breaks the maximal index size before defining the charset espacially for an affected column and limiting its size to a hazard-free value is not a good idea. So one task is to check the order of the database queries.
• [ ] 3. Defining a column as UNIQUE without checking the real values in the database table for doublettes breaks the update script and leaves the database in an intermediate state. Some changes were made, others not. Check for doublettes before trying to alter the definition of the column.

This PR should address these problems.

bug help wanted work in progress discussion
opened by auge8472 1
• #### Emoji Support

One reason to switch to utf8mb4 was to support emoji, cf. Umbau der Datenbank für Unicode-Emojis. However, up to know, smileys are represented by images and one has to know the emoji-code. For that reason, I created a test page that contains a proposal for adding unicode emoji to mlf. Currently, the full list of emoji is added regardless of whether an emoji-icon exists.

1. Is such an implementation /better/ than the current one?
2. How to handle non existing emoji-icons?
3. How to handle IE11?
4. Any other suggestions?

feature discussion frontend
opened by loesler 8
• #### Critical problem with MyLittleForum and FTP server

I have just discovered a critical problem with MyLittleForum and some FTP servers.

Some FTP servers limit the number of records in the folder listing to 10000 records. With the folders . and .., that means that the FTP client will list 9998 files. The critical problem here is that it's impossible for the FTP client to download files that it doesn't see. So I cannot take backups on these files. And our forum is on a web provider so we cannot change the FTP server setting.

On our MyLittleForum, we had 6000 images uploaded for the year 2020 alone. For year 2021 we had 3000 images uploaded. And we have 2000 files uploaded for this year so we will probably get 3000 images uploaded before this year is over.

So on our forum, the limit of 10000 files is the number of images we get uploaded for two - three years.

The simple solution to this problem is to have subfolders for the images. For example the folder 202208 which has the images for August 2022.

help wanted
opened by danielb987 2
• #### Preview option - meaningful or meaningless?

At the main page of the forum, there is a javascript based preview option. This option is indicated by a speech bubble icon. I do not use this kind of preview because the benefit is to small in comparison to open the whole posting. In #637, I updated the MathJax library to support LaTex in postings. Moreover, I restricted the loading of this library (see main.tpl#L40) to the cases ($mode=='entry' ||$mode=='thread' || \$mode=='posting'). The main page is not part of this list. Thus, Latex will not be rendered within the preview bubble. I wonder, if the preview option at the main page is superfluous. Removing this option would improve the page loading. So, my simple question is: Is the preview option meaningful or meaningless?

question discussion
opened by loesler 7
• #### Poor distinctiveness of the ham- and spam-links and the confirmation pages

When I want to classify forum entries as ham or spam it is sometimes hard to distinguish the ham from the spam link (default theme).

Furthermore it is also not easy to distinguish the following comfirmation pages. Yes, the content differs but the pages still look pretty much the same. Please compare the following screnshots

the confirmation page for ham:

the confirmation page for spam:

Yes, there are distinguishing features. "Flag as ham" versus "Report spam", two buttons for ham versus three buttons for spam. But even with these differences it happened, that I accidentally deleted an entry as spam (and all of its replies), that I wanted to flag as ham. IMHO we need stronger distinguishing features. Maybe something with colours, maybe something with different positions of text elements and/or buttons, maybe something else or maybe all of these.

help wanted discussion frontend
opened by auge8472 6
• #### Reenable video support

Nearly from the beginning of the project My Little Forum 2 there was the feature to insert videos into the entries with the BB-code [flash]. The BB-code got transformed into a HTML-element object with the mimetype application/x-shockwave-flash in the function do_bbcode_flash. Because Youtube as the main source of videos discontinued the flash support years ago we removed the Flash-support in MLF2 with version 20220508.1 (2.5.0) of My Little Forum – amongst others because no one intervened.

That causes all inserted videos in old forum instances, that had and used the Flash-support before, to be broken. Now, after the child has fallen into the well, someone stated (thread in the project forum in german language), that his forum will lose to much content with this change to be willing to upgrade. That is in general a comprehensible decision.

In the linked forum thread we discussed a few options and compared it to the solution in another software project (namely in phpBB). It is possible to reimplement the feature with generating an iframe instead an object. This is the estabished solution nowadays.

A further idea is, to provide a further BB-code for inserting videos directly with the HTML-element video. But this solution would only work with videos that are available under a static URL and which does not need the player UI from the providing source (like Youtube, Vimeo, Peertube etc.). So I'm (at the moment) not convinced, that this is worth the effort.

I would like to reintroduce this feature. I propose to reuse the BB-code [flash] with the modern transformation to a video-technique agnostic iframe. I also like the idea to have the possibility for displaying videos independently from the big video providers like Youtube and Vimeo with video. But that's another story.

Any thoughts?

feature discussion
opened by auge8472 4
• #### 20220803.1(Aug 3, 2022)

This is a further bugfix release in the 2.5-branch with a new feature and a few enhancements. The minimal PHP version the forum is able to run is PHP 7.3, the maximal (tested) PHP version is 8.1.5. The minimal version of MLF from one can start an upgrade is version 2.4.19.1.

## Features

• The upload function for images got a new file type: WebP. This was a feature request in the project forum. The image type has a far better compression and a better image quality at the same time as the image type JPEG.

## Changes

• Separate the signature block from the posting in the HTML-structure. That way the posting block has a separate floating context. That leads to the situation, that possibly existing floating content in the entry does not affect the position of the signature. The signature will always be displayed under the complete content of the entry.
• Rewrite the CSS-rulesets for the usermenu, the options menu for every single entry and the button rows for classifying an entry as ham or as spam. Make the menus responsive and mobile aware.

## Fixes

• Removed last occurences of the use of the outdated column mlf2_entries.email_notification. The column was removed with version 2.4.14 in the update script but left over in the installation script until version 2.4.22. This was after the split of the 2.5 development branch and so it remained here until now.
• Initialise a possibly empty search box input, because the lack of the initialisation led to a PHP warning. See this thread in the project forum for more context.
• When classifying old entries in locked threads as ham, it happened often, that the thread got unlocked. Locked entries should remain locked now in most cases. There is an edge case I was not able to hunting down until now, so that it remains for now.
• In the installation script as well as in the update script there was SQL-code, that led to doubled UNIQUE keys for mlf2_userdata.user_name and mlf2_userdata.user_email. The code, that doubles the keys was removed and the update script checks in this version for the obsolete keys and removes them.

The release 20220803.1 is equivalent to version 2.5.4 in the old version number scheme.

Source code(tar.gz)
Source code(zip)
• #### 20220529.1(May 29, 2022)

This is a further bugfix release in the 2.5-branch with a few new small features. The minimal PHP version the forum is able to run is PHP 7.3, the maximal (tested) PHP version is 8.1.5. The minimal version of MLF from one can start an upgrade is version 2.4.19.1.

## Features

• Because of the new spam detection system B8, introduced with version 20220508.1 forum teams need to classify the entries in a forum as ham or spam, if this system is active. It is necessary, to perform both of the classifications to train the system with content of good and bad entries. To make it possible to identify unclassified entries without opening every single entry, we introduce a new icon with an eye to show the unclassfied status. The icon will be displayed behind the subject of an entry in the thread tree on the index pages (thread listings) and in the thread tree below an entry in the single-entry-view.
• The HTML-structure and CSS-rules for the main section of the forum pages got bit of a lifting. This is an ongoing task and far from done.

## Fixes

• When deleting a user account, the script removes the user-ID of the user from her/his forum entries and places the name to the entries as tose were written by an unregistered user. Beside of that the references to the user-ID will be removed from the user data table itself as well as from the user data cache table, the bookmarks table and read-status table. In old installations it was possible to get notified about replies when one was the author of an entry with a flag in the dataset of the entry in the entries table. With setting the column email_notification of the entries that was authored by the user that should get deleted to 0, orphaned notification tasks for old forum entries should get prevented.

The release 20220529.1 is equivalent to version 2.5.3 in the old version number scheme.

Source code(tar.gz)
Source code(zip)
• #### 20220517.1(May 17, 2022)

This is a further bugfix release in the 2.5-branch. The minimal PHP version the forum is able to run is PHP 7.3, the maximal (tested) PHP version is 8.1.5. The minimal version of MLF from one can start an upgrade is version 2.4.19.1.

## Fixes

• the feature inactivity notification sent an unlimited number of e-mails, what caused the project domain to get blacklisted; to prevent this for external forum operators, the number of e-mails is now limited to 5 per daily action
• because of the fixed height of the page header the user menu was inaccessible on narrow viewports since the change from XHTML 1.0 to HTML (5)
• the column mlf2_userdata.user_email was to large for using an index with charset utf8mb4 on MySQL 5.5 and 5.6, reset it to charset utf8 (3 byte chars only)

The release 20220517.1 is equivalent to version 2.5.2 in the old version number scheme.

Source code(tar.gz)
Source code(zip)
• #### 20220509.1(May 9, 2022)

This is a first bugfix release in the 2.5-branch. The minimal PHP version the forum is able to run is PHP 7.3, the maximal (tested) PHP version is 8.1.5. The minimal version of MLF from one can start an upgrade is version 2.4.19.1.

In the release 20220508.1, that was released yesterday, a bug remained that I fixed only locally during testing but forgot to add to the repository and the release. This bug got fixed by @prbt2016. He also came across the (in the release) unfixed bug and provided a pull request within a few hours (#597). Thank you for your attention and your help. The bug in itself affects only the update script.

While working on the new release I harvested a few really low hanging fruits. One in a translation that affected six language files (because of being untranslated strings). The others are a few CSS- and HTML-issues.

## Features

• stick the page footer to the bottom of the viewport with the help of a CSS-flexbox

## Changes

• removed CSS-fixes for Internet Explorers 6 and 7 (RIP)
• replaced main block elements (<div>) in the page structure with semantic HTML-elements (<header>, <nav>, <main> and <footer>)

## Fixes

• a syntax error that prevented the update script from working (the previously mentioned PR #597)
• a wrong used English word (a IMHO typical false friend for native German speakers)

The release 20220509.1 is equivalent to version 2.5.1 in the old version number scheme.

Source code(tar.gz)
Source code(zip)
• #### 20220508.1(May 8, 2022)

This is a new major release that makes My Little Forum 2 (MLF) compatible with PHP up to version 8.1. The minimal PHP version the forum is able to run is PHP 7.3. The minimal version of MLF from one can start an upgrade is version 2.4.19.1.

We changed the format of the version number to a scheme that uses the current date and a consecutive number after a point. The new version 20220508.1 is a par with version 2.5 in the classic version numbering scheme.

Please take into account to upload the files config/VERSION and update/update_2.4.19.1-2.5.php in the very first step and start the update process from the admin interface afterwards. It's common that you will see two links to update scripts in the admin interface (update_2.3.5-2.4.php and the new update_2.4.19.1-2.5.php). Use the script update_2.4.19.1-2.5.php for the current upgrade. You can remove the content of the directory update if the upgrade succeeded.

## Features

• information about the user who uploads a new image gets stored in a database table
• Bayes based spam filter
• introduce PHPMailer class as optional replacement for the PHPs own function mail, has to be cofigured in the file config/php_mailer.php
• optional TeX support through MathJax library (has to be linked and activated manually)
• allow topics to be pinned/sticked to the certain category or to all categories
• change the charset of most of the tables to support 4-byte-characters, i.e. for using emojis
• provide a forum wide setting to store a target name for breaking out of a frame or iframe (possible values are _self, _parent, _top or a given name of a target frame)
• add BB-codes for marking text as right-to-left or as left-to-right written
• unify the HTML-structure for a user name to make it possible to style the HTML-element of the user name in every place with the same CSS-rules
• provide a user setting to make it possible for users to open links in a forum entry in a new browser window or tab
• request a reaction of an inactive user after a given time of inactivity and delete the account after an additional waiting time when there was no reaction
• provide a back-to-top-link on every page and every single forum entry

## Removals

• optional TeX support through the Google online service, service got abandoned
• flash button and flash bb-code
• forum-scripts own backup funtionality, please use an external solution like for example phpMyAdmin
• the files js/admin.js and js/admin.min.js
• the directory includes/classes with its only content Backup.class.php

## Changes

• the quote-message-link is now a button
• new language file for Traditional Chinese
• upgrade of many of the external modules, where one was available
• overhaul of the swedish language file
• removed the compatibility to ancient browsers down to IE6 from the JavaScript sources

## Fixes

• replaced several functions and language constructs, that was removed or got deprecated with PHP 8 and PHP 8.1
• unify mail encoding, was different depending of the checked characters
• added a CSRF-token to posting delete function calls
• absolute URLs for images in the RSS-feeds, relative pathes in the src-attribute of images in the RSS feed made them inaccessible in the feed
• show spam entries in the thread tree not for authors of spammy postings
• database table columns for user names and e-mail-addresses are set to be unique to prevent the use of similar user names (in the meaning of the MySQL-database-system) or the double use of e-mail-addresses
Source code(tar.gz)
Source code(zip)
• #### 2.4.24(Oct 12, 2020)

In case of an update: This version can only be an update target for existing installations from version 2.3.5 upwards!

## Attention

Because of a silly copy'n'paste error the list of files to update mentions two wrong file names. This affects only forum operators who upgrade the software from an earlier version. New installations are not affected.

• wrong: themes/default/style.tpl => correct: themes/default/style.css
• wrong: themes/default/style.min.tpl => correct: themes/default/style.min.css

## Fixes

• fixed wrong formatting of the link for a threads own RSS-feed again, got broken by a change in the previous release
• fixed the formatting of the back-to-top-links in the options menu of an entry, lowercase is not correct for every language

## Featurette

• added classes mentioning the user type in the thread tree below an entry in the single-entry-view
Source code(tar.gz)
Source code(zip)
• #### 2.4.23(Sep 30, 2020)

In case of an update: This version can only be an update target for existing installations from version 2.3.5 upwards!

## Fixes

• fixed wrong formatting of the link for a threads own RSS-feed, got broken by a change in the previous release
• fixed the non-English and non-German strings for the to-top-of-page-links, they had a broken comment part
Source code(tar.gz)
Source code(zip)
• #### 2.4.22(Sep 29, 2020)

In case of an update: This version can only be an update target for existing installations from version 2.3.5 upwards!

## Fixes

• fixed the broken backup restoring function for the entries table, rework of the backup function for better code readability
• fixed the insufficient file size computation for the list of backup files; very small file sizes (up to a few hundred bytes) was shown as "0.00 MB" instead i.e. "0.0006 MB"
• fixed deprecation warnings that occurs since PHP 7.2, removed function each() in while loops, replaced the construct with foreach()
• fixed a wrong key name for the error message in admin area about a provided but incorrect e-mail-address

## Features and featurettes

• added links to top of the page in the page footer and in the options menu of every entry
• added a backup function for subscriptions and tags
• added the natural sorting of the tag list, makes sorting of tags case insensitive
Source code(tar.gz)
Source code(zip)
• #### 2.4.21(Apr 25, 2020)

In case of an update: This version can only be an update target for existing installations from version 2.3.5 upwards!

## Fixes

• fixed the regular expression for checking the syntax of an e-mail-address to be compatible with PRCE2 and so also with PHP 7.3 and newer, the old PRCE1-compatible syntax prevented new user registrations when the forum software runs under PHP 7.3.x or newer
• fixed the image source paths from within forum entries, when provided as a RSS-feed, output of images was broken because of invalid paths to the image sources
Source code(tar.gz)
Source code(zip)
• #### 2.4.99.3(Sep 24, 2019)

In case of an update: This version can only be an update target for existing installations from version 2.4.19.1 upwards!

This is a testing version. Please do not use it in production.

## Fixes

• when an entry was classified as spam, the author was able to see other as spam classified entries, this is a feature for admins and mods only
• the new tables was not included into the drop-table-functionality in the uninstallation function

## Removals

• the old update script update_2.3.5-2.4.php got removed because it led to confusion when starting the update process

## Included changes of version 2.4.99.2

### Features

• The listing of spam entries for forum team members is part of the main view and not a possible view in the search results page from now on. So you'll have the manipulation functions of the main view also for the listed spam entries.
• A registered user can decide for whom se/he is contactable about the forums e-mail-based contact function.
• The forum is now able to send e-mails via a SMTP-function. That's currently a proof of concept and the configuration is located in config/php_mailer.php but not accessible in the admin area.
• The forum operator can decide if registered and unregistered users should be able to add tags to postings.

### Changes

• All database tables are of type InnoDB from now on.
• After storing an entry after it's creation that was classified as possible spam we generally redirect to the single posting view to show a message about the situation.
• several database columns got a smaller size. This is because they should store UTF-8 with four bytes and have an index at the same time. The indexes for text fields istself are limited in their size what limits the possible size of the text fields. We limited the sizes of the columns mlf2_userdata.user_name, mlf2_tags.tag, mlf2_b8_wordlist.token to 128 characters.
• Send the notification e-mails only, if the entry was classified as ham (not as possible spam).
Source code(tar.gz)
Source code(zip)
• #### 2.4.99.1(Jun 1, 2019)

In case of an update: This version can only be an update target for existing installations from version 2.4.19.1 upwards!

This is a testing version. Please do not use it in production.

## Features

• information about the user who uploads a new image gets stored in a database table
• Bayes based spam filter
• optional TeX support through MathJax library (has to be linked manually)
• allow topics to be pinned/sticked to the certain category or to all categories
• change the charset of most of the tables to support 4-byte-characters, i.e. emojis

## Changes

• the quote-message-link is now a button

## Fixes

• replace while loops with deprecated PHP-function "each" with foreach loops
• unify mail encoding, was different depending of the checked characters, is now the encoding given by the language file
• added a CSRF-token to posting delete function calls
• relative pathes in the src-attribute of images in the RSS feed made the images inaccessible in the feed

## Removals

• optional TeX support through the Google online service, service got abandoned
• flash button and its bb-code
Source code(tar.gz)
Source code(zip)
• #### 2.4.20(May 15, 2019)

Attention: This version only works with PHP versions up to 7.2.x!

In case of an update: This version can only be an update target for existing installations from version 2.3.5 upwards!

## Fixes

• fixed a call for a removed function in the JS-code for the admin area
• fixed inconsistent detection of mail encoding, depended on an input string and could therefore result in wrong encoding, now it is fixed to the encoding, that is provided in the language file (normally UTF-8)
• fixed a security issue because of a missing CSRF-token in some cases of deleting postings
Source code(tar.gz)
Source code(zip)
• #### 2.4.19.1(Feb 7, 2019)

Attention: This version only works with PHP versions up to 7.2.x!

In case of an update: This version can only be an update target for existing installations from version 2.3.5 upwards!

## Fixes

• fixed: because of a check for an invalid array structure the forum responded every when and then with white pages (browser dependent), HTTP-status 500 or a PHP-warning about an undefined array offset
• fixed: We used the function mysqli_fetch_all in two cases and even the underlying PHP-library "mysqlnd" is the default MySQL-driver for PHP since PHP 5.3, the function does not exist in every PHP installation of a newer version (evidence for a PHP 5.6-installation without the function in the project forum, this entry and the follow up), we now use mysqli_fetch_assoc in a while-loop instead
Source code(tar.gz)
Source code(zip)
• #### 2.4.19(Feb 3, 2019)

Attention: This version only works with PHP versions up to 7.2.x!

In case of an update: This version can only be an update target for existing installations from version 2.3.5 upwards!

## Fixes

• fixed: when editing a posting, an activated subscription can not be saved in the database because of a syntax error on the database query
• fixed: images, included in a posting, got elongated in the Ajax-preview of a posting

## Changes

• changed: a few settings moved to the table mlf2_temp_infos because they are no settings at all
Source code(tar.gz)
Source code(zip)
• #### 2.4.18.1(Jan 14, 2019)

Attention: This version only works with PHP versions up to 7.2.x!

Attention: The solved bug affects only the installation process. Users, who updated their existing installations from an older version was not affected.

In case of an update: This version can only be an update target for existing installations from version 2.3.5 upwards!

## Fixes

• because of the errorneous surrounding of a table name, the installation script was not able to replace the table name prefix with the given one
Source code(tar.gz)
Source code(zip)
• #### 2.4.18(Jan 13, 2019)

Attention: This version only works with PHP versions up to 7.2.x!

Attention: Users, who wants to install a completely new forum, will run into a bug in the installation script in this version. Please use the version 2.4.18.1 instead. Users, who wants to upgrade their existing installation are not affected.

In case of an update: This version can only be an update target for existing installations from version 2.3.5 upwards!

## Features

• featurette: the default protocol, used in the JS-prompts for links and images when creating or editing a posting got changed from "http://" to "https://"

## Fixes

• fixed: unregistered users was not able to subscribe to their own postings because of field user_id of the subscriptions table being defined as NOT NULL
• fixed: because of failing subscriptions of unregistered users for thread opening postings the thread in itself was broken and not deletable
• fixed: sending e-mails over the contact form failed because of forgotten function call for form minimum and maximum time handling
• fixed: deleting a posting with subscriptions left orphaned subscriptions because they got not removed from the database
• fixed: the check for password strength failed when more than one char in a category was required and these chars did not follow one after the other
• fixed: if one used the thumbnail funtion to include an image to a posting, the image got the right width but was elongated to the complete possible height of the posting, see example in the project forum

## Changes

• change: changed the language strings (key: show_spam_link) for english and german language, the old value led to danger of confusion ("show spam (no. of entries)" vs. "list spam") (enhancement for admins and mods), dear translators: if you update your translaton of further languages, let us know about your adaptions
• change: the update script disables the forum during the database operations of the update and reenables it afterwards (admin only feature), at the moment it got enabled before one updates the files and folders;
dear admins: please check the status after an update in the settings page to ensure the forum to be enabled again
Source code(tar.gz)
Source code(zip)
• #### 2.4.17(Jan 6, 2019)

Attention: This version only works with PHP versions up to 7.2.x!

In case of an update: This version can only be an update target for existing installations from version 2.3.5 upwards!

## Features

• feature: minimal and maximal time between requesting a form and sending the filled form back to the forum-server as separate settings for posting, e-mail and registration forms
• feature: a user is from now on able to close her/his own forum account, until now this was only possible for the admin/forum operator
• feature: a by the registered users granted acceptance to the terms of use and/or the data privacy statement can be recalled and a newly acceptance of one or both of these agreements can be enforced for the case of changes in the terms of use and/or the data privacy statement
• feature: further possible requirements for password quality (enforce a number of lowercase and/or capital letters, ciphers and/or "special" chars), disabled by default

## Fixes

• fixed: set the decimal point . as fix char because different decimal separators (i.e. comma in german language) causes errors in floating number operations in PHP
• fixed: the checkbox for the Flash-bb-code-setting got reintroduced (will definitely get removed with version 2.5, change was removed by accident in the 2.4.x-branch)
• fixed: remove the confirm-password-field from the form for change ones own password, function was removed for the other forms in versions 2.4.16

## Changes

• change: removed the JS-function to create the bb-code [msg] for forum entries, it needed a blacklist of not covered exceptions that was incomplete; entries will from now on handled as [link] or [url] like all other links; existing msg-bb-codes will still get interpreted in the output
• change: not selected checkboxes and radio buttons in the settings forms of the admin panel will not grayed out from now on, was a misleading UI-feature because the form fields looked like disabled but was still accessible
Source code(tar.gz)
Source code(zip)
• #### 2.4.16(Dec 7, 2018)

Attention: This version only works with PHP versions up to 7.2.x!

In case of an update: This version can only be an update target for existing installations from version 2.3.5 upwards!

## Fixes

• fixed: it still was impossible to edit an entry because of two occurences of hardcoded table names in database queries from the testing phase
• fixed: the entries in the users bookmark list got an empty tag-array-element for bookmarks without a tag, that led to a broken link to a nonexisting tag in the HTML source
Source code(tar.gz)
Source code(zip)
• #### 2.4.15(Nov 30, 2018)

Attention: This version only works with PHP versions up to 7.2.x!

In case of an update: This version can only be an update target for existing installations from version 2.3.5 upwards!

## Fixes

• fixed: it was impossible to edit an entry
• fixed: subscribung to or unsubscribing from an entry was not possible when saving the edit of an entry (after solving the issue above)
Source code(tar.gz)
Source code(zip)
• #### 2.4.14(Nov 26, 2018)

Attention: This version only works with PHP versions up to 7.2.x!

In case of an update: This version can only be an update target for existing installations from version 2.3.5 upwards!

## Features

• feature: add a checkbox to make the password visible for input verification during registration, remove therefore the second password field
• feature: add a new table to store the subscriptions independent from the entry in itself
• feature: allow SVG-graphics as smilies, graphics have to be uploaded per FTP

## Fixes

• fixed: several forms in the admin area lacked the CSRF-token, security improvement to prevent CSRF-attacks
• fixed: remove underscores from "data privacy statement" in the language files
• fixed: removed the workaround of setting the language to en-us in the turkish language file, underlying problem was solved with PHP5.2 long time ago

• update: danish language file updated by project-forum-user Tommy Nillson
• update: norwegian language file updated by Github-user @flatnick
Source code(tar.gz)
Source code(zip)
• #### 2.4.13(Aug 12, 2018)

Attention: This version only works with PHP versions up to 7.2.x!

In case of an update: This version can only be an update target for existing installations from version 2.3.5 upwards!

## Fixes

• fixed: icon for Ajax-preview of an entry was not displayed, if the entry is locked
• fixed: reordering registration-form fields because firefox users could be unable to register dependent from the browser settings (prefilled form fields)
• fixed: status of the checkbox for accepting the data privacy statement got lost when previewing the entry
• fixed: display data privacy statement in a popup like the terms of use in case of an entry from an unregistered user
• fixed: missing fields for the dates of the acceptance of the terms of use and the data privacy statement in the backup script for the user data
• fixed: set a birthday date in single quotes in the backup script for the user data
• fixed: remove field mlf2_entries.tags from the backup script for the forum entries because it does no longer exist
• fixed: masked an occurence of single quotes in the german language file
• fixed: set the forums own e-mail-address as sender of an e-mail in every case, set a possibly given divergent address as Reply-To-header; prevents not sending e-mails because of not matching domain names (forum domain versus domain part of an e-mail-address)
Source code(tar.gz)
Source code(zip)
• #### 2.4.12(Jun 29, 2018)

Attention: This version only works with PHP versions up to 7.2.x!

Attention: This update is only necessary, if …

• … the initial point of the update is a version from 2.3.5 to 2.3.7 and …
• … the forum admin tried before to update the forum to the version 2.4.10 or 2.4.11

Noone else is affected.

## Fix

• Fixed array of update targets in the update script. Versions from 2.3.5 to 2.3.7 as initial point of the update got no table structure update of the step to version 2.4.10. Because of that registered users in the affected forums was not able to send a posting.
Source code(tar.gz)
Source code(zip)
• #### 2.4.11(Jun 25, 2018)

Attention: This version only works with PHP versions up to 7.2.x!

In case of an update: Because of an error in the update script this version can only be an update target for existing installations from version 2.3.99.1 upwards!

If you are affected, see version 2.4.12.

## Fixes

• fixed: used the wrong setting for the terms-of-use-URL in the new template user_agreement.inc.tpl because of a copy'n'paste error; one as a user was unable to read the terms of use before accepting it
• fixed: a lost underscore in the admin template
Source code(tar.gz)
Source code(zip)
• #### 2.4.10(Jun 13, 2018)

Attention: This version only works with PHP versions up to 7.2.x!

In case of an update: Because of an error in the update script this version can only be an update target for existing installations from version 2.3.99.1 upwards!

If you are affected, see version 2.4.12.

## Fixes

• fixed: the russian language had a few syntax errors, introduced with the reformatting of the language files (2.4.7)
• fixed: the version check in the admin panel was broken, when the update was executed before the forum itself found the new version on Github
• fixed: the meta element for the charset definition moved to top of the title to apply also for the title

## Feature

• feature: make it possible to force an agreement to a data privacy statement in the same manner as with the terms of rules
• feature: store the date of the agreement (data privacy statement and/or terms of use) with the users data
• feature: enforce a new agreement to adata privacy statement and/or terms of use with the deletion of the timestamp of the old agreement (there is no user interface yet!)

## Changes

• change: actualised Bad Behavior from 2.2.19 to version 2.2.20
• change: actualised GesHi from 1.0.8.11 to version 1.0.9
• change: actualised Smarty from 3.1.30 to version 3.1.32
• change: because of the minimal system requirement for Bad Behavior the minimal MySQL version raises to 5.0
Source code(tar.gz)
Source code(zip)
• #### 2.4.9(Apr 13, 2018)

Attention: This version only works with PHP versions up to 7.2.x!

In case of an update: This version can only be an update target for existing installations from version 2.3.5 upwards!

## Fixes

• fixed: use the function get_avatar also in the admin panel, used before only the code for the old file name scheme which leads to only displaying avatars with names in this old name scheme
• fixed: avatar field in the user data form of the admin panel had no label because of missing string in the language files
• fixed: adapt changed URL-parameter behaviour for folding threads to the JS-sources, didn't work with the switch instead the toggle
• fixed: changed long date format for german language to month as number with leading zero, out written month name "März" can cause encoding problem on some servers
• fixed: the deletion of entries about read postings was broken in the case of deletion after X days, used the old and removed setting name read_state_expiration_date instead read_state_expiration_value

## Feature

• added: put pixel dimensions of uploaded images into the HTML source, when included in entries, prevents page jumping during load process for only this case(!)

## Changes

• added: sentences about automatic generation of e-mails to inform about new entries, user, etc., a few users answered to these automatic messages
• added: make the mouse cursor a hand (pointer) when hovering over a (visible) label element
Source code(tar.gz)
Source code(zip)
• #### 2.4.8(Feb 18, 2018)

The original project page mylittleforum.net works again. So the interim page www.projekt-mlf.de got a different function as home of development of a new theme and accessories by Auge.

Attention: This version only works with PHP versions up to 7.2.x!

In case of an update: This version can only be an update target for existing installations from version 2.3.5 upwards!

## Fixes

• fixed double closing tag of a select in the admin.inc.tpl
• fixed the use of a table alias in a database query that caused a MySQL error
• removed a few empty lines in the code in search.inc.php because some of them caused headers-sent-erros
• fixed the use of a wrong variable name in bookmark.inc.php
• fixed forgotten masking of single quotes, used as apostrophe in the german language file
• fixed wrong cases range for partial backups, the three cases that was introduced in the 2.4-branch wasn't recognised as valid
• fixed the invalid use of column name tags in the entries table because the column no longer exists
• fixed wrong path names of files that have to be updated in the update to version 2.4.7, yet relevant because of updates from earlier versions
• fixed superfluous column name "tags" in create statement of table mlf2_entries
• added CSRF-tokens to user_edit.inc.tpl, user_edit_email.inc.tpl, user_edit_pw.inc.tpl and the corresponding code in user.inc.php

## Changes

• added the version number of the minimal required PHP-version to the readme file
• added the links to the original project site and forum again, was changed to the interim site and forum because of the temporary inaccessibility of the original site
• added a partial rework of the swedish language file, mainly based on the work of Tommy Nielsson ([email protected])
• replace "Bookmarks" with "Lesezeichen" in the german language file
• removed a few line breaks and spaces at a line end in bookmarks.inc.tpl
• removed a size attribute in an input submit button
Source code(tar.gz)
Source code(zip)
• #### 2.4.7(Jan 4, 2018)

After preliminary move to the new project page we are back with a further maintenance release of the 2.4-branch. Please read this announcement carefully, especially the last point about changes in the language files.

With this release the system requirements changes. The minimal PHP version is from now on PHP 5.4.

Attention: This version only works with PHP versions up to 7.2.x!

In case of an update: This version can only be an update target for existing installations from version 2.3.5 upwards!

## Fixes

• fixed database issue because of the obsolete field *_userdata.entries_read that can cause errors in some database configurations, an admin can not create new user accounts in that case
• fixed the use of a wrong string for too long user name in the create-new-user-function of the admin panel
• fixed a check for existence of categories in the main script, can cause error in PHP 7.2 when no categories are present
• fixed handling of not given birthday date, set it to NULL in that case instead the pseudo date 0000-00-00, can cause error in some MySQL-configurations

## Features

• added redirect of a user after login back to the last page, one has visited
• added the availability of tags to the bookmark function, the postings tags will be suggested when present
• added new tables for tag handling, existing tags for postings will be handed over to one of the new tables
• added a few fields as honeypots for spammers to the registration and the posting form

## Changes

• changed handling of the URL-parameters 'fold_threads', 'toggle_view' and 'toggle_thread_view', are not toggles anymore, fix reproducible behaviour for every value instead, one can create links to special views of a forum and get's reproduceable outputs
• 'fold_threads': 0 = unfolded threads, 1 = folded threads
• 'toggle_view': 0 = thread view of thread list, 1 = table view of thread list
• 'toggle_thread_display': 0 = nested view (threaded view of a threads entries), 1 = linear view (table view/board view of a threads entries)

## Attention: Massive changes in the language files

All strings in all language files (with a few exceptions, see last paragraph) got enclosed in single quotes. This leads to a few changes for translators, especially for languages, where the apostrophe is in use, for example as marker for contracted forms of words (i.e. in "hasn't"). These occurences have to be masked with a backslash hasn\'t in the language files. This rule is mandatory from now on (with a few exceptions, see last paragraph)! Otherwise a string gets terminated with the first occurence of an apostrophe.

Even if I think, that I scrutinised the files for occurences of apostrophes within the strings, it is possible, that I missed a few apostrophes. In that case you'll find cropped strings. Please check the file of the language with the search function of a text editor for the affected string and check it for an apostrophe at the place, the string got cropped. Mask the apostrophe with a backslash (\), load the file to your server and check the string on your website again.

Please report the problem as an Github issue or in the project forum, so that other users can benefit from the fixes.

As last a word about the exception from the described rule. The e-mail-templates, which goes over more than one line of code, are enclosed with a row of three double quotes ("""). Within these strings an apostrophe has to stay unmasked.

Thank you.

Source code(tar.gz)
Source code(zip)
• #### 2.4.6(Nov 5, 2017)

Attention: This version only works with PHP versions up to 7.2.x!

In case of an update: This version can only be an update target for existing installations from version 2.3.5 upwards!

## Fixes

• fix for displaying the new version number after update in the update script itself
• fix for missing rules for visited links in the list of latest entries
• fix for wrong syntax in the meta element "referrer", that was introduced in version 2.4.5 (author: Romchik)
• removed doubled title attributes (author: Romchik)
• rework of the HTML-structure in the side- and bottombar, removal of a few obsolete CSS-rules
• refactoring of the *.inc.php-files, better readability for future development, no functional changes at that point
• fix for broken toggling of check for banned IPs or user agents, should toggle automatically when listing bans but didn't
• fix broken query for reading user data for notification in case of account creation through the admin
• fix for doubled key in the german language file
• fix for ordering of user data lists when sorted by the user names, collation led to sorting in the order names beginning with numbers, capital letters and in the end low letters, now names with capitals and low letters are sorted mixed in their natural order
Source code(tar.gz)
Source code(zip)
• #### 2.4.5(Oct 9, 2017)

Attention: This version only works with PHP versions up to 7.2.x!

In case of an update: This version can only be an update target for existing installations from version 2.3.5 upwards!

## Fixes

• fixed wrong variable name in the function getMessageStatus
• removed an orphaned code fragment, that never was in use

## Feature

• add a meta element named "referrer", that causes not sending a referrer when open an external link or (for older browsers) sending a referrer with only the domain part. it's a small contribution for forum users privacy
Source code(tar.gz)
Source code(zip)
• #### 2.4.4(Oct 3, 2017)

Attention: This version only works with PHP versions up to 7.2.x!

In case of an update: This version can only be an update target for existing installations from version 2.3.5 upwards!

## Change

• make the error message of the update script for wrong or non existing file config/VERSION more descriptive

## Fixes

• fix for by mistake overwritten user type
• fix for not accepted email addresses with a TLD longer than four chars
• fix for not marking the opening message of a thread as new if a new answer was posted and the thread is folded
Source code(tar.gz)
Source code(zip)
###### Doctrine2 behavioral extensions, Translatable, Sluggable, Tree-NestedSet, Timestampable, Loggable, Sortable

Doctrine Behavioral Extensions This package contains extensions for Doctrine ORM and MongoDB ODM that offer new functionality or tools to use Doctrine

3.8k Sep 29, 2022
###### Effective tree structures in Laravel 4-5

This is a Laravel 4-8 package for working with trees in relational databases. Laravel 5.7, 5.8, 6.0, 7.0, 8.0 is supported since v5 Laravel 5.5, 5.6 i

3.3k Sep 23, 2022
###### Tiny php mysql lib (PDO-based) with handy fetch/update functionality, supports both SQL and parametric queries

Micro PHP mysql lib (~ 200 lines of code) with ultra powerful CRUD for faster than ever development: parametric fetch/insert/update/delete (based on a

16 Feb 22, 2022
###### A simple and extensible fixture loader for PHP 7.3+, supporting SQLite and MySQL

Flowder Flowder is a (really) simple fixture loader for PHP 7.3+, supporting SQLite and MySQL. Using Flowder in PHP 7.2 or below? Try version 1 instea

6 Jan 17, 2021
4 Feb 22, 2022
###### Laravel Code Generator based on MySQL Database

Laravel Code Generator Do you have a well structed database and you want to make a Laravel Application on top of it. By using this tools you can gener

308 Sep 13, 2022
###### A simple program to query mysql data and display the queried data in JSON format

A simple program to query mysql data and display the queried data in JSON format. The data displayed in JSON format will change and update as the data in your mysql database changes.

2 Mar 7, 2022
###### Simple MySQL library for PHP 5.4+ includes Query Builder, PDO Native functions, Helper functions for quick use.

Simple MySQL library for PHP 5.4+ includes Query Builder, PDO Native functions, Helper functions for quick use.

8 Jul 14, 2022

2 Sep 28, 2021
###### phpMyFAQ - Open Source FAQ web application for PHP and MySQL, PostgreSQL and other databases

phpMyFAQ 3.1 What is phpMyFAQ? phpMyFAQ is a multilingual, completely database-driven FAQ-system. It supports various databases to store all data, PHP

537 Sep 23, 2022
###### Staggered import of large and very large MySQL Dumps even through the web servers with hard runtime limit and those in safe mode.

Staggered import of large and very large MySQL Dumps (like phpMyAdmin dumps) even through the web servers with hard runtime limit and those in safe mode. | Persian Translation Version

5 Jan 8, 2022
###### Very easy to use PDO MYSQL API. Just Include in PHP file and get it working.

CRUD-MYSQL-API Very easy to use PDO MYSQL API. Just Include in PHP file and get it working. INSTALATION Step 1: git clone https://github.com/arhex-lab

4 Jun 14, 2022
###### The Enobrev\ORM library is a small framework of classes meant to be used for simply mapping a mysql database to PHP classes, and for creating simply SQL statements using those classes.

The Enobrev\ORM library is a small framework of classes meant to be used for simply mapping a mysql database to PHP classes, and for creating simply SQL statements using those classes.

0 Jan 7, 2022
###### Independent query builders for MySQL, PostgreSQL, SQLite, and Microsoft SQL Server.

Aura.SqlQuery Provides query builders for MySQL, Postgres, SQLite, and Microsoft SQL Server. These builders are independent of any particular database

419 Sep 28, 2022
###### A web interface for MySQL and MariaDB

6.2k Sep 26, 2022
###### A validating SQL lexer and parser with a focus on MySQL dialect.

SQL Parser A validating SQL lexer and parser with a focus on MySQL dialect. Code status Installation Please use Composer to install: composer require

348 Sep 21, 2022
###### A Symfony application for managing and automating regular backups of MySQL databases.

DbSaver DbSaver is an application written by Bastien LOUGHIN allowing you to make automatic daily backups (and manual backups) for your MySQL database

30 Sep 22, 2022
###### PHP version of mysqldump cli that comes with MySQL

MySQLDump - PHP Requirements | Installing | Getting started | API | Settings | PDO Settings | TODO | License | Credits This is a php version of mysqld

1.1k Sep 20, 2022
###### Symfony 5.2 + api platform project with ELK stack + elastic FileBeats for the log management. All running in 7 docker containers: nginx, php 8, mysql, elastic search, logstash, kibana, fileBeats.

Symfony with ELK and Elastic FileBeats Stack Prerequisites: Make sure that docker and docker-compose are installed in your machine and available for y

13 May 20, 2022