-
OpenID for PostNuke
(News)
-
If you haven't read that yet and is interested in OpenID then please read it here - it will explain the whole OpenID background.
For those of you that haven't heard about OpenID yet, here is the very short explanation: OpenID is a relatively new web-technology for managing your online identity. It's primary purpose is to facilitate Single Sign On across independent websites. This means you can create yourself an OpenID identity and use that for login in to different websites without having to retype your password over and over again.
When I wrote the last article I promissed to deliver an OpenID implementation for PostNuke, and, well, here it is! You can now download OpenID from the NOC OpenID project page.
By installing this module you enable your users to:
Register an OpenID with their PostNuke account and login with this OpenID. The OpenID manager page can be found in the user account panel (Profile).
Create an account on your website using OpenID's registration process.
The OpenID module requires PostNuke version .8 from SVN (april 15th) - and probably also PHP 5.x since a required extension "domxml" is not delivered with PHP 4.x.
So don't hesitate - get your website OpenID enabled today and save yourself (and your customers) the hazzle of managing multiple user accounts.
Intra-web usage
You can use OpenID for Single Sign On between closed "intra-webs". For this
you must have a trusted OpenID Identity Provider (IP) - either your own or an
external one. Then you add a filter on the OpenID admin pages - this filter
should allow access from your trusted IP and deny access from any other
provider. In this way only users from your trusted IP will be allowed to access
your website.
Read more
You can find lots of information about OpenID around the web. The most obvious place to start is of course openid.net. But at openidbook.com you can get a free copy of the 200+ pages OpenID book from Rafeeq Ur Rehman. This should satisfy even the most curious people
Enjoy, Jørn Wildt
Generated on April 16, 2008.
-
A Warm Welcome to Our Newest Member, Mateo Tibaquirá Palacios
(News)
-
Welcome Mateo, tell us a little about yourself. Who are you,
where are you from, and what do you do?
My complete name is Néstor Mateo Tibaquirá Palacios, but I prefer to be called Mateo. I'm from Colombia, a very beautiful country with some horrible problems; balanced, eh? I live in Popayán, where I'm finishing Electronic & Telecommunications Engineer Studies with an emphasis in Telematics (Information and Communications Technology). I chose Telematics because I like to program. Growing up, I did not have a computer, and from the distance I hated the idea of using a command line console. Now, it's different; I love my Ubuntu with the Yakuake console; and Eclipse PDT rocks!
At the University, I discovered that I had sufficient skills to write software. I began programming in C++ and Java some time ag
Generated on January 26, 2008.
-
Development Update, October 2006-04
(News)
-
PostNuke and the aim regarding ValueAddons
There have been a lot of discussion about what release structure there will be in any future versions of PostNuke. Let us clarify this a bit.
As soon as the core codebase of PostNuke .8 is stable, it will be released as a core application framework, from which advanced users can create their own custom module set. Also available will be a package containing basic content modules, a simple page manager (Pages) and an News article manager.
Eventually, the aim is to build different distributions for different purposes. A good example of a (very very) extended .76x package is the current OpenStar distribution.
At this moment, there exist a few modules in the ValueAddons repository that have third party equivalents with improvements and better functionality than the historic ones. And even more important, these module developers have taken good thought about importing historic data from the original modules, so this does not mean you lose any when deciding to switch to an other module. Some examples are Downloads 2.0 to replace Downloads, MultiHook to replace AutoLinks, pnMessages to replace Messages and Advanced_Polls to replace Polls.
Maintenance of the 'old' ValueAddons modules is a lot of extra work for the core development team, which will not only delay any future releases of the core framework, but also increases the timeframe for functionality and feature improvements in these modules. So, the less there is to maintain for the core development team, the better they can work on security, stability and finetuning the core framework codebase.
We to make clear that adoption of old-style modules is encouraged! Please remember that there do not (and will not) exist 'official' ValueAddons modules. While we'd urge all third party developers to maintain high standards in their code (pnAPI compliancy, using hooks for better integration of existing functionality), this can't be enforced.
Secunia's vulnerability advisory on the core Downloads module
Secunia anounced a flaw which has status 'less critical'. The ability to exploit this flaw is limited, since it can only be exploited by administrative users: specifically, you need admin permissions to the downloads module . A new release for the 0.7x codebase is planned for next week, together with some other bug fixes. People who want to patch earlier can download modules/Downloads/admin.php from the SubVersion repository and replace their existing file.
Legal module
The German PostNuke community has hired a lawyer to update the German terms of use, because translations into foreign languages of the original legal module only work on a linguistic basis (and if at all they only apply to US-American laws). In some countries, maybe it is even better to not at all use the legals module, than to apply one that doesn't fit your country's laws. Every user should keep this in mind when using or activating this module for his / her site.
Sneak preview: Wendell's Admin theme
Wendell is currently working on a design for the PN Admin area. This is a first setup to make the administration interface much more user friendly and productive.
Code update for .8 Installation
Do you have a personal_config.php included in your installation of .8? That could be the reason for an MS2 installation problem. If you are having problems installing, try removing this file. Furthermore, lots of enhancements have been made to the installer routine. One can test it by pulling the latest nightly builds.
System Changes / Updates
In the Settings module, a link to the w3school page on each allowable HTML tag has been added to inform a user about the available tags.
The Modules module now shows a (more logical) indicator of a module's status: not initialised is red; installed but inactive is yellow; installed and good to go is green.
In the pnRender plugins, some additions and changes have been committed: The pnbutton plugin now utilises the button tag, and a suitable style for the button tag was added. On can add parameters like id, class, name and value. Furthermore, the date input validation was refactured, moving the parser into the DateUtil class. All pnForm* plugins have been reviewed and optimized by Jörn.
More information on the PostNuke Forms Framework can be found in the Wiki.
Miscellanious updates
Within the complete codebase, all occurences of extract($args) will be (or already have been) removed and replaced it with $args['myvar']. The reason for this change is that you should not use variables that are not expected within the function. We encourage module developers to not use extract also.
Error handling and Status reporting has been improved to also display module, file and line information depending on permission level. LogUtil has been updated and all occurences of statusmsg or errormsg in t
Generated on October 10, 2006.
-
The Road to .8 - Where are we, and where are we going?
(News)
-
The modules included in .760 which are templated, and taken direct from the .8 CVS are as follows:
Admin
Admin Messages
Autolinks
AvantGo
Blocks
Censor
Credits
Ephemerids
Groups
Header_Footer
Legal
Mailer
Members List
Messages
Modules
Permissions
pn_bbcode
pn_bbsmile
pnRender
Quotes
Ratings
RSS
Sniffer
Typetool
Xanthia
This represents a significant percentage of the .8 code, but there is still more to do. The aim of this article is to try and outline some of what remains to be done before we can consider a release of .8.
Six Main Projects for PostNuke Development
We have identified six main sub projects vital for a release of .8. These projects cover wide areas, and each are at different stages of completion. The six projects, in no particular order, are:
Integration of Open Star object library and Database Utility
Integration of Open Star category management
Installer
Xanthia
User management
Finishing of content modules
This article also includes a little information on some of the other new code to be introduced with .8 this is at the end, where we look at EZComments and the Error Handler.
Integration of Open Star Object Library and Database Utility
The new Database layer reuses the existing pntables information to provide an
object representation of database rows. The advantage of this approach is that
it allows you to basically remove manually coded SQL statements and replace
with what's typically a 1-line statement. Some sample invocations of such code
are shown below:
[code]
$myObj =& DBUtil::selectObjectByID (, $id);
$myObj =& DBUtil::selectObject (, $where);
$myObjArray =& DBUtil::selectObjectArray (, $where, $sort);
DBUtil::insertObject ($myObj, );
DBUtil::updateObject ($myObj, );
[/code]
These functions all return an associative PHP array, or in the case of array
functions, an array of arrays. The fields in this array are cleaned up in
the sense that any field prefixes have been removed. This DB API also
gives you the ability to have generate associative (object) arrays, expanded
arrays with other table fields joined in (which means that you can save SQL
lookup calls) as well as store/retrieve dynamic attributes without altering
the underlying table structure. Together this provides a highly flexible API
which can take care of all storage & retrieval operations.
On top of the DB layer sits the Object Layer. Objects provide a component model
which features transparent persistence facilities. Objects/Classees are loaded
though the Loader API though
[code]
Loader::loadClassFromModule (, 'foo') //
Generated on November 3, 2005.
-
SQL-injection in module Download (PN0750)
(News)
-
on text:
- --- 1. SQL-injection in module Download ---
Given SQL-injection not critical since exploit works only under rights of the manager (mysql)
The Problem in file "modules/Downloads/dl-viewdownload.php".
- --------
if ($show!="") {
$perpage = $show;
} else {
$show=$perpage;
}
...
$result =& $dbconn->SelectLimit($sql,$perpage,$min);
- --------
varible $perpage.
$perpage at request is not checked. If substitute in parameter $show (amount element on page), for instance, "0" or "-3" or "asdf" or anything bad, importance will not is checked
Decision:
Install the new version PostNuke 0.760 Если you do not be going to to move to version 0.760, that decision following:
in file dl-viewdownload.php, in function viewdownload(), viewsdownload() copy code:
if ($show!="") {
$perpage = $show;
} else {
$show=$perpage;
on following code
if ( (isset($show)) && is_numeric($show) && ($show >= 0) ) {
$perpage = $show;
} else {
$show = $perpage;
}
In the event of invalid parameter will is issued importance by default, taken from deskside (thanks TAndrew)
or following decision - in file dl-viewdownload.php, in function viewdownload(), viewsdownload() copy code
$result =& $dbconn->SelectLimit($sql,$perpage,$min);
change on
$result =& $dbconn->SelectLimit($sql,(int)$perpage,(int)$min);
Empty page will is issued In the event of invalid parameter
Generated on August 31, 2005.
-
A Time to Grow and Change: PostNuke Software Foundation Formed
(News)
-
German PostNuke Foundation, currently represented by Andreas Krapohl, Drak of HostNuke, and Vanessa Haakenson. (see short bios below)
The functions of the founding members serve a managerial and strategic function, ensuring the project goals and directions remain constant and true to the open source philosophy, quality coding, collaboration, and open standards. It's important to stress you are not required to be member of the foundation (there is currently no membership option) to contribute to the project.
As a result of our combined experiences over the last four years the founding members agree the best way to move the project forward is to have a PN Steering Committee* (see details below) consisting of members of the various teams chosen from well-known, long term active community members and developers.
The job of the steering committee will be to handle the day-to-day running of the project and will be chosen by the founding members. The announcement of the appointments will be made within the next 10 days.
In closing, in the coming days look for an announcement regarding the PN Steering Committee and over the coming weeks look for announcements about a new look/feel for main PN site, a formal site for the foundation (read current bylaws here: http://www.postnuke.com/foundation/) and an updated project road map.
We have set up a forum for further discussions regarding the foundation here.
Viva la PN!
Sincerely,
Board of Directors
PostNuke Software Foundation, Inc
Harry Zink through Fizbin, LLC
Mark West, Lead Developer
German Postnuke Foundation, currently represented by Andreas Krapohl
Drak through HostNuke
Vanessa Haakenson
_________________________________________________________
PNSF Facts & Information
PostNuke Software Foundation
Non-profit registered in the State of Delaware
PostNuke Steering Committee
Advisory body made up of members of the various teams and responsibilities include:
Community management & resourcing
Determine software project priorities
PostNuke software development and direction
Provide policy recommendations
Approval of development plans
Goals/Objectives:
The Corporation is a non-profit organization organized and operated exclusively for charitable and educational purposes. No part of the earnings of the Corporation shall ever inure to the benefit of or be distributed to any member or individual having a personal or private interest in the activities of the Corporation.
Board of Directors
The Board of Directors serve a managerial and strategic function, ensuring PostNuke remains constant and true to the open source philosophy, quality coding, collaboration, and open standards. The following people/organizations serve as initial members of the corporation:
Fizbin, LLC (Harry Zink)
One of the original founders of the project, Harry has been a constant, continued project supporter. He works as a systems administrator for a large entertainment corporation and lives in Los Angeles, California. He has a Ph.D. in psychology and loves to travel to Thailand for the food.
Vanessa Haakenson
Is co-founder of Distance-Educator.com and has been an active participant in PostNuke since July 2001 consulting on usability issues and acting as a PN evangelist to the educational community. In November of 2001 she started the site Designs4Nuke.com to consolidate and share all the information and resources regarding theme design for PostNuke. With a Master's Degree
in Educational Technology she brings a unique perspective to the project having developed web based products focusing on usability, standards, documentation, and community. Over the years she has presented at conferences about PostNuke and has authored articles on effective information design. She recently moved with her son from San Diego, California to Woodland Park, a small mountain town in Colorado.
HostNuke Ltd. (Drak)
Drak has been with the project since July 2001 and was the first to create hosting accounts with PostNuke preinstalled as a way of making it easy for new users to get started. He has 19 years experience in the computer industry and devotes most of his time working for a humanitarian charity. He donates equipment and colocation to the project and is responsive for all server level security and administration.
Mark West, Lead Developer
Works as the computing officer for Systems and Operations for Kingston University and lives
in
South
West
London,
UK.
He
specializes
in
directory
enabled
enterprise
computing,
he's
taught
programming;
techniques,
data
structures
and
algorithms
to
first
year
undergrads
at
Kingston
University
and
adheres
to
a strict
style
of
programming
- heavy
on
layout,
consistency
and
style.
Believing
the
benefits
of
this
strict,
consistent
and
academic
approach
to
coding
is
a stronger,
more
stable
and
bug
free
end
product.
He
has
been
using
PostNuke
from
the.70x.
series
and
is
the
lead
developer.
German
PostNuke
Foundation
(Represented
by Andreas
Krapohl)
Andreas
Krapohl
[aka
larsneo]
is
President
of
the
German
PostNuke
e.V.
foundation
and
is
the
head
of
IT
for
a local
newspaper
in
southern
Germany.
Has
been
with
PostNuke
since
almost
the
beginning
- at
first
with
some
translation
stuff,
then
as
module
author
(phpBB_14)
and
since
early
2002
as
a core
developer.
Main
focus
is
security,
usability
and
accessibility.
He
believes
a solution
should
be
simple
and
elegant.
Current
Jobs in PostNuke
Structure
Development & Quality
Assurance
Communications & News
Moderation
Forum
Moderation & Support
Documentation
Language
Project
Marketing
Generated on August 18, 2005.
-
Multisite Analysis and Design
(News)
-
Substitution of database prefix occurs in 863 edits. This occurrence is the actual number of tables in a single install event.
This number can be reduced substantially. My analysis and subsequent regret with this project was the lack of database prototyping before the final template was selected. Tables remain in this database that will never be used. This can be solved by editing the install files to generate a bare bones installation but consider this.
You will be selecting one of two choices regarding further prefix instantiation. If you start coding in the install files and sub-routines you will inevitably want to continue using the install routine to provoke your changes. The other choice I've already mentioned.
Time constraints considered the editor is far superior choice. Consider for some time the actual data entry required in the process. Consider the underlying protocols.
Data will have to be entered in the appropriate Zone file on your DNS server. At this time you have a list of table space names you are going to use. Consider how to cut copy and paste:
www.site1 IN CNAME site.com.
Efficiency and Quality are very important. Maintaining proper data now leads directly to less downtime in the site name order of events. Continue with your file manager now and create the directory structure you desire in the parameters folder. Consider how to best create this quickly.
mkdir .site1.site.com
mkdir .site2.site.com
mkdire
At this point in the design a need arises to process the modules_var table quickly between sites on port 80. You can use your Web_Links module to link to the sites you will be editing in rapid succession by leaving one window open to the links and by clicking proceed to the new site --> admin --> settings and change the appropriate variables for the site.
I elected to use the jump box generation code that AlarConcepts provided for the project. Consider the data replication procedure carefully. Again creating a list of one hundred jump box links is best done with efficiency and quality.
Open you favorite editor once again. Open your httpd.conf file and reiterate your virtual host template. Consider the amount of data entry. You may want to use an include file in your httpd.conf. Efficiency and Quality are paramount in your data entry at this point. Replace and Paste quickly until all your selected domain concatenations are fulfilled.
Also on the sql side you have to consider the amount of data entry, Replace and Paste actions undergone. Personally I use vi transplanttable.sql through a shell and leave WordPad open with the data that undergoes Replacements. I leave it highlighted and quickly approve the all changes and copy text and one click drop into the INSERT buffer and move on changing the next as rapidly as the last.
So in conclusion we have to alter the Zone file, the httpd.conf file and the dump. Once this has occurred do mysql targetdatabase < reiteratedtables.sql and watch a dump of half a million lines slam your mysqld for as long as it wants to take.
Further database analysis will reveal number of tables present. I'm estimating around twenty-five thousand tables at present. Functionally your sites are live after the mysql import. Put the coffee on get busy.
Change the site names and make the sites user aware by providing data to the submit_news admin module and the settings module. These are the only two places I had to visit on a fresh install to change data. Consider changing even three different modules... Work quickly. The bots are coming.
Generated on May 19, 2005.
-
Interview: Carl Slaughter
(News)
-
Where do you live?
Bethalto, IL USA
Where in the world is Bethalto, IL, USA
What is your real-life job?
IT Manager/Supervisor for a Credit Union
Tell me about your PostNuke "career".
PostNuke was what I started with and I liked it, I have tried others but PN is what I'm most comfortable with and frankly I do not want to learn another unless its REALLY great, and I do not see that happening ;-)
When did you start working on your own module?
Jan, 2003
Please describe to the community what your development is like?
It’s really only I and Batpuppy (Patrick Peay). I do most of the coding and Patrick does the debugging and HTML.
We never intended it to be as big a success as it is, we just wanted a good forum module for our own PN sites. And well the rest is history ;-)
I use HTML-Kit, along with tools like Power Desk Tools, with file find, and Xampp for local web testing. For release development we use TortoiseCVS, and UNIX command line tools for file compares.
What is the biggest difficulty in your development?
The difficulty only rests in your own abilities and desire to learn as much as you can about the PN core, along with keeping with the changes. Knowledge of PHP, HTML, and cross browser coding is a must as well. You have to develop skills in every area, then of course you develop your own personal abilities to bring your own ideas to the code as well, remember there is usually 100 different ways to accomplish the same thing, but only a few ways to do it right ;-)
What features should the PostNuke .8 core have to simplify your work?
Module aliasing. Lower overhead for modules (usually the module's fault) however the PN core has a good amount that is has in memory then if you have a significant module like PNphpBB then you start scraping the top of the RAM ceiling.
Which route will PostNuke/your module in your opinion go in the future?
As PNphpBB matures it will become more and more integrated into PN, we will streamline the code and do away with all unused code from the core of phpBB. Possibly fork the entire code, because currently we have kept the same basic code of the current phpBB release so we can apply phpBB specific patches and admins can easily add mods designed for phpBB. This will eventually not be an issue as more and more people are writing mods for PNphpBB directly.
What is the weakest/strongest point in your module?
PNphpBB is a module version of the popular phpBB forum it does its best to stay true to all the features and functionality of its stand alone counterpart as well as offering those who use phpBB the ability to migrate to a CMS environment. Its weak points are since it is a port of a stand alone module, it has a lot of redundant code, its own DB functions, template/HTML output code and functions that are not necessary due to the fact it is contained within PostNuke as a module (login/registration is not used).
Thank you very much for you time.
Visit Carl and the pnPHPBB forum project at http://www.pnphpbb.com
Generated on December 16, 2004.
-
Latest Stable Release Now Available: A Major Step on the Road to 1.0
(News)
-
Upgrading from Older Versions?
Backup, backup, backup.
Before you upgrade we'd like you to keep in mind much of the core code has been changed. For example, there may be modules, blocks or themes that do not work with this release. So as usual, we recommend you create a test site before upgrading and/or backing up your files and your database. Also, when updating it's a good idea to document which modules work and don't work with the new version so we can help mod devs know the bugs. We suggest you post this information to the forums so module developers will have immediate feedback about which of their modules work with this latest version. Note, if a module is abandoned then you might be able to find a developer who is willing to update it too.
Finally, the upgrade functions have been tested in as many scenarios as possible so you can safely upgrade from any version of PostNuke, and even a few other systems like PHP-Nuke and myPHPNuke. But remember as noted before please make sure you have backed up your files and database before attempting to upgrade to the latest version. As mentioned above, as we've tested this release we've found
Generated on September 2, 2004.
-
Remembering Greg Allan aka adam_baum: PostNuke Co-Founder and Core Developer. One year Later...
(News)
-
For me, a simple user of PostNuke software, the day of his funeral changed my life.
Greg's death also changed the lives of his many -- both online and offline -- best friends; the lives of his family; as well as the entire PostNuke Development team and ultimately the direction of the PostNuke Content Management System as we know it today . . .
All Official PostNuke development stopped for one week. While the world was following the world cup of soccer being played in Japan and Korea, PostNukers the world over felt as if we had just lost a good friend . . .
We all grieved in our own way.
Vanessa, PostNuke's current Project Manager, created a theme to remember her friend Greg. Quite appropriately, she named it Memories.
30,000 new users have registered and joined postnuke.com since Greg died and you may be one of them....
Many of you never knew the name adam_baum until now. Perhaps you take PostNuke for granted. For you, the following weblinks may bring pause and reflection:
Greg's Homepage
http://www.nDezign.com
PostNuke Mourns Loss of Lead Developer
http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=1990 (The Official PostNuke Statement about Greg's passing).
Candelight memorial for adam_baum aka Greg Allan
http://www.go4scripts.com/memorials/gregallan
Funeral for Greg Allan aka Adam_Baum
Funeral for Greg Allan aka Adam_Baum (News Article by Florinel).
Photos by Florinel, Taken on the day of Greg's Funeral
http://kitcheneryouth.com/index.php?module=My_eGallery&do=showgall&gid=129&offset=0&orderby=dateD
Greg Allan : March 6, 1973 - June 16, 2002 | Adam_Baum : PostNuke .50 - .714
http://www.GregAllan.TYO!ca
PostGreg
http://www.PostGreg.TYO!ca
Greg's Gallery
http://www.GregsGallery.TYO!ca
Lives Lived - Gregory Robert Wayne Allan
http://GregsGallery.TYO.ca/newmemories/liveslived2?full=1
I spent this past day trying to keep busy, not quite knowing how best to remember Greg nor what to say to his family on this, the first anniversary of his death.
If anyone has memories of adam_baum aka Greg Allan that they just never got around to sharing with their fellow PostNukers... why not post a comment here?
I know his family still visits PostNuke.com periodically and perhaps your words may give them further insight into a part of The Online Greg they hardly knew.
The Greg Allan we all knew as adam_baum.
~ HiMY! ~
Toronto, Ontario.
Footnote:
In memory of the late Greg Allan a.ka. Adam_Baum PostNuke Sweden closed down yesterday, and will be closed with only a honory page showing untill the 20th
I hope you will take a minute, and read the original statement from last year and also read the reflections HïMY wrote during these tragic days
----===~~oOo~~===----//
Bjarne Varoytrand aka Black Skorpio Do to others what you want them to do to you
Generated on June 18, 2003.