phpBB

phpBB is considered one of the best open source forum scripts around, being mature enough to be used without problems in any project that might need a discussion board added to it.

Created back in 2000, phpBB was at one point the absolute leader in forum software. Since then it has been copied and mimicked by countless of other bulletin boards, all trying to achieve its success and user reputation.

While its market share has shrunk, phpBB still has a dedicated following, and a huge database of themes and mods that contribute to its versatility and attractiveness.

The forum is easy to install via a simple setup wizard, and comes with an advanced administration panel, full of features and moderation controls.

The forum admin is always in full control of his boards, being capable of editing and managing everything from the UI, to smileys, user profiles, and up to content itself.

All of these allow developers to use phpBB as a support center, community page, documentation tool, and for many many more other scenarios.

What is new in this release:

• This version is a maintenance and security release of the 3.1.x branch which fixes various smaller bugs including jumping to specific pages in long topics, problems with using Content Delivery Networks for static assets, and notably updates the embedded Twig and PLUpload libraries.

What is new in version 3.1.9:

• This version is a maintenance and security release of the 3.1.x branch which fixes various smaller bugs including jumping to specific pages in long topics, problems with using Content Delivery Networks for static assets, and notably updates the embedded Twig and PLUpload libraries.

What is new in version 3.1.8:

• This version is a maintenance and security release of the 3.1.x branch which fixes various smaller bugs including jumping to specific pages in long topics, problems with using Content Delivery Networks for static assets, and notably updates the embedded Twig and PLUpload libraries.

What is new in version 3.1.7-PL1:

• This version is a maintenance and security release of the 3.1.x branch which fixes various smaller bugs including jumping to specific pages in long topics, problems with using Content Delivery Networks for static assets, and notably updates the embedded Twig and PLUpload libraries.

What is new in version 3.1.6:

• This version is a maintenance and security release of the 3.1.x branch which fixes various smaller bugs including jumping to specific pages in long topics, problems with using Content Delivery Networks for static assets, and notably updates the embedded Twig and PLUpload libraries.

What is new in version 3.1.5:

• Improvements:
• Redirect for Microsoft servers in /includes/functions.php:redirect()
• Highlight textarea when files are dragged over it
• Improve the code sniffer
• Add autocomplete="off" to additional password fields
• Allow extensions using custom bbcode validation methods
• Add template events in viewforum_body.html before and after the title
• Add veiwtopic.php core event to allow manipulating poll data
• Add generate_forum_nav() core event to allow modifying navlinks text
• Add viewonline.php core event to allow modifying forum data SQL query
• Add template events to forum category header
• Misleading instruction text for recaptcha plugin
• Update phpcs to 2.3.2
• Add more post buttons template events to viewtopic_body.html
• Add event before and after the search form
• Test PHP parsing on php7 on Travis
• Add event when topics are moved
• Make the Plupload uploader instance available in the global namespace
• Allow template events to have a changed tag
• Use async webfontloader to load webfont from googles CDN
• loading.gif loaded before document load when it isn't needed
• Security Issues:
• Use hash_equals() if possible in password driver helper
• Do not output passwords to HTML input fields

What is new in version 3.1.4:

• Security and Hardening:
• Security: An insufficient check allowed users of the Google Chrome browser to be redirected to external domains (e.g. on login).
• Hardening: The HTTP protocol version received via SERVER_PROTOCOL is now verified to have the expected format.
• New Features:
• Events - More events have been added to the template and the PHP core
• Notable Bug Fixes:
• Version check of extensions - File caching of extensions' version check file doesn't work
• Fix links from /board - Append page name to base URL if it doesn't contain it and the path ends without a trailing slash

What is new in version 3.1.3:

• Fixed bugs:
• The search operator for partial matches does not work
• Migrations' "permission.permission_unset" deletes all permissions instead of just the one stated
• Translated exceptions from file_downloader are handled incorrectly
• Migrations for 3.0.13 and PL1 are missing

What is new in version 3.1.2:

• Resolved problems with redirects to incorrect URLs following confirmation screens that we introduced with the security fix in 3.1.1.
• A large number of the bug fixes and improvements relate to the update process from phpBB 3.0 Olympus to 3.1 Ascraeus.

What is new in version 3.1.1:

• Security:
• Cross Site Scripting via PATH_INFO in page_name variable
• Fixed Bugs:
• Login functions need to use provider collection for retrieving provider
• Automatic Update instructions indicate that only the install folder is necessary
• MSSQL's get_existing_indexes() function improperly appends ternary result
• Anonymous users can CC themselves on emails sent to admin via contact form

What is new in version 3.1.0:

• Extensions instead of add-ons
• Better security
• Simplified updating
• Soft delete content
• Improved global announcements
• Forum contact page
• Improved teams page
• New default responsive theme
• Notification system
• Gravatar support
• OAuth login support
• Uses Symfony components
• Database migrations support
• Dependency injection
• Functional testing
• Improved style inheritance
• AJAX support
• HTML5 & CSS3 enhancements
• Improved navigation
• Uses Twig templating engine

What is new in version 3.0.12:

• This version is a maintenance release fixing various bugs but not adding any new features.

What is new in version 3.0.11:

• This version is a maintenance release fixing a number of bugs and not adding any new features.
• Improved compatibility with PHP 5.4.
• Added a warning about the minimum PHP version required to upgrade to phpBB 3.1 to warn users of old PHP installations.

What is new in version 3.0.10:

• Fixed a number of moderator controls are now more precisely controlled by specific permissions instead of being available to all moderators.
• The display of the index page birthday list now also depends on the view profile permission.
• Tested phpBB 3.0.10 with the upcoming PHP 5.4 release and made the necessary changes to ensure a smooth upgrade.

What is new in version 3.0.9:

• Fixed Bugs:
• Multiline [url] not Converted
• Topic bumping does not create new topic icon on index
• Quicksearch uses POST, thus the page expires!
• Increase limit of custom BBcodes
• Correctly update topic_time when deleting first post in topic
• URL of search results page does not always contain all keywords of the search query
• Mistake in description of function generate_board_url
• Browser autocompleton fills wrong fields in ACP
• Honour ACP settings for min/max username length when posting as a guest.
• And much more.
• Improvements:
• Banned users get mass emails.
• Optimize session_begin REMOTE_ADDR validation
• Get rid of Internet Explorer 7 emulation
• Language typos in language/en/acp/board.php
• Posting URL in subsilver 2
• Feed Icon displays on Forum links
• URLs to javascript should be T_SUPER_TEMPLATE_PATH instead of T_TEMPLATE_PATH
• Skip PM popup in overall_header.html, if there are no new PMs.
• Add directive 'internal' to blocked folders in nginx example configuration.
• Differentiate published/updated dates in Atom feed
• Make the error message when cache is not writable clearer
• Allow a Style to present Unread PM in different way than read PM
• Continuous integration on PHP 5.2
• download/file.php needs more use of send_status_line
• Setup github network improvements
• More informative reporting of errors when database connection fails for Firebird and PostgreSQL.
• ACP options for account activation are confusing when emails are turned off board-wide
• Improvements in sample nginx config file
• Send the post number to the template as it relates to it's position in the topic
• Compatibility with native phpass hashes
• Replace ^ with &~ in error_reporting calls
• Performance improvement for $auth->_fill_acl()
• Ability to force recompilation of all templates on every page load
• Move "copy permissions from" to below "parent" in forum creation form
• Return link not really useful after sending a Private Message
• UCP signature panel displays when not authed for signatures
• New Features:
• WinCache Caching Module
• Limit amount of failed login attempts per IP
• Redis caching module

What is new in version 3.0.7-PL1:

• Bug Fixes:
• Do not expose forum content of forums with ACL entries but no actual permission in ATOM Feeds.

What is new in version 3.0.7:

• New Features:
• Can now see private forums in your ATOM feeds using HTTP authentication by passing the GET parameter "auth=http".
• The INTTEXT token was added to custom BBCodes to allow for non-ASCII letters in html attributes.
• Can now enable quick reply in all forums with a single click.
• Functionality Changes:
• Warn users about potentially dangerous BBcodes.
• Forum feed no longer includes posts of subforums.
• Speed up topic move operation by adding an index for topic_id on the topics track table.
• Move redirect into a hidden field to avoid issues with mod_security.
• Log user activations through inactive users ACP.
• Alter ACP user quick tools interface to reduce confusion with the delete operation.
• Show a proper preview for the Q&A CAPTCHA.
• Send time of last item instead of current time in ATOM Feeds.
• Split "All topics" feed into "New Topics" and "Active Topics" feeds.
• It is no longer possible to persist a solution for the login CAPTCHA.
• Friends and foes will not show up as private message rule options if their respective UCP modules are disabled.
• Offer for guests to log in for egosearch and unreadposts search before the search permissions check.
• Bug Fixes:
• Allow ban reason and length to be selected and copied in ACP and subsilver2 MCP.
• Correctly set last modified headers.
• Make word censoring case insensitive.
• Fulltext-MySQL search for keywords and username at the same time.
• Various XHTML and CSS mistakes in prosilver and subsilver2.
• Cleanly handle forum/topic not found in ATOM Feeds.
• PHP 5.3 compatibility: Check if function dl() exists before calling it.
• PHP 5.3 compatibility: Disable E_DEPRECATED on startup to keep set_magic_quotes_runtime(0) quiet.
• Correctly replace table prefix before inserting schema data into the database.
• Use memcache::replace() instead of memcache::set() for existing keys to prevent problems.
• Check for required functions in eAccelerator.
• Use correct RFC 3339 date format in ATOM feed.
• Do not deliver topics from unreadable or passworded forums in the news feed.
• Restore user language choice to compiled stylesheets.
• Do not permit unauthorised users to delete private messages from folder listing.
• Handle export of private messages where all recipients were deleted.
• Add ability to disable overall (aka board-wide) feed.
• Do not pass new_link parameter when creating a persistent connection with MySQL.
• Improved search query performance through sorting words by their occurrence.
• Strictly check whether a moderator can post in the destination forum when moving topic.
• Do not unsubscribe users from topics replying with quick reply.
• Don't submit when pressing enter on preview button.
• Load reCAPTCHA over https when using a secure connection to the board.
• Don't send activation email when user tries to change email without permission.
• Correctly orientate quoted text image on RTL languages.
• Fall back to default language email template if specified file does not exist.
• Database updater now separates ADD COLUMN from SET NOT NULL and SET DEFAULT, when using PostgreSQL <= 7.4
• Styles adjustment to correctly display an order of rtl/ltr mixed content.
• Do not store email templates in database.
• Fix problems with firebird by no longer using 'count' as a column alias.
• Make user_email_hash() function independent from system's architecture.
• Global announcements could not be accessed on a board using Firebird as the database server.
• Do not delete unrelated attachments when deleting empty forums.
• Update process: Store expected resulting file contents in cache and do not suggest further merges if the contents match, also fixes infinite merge loop.

What is new in version 3.0.6:

• Allow ban reason and length to be selected and copied in ACP and subsilver2 MCP.
• Force full date for board online record date.

What is new in version 3.0.6 RC4:

• Fixed ticket #52875 working around php4 bug - call_user_func doesn't return references. This causes php4 to create a copy.
• Fixed cache issues in feed generation.
• Include default language in data to send for statistical purposes.
• Revert "Parse multiline url title for [url] BBCode tag" because it introduced different bugs.
• Fix sql_create_table (table creation) in db tools for mssql and sqlite.
• Fixed Ticket #53175 (forum_options cleared if editing forum) - regression from revision 10024.
• Fixed Ticket #53185 (icon width/height adjustement for icons > 127px also applied to smilies) - related to revision 10088.
• Adjusted email template admin_welcome_activated to be more descriptive (and in-line with the changes to the other email template files).
• Fixed Ticket #53245 - Notices in log searching feature.
• Fixed Ticket #53285 introduced in revision 10018 - Mark the first visible forum on index as unread if there's any unread global announcement.
• Implemented better way to generate SID-free links in feed.php
• Fixed Jabber SASL PLAIN authentication failures. (Bug #52995)
• Fixed severe bugs with Oracle and UPDATE statements.
• Fixed issues with database updater and Oracle/SQLite/Firebird.

What is new in version 3.0.6 RC3:

• Fixed the ReCaptcha plugin to support RTL
• Fixed the Q&A Captcha to not print out notices if the admin chose to remove all questions
• Fixed the ACP update page to print a failure message if phpbb.com is not reachable for the version check
• Fixed regression from r9678 (add_log() statements for removing posts/topics)
• Updated acp forums copy style to look like the rest of the ACP
• Disabled copy forum permissions screen in forums creation/update workflow (we will revisit this one later)
• Fixed the "switch permissions" link
• Fixed ACP issues with long content by reverting revisions r10176 and r9647
• Changed language/en/email/pm_report_deleted.txt to change the reference to "post" to "private message"
• Changed notification about possibility to post private messages in UCP; this involves style changes. Style authors please look at the RC2 to RC3 code changes package if you already updated your styles to RC2.
• Updated the Custom Profile Fields option "view on viewtopic" based on previous settings in database updater
• Fixed wrong bbcode uid assigned if error triggered in quote/forward PM
• Fixed default group assignment if removing from default group and user was in newly registered group
• Correctly execute database update step for RC releases where admins forgot to enable the PHPBB_QA constant. We now detect if the version the admin wants to update to is greater than the current version even if phpbb.com says the current version is lower than the update version.

What is new in version 3.0.4:

• [Fix] Allow mixed-case template directories to be inherited
• [Fix] Regression bug from revision #8908 regarding log display in ACP
• [Fix] Allow the UCP group management to work for groups with avatars
• [Fix] Fix header list build for replying oldest PM in PM history
• [Fix] Do not display COPPA group in memberlist find member dialog if COPPA disabled
• [Fix] Do not try to send jabber notifications if no jid entered
• [Fix] Only display special ranks to guests; no longer display normal ranks for guests
• [Fix] Properly treat punctuation marks after local urls
• [Fix] Make searching for members by YIM address work in prosilver
• [Fix] Tell users to recreate the search index after changing the common word threshold for fulltext_native
• [Fix] Adjusted phpbb_chmod() to always set permissions for group bit
• [Fix] Do not increment users post count after post approval if post had been posted in a forum with no post count increasing set
• [Fix] Extend vertical line for last post column if no posts in forum
• [Fix] correctly update last topic/forum information if changing guest usernames through editing posts
• [Fix] fix postcount resync for situations where low and high post ids are higher than step value, resulting in users having 0 posts
• [Fix] Use a left join for the topics table on search to avoid trouble with FROM syntax on some databases
• [Fix] Do not show 'Forward' button if the user cannot send PM's
• [Change] Alllow applications to set custom module inclusion path
• [Change] Handle checking for duplicate usernames in chunks
• [Change] Better handling and finer control for custom profile fields visibility options
• [Change] Performance increase for format_date()
• [Change] Changed prosilver date separator from 'on' to '"'
• [Change] Performance increase for get_username_string()
• [Change] Slight performance increase for common parameter calls to append_sid()
• [Feature] Added 'AGO' setting to relative date strings. For example: posted 14 minutes ago
• [Sec] Fixed an issue where deactivated accounts could be re-activated without the required privileges
• [Sec] Ask for forum password if post within passworded forum quoted in private message

What is new in version 3.0.2:

• [Fix] Ability to set permissions on non-mysql dbms
• [Fix] Fixed blank style on setups having no username defined within config.php
• [Fix] Made the compress_tar class tolerate archives that do not properly have their archived contents listed
• [Fix] Moved topics should not count towards the number of topics in a forum
• [Fix] Properly check for invalid characters in MySQL DB prefixes during install
• [Fix] Bring the PostgreSQL backup system back to working order
• [Fix] Update correct theme for cached styles in style.php
• [Fix] Also add PHPBB_INSTALLED check to download/file.php for inline avatar delivery
• [Fix] Unable to login to some jabber server, reverted previous change
• [Fix] Do not return BMP as valid image type for GD image manipulation
• [Fix] Correctly determine safe mode for temp file creation in functions_upload.php
• [Fix] Correctly sort by rank in memberlist
• [Fix] Purge cache after database restore
• [Fix] Correctly display subforum read/unread icons from RTL in FF3, Konqueror and Safari3+
• [Fix] Added missing form token in acp
• [Fix] Do not remove whitespace in front of url containing the boards url and no relative path appended
• [Fix] reset forum notifications in viewtopic
• [Fix] corrected link for searching post author's other posts
• [Fix] HTTP Authentication supports UTF-8 usernames now
• [Fix] Topic searches by author no longer return invalid results
• [Fix] Delete drafts and bookmarks when deleting an user
• [Fix] Set last_post_subject for new topics
• [Fix] Allow moving posts to invisible forums
• [Fix] Don't allow promoting unapproved group members
• [Fix] Correctly fetch server name if using non-standard port
• [Fix] Regular expression for email matching in posts will no longer die on long words
• [Fix] Do not display ban message if direct call to cron
• [Fix] Correctly display double-colon on special conditions within highlighted php source
• [Fix] Increase storage capacity of titles/subjects due to specialchared content
• [Fix] Catch invalid username wildcard ban (we do not support these)
• [Fix] Fix (email)-domain checks for those having DNS prefixes set
• [Change] Adjust truncate_string() to be able to adjust the maximum storage length
• [Change] Generalize load check
• [Change] Make utf8_htmlspecialchars not pass its argument by reference
• [Change] Sort the tables at the database table backup screen
• [Change] For determining the maximum number of private messages in one box, use the biggest value from all groups the user is a member of
• [Change] Show email ban reason on registration. Additionally allow custom errors properly returned if using validate_data()
• [Change] Don't allow redirects to different domains
• [Feature] Added optional referer validation of POST requests as additional CSRF protection
• [Feature] Added optional stricter upload validation to avoid mime sniffing in addition to the safeguards provided by file.php
• [Feature] Streamlined banning via the MCP by adding a ban link to the user profile. Also pre-fills ban fields as far as possible
• [Feature] Added ACP logout to reset an admin session
• [Sec] Only allow urls gone through redirect() being used within login_box()

What is new in version 3.0.3:

• [Fix] Correctly set topic starter if first post in topic removed
• [Fix] Delete avatar files
• [Fix] Preserve selection in the MCP
• [Fix] Added VST - Venezuela Standard Time
• [Fix] Close DB connections in file.php
• [Fix] Correctly return results for nested cached queries
• [Fix] Allow export of PM pages greater one
• [Fix] Display coloured username of last poster in list of subscribed forums
• [Fix] Added missing UCP language string NO_AUTH_READ_HOLD_MESSAGE
• [Fix] Do not jump back to page 1 when hiding member search in memberlist
• [Fix] Correctly limit input of the users location to 100 characters in the UCP and ACP
• [Fix] Sync reports when using the move all users posts tool in the ACP
• [Fix] Extra slash is included in the redirect url when redirecting to the forum root directory
• [Fix] Remove reported flag from shadow topics when closing reports
• [Fix] Do not show non indexed forums on the search page if they contain no subforums
• [Fix] Stop search bots incrementing topic views
• [Fix] Use correct link for post author search
• [Fix] Do not decrease topics counter when deleting shadow topics
• [Fix] Send localised disapproval reasons in the recipients local language
• [Fix] Language typos/fixes.
• [Fix] Added missing terms parameter to search pagination
• [Fix] Wrong table order in query obtaining posts if post id given.
• [Fix] Do not display reported topic icon for shadow topics
• [Fix] Display popular topic based on posts within topic instead of replies within topic
• [Fix] Expand shown ban reason in unban screen to fully show long entries
• [Fix] Preserve alpha transparency for created thumbnails
• [Fix] Use correct port delimiter for MSSQL connections in windows
• [Fix] Do not allow setting forums parent to the forum itself
• [Fix] Display assigned rank/avatar for guests
• [Fix] Set secure cookie for style switcher if required
• [Fix] Fix native full text search on postgresql while using excluding keyword matches
• [Fix] Pass S_SEARCH_ACTION through append_sid() in search.php
• [Fix] Correctly delete message attachments
• [Fix] Correctly handle unread status of subforums (that are not shown on the index) of forums that are shown on the index
• [Fix] Stop users from deleting posts after the edit time has passed or they have been locked
• [Fix] Split posts target forum requires 'f_post' now instead of 'm_split'
• [Fix] Duplicate log messages for deleting a topic ('LOG_TOPIC_DELETED' has been deprecated in favour of 'LOG_DELETE_TOPIC')
• [Fix] Use a distinct log message for shadow topic deletions to differentiate between normal topic deletions
• [Fix] Fix problems with styles using an underscore within the filename
• [Fix] Better return links when deleting topics through the MCP
• [Fix] Add quoting support to PM history when composing a reply
• [Fix] Use phpBB 3.1.x method for storing cached data to prevent PHP bug with our usage of var_export()
• [Fix] Check users pm preferences for pm's sent to groups
• [Fix] Do not allow password reminders if u_passchg permission is not given
• [Fix] Implemented strict check for cached user permissions and existing ACL options. This fix makes sure cached permissions are valid, even if they got already cached.
• [Fix] Do not show link to user/group profiles if user has no permission to view the linked page and gets a denied message anyway
• [Fix] Do not display last post link and sort display options for search engines
• [Fix] Make sure users still get notifications if they set to only be notified by Jabber, but Jabber service disabled
• [Fix] Don't show forum subscription link on categories
• [Fix] Display a message if no topics or forums are selected when unsubscribing
• [Fix] Mark/unmark all links in UCP now select/unselect both subscribed topics and forums.
• [Fix] Increase board topic counter when splitting topics
• [Fix] Display profile icons when viewing a topic, or PM when only the jabber icon is to be visible
• [Fix] Do not send PMs with warnings if the user cannot read PMs or they are disabled
• [Fix] Correctly convert Niels' Birthday MOD to the date format used in phpBB3
• [Fix] Parse BBCode lists of type square, circle and disc
• [Fix] Round the displayed percentages in polls
• [Fix] Disable mass e-mail when e-mail is disabled
• [Fix] Display coloured poster username of queued posts displayed on the front of the MCP.
• [Fix] Moderators can only see reports/queue/logs from forums they can actually read
• [Fix] Correctly display topic when start parameter is equal to the number of posts.
• [Fix] Correctly display topic in MCP when start parameter is equal to or greater than the number of posts
• [Change] No longer allow the direct use of MULTI_INSERT in sql_build_array. sql_multi_insert() must be used.
• [Change] Display warning in ACP if config.php file is left writable.
• [Change] More restrictive chmod to new files being created. (phpbb_chmod() function mostly by faw)
• [Change] Set headers to allow browsers to better cache attachments
• [Change] Hide parameters if they equal the default in viewforum/viewtopic
• [Change] Various improvements to group listings
• [Change] Set headers for IE 8 in file.php
• [Change] Do not count queued posts to user_posts
• [Change] Allow setting birth year to current year
• [Change] Do not use the topics posted table when performing an egosearch
• [Change] Log the forum name that topics are moved into
• [Change] Automatically add users/groups to the PM recipient list, if entered or selected
• [Change] Reply to PM now includes all previous recipients and not only the original sender
• [Change] Make topic selection for merge less confusing by removing unneeded controls
• [Change] MCP topic view checkboxes now default to unchecked
• [Change] Adjust language key SPLIT_AFTER to make the action clearer
• [Change] Add links to the post and forum when viewing a report from the MCP
• [Change] Added CSRF protection to GET-only actions like marking forums
• [Change] Remove NUL-Bytes directly in request_var() for strings and within the custom DBAL sql_escape() functions (MSSQL, Firebird, Oracle)
• [Feature] Allow limited inheritance for template sets
• [Feature] Allow hard disabling of the template editor
• [Feature] Allow setting custom language path through $user->set_custom_lang_path(). $user->lang_path now also do not include the user language, but only the path
• [Feature] Ability to define nullar/singular/plural language entries
• [Feature] Ability to mimic sprintf() calls with $user->lang() with the ability to correctly assign nullar/singular/plural language entries.
• [Feature] Added the possibility to force user posts put in queue if post count is lower than an admin defined value. Guest posting is not affected by this setting
• [Feature] Added 'max_recipients' setting for private messages. This setting allows admins to define the maximum number of recipients per private message with a board-wide setting and a group-specific setting
• [Feature] Added new permission setting for sending private messages to groups. Now there are two permissions to define sending private messages to multiple recipients and private messages to groups
• [Feature] Allow specific connection to different server for jabber functionality by providing a valid JID as username. This also allows the use of talk.google.com as jabber server with gmail.com JIDs
• [Sec Precaution] Stricter validation of the HTTP_HOST header

Requirements:

• PHP 4.3.3 or higher