The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
Phorum - how to install and customize it 1 January 2000
Need more help on this topic? Click here
This article has 4 comments
Show me similar articles
When I first asked about a discussion forum package, everyone seemed to mention phorum.  And with good reason.  I'm quite pleased with it.  It seems very configurable.  And it seems well put together.  And when I added the Reader Forum, I made sure I documented the process so you could use it.

The home page for phorum is http://www.phorum.org/

The phorum mailing list archive is at http://www.progressive-comp.com/Lists/?l=phorum&r=1&w=2#phorum.
You need this first
Please note that phorum requires php3.  You should do that first.  There is an apache13-php3 port.  I used a soon-to-be-released port of apache13-php3-fp-modssl.

phorum also requires mySQL, which you should install before you install php3.
Downloading and installing
The tarball I used was from ftp://ftp.phorum.org/phorum308.tar.gz but you should check the phorum home page and get the latest version.

I moved this tarball into a subdirectory of an existing website.   Actually, I did this:

cd /path/to/website
mkdir forum
fetch ftp://ftp.phorum.org/phorum308.tar.gz
tar xvfz phorum308.tar.gz
cd phorum308

The first thing you need to read is readme.txt and then security.txt.
Security
I think you should stop and read security.txt now.

I mean NOW.  You're not going to take my word and just do what I did are you?  Imagine the security holes I could create in your system if you did that.

I created a .htaccess file in my forum directory and added the following to it:

<FILES admin.php3>
    require group admin
</FILES>

<Files forums.inf>
    Order Deny,Allow
    Deny From All
</Files>

<Files forums.inf.bak>
     Order Deny,Allow
     Deny From All
</Files>

Just follow the directions in security.txt titled IV) Securing the Admin Script.

You might want to read Protected Apache directories for a bit of detail.

See also, Additional security options.
Database configuration
The first thing you need to do is create a database.  I called mine forum.   I also created a database user, phorum.
# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8 to server version: 3.22.22

Type 'help' for help.

mysql> create database forum;
Query OK, 1 row affected (0.13 sec)

mysql> GRANT
-> select, insert, update,
-> create, alter, delete, drop
-> ON
-> forum.*
-> TO
-> phorum@localhost
-> IDENTIFIED BY
-> 'password';
Query OK, 0 rows affected (0.01 sec)

Then I modified common.inc.  Here is what I changed:

$inf_path="./myconfigstuff";  // no ending slash
$include_path="./myincludes";  // no ending slash
$admindir="myadmindir";

These are to be used as a guideline and a basis for deciding where to put what.   You could always leave them in the default locations.  I chose not to.
How to customize
This example shows you how to track down a particular field if you wish to customize your phorum.  I removed the host name from the message output.  This is a personal preference.  Your choice.

If you want to customize a particular aspect of phorum, the first step is to figure this out which file to look in.  The URL for any messages contains something like this:

read.php3?num=1&id=7&loc=0&thread=7

The other point is to locate something contanst in the message which is near to what you actually want to change.  In this case, the domain name appears just to the right of the author.  I chose that as my target.  The correct way to do this is to look at your language module.  In my case, that is english.lang.  I searched for "Author" and found this line:

$lAuthor = "Author";

$lAuthor is what you want to look for within read.php3.  In that file, I found this line:

<?PHP echo $lAuthor;?>:&nbsp;<?PHP echo $author; ?>&nbsp;(<?PHP echo $host; ?>)<br>

See $host?  Remove that section of the code and the line becomes:

<?PHP echo $lAuthor;?>:&nbsp;<?PHP echo $author; ?><br>

That's it.  The host is now gone from all messages but is still stored in the database if you need to find it.
phorum configuration
Follow the instructions in .  For the lazy and hopeless amongst us (that's me), here's what I did:
  • I didn't changed $inf_path in common.inc because it was already correct for my setup.

You should now follow the rest of the directions in readme.txt.  For the most part, it involves browsing to admin.php3 and using that to set up your database and forums.
Removing the <html></html> tags
Phorum allows people to post messages with embedded SQL.  As phorum is primarly designed to work with websites, embedded SQL that is a good thing.   Another good thing about phorum is that you can optionally choose to have email replies to a thread sent to your address if you have contributed to a thread.  This mail will contains the message which was just posted to the phorum.  The body of the message will be surrounded by <html> </html> tags.  This is something I didn't want.  So I modified post.php3 to remove them.  Here's the patch I create to do this.
--- post.php3.original  Fri Jan 21 16:34:31 2000
+++ post.php3   Fri Jan 21 16:44:38 2000
@@ -175,13 +175,13 @@
     $email=$Mod;
     $author = "<b>$author</b>";
     $subject = "<b>$subject</b>";
-    $body="<HTML>$body</HTML>";
+    $body="$body";
     $host="<b>$StaffHost</b>";
   }
   else{
     $body=eregi_replace("</*HTML>", "", $body);
     if($AllowHtml){
-      $body="<HTML>$body</HTML>";
+      $body="$body";
     }
   }

This patch is also available from phorum.post.no.html.patch.txt.
Problems and solutions
These are the problems I've encountered and how I solved them.
  • Warning: Access denied for user: 'testuser@localhost' (Using password: YES) in ./abstract.php3 on line 63

If you browse to admin.php3 and you get the above message, you have a database issue.   Perhaps, tou haven't specified the correct password, your database name is wrong, etc.

  • Warning: fopen("./forums.inf","w") - Permission denied in /www/freebsddiary/phorum/admin.php3 on line 159

Ensure forums.inf is writable by your webserver.  In my case, I made sure forums.inf was writeable by group www.
Additional security options
There are some security issues associated with phorum, but I feel they can be adequately handled if you exercise care.  The two files which we secured in the Security section can also be renamed.  This will prevent people from trying to guess the password and gives you an extra layer of security. 

If you are going to rename admin.php3, remember that the file contains self-references which must also be changed.  By my count, there are 10 instances which need to be changed.

If you are going to rename forums.inf, remember to also modify the references within:

  • code.php3 (both forums.inf and forums.bak.inf)
  • common.inc

And of course, remember to change the .htaccess file to refer to the new file names.  See the Security for detail.

If I've missed anything, please add your comments.

Need more help on this topic? Click here
This article has 4 comments
Show me similar articles
Servers and bandwidth provided by New York Internet and SuperNews Valid HTML, CSS , and RSS.
Copyright © 1997-2008 DVL Software Ltd.
All rights reserved.