Categories > WeAreDevs > Announcements >

The forum is now open source

Posts: 992

Threads: 34

Joined: Dec, 2016

Reputation: 104

Posted

The forum is now open-source. No coding knowledge required to run it.

 

Judge my garbage code here! https://github.com/2JJ1/Pow-Forum

 

As a forum builder, this software is currently in very early alpha stage. It's massively incomplete and many bugs definitely exist.

 

Assuming you complete the entirety of the configuration, you should have most features that this website offers. Be sure to read the README.md file. I still need to make a UI available for some features. Such as to add additional navbar links, footer links, forum support links, add moderators, etc.

 

Feel free to make your contributions through pull-requests. White hack hackers, I'd love it if you explored for vulnerabilities. Black hat hackers, alt+f4 for free robux. Feel free to redeploy the forum and modify it as you wish; Considering the GNU license.

 

I'm still refactoring the code. I've been rushing the past few days to make it redeployable. The forum used to be mostly static and built into the exploits portion of the site. It wasn't built from the ground up to be dynamic, so much of the code will look funny. A lot of the forum is especially very old code from when I was still learning. In many areas, I've continued with my poor old conventions to keep things uniform and easier to read.

 

As a result of making the forum redeployable, I had to change a few things. One being the URL pattern for subcategory thread lists. It used to use the category name, but I had to change it to use an ID so subcategory names can be reused.

 

I also noticed my implementation of invisible captcha was useless. I've temporarily(maybe) reverted to captcha v2, where you will have to complete captcha challenges to plainly create a thread or reply.

  • 7

Posts: 263

Threads: 23

Joined: Mar, 2022

Reputation: 21

Replied

i can smell the cyber crime fourms coming

  • 1

https://cdn.discordapp.com/attachments/1066053366758780978/1078052772567597127/image.png

Posts: 992

Threads: 34

Joined: Dec, 2016

Reputation: 104

Replied

@atariXD, Use it however you like. It's totally open to the public. This forum has always been more of a project than a product, so I'm not concerned about competition

  • 0

Added

@atariXD, Maybe when it enters beta stage. There's still a lot to do. Feels wrong to collect mons when I could push a breaking change at any time. Though I will try my best to avoid that. If ever, I'd try adding a migration script to the CLI.

  • 0

Posts: 0

Threads: 0

Joined: ?

Reputation:

Replied

I thought it was an april fools joke, then I realised it is april second

  • 3

Posts: 360

Threads: 36

Joined: May, 2022

Reputation: -2

Replied

Never expexted this to happen tbh

  • 0

Exploits i own:

Script-Ware (Down rn) Electron (UWP) Shadow (UWP)

i dont use verm that much so dont contact me there

Posts: 1996

Threads: 198

Joined: Apr, 2021

Reputation: 13

Replied

This actually shocked me. Jon, please be aware of the serious black hat hackers, cause they might cause trouble, especially since the forum is now open source. Good luck, however, on maintaining this project.

  • 0

Random quote here...

Method

Contributor

Posts: 116

Threads: 12

Joined: Mar, 2023

Reputation: 3

Replied

@atariXD, How is this better than MyBB? I'm not trying to put it down, as it seems like a valuable addition that many people will use, but I'm interested in understanding what sets it apart from MyBB.

  • 0

Alternate

stop take my rice

vip

Posts: 711

Threads: 115

Joined: Mar, 2022

Reputation: 36

Replied

Let's just take a moment to acknowledge how our "competitor" forum (V3RM) is still using MyBB, meanwhile Jon is over here dominating and creating his own forum software.

 

Seriously though, this action introduces a wide variety of things you must be careful of, for instance,  I'm sure that there are some vulnerabilities internally that can be found and exploited now. Security must be one of your top priorities now, as the more people using the software the less you can afford some big vulnerabilities to be found. I'm very sure you already know this though.

 

I might create some YouTube video to demonstrate the installation of this forum, not just so there is visual instruction but also to possibly give you a little head start in users. Though YouTubes algorithm is very odd so I doubt it'll get much anywhere besides people searching it themselves.

 

I hope this goes well, I can see this becoming very great, but I do worry about the security of this forum now. Tbh there aren't many people equipped to deal with attacks on this forum, ig we'll see what happens.

 

I also worry about this forum becoming filled with people looking for support about the software, this community is great but needs to be kept that way. Of course, that sorry is very dependent that the software goes big, but I (and I believe I speak for everyone else on this forum too) have great confidence in this (and ofc, you).

  • 1

we are dead

Posts: 992

Threads: 34

Joined: Dec, 2016

Reputation: 104

Replied

@VoidableMethod, Absolutely. I take every measure I can recall to prevent security issues. Query injection is unlikely thanks to using Mongo through an ODM. Even if an XSS point existed, cookie logging is impossible due to being HTTP only. The only identifying and private(depends on who you're talking to) piece of info the site collects is an email address. Everything else is already public. 

 

My only job is pretty much to remember to escape every user input and be careful of data leaks where data is output. Security wise at least. Resource attacks... Hmm

 

Honestly, I'm kind of hopeful that someone will find an issue. I always learn so much with each new attack.

  • 0

Added

@reversed_coffee, Now people can stop asking about adding their bot. Can just make a pull request!

  • 0

Added

@reversed_coffee, God damnit I love this push notification update lmao

  • 0

Added

@reversed_coffee, Reversed has blocked notifications confirmed. Sad. Jk lol, but yeah. It also works on iOS, but you have to add it as a web-app then subscribe through the footer

  • 0

Syraxes_

Web Developer

vip

Posts: 1290

Threads: 40

Joined: Jul, 2021

Reputation: 63

Replied

A good decision, also thats a Good way to improve the software & your knowledge on all aspects! Thank you, useful contribution.

  • 2

I'm not lazy, I'm just highly motivated to do nothing. #I💚Dogs.

Alternate

stop take my rice

vip

Posts: 711

Threads: 115

Joined: Mar, 2022

Reputation: 36

Replied

@Xero

I love how consistent you are to liking posts/threads

  • 0

we are dead

Next >>>

Users viewing this thread:

( Members: 0, Guests: 2, Total: 2 )