In result of conversations with Uniregistry, the domain OpenSourceForum.com is finally acquired by miniBB.

By now, it's still a far-reaching plan of developing the "full package" of miniBB, which is a constant request from customers for years. But you could already access miniBB website entering this domain. I wrote some tiny paragraphs regarding what we have in mind for this project.

By now, miniBB project continues its development; I've started the work-out of the new release in September. The primary change will be in the logins / auth method. Straight MD5-based cookies should be avoided. I'm still considering various ways of implementation, and hopefully we will see results this autumn.

Stay tuned!

That's an excellent domain name for the project (I remember using these three keywords in the past when doing a search, congratulations : ) I also hope you'll add some good comments (as always you do) to change the login/auth so it's easier to follow what to change in case of customized versions, thank you.

Automatic upgrades could be a really useful feature. Saves time and lowers the learning curve. :-)

tom322
Thank you for the note :-)

The only problem about upgrading to the new auth system is that all users should be forced to manually update their password information. But something similar already was implemented for switching existing logins to SH1, this is the only way of upgrading. And I also hope, since the new logins system is implemented, there would be no need in customized login versions anymore.

You are right, but it also means you have less space in customizing your forum. Despite it is open source, an automatic update will simply overwrite all files and it's impossible to program to follow all customizations made and upgrade them, too. The software with such a system supposes you are not modifying manually a piece of code.

Maybe it would be best to notify users to copy their passwords first.. or some other note. Still, for guest posters the cookie should stay I think to remember username at least. As I see, the bb_func_login.php can be extended to add the session_start() / session_unset() functions and should be simple to change, I hope.

It's up only to the forum owner :) The script will include dynamic suggestions of an immediate password change, if a user logs in with the old password. So for some time, the logging with the old password will work — but won't pass the user further unless the password is updated.

I'm still considering if either we should use PHP sessions, or my own.

The sad fact about PHP sessions is that they are kept until the browser is opened. As soon as you leave the browser, the session is destroyed, and you should re-login. For many years I was keeping the old auth mechanism in miniBB exactly because of its long-term nature — the login is kept for some longer time, and even if you re-open the browser, it could be still kept if there was no log-out.

With PHP sessions, this approach won't work... and this eliminates the comfort of usability.

I think PHP sessions will be best after all. Now it's as easy to SAVE username / password in a browser (browsers ask if you want to save your username/password after you login) and that only adds one click to login. In long term, that should be the best solution for both mobile and desktop.. in additions, I expect in the near future all web browsers will require a login to keep all the history and make it more secure, so that means all sites you logged in could be saved under one master password anyway.

It's the feature I personally never use :-) however it's worth considering, thanks! I'm still considering all variations of implementation.

I use it together with a browser "Master Password" (without entering the master password nobody can login or submit a POST form to any site, even if the username/password is saved in the browser).

Saving a session in minibb must have! Please do not remove it! It so differs minibb from other programs :(
(Or make it optional...)

Making it all optional is a good idea, and I already thought about it :-) thanks.

There are too many existing users with their own preferences... I must also think of how to make an integration bridge — got a few requests about websites using the current miniBB auth system as their own... coding the new system, I must keep in mind of how to easy adopt it to any website...

I think would be super cool if OSF had a good plugin/importer that migrate automagically the data from other forums platforms like vanilla/fluxbb/punbb/mybb/phpbb/etc... I would pay for that, yep!

SuggestionMan
Thank you for the suggestion, I'll keep it in my notes :-)