Nightrider

Wondering why that MOD you have won't install correctly? Let's take a look
Forum rules
DO NOT give out any FTP passwords to anyone! There is no reason to do so! If you need help badly enough, create a temporary FTP account that is restricted to only the files that you need help with and give the information for that. Giving out FTP information can be very dangerous!
Locked
TerraFrost
Former Team Member
Posts: 90
Joined: Wed Feb 09, 2005 12:21 am

Re: Nightrider

Post by TerraFrost »

I really don't think this statement could get much clearer. Either the Author's MOD installs correctly using EM or it does not get approved. I see no exceptions or ambiguities here in this statement...

Look at the line you underlined:
if their MOD fails to [correctly] install with EM on a virgin phpBB install then they had better have a darn good reason why!

EasyMOD being broken would constitute a "darn good reason why".

In any event, neither EasyMOD or the CH MOD appear to be broken at all. CH 2.1.6 installs just fine with EM 0.3.0 and on phpBB 2.0.21. The version of the CH MOD that is in our database may not install, but that appears to be more due to the fact that the CH MOD wasn't designed to work with 2.0.21.

Nightrider
Registered User
Posts: 7219
Joined: Tue Nov 16, 2004 8:54 pm
Location: Florida, US
Contact:

Re: Nightrider

Post by Nightrider »

Welcome to Area 51, TerraFrost...
TerraFrost wrote: EasyMOD being broken would constitute a "darn good reason why".

And if EM was broken, I could understand the attempts to kill it. But EM is not the problem. If Ptirhiik or any other MOD author decided to change AFTER, ADD statements to ADD AFTER, should EM be blamed for not recognizing the command???

MOD Authors can write their code as badly as they want. Look over in phpBBHacks.com if you want to see bad. Should EM be blamed because it can't install those MODs because they are written so badly???

Ptirhiik has the skill, time, and ability to write his code to install correctly using EM and he has a guideline to try to do so in the Insta-Deny™ Checklist. In fact, I provided a fix for him in his TC MOD. It was 6 lines of code. So should I expect Ptirhiik to resubmit the MOD with the 6 new lines of code? I won't be holding my breath because Ptirhiik has no desire to make sure his MODs install correctly using EM. That is not EM's fault...

I can write MODs that can't be installed by EM. Any dummy could do the same. But then, I would expect those MODs not to be added to the phpBB MOD Database until they are corrected because they violate the Insta-Deny™ Checklist specifications. Ptirhiik's MODs should be expected to abide by the same guidelines...

Image

TerraFrost
Former Team Member
Posts: 90
Joined: Wed Feb 09, 2005 12:21 am

Re: Nightrider

Post by TerraFrost »

And if EM was broken, I could understand the attempts to kill it. But EM is not the problem. If Ptirhiik or any other MOD author decided to change AFTER, ADD statements to ADD AFTER, should EM be blamed for not recognizing the command???

Ptirhiik isn't doing that, though. As far as I know, your basic gripe with Ptirhiik is that he's doing something like COPY root/*.* TO *.* instead of COPY root/dirname/*.* TO dirname/*.*. If that's correct, then I don't see how Ptirhiik's mods are broken...

Nightrider
Registered User
Posts: 7219
Joined: Tue Nov 16, 2004 8:54 pm
Location: Florida, US
Contact:

Re: Nightrider

Post by Nightrider »

Nope, that's not the problem at all...

Here is the COPY section from Topic Calendar 1.0.1, which works on every board with EM. Notice how much time he spent to make sure his copy commands worked...

Code: Select all

#
#-----[ COPY ]------------------------------------------------
#
copy calendar.php to calendar.php
copy calendar_scheduler.php to calendar_scheduler.php
copy functions_calendar.php to includes/functions_calendar.php
copy toggle_display.js to includes/toggle_display.js
copy mod_calendar.php to includes/mods_settings/mod_calendar.php
copy lang_extend_topic_calendar.php to language/lang_english/lang_extend_topic_calendar.php

copy calendar_body.tpl to templates/subSilver/calendar_body.tpl
copy calendar_box.tpl to templates/subSilver/calendar_box.tpl
copy calendar_overview_profil.tpl to templates/subSilver/calendar_overview_profil.tpl
copy calendar_overview_topic.tpl to templates/subSilver/calendar_overview_topic.tpl
copy calendar_scheduler_body.tpl to templates/subSilver/calendar_scheduler_body.tpl

copy graph.gif/folder_calendar.gif to templates/subSilver/images/folder_calendar.gif
copy graph.gif/icon_calendar.gif to templates/subSilver/images/icon_calendar.gif
copy graph.gif/icon_mini_calendar.gif to templates/subSilver/images/icon_mini_calendar.gif
copy graph.gif/icon_tiny_profile.gif to templates/subSilver/images/icon_tiny_profile.gif
copy graph.gif/icon_tiny_topic.gif to templates/subSilver/images/icon_tiny_topic.gif
copy graph.gif/icon_down_arrow.gif to templates/subSilver/images/icon_down_arrow.gif
copy graph.gif/icon_up_arrow.gif to templates/subSilver/images/icon_up_arrow.gif
#
#-----[ COPY ]------------------------------------------------
#
# this part comes from lang settings mod, and is required for topic calendar mod
#
copy mod-lang_settings/lang_extend_mac.php to includes/lang_extend_mac.php
#
#-----[ COPY ]------------------------------------------------
#
# this part comes from mods settings mod, and is required for topic calendar mod
#
copy mod-mods_settings/admin_board_extend.php to admin/admin_board_extend.php
copy mod-mods_settings/board_config_extend_body.tpl to templates/subSilver/admin/board_config_extend_body.tpl
copy mod-mods_settings/functions_mods_settings.php to includes/functions_mods_settings.php
copy mod-mods_settings/lang_extend_mods_settings.php to language/lang_english/lang_extend_mods_settings.php
#
#-----[ COPY ]------------------------------------------------
#
# this part is relative to the topics list mod
#
copy mod-topics_list/functions_topics_list.php to includes/functions_topics_list.php
copy mod-topics_list/topics_list_box.tpl to templates/subSilver/topics_list_box.tpl

copy mod-topics_list/graph.gif/folder_announce_own.gif to templates/subSilver/images/folder_announce_own.gif
copy mod-topics_list/graph.gif/folder_announce_new_own.gif to templates/subSilver/images/folder_announce_new_own.gif
copy mod-topics_list/graph.gif/folder_own.gif to templates/subSilver/images/folder_own.gif
copy mod-topics_list/graph.gif/folder_new_own.gif to templates/subSilver/images/folder_new_own.gif
copy mod-topics_list/graph.gif/folder_hot_own.gif to templates/subSilver/images/folder_hot_own.gif
copy mod-topics_list/graph.gif/folder_new_hot_own.gif to templates/subSilver/images/folder_new_hot_own.gif
copy mod-topics_list/graph.gif/folder_lock_own.gif to templates/subSilver/images/folder_lock_own.gif
copy mod-topics_list/graph.gif/folder_lock_new_own.gif to templates/subSilver/images/folder_lock_new_own.gif
copy mod-topics_list/graph.gif/folder_sticky_own.gif to templates/subSilver/images/folder_sticky_own.gif
copy mod-topics_list/graph.gif/folder_sticky_new_own.gif to templates/subSilver/images/folder_sticky_new_own.gif
This is the COPY section in Topic Calendar 1.2.2, which does not work correctly on every board and every domain using EM:

Code: Select all

#
#-----[ COPY ]------------------------------------------------
#
COPY root/*.* TO *.*
This will successfully copy the calendar.php to every phpBB folder, but it doesn't work to upload all the sub-files and sub-folders to all phpBB boards using EM. To fix this, I provided this simple 6 line correction:

Code: Select all

# 
#-----[ COPY ]------------------------------------------------ 
# 
COPY root/*.* TO *.* 
COPY root/includes*.* TO includes/*.* 
COPY root/install_cal/*.* TO install_cal/*.* 
COPY root/install_cal/schemas/*.* TO install_cal/schemas/*.* 
COPY root/language/lang_english/*.* TO language/lang_english/*.* 
COPY root/templates/subSilver/*.* TO templates/subSilver/*.* 
COPY root/templates/subSilver/images/*.* TO templates/subSilver/images/*.*
For someone who writes MODs that are thousands of lines long, Ptirhiik of all people should have been able to include these 6 lines of code in his MOD script and if he didn't realize it was a problem, he could easily submit an upgrade for emergency approval so that NO ONE is adversely affected by this problem. But instead, Ptirhiik continues to blame EM for not handling this situation and refuses to fix his MOD to install correctly using EM even though the correction is extremely simple. In fact, Ptirhiik expects EM to be able to get this command to work on sites where restrictions prevent it from doing so, then blames EM for the problem...

Ptirhiik could easily fix this, yet he chooses to do nothing but attack EM. That is not productive nor helpful to anyone and sadly, a lot of people may suffer as a result. Then of course, he will blame them for not all being expert enough to resolve their own problems. It's easy to blame everyone else for problems caused by the MOD authors. It would be nice for Ptirhiik to do what is right and correct the problem once and for all. But instead, he is challenging the need for the correction and attacking the use of EM...

Let me tell you what, far more people create problems when they manually install their MODs than they do when using EM. So what is the purpose of discouraging people from using EM? That is neither productive nor safe...

Image

Dogs and things
Registered User
Posts: 49
Joined: Sat Sep 23, 2006 10:21 pm
Location: Spain.
Contact:

Re: Nightrider

Post by Dogs and things »

Nightrider wrote:

Code: Select all

#
#-----[ COPY ]------------------------------------------------
#
COPY root/*.* TO *.*
Let me tell you what, far more people create problems when they manually install their MODs than they do when using EM.

Image

Let me say something about this particular remark.

If I, as a very beginner, were to come across the above mentioned bit of instruction I would probably be almost as stuck as EM. Almost, because I would have the posibbility to recurr to someone able to help me out.

User avatar
Ptirhiik_
Registered User
Posts: 526
Joined: Tue Nov 18, 2003 8:35 am

Re: Nightrider

Post by Ptirhiik_ »

> Nightrider: what you don't seem to get - or should I say don't want - is that the lines you provide as a "fix" are at least redundant, and in worst case wrong: you are copying many times the same files, what is not desirable at all.

Then, you have been repeated a number of times now - by me and by various members of the MOD team, including the MOD team leader, wgEric, that the mod perfectly sticks to the MOD template, and the flaw with the copy command is the result of an easyMOD bug in this very version (0.3.0) in a very special case. You don' want to hear me, that's fine, but I think hearing the MOD team members who are part in the development of easyMOD for most is the least that you can do. Btw, I find a bit funny you are keeping quoting a sample of the Instant deny check list, focusing on something you have modified yourself, ignoring what is around the point you are focusing on, but which is in your quote too :).

Regarding the previous version of TC: the most complains I've received along the v1.0 versions was the difficulty to make the copy because the never ending list of files, what was true. Except you - and regards of easyMOD blind usage and trust, and perhaps Dogs and things on this very topic though it is more an assumption than a constat ("if I was..."), nobody has complained about the copy command. Magicaly, only saying: "check all the files are correctly uploaded" solves the issue, whatever the install method was, and without more asks about this. Yes, it is a little boring easyMOD doesn't do the copy correctly when not running with copy in place of ftp method, but this is definitivaly not an issue, as people perfectly figures what to do. If I had something to add to the mod install description, this would probably a DYI command targeted on this very easyMOD version, mentioning to recheck the easyMOD results regarding the copy, and I really don't think it worsts it at this time.

So yes, easyMOD has a problem with the copy command, identified, and not that obvious to fix. Does it makes easyMOD a bad product, especialy for a beta version ? No, but the limits of easyMOD are very sensible, and a concious usage has to be made of:

You claimed at many time I was deadly against the tool. You are definitivaly wrong: I'm against a not secured usage of it, eg running it on a live environment, and against its usage for a precise mod (CH) because of the mod size, so a natural incompability of the mod with something else than a vanilia phpBB set of files. Let me tell you why - though it is not the first time I'd write this: first, easyMOD doesn't perform any SQL backup, but allows to modify the database. On a live environment, nothing is more dangerous. As it doesn't focus at all on this issue, what is less than the mod template itself as the disclaimer is not viewable, this is a first no-no for a live run. Then, easyMOD stores a major password when ftp method is choosen into the database, and nothing is more easy through a broken mod to get it back, decode it, and get the full access to the ftp: on a side note, there are some caching mods available today that doesn't ensure the cached files are not reachable from the outside. Then, easyMOD stores is backups (php.txt) into a not enough protected area, allowing the download. This is a major issue with any mod attempting to modify config.php (and there are some), as it gives access to the database. Also, running live easyMOD encourages to install mods without any test stage. This has been, is, and will be the source of breaking boards beyond any repair possibility. Not because a mod is crappy, not because the user does something wrong, but simply because all the mods can't be installed together and works well without immediatly or insidiously corrupting the database, what can only be detected through a test stage. According to all of this, I can hardly see how I could in any manner suggest that easyMOD is ready to run on a live environment. Actually, I can hardly see how anyone could suggest this. You want to take the responsability of suggesting this, what I - as a mod author having to deal with thousand and thousand installations - will certainly not. There is nothing worst than trusting blindly a tool without being concious of its limits, and that is exactly what you are doing.

And the last, but not least: I'm starting to become very angry with your assumptions about relations between Nuttzy and me. You have no idea about our collaboration as it has stood behind the scene, and you are nothing else than insulting on this matter, for me aswell for Nuttzy. This is not something I will tolerate anymore.

Don't get me wrong: I don't try to flame you, I know you have been of a great help with many users in a number of cases, and give a lot of time to support, but you are definitivaly on the wrong way on this. That's mainly why I have been so patient with you, though you've crossed many times the borders. Thanks for your understanding.

Dogs and things
Registered User
Posts: 49
Joined: Sat Sep 23, 2006 10:21 pm
Location: Spain.
Contact:

Re: Nightrider

Post by Dogs and things »

Hello Ptirhiik_,

Excuse me my interference in this discussion. ;)

Compared to you or allmost anybody I know nothing about the security flaws you say EM imposes. But I´m willing to learn.

If I set up a board from a fresh install on my localhost, using EM, before installing the board in a live environment, will I run the same risks as if I had used EM straight off on my live board?

I understand this question hasn´t got much if anything to do with the subject here but despite of that, as I´m very interested in learning how to do things as well as I can, I decided to ask.

Greetings.

User avatar
Ptirhiik_
Registered User
Posts: 526
Joined: Tue Nov 18, 2003 8:35 am

Re: Nightrider

Post by Ptirhiik_ »

If your localhost is not reachable through the web (what is often the case), and if you don't upload the admin/mods/ content, nor the admin/em_includes/ & admin/admin_easymod.php, you should encounter no particular security risks. The only ennoying thing is you will have to redo the sql part of the mod install at hand, but however as you have to process a complete backup of the database (not by the phpBB option but by the dedicated tool, ie phpMyAdmin) prior any modification, it remains a low ennoyance. I volontary didn't exclude the includes/sql_parser/ directory as I wouldn't be surprised something comes someday this side to ease this part.

Dogs and things
Registered User
Posts: 49
Joined: Sat Sep 23, 2006 10:21 pm
Location: Spain.
Contact:

Re: Nightrider

Post by Dogs and things »

The only ennoying thing is you will have to redo the sql part of the mod install at hand, but however as you have to process a complete backup of the database (not by the phpBB option but by the dedicated tool, ie phpMyAdmin) prior any modification, it remains a low ennoyance. I volontary didn't exclude the includes/sql_parser/ directory as I wouldn't be surprised something comes someday this side to ease this part.

Ayayay,

I believe I understand you´re saying that I should learn how to redo the SQL part before uploading my board to my server, once I´m satisfied with it as it is, if I want to be sure about security. :(

Do you, or anybody else, know of any article written on how to solve my future problem?
I volontary didn't exclude the includes/sql_parser/ directory as I wouldn't be surprised something comes someday this side to ease this part.

I don´t understand what you mean with this. :?

Nightrider
Registered User
Posts: 7219
Joined: Tue Nov 16, 2004 8:54 pm
Location: Florida, US
Contact:

Re: Nightrider

Post by Nightrider »

Welcome to Area 51 Ptirhiik. I hope you have come here to be a positive influence rather than to trash a very nice tool that has and continues to help thousands of happy EM users...

EM isn't nearly as bad as you paint it to be. In fact, far more people screw up their boards when manually installing their MODs than when using EM. EM follows the instructions EXACTLY as they are provide. Humans don't often follow instructions well. So it is very odd that you think it is safer to manually install Live board files than to use EM when it is clear that it is far more likely to screw up the live board when manually modifying the files than using a very handy and powerful install tool like EM. To suggest that people can do a better job than EM is clearly misguided...

It is true that EM doesn't create an undo when applying the SQL commands to the database. So how many people do it when they manually apply their SQL commands? See how siilly that straw argument is? If people don't know enough to create backups of their database when using EM, they aren't likely to know enough to do it when manually applying the SQL commands either. So this is not a problem with EM, but a problem with human nature. It is really strange that you expect EM to do something that few who manually apply their MODs would do...

What you may not realize is that EM has a Restore Backups Utility. So if a MOD hoses a board, you can use EM's Restore Backups utility to bring the board back to what it was BEFORE the MOD was installed. How many people do you really believe create backups of the files that they manually modify? Sure you can blame them for not having the experience and knowledge to do so or perhaps for being too lazy to do the right thing. But when using EM, they don't have to worry about the backups since EM already does that for them. So once again, EM comes out ahead of manually applying MODs to the board since the MODs can be quickly removed when things go south. You can choose to blame those who forget to make backups of the files they modify. I prefer to give instructions to those who used EM of how to quickly get their boards back to what it was before they installed the MOD. I think my method is better than yours because their is an undo even if the admin wasn't on top of how things should be done...

EM is stored in a secure area in the phpBB admin folder. So for anyone to gain access to the code, they must already have the ability to get into the ACP and to log onto the FTP Server. So if you really believe that EM is insecure, you are admitting that phpBB is completely insecure as well.,,

PhpBB stores the database login information in the config.php file. How is that more secure than storing an encrypted password in the phpbb_config table? Hackers are lazy, so they aren't likely to be able to retrieve information from the phpbb_config table and decrypt it. If they can get that far, then EM really isn't the greatest problem for admins of those sites...

I hope you come often to offer helpful advice of how to improve EM. Of course you have to be willing to use EM in order to learn about it's weaknesses. You can choose to be part of the solution or just a negative distraction. You choose. I hope you can bring your talents and energy to help improve EM rather than to use your time and energy to trash it. Everyone could benefit if you really want to help improve this very nice and handy tool...

Image

Locked