Isn't it always hard to have to constantly navigate from your forum to your FTP client to access and edit files. Now the built in phpBB3.x FTP Client, phpFTP, eliminates this hassle.
How it works:
phpFTP works just like any other FTP client, however there is no need to download an extra FTP client or sign up for an online FTP service. You would still need to have an FTP server, but now you can just enter your FTP host. There will be a new FTP tab in your ACP, in which you can enter information for your current FTP server: Host, Username, Password and Optional Port. If it has a successful connection with your FTP server, it will be able to link your Admin account with your FTP information, so whenever you log into the ACP and go to the FTP tab you have immediate access to your database through the built in FTP client. Each Admin account would need to link their account with the FTP information separately, to prevent unwanted access. The rest of the features of the phpFTP would be the features of an FTP client.
How to access it:
Standard access for phpFTP is by logging into your ACP, and going to the FTP tab. If you have already linked your account with your FTP server information, no log in to the FTP server is required, if not you will need to enter your server information to link your account.
There is also a library for phpFTP built into the database, so by going to http://www.example.com/phpBB3/FTP ,you would be able to access phpFTP by using both an Admin Account and FTP server information. For security purposes you have to enter both, and account link is ignored. Plus editing, deleting of moving the phpFTP file in the database is prohibited this way for security and error precautions.
Compatibility:
phpFTP is meant to be more of a standard tool than an emergency/recovery tool, however if you have EDS installed (supposing EDS is made), then it will correspond with EDS. So when there are times when you need to access your database. Same goes for STK, if you need to access or change something in the database STK can only detect but not handle, STK will launch phpFTP (considering STK agrees to correspond with phpFTP).
---
Presumably a modified online version of FileZilla will be used for phpFTP (granted they give us permission to use it), or phpBB web developers may end up making their own custom FTP Client.
[RFC|Rejected] Built In phpBB3.x FTP Client (phpFTP)
-
- Registered User
- Posts: 13
- Joined: Sun Jul 01, 2012 3:13 am
- EXreaction
- Registered User
- Posts: 1555
- Joined: Sat Sep 10, 2005 2:15 am
Re: [RFC] Built In phpBB3.x FTP Client (phpFTP)
What you really want is simply some way to edit the files on the server, not an FTP client (I'm saying this because the user shouldn't know/care what backend method is used to edit the files).
The reason that something like this isn't built in already is primarily for security purposes. It's relatively easy to build something to transverse the file structure and work like an FTP client with a text editor built in (someone could do it with a few hours of work). For security reasons software shouldn't make it too easy to have access to the server from built in administration tools. Administrative accounts getting hacked into could then mean that the entire server is compromised, instead of just the software that is running (if I stole your administrative password, I could then write my own php scripts with an editor like this to do anything I wanted).
The reason that something like this isn't built in already is primarily for security purposes. It's relatively easy to build something to transverse the file structure and work like an FTP client with a text editor built in (someone could do it with a few hours of work). For security reasons software shouldn't make it too easy to have access to the server from built in administration tools. Administrative accounts getting hacked into could then mean that the entire server is compromised, instead of just the software that is running (if I stole your administrative password, I could then write my own php scripts with an editor like this to do anything I wanted).
-
- Registered User
- Posts: 13
- Joined: Sun Jul 01, 2012 3:13 am
Re: [RFC] Built In phpBB3.x FTP Client (phpFTP)
I suppose extra security measures would be taken. Something that may work just as good:
Perhaps a PIN would be issued to each user who successfully can integrate their account with the FTP server. This PIN would come in a text file, which is in a locked archive, which requires a password generated through some password generator which could be sent through email. This may work. Plus access to the FTP server through your forum could require a secure encrypted SSL connection.
Perhaps a PIN would be issued to each user who successfully can integrate their account with the FTP server. This PIN would come in a text file, which is in a locked archive, which requires a password generated through some password generator which could be sent through email. This may work. Plus access to the FTP server through your forum could require a secure encrypted SSL connection.
Re: [RFC] Built In phpBB3.x FTP Client (phpFTP)
-1 The support guys over at phpbb.com doesn't like the idea of people useing the theme/template editor that is included in the ACP as that can cause issues but that may be a different case thogh.
Re: [RFC] Built In phpBB3.x FTP Client (phpFTP)
What would you use an ftp client for *from* phpbb?
Normally you use an ftp client to upload files *to* your phpbb installation. If you prefer to use some kind of a web interface rather than an ftp client to upload files, that is your preference but such a program has nothing to do with phpbb really.
Edit: I just remembered that we already include an ftp client for uploading template/style files modified via acp. Thus 1) we already have an ftp client, 2) it's not the use case you had in mind from what I gathered, which means 3) I still don't see what your use case is.
Normally you use an ftp client to upload files *to* your phpbb installation. If you prefer to use some kind of a web interface rather than an ftp client to upload files, that is your preference but such a program has nothing to do with phpbb really.
Edit: I just remembered that we already include an ftp client for uploading template/style files modified via acp. Thus 1) we already have an ftp client, 2) it's not the use case you had in mind from what I gathered, which means 3) I still don't see what your use case is.
-
- Registered User
- Posts: 13
- Joined: Sun Jul 01, 2012 3:13 am
Re: [RFC] Built In phpBB3.x FTP Client (phpFTP)
But there is not a full built in FTP client in the ACP.
I am talking about having a full built in web FTP client into the ACP, for instance you would have FileZilla available in your ACP, instead of having to go open it through your desktop and enter your FTP Server Information each time.
The general purpose of this is for convenience.
I am talking about having a full built in web FTP client into the ACP, for instance you would have FileZilla available in your ACP, instead of having to go open it through your desktop and enter your FTP Server Information each time.
The general purpose of this is for convenience.
Re: [RFC] Built In phpBB3.x FTP Client (phpFTP)
Ehm, so you want to save name and password of FTP access in plain text to database? Are you serious?Go2GamerGuys wrote:...you would have FileZilla available in your ACP, instead of having to go open it through your desktop and enter your FTP Server Information each time...
- bantu
- 3.0 Release Manager
- Posts: 557
- Joined: Thu Sep 07, 2006 11:22 am
- Location: Karlsruhe, Germany
- Contact:
Re: [RFC] Built In phpBB3.x FTP Client (phpFTP)
Programmatically (and temporarily) accessing the filesystem is fine and we already have the tools for that. But I would say that manually accessing the filesystem is out of the scope of phpBB.
- FTP is just one way of accessing the filesystem
- FTP is insecure and there are better protocols that provide confidentiality of transfered data
- HTTP <-> PHP <-> FTP looks like quite some overhead
- FTP is just one way of accessing the filesystem
- FTP is insecure and there are better protocols that provide confidentiality of transfered data
- HTTP <-> PHP <-> FTP looks like quite some overhead
-
- Registered User
- Posts: 13
- Joined: Sun Jul 01, 2012 3:13 am
Re: [RFC] Built In phpBB3.x FTP Client (phpFTP)
That is not what this quotation is explaining.Senky wrote:Ehm, so you want to save name and password of FTP access in plain text to database? Are you serious?Go2GamerGuys wrote:...you would have FileZilla available in your ACP, instead of having to go open it through your desktop and enter your FTP Server Information each time...
If you read the whole thing or some of my replies, you would see I added extra security measures. You would also require a special PIN to access the FTP server, which you can download but it is in an encrypted zip archive, so you would also need to send the password for the zip archive to your email. Plus it requires a secure SSL connection to log in, and when you link both your FTP server and your account it is on an encrypted connection.
- EXreaction
- Registered User
- Posts: 1555
- Joined: Sat Sep 10, 2005 2:15 am
Re: [RFC] Built In phpBB3.x FTP Client (phpFTP)
Requiring SSL would mean that most boards couldn't use the feature.
I do agree that it would be something nice to have for some board owners, but the security consequences for the server are too great to include this in with the default package of phpBB. For me personally, it's easier to use an FTP client than it would be to log into the ACP and deal with some "ftp-client"-like system.
It can easily be created as a mod/plugin for phpBB or plugin for the Support Toolkit, either way, it would not require any edits to the files, just running an install script to add the module to the ACP or just copying the files to the STK. Then the people who would rather have that feature could easily add it, and for those who do not care, it would not affect the security of the phpBB installation and every other set of installed software on their server.
I do agree that it would be something nice to have for some board owners, but the security consequences for the server are too great to include this in with the default package of phpBB. For me personally, it's easier to use an FTP client than it would be to log into the ACP and deal with some "ftp-client"-like system.
It can easily be created as a mod/plugin for phpBB or plugin for the Support Toolkit, either way, it would not require any edits to the files, just running an install script to add the module to the ACP or just copying the files to the STK. Then the people who would rather have that feature could easily add it, and for those who do not care, it would not affect the security of the phpBB installation and every other set of installed software on their server.