[RFC|Rejected] Built In phpBB3.x FTP Client (phpFTP)

These RFCs were either rejected or have been replaced by an alternative proposal. They will not be included in phpBB.
Go2GamerGuys
Registered User
Posts: 13
Joined: Sun Jul 01, 2012 3:13 am

[RFC|Rejected] Built In phpBB3.x FTP Client (phpFTP)

Post by Go2GamerGuys »

Isn't it always hard to have to constantly navigate from your forum to your FTP client to access and edit files. Now the built in phpBB3.x FTP Client, phpFTP, eliminates this hassle.

How it works:
phpFTP works just like any other FTP client, however there is no need to download an extra FTP client or sign up for an online FTP service. You would still need to have an FTP server, but now you can just enter your FTP host. There will be a new FTP tab in your ACP, in which you can enter information for your current FTP server: Host, Username, Password and Optional Port. If it has a successful connection with your FTP server, it will be able to link your Admin account with your FTP information, so whenever you log into the ACP and go to the FTP tab you have immediate access to your database through the built in FTP client. Each Admin account would need to link their account with the FTP information separately, to prevent unwanted access. The rest of the features of the phpFTP would be the features of an FTP client.

How to access it:
Standard access for phpFTP is by logging into your ACP, and going to the FTP tab. If you have already linked your account with your FTP server information, no log in to the FTP server is required, if not you will need to enter your server information to link your account.

There is also a library for phpFTP built into the database, so by going to http://www.example.com/phpBB3/FTP ,you would be able to access phpFTP by using both an Admin Account and FTP server information. For security purposes you have to enter both, and account link is ignored. Plus editing, deleting of moving the phpFTP file in the database is prohibited this way for security and error precautions.

Compatibility:
phpFTP is meant to be more of a standard tool than an emergency/recovery tool, however if you have EDS installed (supposing EDS is made), then it will correspond with EDS. So when there are times when you need to access your database. Same goes for STK, if you need to access or change something in the database STK can only detect but not handle, STK will launch phpFTP (considering STK agrees to correspond with phpFTP).

---

Presumably a modified online version of FileZilla will be used for phpFTP (granted they give us permission to use it), or phpBB web developers may end up making their own custom FTP Client.

User avatar
EXreaction
Registered User
Posts: 1555
Joined: Sat Sep 10, 2005 2:15 am

Re: [RFC] Built In phpBB3.x FTP Client (phpFTP)

Post by EXreaction »

What you really want is simply some way to edit the files on the server, not an FTP client (I'm saying this because the user shouldn't know/care what backend method is used to edit the files).

The reason that something like this isn't built in already is primarily for security purposes. It's relatively easy to build something to transverse the file structure and work like an FTP client with a text editor built in (someone could do it with a few hours of work). For security reasons software shouldn't make it too easy to have access to the server from built in administration tools. Administrative accounts getting hacked into could then mean that the entire server is compromised, instead of just the software that is running (if I stole your administrative password, I could then write my own php scripts with an editor like this to do anything I wanted).

Go2GamerGuys
Registered User
Posts: 13
Joined: Sun Jul 01, 2012 3:13 am

Re: [RFC] Built In phpBB3.x FTP Client (phpFTP)

Post by Go2GamerGuys »

I suppose extra security measures would be taken. Something that may work just as good:

Perhaps a PIN would be issued to each user who successfully can integrate their account with the FTP server. This PIN would come in a text file, which is in a locked archive, which requires a password generated through some password generator which could be sent through email. This may work. Plus access to the FTP server through your forum could require a secure encrypted SSL connection.

Danielx64
Registered User
Posts: 304
Joined: Mon Feb 08, 2010 3:42 am

Re: [RFC] Built In phpBB3.x FTP Client (phpFTP)

Post by Danielx64 »

-1 The support guys over at phpbb.com doesn't like the idea of people useing the theme/template editor that is included in the ACP as that can cause issues but that may be a different case thogh.

Oleg
Posts: 1150
Joined: Tue Feb 23, 2010 2:38 am
Contact:

Re: [RFC] Built In phpBB3.x FTP Client (phpFTP)

Post by Oleg »

What would you use an ftp client for *from* phpbb?

Normally you use an ftp client to upload files *to* your phpbb installation. If you prefer to use some kind of a web interface rather than an ftp client to upload files, that is your preference but such a program has nothing to do with phpbb really.

Edit: I just remembered that we already include an ftp client for uploading template/style files modified via acp. Thus 1) we already have an ftp client, 2) it's not the use case you had in mind from what I gathered, which means 3) I still don't see what your use case is.

Go2GamerGuys
Registered User
Posts: 13
Joined: Sun Jul 01, 2012 3:13 am

Re: [RFC] Built In phpBB3.x FTP Client (phpFTP)

Post by Go2GamerGuys »

But there is not a full built in FTP client in the ACP.

I am talking about having a full built in web FTP client into the ACP, for instance you would have FileZilla available in your ACP, instead of having to go open it through your desktop and enter your FTP Server Information each time.

The general purpose of this is for convenience.

Senky
Extension Customisations
Extension Customisations
Posts: 315
Joined: Thu Jul 16, 2009 4:41 pm

Re: [RFC] Built In phpBB3.x FTP Client (phpFTP)

Post by Senky »

Go2GamerGuys wrote:...you would have FileZilla available in your ACP, instead of having to go open it through your desktop and enter your FTP Server Information each time...
Ehm, so you want to save name and password of FTP access in plain text to database? Are you serious?

User avatar
bantu
3.0 Release Manager
3.0 Release Manager
Posts: 557
Joined: Thu Sep 07, 2006 11:22 am
Location: Karlsruhe, Germany
Contact:

Re: [RFC] Built In phpBB3.x FTP Client (phpFTP)

Post by bantu »

Programmatically (and temporarily) accessing the filesystem is fine and we already have the tools for that. But I would say that manually accessing the filesystem is out of the scope of phpBB.

- FTP is just one way of accessing the filesystem
- FTP is insecure and there are better protocols that provide confidentiality of transfered data
- HTTP <-> PHP <-> FTP looks like quite some overhead

Go2GamerGuys
Registered User
Posts: 13
Joined: Sun Jul 01, 2012 3:13 am

Re: [RFC] Built In phpBB3.x FTP Client (phpFTP)

Post by Go2GamerGuys »

Senky wrote:
Go2GamerGuys wrote:...you would have FileZilla available in your ACP, instead of having to go open it through your desktop and enter your FTP Server Information each time...
Ehm, so you want to save name and password of FTP access in plain text to database? Are you serious?
That is not what this quotation is explaining.

If you read the whole thing or some of my replies, you would see I added extra security measures. You would also require a special PIN to access the FTP server, which you can download but it is in an encrypted zip archive, so you would also need to send the password for the zip archive to your email. Plus it requires a secure SSL connection to log in, and when you link both your FTP server and your account it is on an encrypted connection.

User avatar
EXreaction
Registered User
Posts: 1555
Joined: Sat Sep 10, 2005 2:15 am

Re: [RFC] Built In phpBB3.x FTP Client (phpFTP)

Post by EXreaction »

Requiring SSL would mean that most boards couldn't use the feature.

I do agree that it would be something nice to have for some board owners, but the security consequences for the server are too great to include this in with the default package of phpBB. For me personally, it's easier to use an FTP client than it would be to log into the ACP and deal with some "ftp-client"-like system.

It can easily be created as a mod/plugin for phpBB or plugin for the Support Toolkit, either way, it would not require any edits to the files, just running an install script to add the module to the ACP or just copying the files to the STK. Then the people who would rather have that feature could easily add it, and for those who do not care, it would not affect the security of the phpBB installation and every other set of installed software on their server.

Post Reply