Dev {Tricks}

You are here: Home / Archives for phpBB

by

How to update phpBB?

How to update your installation with the Full Package

  1. Backup all board files and the database.
  2. Go to the phpBB.com downloads page and download the latest “Full Package” archive.
  3. Unpack the archive.
  4. Delete/remove the config.php file, and the /images, /store and /files folders from the unpacked package on your local drive (PC).
  5. Go to the ACP, Board settings, and make sure prosilver is set as the default style. If not, set it to prosilver.
  6. Delete the /vendor and /cache folders from the board’s root folder on your host.
  7. Via FTP or SSH upload the remaining files and folders (that is, the remaining CONTENTS of the phpBB3 folder) to the root folder of your board installation on the server, overwriting the existing files. (Note: take care not to delete any extensions in your /ext folder when uploading the new phpBB3 contents.)
  8. Now start the update process by pointing your browser to the install folder. For example, https://domain.com/install
  9. Follow the steps to update the database and let that run to completion.
  10. Via FTP or SSH delete the /install folder from the root of your board installation.

You now have a new up to date board containing all your users and posts. Follow up tasks:

  • Update your language pack
  • Update your style

How to update your installation with the Advanced Update Package

The steps for updating phpBB3 using the advanced update package are:

  1. Go to the phpBB.com downloads page and download the “Advanced Update Package” archive.
  2. Unpack the archive.
  3. Upload the complete uncompressed “install” and “vendor” folders to your phpBB root directory (where your config.php file is).

Once uploaded your board will be offline for normal users due to the install directory you uploaded now being present.

Now start the update process by pointing your browser to the install folder. For example, https://ask.ojsexpert.com/install

You will then be guided through the update process. You will be notified once the update is complete.

by

How to install phpBB

 

  1. Download latest phpBB script.
  2. Upload and decompress the phpBB3 archive to your website root or directory.
  3. Change the permissions on config.php to be writable by all (666 or -rw-rw-rw)
  4. Change the permissions on the following directories to be writable by all (777 or -rwxrwxrwx):
    store/, cache/, files/ and images/avatars/upload/.
  5. Point your web browser to the location where you uploaded the phpBB3.
  6. Click the INSTALL tab, follow the steps and fill out all the requested information.
  7. After installation, change the permissions on config.php to be writable only by yourself (644 or -rw-r–r–)
  8. That’s all.

MAKE SURE you read Security related post-installation instructions, and also take note regarding anti-spam measures.

Important (security related) post-Install tasks for all installation methods

Once you have successfully installed phpBB you MUST ensure you remove the entire install/ directory.

Beyond this essential deletion, you may also wish to delete the docs/ directory if you wish.

With these directories deleted, you should proceed to the administration panel. Depending on how the installation completed, you may have been directed there automatically. If not, login as the administrator you specified during install/conversion and click the Administration Control Panel link at the bottom of any page. Ensure that details specified on the General tab are correct!

6.i. Uploadable avatars

phpBB supports several methods for allowing users to select their own avatar (an avatar is a small image generally unique to a user and displayed just below their username in posts).

Two of these options allow users to upload an avatar from their machine or a remote location (via a URL). If you wish to enable this function you should first ensure the correct path for uploadable avatars is set in

Administration Control Panel -> General -> Board Configuration -> Avatar settings. By default this is images/avatars/uploads, but you can set it to whatever you like, just ensure the configuration setting is updated. You must also ensure this directory can be written to by the webserver. Usually this means you have to alter its permissions to allow anyone to read and write to it.

Please be aware that setting a directory’s permissions to global write access is a potential security issue. While it is unlikely that anything nasty will occur (such as all the avatars being deleted) there are always people out there to cause trouble. Therefore you should monitor this directory and if possible make regular backups.

6.ii. Webserver configuration

Depending on your web server, you may have to configure your server to deny web access to the cache/, files/, includes, phpbb, store/, and vendor directories. This is to prevent users from accessing sensitive files.

For Apache there are .htaccess files already in place to do this for the most sensitive files and folders. We do however recommend to completely deny all access to the aforementioned folders and their respective subfolders in your Apache configuration.
On Apache 2.4, denying access to the phpbb folder in a phpBB instance located at /var/www/html/ would be accomplished by adding the following access rules to the Apache configuration file (typically apache.conf):

<Directory /var/www/html/phpbb/*>
	Require all denied
</Directory>
<Directory /var/www/html/phpbb>
	Require all denied
</Directory>

The same settings can be applied to the other mentioned directories by replacing phpbb by the respective directory name. Please note that there are differences in syntax between Apache version 2.2 and 2.4.

For Windows based servers using IIS there are web.config files already in place to do this for you. For other webservers, you will have to adjust the configuration yourself. Sample files for nginx and lighttpd to help you get started may be found in the docs/ directory.

Back to Top

8. Anti-Spam Measures

Like any online site that allows user input, your board could be subject to unwanted posts; often referred to as forum spam. The vast majority of these attacks will be from automated computer programs known as spambots. The attacks, generally, are not personal as the spammers are just trying to find accessible targets. phpBB has a number of anti-spam measures built in, including a range of CAPTCHAs. However, administrators are strongly urged to read and follow the advice for Preventing Spam in phpBB as soon as possible after completing the installation of your board.